The previous approach was based on threading.Timer, so on each clock
iteration one thread spawned another new thread. So far it worked
well, but such frequent spawning involves an additional overhead.
After this change, CLCKGen.start() allocates and starts a new thread,
that periodically sends clock indications and sleep()s during the
indication intervals. The CLCKGen.stop() in its turn terminates
that thread and frees the memory.
Change-Id: Ibe477eb0a1ee2193c1ff16452a407be7e858b2ef
Since TRXD header version 1, we should send NOPE indications to the
L1 side in absence of TRX2L1 bursts, and IDLE indications during
IDLE TDMA frames (basically noise measurements).
This change is the first step towards the goal: if a given burst
is to be dropped due to the path loss simulation (see FAKE_DROP),
mark the carrier TRX2L1 message as NOPE.ind and send anyway.
Change-Id: Iabd0af665e3108d23a908638f943a5b689986e2c
Related: OS#3428, OS#2975
The burst transformation in BurstForwarder.forward_msg() used to be
done only once, so then the resulting message was distributed over
the list of connected (and active) transceivers.
This approach limits the path loss simulation capabilities, because
a reference to the same message is passed to FakeTRX.send_data_msg().
If one transceiver changes (or removes) the burst bits, the other
transceivers would not receive the original message.
Let's do the transformation individually for each transceiver,
so the original message will always remain unchanged.
Change-Id: Ia016a3a9bb6e9f17182a7168aa5a501ae9b9978b
In several code paths we put / push structures from 'gsm48_mm.h' into
the message buffers, so then they're unpacked by the message receivers.
The AddressSanitizer complains about unaligned pointer access and
potentially unexpected behaviour. Let's fix this by explicitly
marking those structures as 'packed'.
Change-Id: I6af7475c609b3293af708540d569fe1616fab43f
In some cases (e.g. at start up) ms->rrlayer may not be initialized.
Let's access ms->settings directly since we already have a pointer
to struct osmocom_ms.
Change-Id: Ia9720132fcda960dcecefab9ae48398946503dc4
Since version 3.8, Python warnins us that using the "is" and "is not"
operators with string and numerical literals is a bad idea. Let's
avoid this and use the classical '==' and '!=' operators instead.
Change-Id: Iaed86d630ac1e0b9b4f72bbf3c788e325783456d
Bug description: https://bugs.python.org/issue34850
Due to recent include dependency tree change in libosmocore, trxcon
fails now to build since it uncovered it's missing a header inclusion
for a symbol it is using:
osmocom-bb/src/host/trxcon/sched_trx.h:204:20: error: ‘GSM_MACBLOCK_LEN’ undeclared here (not in a function)
204 | uint8_t mr_cache[GSM_MACBLOCK_LEN];
| ^~~~~~~~~~~~~~~~
Change-Id: Ide22e525c106342b00171a8c08bb7265d19a651b
This feature may be useful for our TTCN-3 testing infrastructure.
By default it's disabled, and can be enabled using command line
arguments of the main binary:
./trxcon -g 127.0.0.1 ...
Change-Id: Iab4128fee5f18d816830fdca6c5ebebaf7451902
According to 3GPP TS 45.010, section 5.6.2, for packet-switched
channels the BTS shall monitor the delay of the Access Bursts
sent by the MS on PTCCH and respond with timing advance values
for all MS performing the procedure on that PDCH.
According to 3GPP TS 45.002, section 3.3.4.2, PTCCH (Packet Timing
advance control channel) is a packet dedicated channel, that is
used for continuous Timing Advance control (mentioned above).
There are two sub-types of that logical channel:
- PTCCH/U (Uplink): used to transmit random Access Bursts
to allow estimation of the Timing Advance for one MS in
packet transfer mode.
- PTCCH/D (Downlink): used by the network to transmit
Timing Advance updates for several MS.
As per 3GPP TS 45.003, section 5.2, the coding scheme used for
PTCCH/U is the same as for PRACH as specified in subclause 5.3,
while the coding scheme used for PTCCH/D is the same as for
CS-1 as specified in subclause 5.1.1.
The way we used to handle both PTCCH/U and PTCCH/D is absolutely
wrong - it has nothing to do with xCCH coding. Instead, we need
to use rx_pdtch_fn() for Downlink and tx_rach_fn() for Uplink.
Also, since we only have a shared RSL channel number for PDCH
(Osmocom-specific RSL_CHAN_OSMO_PDCH), there should be a way
to distinguish both PDTCH and PTCCH logical channels. Let's
introduce TRX_CH_LID_PTCCH for that.
Change-Id: I2d1e9b8a66f027047f8d7bdc3f82ff9d8ebcc25e
Before using DATA_MSG.HDR_LEN, we need to make sure that a parsed
header version is known and supported. Otherwise we will get an
IndexError exception.
Change-Id: Ie1887aa8709da1a2a287aa58a7873e72c0b4ed33
Unlike DATA_MSG.HDR_LEN, the CHDR_LEN is a constant that defines
length of the common header, which is mandatory for every version.
DATA_MSG.HDR_LEN in its turn defines length of the whole header,
including the version specific fields. Thus we need to know the
header version before using it.
In DATA_MSG.parse_msg() we need to parse the common header first,
so then we know the version and length of the whole header. After
that we can safely use DATA_MSG.HDR_LEN.
Change-Id: I2809f5f96209eed64bdabf7a15575144313f7cc9
For sure, the following message is much more informative:
Ignoring an incorrect message: Unhandled version 12
than:
Failed to parse message, dropping...
NOTE: since the way of printing exceptions is different in both
Python versions, I had to drop Python 2 support.
