Both '--bind-addr' and '--burst-type' had the same short '-b'.
Let's use the upper case version for '--burst-type'.
Change-Id: Ib8a46e25cbc6266c3e147582f9e8045362270151
There are multiple advantages of using Python's logging module:
- advanced message formatting (file name, line number, etc.),
- multiple logging targets (e.g. stderr, file, socket),
- logging levels (e.g. DEBUG, INFO, ERROR),
- the pythonic way ;)
so, let's replace multiple print() calls by logging calls,
add use the following logging message format by default:
[%(levelname)s] %(filename)s:%(lineno)d %(message)s
Examples:
[INFO] ctrl_if_bts.py:57 Starting transceiver...
[DEBUG] clck_gen.py:87 IND CLOCK 26826
[DEBUG] ctrl_if_bts.py:71 Recv POWEROFF cmd
[INFO] ctrl_if_bts.py:73 Stopping transceiver...
[INFO] fake_trx.py:127 Shutting down...
Please note that there is no way to filter messages by logging
level yet. This is to be introduced soon, together with argparse.
Change-Id: I7fcafabafe8323b58990997a47afdd48b6d1f357
The randomization of both UL/DL RSSI and ToA values is optional,
and can be configured from the control interface (see both
FAKE_RSSI and FAKE_TOA commands).
The command line options for enabling / disabling the randomization
were redundant, so let's get rid of them and check if the
corresponding treshold value is set.
Change-Id: I6adc13b8989ade2fab895673525c0ca17bf9b3f2
For some reason, the time-slot pass-filtering was only done for
DL bursts, but not for UL bursts. BurstForwarder shall not pass
UL bursts for unconfigured time-slots too.
Let's also print a warning if an UL burst is sent on a not
configured time-slot, i.e. before sending SETSLOT command.
Change-Id: Idb7f5b212e5814aeff8ca8bc875ad066674267cd
Previously it was only possible to configure a single time-slot
that would be pass-filtered by a BurstForwarder instance. In some
applications it would be useful to configure multiple time-slots,
so let's refactor the time-slot pass-filtering algorithm.
Change-Id: Ie1490adaf7a7c62c966aeb60c1898eaf3b5a1e84
Instead of having all configuration variables of BurstForwarder
initialized in the class heading, let's introduce two functions
for initialization (resetting to defaults) of both UL/DL params.
This would allow to reset a BurstForwarder instance from the
control interface in follow-up patches.
Let's also introduce some basic documentation for the class
fields, which were defined in the heading previously.
Change-Id: I6b1bf41cf22f01a7e7ecc91c625fb0d2bf4bfeac
Unlike the DATA messages, traffic frames may have different length.
Instead of having fixed payload (i.e. TCH frame) length, let's
introduce a flexible array member. This would allow one to
calculate the frame length using the MSGB API.
Change-Id: I119fa36c84e95c3003d57c19e25f8146ed45c3c6
Since FakeTRX is a proxy, it basically emulates transceiver for
both osmo-bts-trx and trxcon, hence there are two separate and
independent control interfaces (usually, ports 6701 and 5701).
All simulation commands (see 'FAKE_*') are usually implemented
on both interfaces separately:
- ctrl_if_bb.py - simulation commands affecting Uplink,
- ctrl_if_bts.py - simulation commands affecting Downlink.
This change introduces the 'FAKE_RSSI' command for both CTRL
interfaces in two variations:
- absolute: CMD FAKE_RSSI <BASE> <THRESH>
- relative: CMD FAKE_RSSI <+-BASE_DELTA>
where 'THRESH' affects optional value randomization.
Change-Id: Ic01c31fb0304345dd7337c3ee1c7ee3c2d3e8460
According to GSM TS 05.02, there are two ways to enable CBCH:
a) replace sub-slot number 2 of CCCH+SDCCH/4 (comb. V),
b) replace sub-slot number 2 of SDCCH/8 (comb. VII).
Unlike SDCCH/8 (case b), CCCH+SDCCH/4 can be allocated on TS0
only, and shall not use frequency hopping. This means that
implementing CBCH support on SDCCH/8 would require much more
efforts than on combined CCCH+SDCCH/4, as in last case CBCH
messages can be received without the need to switch from
idle to dedicated mode.
This change introduces a new ccch_mode item, which should be
used by the higher layers to indicate presence of CBCH channel
on C0/TS0, so the PHY would enable decoding of CBCH messages
on CCCH+SDCCH/4 (case a) in idle mode.
Regarding to CBCH on SDCCH/8 (case b), it makes sense to
extend the 'l1ctl_dm_est_req', so it would be handled in
dedicated mode on request from the higher layers.
Change-Id: Ia94ebf22a2ec439dfe1f31d703b832ae57b48ef2
According to GSM TS 05.02, section 3.3.5, Cell Broadcast Channel
(CBCH) is a downlink only channel, which is used to carry the
short message service cell broadcast (SMSCB). CBCH is optional,
and uses the same physical channel as SDCCH. More precisely,
CBCH replaces sub-slot number 2 of SDCCH channels when enabled.
