- It's broken by the use of compute_gain
- Since there is now an AGC loop, manually setting the register
as no effect.
If someone needs manual gain control for testing, he'll have to
re-implement a proper AGC override.
Signed-off-by: Sylvain Munaut <tnt@246tNt.com>
This patch introduces cell re-relection. When camping on a cell, it
scanns neighbour cells. If a 'better' cell is found, the cell is selected.
If the cell is in a different location area, a location upating is
performed under certain conditions.
The 'better' cell depends on various informations that are broadcasted on
the BCCH of a neihbour cell and of course the RX level. Most operators
don't set these informations, so the 'better' cell depend on a better
RX level for the same location area, or a much better RX level (6 dBm)
at a different location area.
There were many issues at the idle mode process that has been fixed.
Expecially when moving, the state machines got stuck, so no more cell search
was possible, or no further calls / location updating was possible.
In order to see the process of cell selection, enter the VTY interface and
enable the network monitor:
enable
monitor network 1 (where '1' is the instance of the MS)
In order to see the current state of the processes, enter:
show ms
In order to shrink config output, a new config option "[no] hide-default"
is added. The config is now easier to read, but does not show all available
options, if they are set to default. Newcommers may want to see all
available options in config. Therefore all options are show by default.
To hide default options, enter:
configure terminal
hide-default
end
When listening to BCCH, layer1 may measure the power level of neighbour
cells. A list of neighbour cell frequencies need to be sent to layer1.
After the measurement is done, the results are indicated to layer23.
rffe_compute_gain() is the new name for rffe_set_gain(). I needed to change
this, to solve the name collision with the rffe_set_gain() function, which
actually sets the absolute gain.
rffe_get_gain() will now read the absolute gain which has been computed by
rffe_compute_gain() or set by rffe_set_gain().
The ARFC counts from 1 to 1023, and then to 0. The index of these loops
count from 1 to 1024. The index 1024 stands for ARFCN 0.
This also reverses commit eb77945e16.
First we add 55500 to an int16_t, then later we subtract it again.
The bug only didn't become apparent as we wrap twice, once adding
then subtracting.
Discovered by Smatch:
firmware/layer1/tpu_window.c +127 l1s_rx_win_ctrl(24) warn: value 55000 can't fit into 32767 'stop'
If we use a larger field to store the IMSI, we can create overflows when
copying the imsi to other structures that are only 16 bytes in size.
Detected by Smatch:
src/host/layer23/src/mobile/subscriber.c +195 gsm_subscr_testcard(39) error: strcpy() 'set->test_imsi' too large for 'subscr->imsi' (20 vs 16)
Commit 3538c38835 introduced the
l1_prim_cb but the init of the misc apps were not updated, make
it us the generic callback that should restore the previous behavior
Credits to Andreas Eversberg for finding this bug after countless
hours of debug and providing initial patch :)
Signed-off-by: Sylvain Munaut <tnt@246tNt.com>
Credits to Andreas Eversberg for finding this bug after countless
hours of debug :)
Written-by: Andreas Eversberg <jolly@eversberg.eu>
Signed-off-by: Sylvain Munaut <tnt@246tNt.com>
Ideally we should only panic in interrupt context. In user
context, we could wait ...
We could also return NULL and let the calling code deal with it
but it's not ready for that yet.
Signed-off-by: Sylvain Munaut <tnt@246tNt.com>
This function can be called by a TDMA-driven L1 which will never actually want
to receive unsolicited/asynchronous PH-DATA.req primitives, but who will simply
directly poll the LAPDm transmit queue by calling the abovementioned function
We also introduce some related functions like
lapdm_{entity,channel}_set_mode()
lapdm_{entity,channel}_reset()
This is all in preparation for the Osmo-BTS Work.
Andreas Eversberg
Sylvain Munaut
Harald Welte