Change-Id: I5fb02ce508c58ff94e47accc0ed655939eb53062
Raising exceptions is a Pythonic way to handle errors, which in this
particular case will help us to know *why* exactly a given message
is incorrect or incomplete.
Change-Id: Ia961f83c717066af61699c80536468392b8ce064
Both MG01GSMT and MG01GSMT hardware variants are
supported and automatically detected based on the
flash manufacturer.
Change-Id: I3a770ea93fc72c4e9b63078e253602f204b5be23
We now unlock the flash before reading the
extended ID (required for Spansion and Samsung
flash chips). These commands will be ignored
by Intel/ST flash chips, and this change has been
verified with all flash chips we support.
Furthermore, expose the API for reading the flash ID.
Change-Id: I3bcd71c84c8931bcd574953063737b51a41738a3
This commit adds polling of the TWL3025 PWON
signal. If the powerbutton is pressed on targets
that use it (Pirelli DP-L10, Huawei GTM900-B),
a normal keypad scanning cycle is started in order
to preserve the timing, required for the 500ms
power off press duration for example.
Change-Id: I904baf40d621bd680b602b88d12ff462b3c17596
This allows us to detect power button presses on the Pirelli
DP-L10 and the Huawei GTM900-B module. Polling will only be
activated once the power button has been pressed and we received
the interrupt. The goal is to reduce the required amount of
TWL3025 register accesses to a minimum.
Change-Id: I31be61c8089173aed616abd1ede6c4cf5c9b6770
Since March 15th 2017, libosmocore API logging_vty_add_cmds() had its
parameter removed (c65c5b4ea075ef6cef11fff9442ae0b15c1d6af7). However,
definition in C file doesn't contain "(void)", which means number of
parameters is undefined and thus compiler doesn't complain. Let's remove
parameters from all callers before enforcing "(void)" on it.
Change-Id: I25baaa30b097dad2fae507c5321778f43e863611
Related: OS#4138
According to GSM TS 04.08, section 10.5.4.11, location and coding
standard are encoded before the cause value, not vice-versa!
Also, coding standards other than "1 1 - Standard defined for the
GSM PLMNs" shall not be used if the cause can be represented with
the GSM standardized coding.
Change-Id: Ic6abcfb9a9589f5b0c9c40def863f15ae04d0bdd
C/I (Carrier-to-Interference ratio) is a value in cB (centiBels),
computed from the training sequence of each received burst,
by comparing the "ideal" training sequence with the received one.
This change introduces a new command similar to FAKE_TOA and FAKE_RSSI,
so it can be used by TTCN-3 test case 'TC_pcu_data_ind_lqual_cb' to
verify that the link quality measurements are delivered to the PCU.
Change-Id: I7080effbbc1022d1884c6d6f0cb580eba8e514ff
Related: OS#1855
Messages on DATA interface may have different header formats, defined
by a version number, which can be negotiated on the control interface.
By default, the Transceiver will use the legacy header version (0).
The header format negotiation can be initiated by the L1 using the
'SETFORMAT' command. If the requested version is not supported by
the transceiver, status code of the response message should indicate
a preferred (basically, the latest) version. The format of this
message is the following:
L1 -> TRX: CMD SETFORMAT VER_REQ
L1 <- TRX: RSP SETFORMAT VER_RSP VER_REQ
where:
- VER_REQ is the requested version (suggested by the L1),
- VER_RSP is either the applied version if matches VER_REQ,
or a preferred version if VER_REQ is not supported.
If the transceiver indicates VER_RSP different than VER_REQ, the L1
is supposed to reinitiate the version negotiation using the suggested
VER_RSP. For example:
L1 -> TRX: CMD SETFORMAT 2
L1 <- TRX: RSP SETFORMAT 1 2
L1 -> TRX: CMD SETFORMAT 1
L1 <- TRX: RSP SETFORMAT 1 1
If no suitable VER_RSP is found, or the VER_REQ is incorrect,
the status code in the response shall be -1.
As soon as VER_RSP matches VER_REQ in the response, the process
of negotiation is complete. Changing the header version is
supposed to be done before POWERON, but can be also done after.
Change-Id: I8d441b2559863d2dbd680db371062e4f3a2f9ff9
Related: OS#4006
Since the new TRXD header format has been introduced, FakeTRX needs
to be able to fill it correctly. In particular, the following:
- Modulation, which can be determined from the burst length;
- Training Sequence Code (and set), which needs to be detected
by comparing the burst bits of L12TRX message against known
training sequences (only GMSK and the default TS set for now);
- C/I (Carrier-to-Interference ratio), which can be simulated
later on, as instructed on the TRXC interface ('FAKE_CI').
The actual TRXD header version is stored in the instance of class
DATAInterface. By default (at startup), legacy version 0 is used.
The version negotiation is supposed to be performed on the TRXC
interface, and to be implemented in a follow-up change.
Different Transceivers may use different header versions, thus in
FakeTRX.send_data_msg() we need to override the original version
of the L12TRX message, and generate the corresponding PDU.
Limitations:
- NOPE / IDLE indications are not (yet) supported;
- TSC detection: GMSK modulation only.
Change-Id: I164f5ae4ce7694d6e324aab927a04e96d489ebd8
Related: OS#4006
Training Sequences are defined in 3GPP TS 45.002, and used by the
transceiver for detecting bursts. This change introduces an enum
with training sequences for GMSK for Access and Normal bursts.
This enumeration is needed for the follow-up changes that implement
TRXD header version 1 support, and can now be used by RandBurstGen.