This change introduces the following CBCH related tasks:
- MF_TASK_SDCCH4_CBCH (CBCH on C0/TS0 SDCCH/4),
- MF_TASK_SDCCH8_CBCH (CBCH on SDCCH/8),
which are identified using the following Osmocom specific cbits:
- MF_TASK_SDCCH4_CBCH - 0x18 (0b11000),
- MF_TASK_SDCCH8_CBCH - 0x19 (0b11001).
The only way to enable these tasks at the moment is to send
L1CTL_DM_EST_REQ message with required cbits and tn.
Change-Id: I1d7f02cba1cd8f6527360589d2d2747b6426f78b
The mframe_task2chan_nr() is used to get the channel number
(encoded according to 08.58 Chapter 9.3.1) corresponding to
a given multi-frame task type.
It makes sense to at least print some debug message in cases
when there is no matching channel number for a given task type.
Change-Id: I34587b6c67015513de35d85a7a3291f452ee7f3b
Despite the correct range of Timing Advance value is [0..63],
there is a special feature in OsmocomBB which allows one to
simulate the distance between both MS and a BTS by playing
with the signal delay.
So, let's drop the range limitation.
Change-Id: I8fd2a2ab7784b38bde5ebcfd0359b7e2cb53f5a7
This change introduces a couple of new CTRL commands for path loss
simulation, in particular a possibility to drop some amount of
bursts according to some TDMA frame period, separately for both
Uplink and Downlink directions.
Examples:
FAKE_DROP 4 - drop 4 consistent (period=1) bursts,
FAKE_DROP 16 2 - drop 16 even bursts (period=2).
Change-Id: Ib210138a03e2377c79875a4ff2f2bb58a43cfa46
Related: OS#3428
This change separates burst preprocessing (i.e. both RSSI and ToA
calculation) from BurstForwarder.transform_msg() because it's not
actually related to the message transformation process.
Change-Id: Ia7ad970593f38d9a9401975eb6dae67cd0c94e11
The Scapy itself was the actual cause of continuously growing
memory consumption. It was configured to store the captured
packets, what isn't required for this tool.
Change-Id: I0c6d9b76398e148b7febd94aa37aa2fa22d19b3f
Unfortunately current code architecture doesn't support a return path
with an error so tell the caller of L1CTL on the other side that
something's wrong.
Change-Id: Ib9b622dd5c9770c5e97fa58deee124a409544d3b
Some time ago a broken fix was committed which
then has been reverted again in commit
1724003737.
The purpose of this line is to clear the uplink
flag from the ARFCN. So far this worked because
both gsm_arfcn2band() and gsm_arfcn2freq10()
already do this internally.
Change-Id: Ie8a05ffc0ddec53d7fd6a25e03ea285fb216df29
Signed-off-by: Steve Markgraf <steve@steve-m.de>
Previous hardcoded default of 0.0.0.0 was inappropiate in some
scenarios, as it sets the SRC addr of the packets sent through the
socket based on the routing.
For instance, if iface IF1 has assigned two IP addresses A and B,
A being the first addr of the interface, and osmo-bts-trx is
configured with "osmotrx ip local A" and "osmotrx ip remote B",
the following happens:
CMD POWER OFF src=A:5801 dst=B:5701
RSP POWER OFF src=A:5701 dst=A:5701 <-- A is assigned as src addr.
But osmo-bts-trx is waiting for packets from B:5701, and the packet
is dropped with ICMP Unreachable. If addr binding is forced in
fake_trx to B, then everthing's fine.
Let's extend the UDPLink in order to allow manual, but optional
setting of bind address, and add a corresponding cmdline
argument to all executables.
Change-Id: I7be18fef40967fb7551f4115f22cbbd9cdb0840d
Previously, TCH frames coming from L1 were reordered to the RTP
format. Moreover, the implementation had a few problems:
- L1CTL is not the best place for such manipulations;
- payloads with other than FR codec were corrupted.
Let's use RTP-ordered payloads on the L1CTL interface,
performing TCH frame reordering at the firmware.
Please note, that actual FR reordering was moved to the firmware
as is, without any codec determination. This could be fixed in
a separate change.
Change-Id: I81ec8ed3c9e72a62b22c1720c299cdc68b733cf1
Previously, the L1CTL_CRYPTO_REQ message contained only a ciphering
algorithm and actual Kc key to be used. The key length was
calculated manually using the MSGB API.
Let's avoid manual calculations here, as it may cause unexpected
behavior if the message structure is changed. Also, let's fill
the UL header with minimal information about a channel, which
is going to be encrypted.
Change-Id: I5fab079907c5276322d3ec2b46cab81f10c7ed09
This toolkit has branched out into several different tools for
TRX interface hacking, and creating a virtual Um-interface
(FakeTRX) is only one of its potential applications.
Change-Id: I56bcbc76b9c273d6b469a2bb68ddc46f3980e835
There is no need to manually put the license header as a variable
in each application in order to print it. Let's use a common one.
Change-Id: I1a6e8716a9069e7ade3ae15f2c04fd45d18e223c
Since it is not required to specify a bind port to the UDPLink
constructor manually, let's use a random one by default, and
also allow user to set it from command line.