Change-Id: If3bf102019ef53d6ee9ad230ef98bb45845b5af5
Since version 0x01, the burst bits are encoded as L16V,
so appending two dummy octets doesn't make sense.
Change-Id: I4d6c0bf54649d636ea6cb3fa2f37486b6619d5b3
The new version adds the following fields to the TRX2L1 message,
keeping the L12TRX message unchanged:
+------+-----+-----+-----+--------------------+
| RSSI | ToA | MTS | C/I | soft-bits (254..0) |
+------+-----+-----+-----+--------------------+
- MTS (1 octet) - Modulation and Training Sequence info, and
- C/I (2 octets) - Carrier-to-Interference ratio (big endian).
== Coding of MTS: Modulation and Training Sequence info
3GPP TS 45.002 version 15.1.0 defines several modulation types,
and a few sets of training sequences for each type. The most
common are GMSK and 8-PSK (which is used in EDGE).
+-----------------+---------------------------------------+
| 7 6 5 4 3 2 1 0 | bit numbers (value range) |
+-----------------+---------------------------------------+
| . . . . . X X X | Training Sequence Code (0..7) |
+-----------------+---------------------------------------+
| . X X X X . . . | Modulation, TS set number (see below) |
+-----------------+---------------------------------------+
| X . . . . . . . | IDLE / nope frame indication (0 or 1) |
+-----------------+---------------------------------------+
The bit number 7 (MSB) is set to high when either nothing has been
detected, or during IDLE frames, so we can deliver noise levels,
and avoid clock gaps on the L1 side. Other bits are ignored,
and should be set to low (0) in this case.
== Coding of modulation and TS set number
GMSK has 4 sets of training sequences (see tables 5.2.3a-d),
while 8-PSK (see tables 5.2.3f-g) and the others have 2 sets.
Access and Synchronization bursts also have several synch.
sequences.
+-----------------+---------------------------------------+
| 7 6 5 4 3 2 1 0 | bit numbers (value range) |
+-----------------+---------------------------------------+
| . 0 0 X X . . . | GMSK, 4 TS sets (0..3) |
+-----------------+---------------------------------------+
| . 0 1 0 X . . . | 8-PSK, 2 TS sets (0..1) |
+-----------------+---------------------------------------+
| . 0 1 1 X . . . | AQPSK, 2 TS sets (0..1) |
+-----------------+---------------------------------------+
| . 1 0 0 X . . . | 16QAM, 2 TS sets (0..1) |
+-----------------+---------------------------------------+
| . 1 0 1 X . . . | 32QAM, 2 TS sets (0..1) |
+-----------------+---------------------------------------+
| . 1 1 1 X . . . | RESERVED (0) |
+-----------------+---------------------------------------+
== C/I: Carrier-to-Interference ratio
The C/I value is computed from the training sequence of each burst,
where we can compare the "ideal" training sequence with the actual
training sequence, and then express that difference in centiBels.
Change-Id: Ie810c5a482d1c908994e8cdd32a2ea641ae7cedd
Related: OS#4006, OS#1855
It may be necessary to extend the message specific header with
more information. Since this is not a TLV-based protocol, we
need to include the header format version.
+-----------------+------------------------+
| 7 6 5 4 3 2 1 0 | bit numbers |
+-----------------+------------------------+
| X X X X . . . . | header version (0..15) |
+-----------------+------------------------+
| . . . . . X X X | TDMA TN (0..7) |
+-----------------+------------------------+
| . . . . X . . . | RESERVED (0) |
+-----------------+------------------------+
Instead of prepending an additional byte, it was decided to use
4 MSB bits of the first octet, which used to be zero-initialized
due to the value range of TDMA TN. Therefore, the current header
format has implicit version 0x00.
Otherwise Wireshark (or trx_sniff.py) would need to guess the
header version, or alternatively follow the control channel
looking for the version setting command.
The reserved bit number 3 can be used in the future to extend
the TDMA TN range to (0..15), in case anybody would need
to transfer UMTS bursts.
Change-Id: Idb0377d66290eb9c15d6998a5806a84fa2e5dd02
Related: OS#4006
The gsm0503_pdtch_encode() returns negative number on error,
and the amount of encoded bits in case of success.
Change-Id: I7d75141142922909330c5e86be8734bb06cd57a4
Both functions are never used outside of both gen_msg() and parse_msg().
AFAIR, they were more complicated until we started to use struct, but
now they can be easily inlined.
Change-Id: Ie64b271cf502f3df23b32f4b14a1e2b551a0f794
Having fn = 1024 and tn = 0 in all tests decreases the chances
to spot encoding / decoding bugs of higher or lower values.
Let's randomize the reference data before all the tests.
Change-Id: Id3c5be9faaf0bef727b975c7182098af0cec6e71
During the handover the MS needs to release the existing dedicated
channel(s), establish the new one(s) as indicated by the network,
and then, depending on the synchronisation state, send one or more
HANDOVER ACCESS messages carried by Access Bursts.
In order to implement this, trxcon needs to be able to transmit
Access Bursts on any TDMA timeslot regardless of the logical
channel type and the associated handler, i.e. != TRXC_RACH.
The controlling side on L1CTL (layer23 or TTCN-3) needs to send
one or more L1CTL_RACH_REQ message(s) with properly populated
UL info header. Otherwise a regular RACH on TS0 is assumed.
Change-Id: Ia967820a536c99966ba2c60b63d2ea9edb093f46
Before this patch, prim_dequeue_sacch() used to ignore SACCH primitives
with odd length (e.g. 21, when sender forgot to push 2 octets of L1
SACCH header), so neither they were transmitted, nor rejected.
As a result, they would stay in the Tx queue until a dedicated
connection is released. The only way to notice such problem
was looking at the constantly growing talloc's report.
Instead of ignoring the primitives with odd length and keeping them
in the queue, let's pass them to a logical channel handler, so they
would be dequeued and rejected with a proper logging event.
Also, to simplify further debugging, let's print the final decision
of SACCH prioritization: whether it's a Measurement Report or not.
Change-Id: I3149fa518439470b397953306209eb859c83450a
According to 3GPP TS 05.02, section 6.4.1, CBCH replaces
SDCCH number 2 in both V (BCCH+CCCH+SDCCH/4+SACCH/4) and
VII (SDCCH/8+SACCH/8) logical channel combinations.
Unfortunately it is not clear whether we can use stolen UL slots
for RACH or not. For now, we should mark all of them as IDLE.
Somehow TRXC_SDCCH4_2 slots were left in the definition of
combination V (combined CCCH+BCCH). This is not critical,
but may be looking confusing. Let's fix this.
Change-Id: Id30f2fac3274de3edff4ae59f77d9c9cf8059155
The existing logic unconditionally wants to send a POWERON command
on TRXC whenever L1CTL_FBSB_REQ is received. That may cause some
problems when sending subsequent L1CTL_FBSB_REQ, e.g. due to signal loss.
Sending POWEROFF when transceiver is not powered on is normal though.
This can happen if trxcon is restarted while fake_trx was running.
The existing FSM state could unfortunately not been used, as it's a
mixture between the TRX connection state and the command/response state.
The current solution is just a work around. We definitely need to
introduce separate state machines for transceiver and its TRXC
interface.
Change-Id: I834e8897b95a2490811319697fc7cab6076db480
Both PRIM_IS_RACH() and PRIM_IS_EXT_RACH() macros to be used for
handover RACH detection in the follow up changes, thus we need
have them widely available. Let's also give them better names:
PRIM_IS_EXT_RACH -> PRIM_IS_RACH11
PRIM_IS_RACH -> PRIM_IS_RACH8
and introduce a new generic one for checking whether a given
primitive is RACH in general (either 8-bit or 11-bit) or not.
Change-Id: Ibc39c57fda000647be1829786f6423dcf3f435cd
It makes sense to do this first, before tuning to a different
ARFCN and changing the training sequence. Otherwise, if no
multi-frame configuration is found, trxcon would switch to
a different channel and then remain inactive there.
Change-Id: I274588ce3a9c49372b5da0629930afece46f799c
Having magic pre-calculated hex-masks gives one quite high chances
to shoot oneself in the foot, and decreases readability in general.
Let's do this pre-calculation during the compilation process, so
it's much easier to read, extend and spot potential bugs.
Change-Id: If945b3654e35c83fc0220fdd6d99c1c7a0503386
In I2fc61e1cdca4690a34e2861b9ee3b7c64ea64843 I introduced a regression.
TRXC_SDCCH4_CBCH should have TRX_CH_FLAG_AUTO, because it's a part of
GSM_PCHAN_CCCH_SDCCH4_CBCH multi-frame layout. If the controlling
side on the other end of the L1CTL link requests this particular
multi-frame layout, CBCH channel is expected to be active.
Change-Id: I3ed942106a03220417b5cb9176107af057120fbe
Let's avoid fancy alignment in the description of logical channels
for the benefits of having better readability, the ability to add
more comments and fields without making it look ugly.
Also, let's get rid of field 'chan' of 'trx_lchan_desc' structure
since it's not used anywhere, and not actually needed because the
position of each lchan description is defined by its TRXC_* type.
As a bonus, let's add a human readable description to each
lchan definition, so it can be printed in the VTY some day.
Change-Id: I2fc61e1cdca4690a34e2861b9ee3b7c64ea64843
PDCH channel support was introduced quite a while ago, but there
was no way to activate it via L1CTL so far. Let's fix this.
Change-Id: I3b66cab26108ab999a7fe969365ab57dc661399c
CBCH support in the firmware has been introduced almost at the same
time it was implemented in trxcon, and the same mistake was made
as described in Ia9a415628c659cbc2dd5dc65b875b7f935d6e211.
Despite Calypso based PHY does not support PDCH (GPRS channels),
let's avoid collisions and use the following cbits values:
0x19 / 0b11001 - MF_TASK_SDCCH4_CBCH on GSM_DCHAN_SDCCH_4_CBCH,
0x1a / 0b11010 - MF_TASK_SDCCH8_CBCH on GSM_DCHAN_SDCCH_8_CBCH.
Change-Id: Ibb0f90695460e6ede12016c12a0cfdf9c74dfb24
Related: OS#4027
Wherever possible, use #defines from libosmogsm as opposed to magic
numbers. Using magic numbers in several places has the danger of
different programs/repositories having different views on what those
values mean.
Change-Id: I7ab4958801b3422973b67ff0452b90afa8a3f501
Related: OS#4027
Depends: libosmocore Change-Id I93e557358cf1c1b622f77f906959df7ca6d5cb12
OsmoBTS, BSC and TTCN3 used cbits == 0x18 for dynamic PDCH, while
trxcon wanted to use 0x18 for CBCH on SDCCH/4. Let's fix this and
bring everyone in agreement.