Change-Id: Ib4965ebeec83d9a99b2f026156eb5f5cb20875bf
This allows one to obtain a random available port from the
OS, instead of enforcing to pick a static value manually.
Change-Id: Ie8b60134239c5447d0b4373c6cca2f3a6ee3ec73
Previously, we used to check if all arguments of a command are
numeric. This was done in a wrong way, so parsing a *valid*
command with at least one negative argument could fail.
Let's remove this check, allowing the command handlers to
deal with argument types themselves.
Change-Id: If31295274a09102c414b5a7aec5dd85d88b2e514
In theory, the maximum TA value is 63 symbols, i.e. 63*256 in this
context. However, our test cases want to test the BTS behavior is
correct if ever a larger timing offset is reported from TRX to the BTS,
to ensure it is rejected in the BTS. Let's hence increase the values
to rather large min/max limits. We could also remove them completely.
Change-Id: I691d081256e8c6d18ef2836299ed8f7d502da3ee
Now that ctrl_if.py is capable of sending back the response to where
the command originated from, we can just as well send a positive
response back after executing the related commands.
Change-Id: Icba138835149a7264f4db3a6b05f54ca501c4d54
fake_trx is using locally bound and not connected UDP sockets for
control commands.
When we receive a control command, we should not simply send the
response to the default destination, but send it back to the exact
ip+prt from which the command originated. This ensures correct routing
of responses even in case multiple programs are interfacing concurrently
with a control socket.
Change-Id: I24a0bba6eed059b101af95dac7d059f34dd715fc
If field randomization is disabled, Timing Advance value
indicated by MS would be ignored. Let's fix this by
separating the TA calculation code.
Change-Id: If43d5823fc33efc2f1649ea941ab6f619bb6f5e7
FAKE_TOA is an auxilary CTRL command, which may be used to update
the ToA (Timing of Arrival) value of forwarded bursts at runtime.
This is useful for testing the measurement processing
code in OsmoBTS.
The command is implemented for both BTS and BB CTRL interfaces
in two absolute and relative forms:
CMD FAKE_TOA <BASE> <THRESH>
CMD FAKE_TOA <+-BASE_DELTA>
The first form overwrites both ToA value and its treshold.
The second one is relative, and applies a delta
to the current ToA value.
The command affects Downlink bursts if sent on BTS CTRL
interface, and Uplink bursts if sent on the BB CTRL.
Change-Id: Ia23becec4104d47e7b22350db67b8834d6f1ad1b
By default, both RSSI and ToA fields randomization is disabled.
Let's add command line options, which allow one to enable it.
Change-Id: Ieac63cc3aadef397906479a6179ba54a53a5311a
Both RSSI and ToA fields randomization is only required in some
specific test / use cases, so let's disable it by default.
Change-Id: I94835a840b6239f2c05197292825cb26977d0216
In order to be able to simulate and randomize both RSSI and ToA
values for Uplink and Downlink separately, let's calculate them
in separate methods of the BurstForwarder.
Change-Id: Ia2031f22f2b549c799c782d0c8c8d0691fb6f18c
Timing Advance value is a timing correction value, indicated by
the network to MS, which is used to compensate UL signal delay.
In other words, the network instructs a phone to transmit bursts
N=TA symbol periods earlier than expected.
Since we are in virtual environment, let's use TA value to
calculate the ToA (Timing of Arrival) value for BTS.
Change-Id: Ie5833a9f221587bbcac10f0b223ead9c1cbda72b
This change implements ToA (Timing of Arrival) parsing, which
was missing in the DATAMSG_TRX2L1. Since we use integer math,
a ToA value is represented in units of 1/256 symbol periods.
Change-Id: Ib11482c06b977c4cf01b0644f5845a2e49d059fb
In order to avoid both float arithmetic as well as loosing any
precision, let's use integer math fot ToA (Timing of Arrival),
i.e. let's express ToA values in units of 1/256 symbol periods.
Change-Id: I56b88740f4d782ac7591fc096d1969514784a4e1
There are no message specific initialization parts, excepting
the header specific fields setting. Let's us a common constructor,
dropping custom fields from its arguments.
Change-Id: I13a3e4b2f6a1f443ebe7d809df62736e3c43f56f
There is no 'file' type in Python3 anymore, so let's reverse the
condition in DATADumpFile constructor. Also, the tag definition
was incorrect: both '\x01' and b'\x01' aren't the same.
Change-Id: Ib00c7f0bd5871fcfce931a4bfa501ae5bf797c45
In Python3 a range has it's own type, so its comparasion with
a list is incorrect. Let's explicitly convert both bit ranges
to lists in the bit conversation tests.
Change-Id: I98c40d3d63cbcdc3e5dc840ebf8d7310c5c08e56
As the DATAMSG classes were introduced, let's use them.
This approach abstracts one from dealing with raw bytes.
Also, now BurstForwarder randomizes both RSSI and ToA values,
as this feature is supported from-the-box by the DATAMSG_TRX2L1.
Change-Id: Ib15018eab749150e244914dab4b6e433ce0c9209
Vadim Yanitskiy
Pau Espin
Steve Markgraf
Harald Welte