Related: OS#4027
Change-Id: Ia9a415628c659cbc2dd5dc65b875b7f935d6e211
sap_fsm.c: In function ‘sap_negotiate_msg_size’: sap_fsm.c:103:15:
warning: passing argument 1 of ‘__bswap_16’ makes integer from pointer
without a cast [-Wint-conversion]:
size = ntohs((uint16_t *) param->value);
^~~~~~~~~~~~~~~~~~~~~~~~~
Change-Id: Ie58af6162c67ae377809b42daa897ca3f3d72af1
Starting from [1], not only LMA but also VMA areas are now checked
for overlaps (see also [2]). This results into linking errors:
arm-none-eabi-ld: section .text.exceptions VMA
[000000000080001c,0000000000800037] overlaps section
.compal.reservedram VMA [0000000000800000,00000000008000fe]
arm-none-eabi-ld: section .text.exceptions VMA
[000000000080001c,0000000000800037] overlaps section
.compal.loader VMA [0000000000800000,00000000008000ff]
Let's try to work around this.
[1] https://sourceware.org/git/gitweb.cgi?p=binutils-gdb.git;h=a87dd97a2098b7e18ff2574a4e81ae521ef7e6f2
[2] https://sourceware.org/bugzilla/show_bug.cgi?id=18452
Change-Id: I098ddd33aabd7ec27981e2f09d8582f167bb649b
Fixes: OS#1917
According to the man page of recv(), the only difference of this
call from read() is the presence of flags. With a zero flags
argument, recv() is generally equivalent to read().
Change-Id: I6d43bbf8d52c5fbb8ee0592b7d1c1dfd2dd1548e
Since we only set both ARFCN and TDMA frame number of the DL info
header, other fields remain uninitialized. Let's memset() them.
Change-Id: Ib39c333f1724fefa5d8bd8a2315b77a5612f7fa9
This would allow to abstract both L1CTL and TRX interfaces
from each other in the upcoming refactoring.
Change-Id: I74a23c73b03bad822272b9cfe76c2501666912b7
In both gsm48_mm.c and gsm48_rr.c we put / push 'gsm48_rr_hdr'
structure into the message buffers, so then it's retrieved by
the message receivers. The AddressSanitizer complains about
unaligned pointer access and potentially unexpected behaviour.
Change-Id: I8aa2c0074b405afd0e76044ef076b6819fe1083b
In gsm322_l1_signal(), if S_L1CTL_FBSB_ERR is received, we free
stored System Information of the current cell, but cs->si may
still point to it. Let's set it to NULL.
Found with AddressSanitizer:
DL1C ERROR l1ctl.c:96 FBSB RESP: result=255
DCS INFO gsm322.c:2995 Channel sync error, try again
DCS INFO gsm322.c:467 Sync to ARFCN=860(DCS) rxlev=-106
DRR INFO gsm48_rr.c:665 MON: no cell info
DRR INFO gsm48_rr.c:665 MON: no cell info
DRR INFO gsm48_rr.c:665 MON: no cell info
DRR INFO gsm48_rr.c:665 MON: no cell info
DL1C ERROR l1ctl.c:96 FBSB RESP: result=255
DCS INFO gsm322.c:3008 Channel sync error.
DCS DEBUG gsm322.c:3013 free sysinfo ARFCN=860(DCS)
DCS INFO gsm322.c:3020 Unselect cell due to sync error!
DCS INFO gsm322.c:509 Unselecting serving cell.
=================================================================
==6014==ERROR: AddressSanitizer: heap-use-after-free on address
0x61b0000000e6 at pc 0x00000050d6dd
bp 0x7fff7f84aa60 sp 0x7fff7f84aa58
Change-Id: I9cc526c18d69695d810de98703579818408de011
The old TOA256 range was bigger than we can actually store:
struct.error: 'h' format requires -32768 <= number <= 32767
Change-Id: I5d4e1fea9d07f2c49f01e6644d1c0d1dc8cf4e40
According to 3GPP TS 05.03, section 5.3, two coding schemes are
specified for access bursts: one for regular 8-bit bursts,
another - for extended 11-bit packet access bursts.
According to 3GPP TS 05.02, section 5.2.7, there are two
additional training (synchronization) sequences for RACH
bursts: TS1 & TS2. By default, TS0 synch. sequence is used,
unless explicitly stated otherwise (see 3GPP TS 04.60).
According to 3GPP TS 04.60, section 11.2.5a, the EGPRS capability
can be indicated by the MS using an alternative training sequence
(i.e. TS1 or TS2) and the 11-bit RACH coding scheme.
Change-Id: I36fd20cd5502ce33c52f644ee4c22abb83350df8
Use static helper to prepare l1ctl_fbsb_conf - this simplifies
fbsb-related functions and make difference between timer callback and
regular response more obvious.
Change-Id: I43832d6a912a32ea5795ed0110981e0b714a7a61
Use static helpers to add l1ctl_info_dl to msgb - this simplifies
l1ctl_* routines and reduce code duplication.
Change-Id: I0b5b81f1fcd2984136e553a93735ea5456d2b3df
In OS#3582, the autor of TIFFS code, Mychaela Falconia, has noted:
... all of my code contributions are in the public domain and
are NOT copyrighted by me, and I strenuously object to anyone
taking it upon themselves to insert a copyright notice with
my name in it.
Let's update the copyright statements as recommended by the author.
Change-Id: If115991425372a4cdbcfefa115532c9c410e58c4
Instead of counting both RSSI and ToA measurements separately,
let's have a single counter in trx_lchan_state.meas struct.
Change-Id: I45454a3ac92b8cc85dd74092e4ab6eb350f20c9a
All known TI GSM firmwares implement some kind of flash file system, or FFS.
We call it TIFFS (Texas Instruments FFS) because it is TI's invention.
TIFFS is a file system with a hierarchical directory tree structure, and
with Unixy forward-slash-separated, case-sensitive pathnames; the semantics
of "what is a file" and "what is a directory" are exactly the same as in
UNIX; and TIFFS even supports symlinks, although that support is a little
under-developed, and apparently no FFS symlinks were ever used in any
production GSM device. Thus the FFS implemented in TI-based GSM devices
(modems and "dumbphone" handsets) is really no different from, for example,
JFFS2 in embedded Linux systems.
The FFS in a GSM device typically stores two kinds of content:
- Factory data: IMEI, RF calibration values, device make/model/revision
ID strings etc. These files are expected to be programmed on the
factory production line and not changed afterward.
- Dynamic data written into the FFS in normal device operation: contacts,
settings / preferences, call history, received SMS, etc.
It should be noted that both Compal (Mot C1xx) and Foxconn (Pirelli DP-L10)
vendors moved their vital per-unit factory data out of the FFS into their
own ad hoc flash data structures, leaving their FFS only for less
critical data. However, we do enable TIFFS access for them anyway.
The location of TIFFS within the flash memory of a given GSM device is
defined by the firmware design of that device, but is always some integral
number of contiguous flash sectors.
- On Motorola/Compal C139/140 phones, the FFS used by the original
proprietary firmware occupies 5 sectors of 64 KiB each (320 KiB
in total), starting at 0x370000. C11x/123 use smaller FFS
configurations, whereas C155/156 seem to have switched to some
other FFS format, different from our familiar TIFFS.
- On the Pirelli DP-L10, the FFS used by the original proprietary
firmware occupies 18 sectors of 256 KiB each (for 4.5 MiB in total),
starting at the beginning of the 2nd flash chip select (0x02000000
in the ARM7 address space).
- On FCDEV3B (FreeCalypso hardware), the FFS is located in the first
8 sectors (of 256 KiB each) in the 2nd flash chip select bank,
which appears at 0x01800000 in the ARM7 address space.
- On the GTA01/02 GSM modem, FFS occupies 7 sectors of 64 KiB each,
starting at flash offset 0x380000.
For more information, please refer to the FreeCalypso project
documentation, from where this great contribution comes from.
Please note that existing MediaTek targets most likely use different
storage format as they have nothing from TI Calypso. Also, we don't
(yet) know the location of TIFFS on SE J100i and Compal E99 targets.
The TIFFS support is needed for the follow-up change, that
implements reading of the factory RF calibration values.
Tweaked (coding style changes) by Vadim Yanitskiy <axilirator@gmail.com>
Change-Id: If6e212baeb10953129fb0d5253d263567f5e12d6
Related: OS#3582
FCDEV3B (stands for "FreeCalypso development board, triband") is a
GSM mobile station development board by FreeCalypso project. The
board features the same legendary TI Calypso GSM MS chipset that
was used in commercial GSM/GPRS modems such as Openmoko's, and
functions as a standalone (or "bare") GSM modem.
For more information, please see the project's web side:
https://www.freecalypso.org/fcdev3b.html.
Change-Id: I09bd35a18d3ea094000050169a62fd82ba6eccfe
Related: OS#3581
The ability to read the second half of flash on E99 is needed
for the follow-up change, that implements reading of the
factory RF calibration values.
Change-Id: Ia677ebdc1ada9fd41daf211fd9da06cd118365fa
Related: OS#3582
Each given Mot C1xx phone is made either for 900+1800 MHz, in which
case only the DCS Rx port is connected, or for 850+1900 MHz, in which
case only the PCS Rx port is connected. Let's tell the TRF6151 driver
that both DCS and PCS ports are connected, so that the same binary
build can be used on both EU-band and US-band C1xx phones.
If one needs to tune the TRF6151 receiver out of spec, or at least
outside of the DCS/PCS Rx SAW filter's legitimate passband (or if
the SAW filter was changed or removed), then the rffe_get_rx_ports()
function might be changed to indicate which Rx port is physically
connected: PORT_DCS1800 only or PORT_PCS1900 only.
Change-Id: I620084c33ad165faffbbfc45923faedad77aafb2
Most Calypso peripheral interface signals are unconnected on
Openmoko GTA0x. Let's configure them to be GPIOs in IO_CONF_REG,
then configure them to be outputs in IO_CNTL_REG, then set
the outputs to 0 in ARMIO_LATCH_OUT.
Change-Id: I306ffacb623d2b06a188f84026ccadab408d1676
This change fixes the following compiler warning:
sim.c: In function ‘gsm_sim_reply’:
sim.c:149:11: warning: variable ‘payload’ set but not used
[-Wunused-but-set-variable]
uint8_t *payload;
Change-Id: I3767b23bb1b28d3f4bb515d399bce160ba2eee09
As we do iterate over all entities in the BA list, it makes more
sense to print each one separately instead of printing the last
one. Moreover, as soon as the iteration is finished, *ba points
to some zero-initialized part of memory:
gsm322.c:5170 Write stored BA list (mcc=000 mnc=000 Marshall Islands, 000)
After this patch:
gsm322.c:5162 Write stored BA list (mcc=250 mnc=99 Russian Federation, Beeline)
gsm322.c:5162 Write stored BA list (mcc=250 mnc=01 Russian Federation, MegaFon)
gsm322.c:5162 Write stored BA list (mcc=250 mnc=02 Russian Federation, MTS)
gsm322.c:5162 Write stored BA list (mcc=544 mnc=31 Serbia, Telenor)
Change-Id: I5160492e6125401c6a1765f54d129b1f1cd503fc
In If1e851ac605c8d2fde3da565b0bd674ea6350c2e, msgb_wrap_with_TL()
was renamed to msgb_push_tl(). Let's use the new symbol name.
Change-Id: Ief37424e0ca3cd696054518a0ffb07b7ef17a462
Both l1ctl_link_init() and trx_if_open() do accept 'tall_ctx' now,
so there is no need to expose the root context anymore. For
logging initialization, we can just pass a pointer.
Change-Id: I7a2231eb880a995d3296b94481a7799e6ff07489
The main changes are:
- return pointer to the allocated l1ctl_link or NULL,
- accept the talloc context as 'tall_ctx' argument.
Change-Id: I7fe1bc306494ac692c182dcfd2a2d9412929194b
The main changes are:
- return pointer to the allocated trx_instance or NULL,
- extend debug message with TRX address and base port,
- accept the talloc context as 'tall_ctx' argument,
- rename goto label 'error' to 'udp_error',
- rename argument 'port' to 'base_port'.
Change-Id: I39b24afee2f09d6a6c500cfc26ac45f206589c5c
Since Ibff31fb3a958a714c828d0dea7e87d47f778fd80, fake_trx.py does
support multiple transceivers. Let's update its description.
Change-Id: I6e4351693da3a1f7e3eadd8e11971c34044dde20
Since fake_trx.py can handle multiple transceivers, it may be useful
to name transceivers. If transceiver has some name, it will appear
in logging messages, for example:
[INFO] transceiver.py:104 Init transceiver 'BTS@127.0.0.1:5700'
[INFO] transceiver.py:104 Init transceiver 'MS@127.0.0.1:6700'
[INFO] transceiver.py:104 Init transceiver '127.0.0.1:5700/1'
This change additionally assigns names to the both default
transceivers, and extends the '--trx' option with ability
to specify some name, for example:
--trx foo@127.0.0.1:5700 or --trx bar@127.0.0.1:5700/1
--trx ipv6@[2001:0db8:85a3:0000:0000:8a2e:0370:7334]:6700
Change-Id: I2f58f02e7819bb008b8aab1a8bf9e0adeb2e44ec
One can confuse TRX control interface with libosmoctrl's one.
TRX toolkit is not using libosmoctrl, and will never do. But,
in order to avoid this confusion, and potential confusion of
DATA interface, let's call them 'TRXC' and 'TRXD' in logging.
Change-Id: I67b1e850094cf8e279777c45c7544886be42a009
Since fake_trx.py can handle multiple transceivers, it makes sense
to print some info in logging messages about transceivers they
belong to. This acvieved by defining __str__() for Transceiver.
Some examples:
[DEBUG] ctrl_if_trx.py:83 (127.0.0.1:5700) Recv POWEROFF cmd
[INFO] ctrl_if_trx.py:85 (127.0.0.1:5700) Stopping transceiver...
[DEBUG] ctrl_if_trx.py:95 (127.0.0.1:5700/1) Recv RXTUNE cmd
[DEBUG] ctrl_if_trx.py:102 (127.0.0.1:5700/1) Recv TXTUNE cmd
[DEBUG] ctrl_if_trx.py:155 (127.0.0.1:5700/1) Ignore CMD SETTSC
[DEBUG] ctrl_if_trx.py:155 (127.0.0.1:5700/1) Ignore CMD SETPOWER
Change-Id: I1f706790a2da226f1418f89d2cfbb55baa6ea624
There should be no code in run() that does initialization,
__init__() is the best place for this. This change allows
to import the Application class from fake_trx.py, and
run it from script (e.g. for testing).
Change-Id: I84969630348a189d237cc98354e568421839a37b
The (BT)SAP (Bluetooth SIM Access Profile) is a part of Bluetooth
specifications, that defines the protocol and procedures that
shall be used to access a smart card (usually GSM SIM) via
a Bluetooth link.
The profile defines two roles:
- Server - the side that has direct access to a smart card.
It acts as a SIM card reader, which assists the Client
in accessing and controlling the smart card.
- Client - the side that accesses and controls the smart card
inside the Server through the connection with Server.
Typical examples of a Server are a simple SIM card holder or
a portable phone in the car environment. A typical example of
a Client is a car phone, which uses a subscription module in
the Server for a connection to the cellular network.
OsmocomBB implements the Client role providing abstract SAP
interface API to the higher layers. Instead of Bluetooth,
a UNIX socket is used to communicate with a Server.
The previous implementation of (BT)SAP interface was incomplete
and hard to maintain. This change (re)implements it almost from
scratch on top of the Osmocom FSM framework.
Besides that, the most significant changes are:
- The implementation is separated into three parts:
- sap_interface.{c|h} - public SAP interface API,
- sap_proto.{c|h} - SAP protocol definition,
- sap_fsm.{c|h} - SAP FSM implementation.
- Both 'sap_message' and 'sap_param' structures follow the
SAP message format definition according to 5.1 and 5.2.
- The message parsing is done more carefully in order to
prevent buffer overflow and NULL-pointer dereference.
- Introduced public API for getting / adding message
parameters, and checking the ResultCode.
- Introduced public API for opening / closing a connection
with the server, powering on / off and resetting the SIM
card, sending ATR and APDU.
- Introduced a call-back for handling the response message.
- Card reader state is also a part of the public API.
The new implementation was tested against softsim [1]. The
only limitation is Server-initiated Release, that allows the
Server to 'ask' a Client to release connection as soon as
communication with the smart card is finished. This is not
implemented (yet), and leads to immediate release.
[1] https://git.osmocom.org/softsim/
Change-Id: I77bb108615bb2c94c441568f195b04e0a5421643
It seems in Ice44e2b22566b3652ef6d43896055963b13ab185 I forgot
to do this, so all measurements triggered by MEASURE command
were incorrect (always noise). Let's fix this!
Change-Id: I155f118b2d3e3b23eb148fe7e2630790f8fcd18c
Since Ice44e2b22566b3652ef6d43896055963b13ab185 is merged, the class
hierarchy has become much more flexible, so it's possible to create
multiple Transceiver / FakeTRX instances and distribute bursts using
a single instance of BurstForwarder.
This change introduces a new command line option, that can be used
to specify additional transceivers. Please note that fake_trx.py
still initializes a pair of BTS and BB transceivers by default.
The new option has the following format:
--trx REMOTE_ADDR:BASE_PORT[/TRX_NUM]
Some examples for IPv4 and IPv6:
--trx 127.0.0.1:5703
--trx [2001:0db8:85a3:0000:0000:8a2e:0370:7334]:6703
If optional TRX_NUM > 0 is specified, e.g.:
--trx 127.0.0.1:5700/1
then this transceiver is considered as a child of another one.
See I7e97b7f32dde7ab74779133e9d7504f1d0fce60c for details.
Change-Id: Ibff31fb3a958a714c828d0dea7e87d47f778fd80
A BTS can (optionally) have more than one transceiver. In this case
additional (let's say child) transceivers basically share the same
clock source of the first transceiver, and being powered on / off
as soon as the first transceiver is powered on / off.
Change-Id: I7e97b7f32dde7ab74779133e9d7504f1d0fce60c
It was discovered that using an empty list as default argument
value does result into the cross-reference, i.e. all instances
of BurstForwarder would reference the same trx_list object.
This is not an expected behaviour, let's fix this.
Change-Id: Id71185de05b0ebc5adb105b10fad2cbde5f800b1
Passing NULL to sap_msg_free() is not only meaningless, but also
would result in NULL pointer dereference. We should call it in
successful case only, so let's fix this.
Change-Id: Icf868c4299e292a17c4b7aad1f9e728ea3653494
Due to a mistake, average RSSI value of received bursts was not
converted to GSM RX level (range 0..63), so trxcon has been
sending incorrect values to the higher layers.
Let's fix this, and also prevent possible division by zero.
Change-Id: Id4659de899411ec1ba1718fdcb40aec562dbfd65
There are several SIM card interfaces, two of which:
- GSM_SIM_TYPE_L1PHY (using built-in SIM reader of the L1 PHY),
- GSM_SIM_TYPE_SAP (using remote reader via (BT)SAP protocol),
can actually deal with a physical SIM card. But, for some reason,
only GSM_SIM_TYPE_L1PHY was considered as such. Let's also get
along with GSM_SIM_TYPE_SAP for the following procedures:
- PIN management and verification,
- FPLMN / LOCI updating,
- A3 authentication.
Change-Id: I4b3080fa7a5332467a449a314ba3cc3a07a9b7df
Since we have two ways to interact with a physical SIM:
- using built-in SIM reader of the L1 PHY (via L1CTL),
- using remote reader via (BT)SAP protocol,
name 'GSM_SIM_TYPE_READER' looks quite confusing. Let's rename it
in order to explicitly indicate the role of L1 PHY.
Change-Id: I0f83f365ed50cfd658fdd3a9d6866ed76c8c4009
Almost all layer23 applications, excluding mobile, have nothing
to do with SAP interface. Moreover, the current implementation
does initialize SAP connection automatically, as soon as the
first message is sent.
Change-Id: I62cc69c06fa15468a55bb0a9d408267d0745174c
This change is a big step towards handling of multiple transceivers
in a single process, i.e. multiple MS and multiple BTS connections.
The old class hierarchy wasn't flexible enough, because initially
fake_trx was designed as a bridge between OsmocomBB and OsmoBTS,
but not as the burst router. There were two separate, but 90%
similar implementations of the CTRL interface, two variations
of each simulation parameter - one for UL, another for DL.
The following new classes are introduced:
- Transceiver - represents a single transceiver, that can be
used as for the BTS side, as for the MS side. Each instance
has its own CTRL, DATA, and (optionally) CLCK interfaces,
among with basic state variables, such as both RX / TX freq.,
power state (running or idle) and list of active timeslots.
- CTRLInterfaceTRX - unified control interface handler for
common transceiver management commands, such as POWERON,
RXTUNE, and SETSLOT. Deprecates both CTRLInterface{BB|BTS}.
- FakeTRX - basically, a child of Transceiver, extended with
RF path (burst loss, RSSI, TA, ToA) simulation. Implements
a custom CTRL command handler for CTRLInterfaceTRX.
The following classes were refactored:
- BurstForwarder - still performs burst forwarding, but now
it doesn't store any simulation parameters, and doesn't
know who is BTS, and who is MS. Actually, BurstForwarder
transforms each L12TRX message into a TRX2L1 message, and
dispatches it between running transceivers with matching
RX frequency and matching timeslot.
- FakePM - still generates random RSSI values, but doesn't
distinguish between MS and BTS anymore. As soon as a
measurement request is received, it attempts to find
at least one running TRX on a given frequency.
Please note that fake_trx.py still does handle only a single pair
of MS and BTS. No regressions have been observed. Both new and
refactored classes were documented.
Change-Id: Ice44e2b22566b3652ef6d43896055963b13ab185
Related: OS#3667
In I6b9a8b611ea1e9badc4d9ddf13aa9e237028e39a an optional legacy
message coding mode was introduced. Let's add the corresponding
argument to send_msg() and pass it to gen_msg().
Change-Id: I6b9a8b611ea1e9badc4d9ddf13aa9e237028e39a
Some transceivers (e.g. OsmoTRX) have inherited a rudiment from
OpenBTS - two dummy bytes at the end of TRX2L1 messages. Despite
they are absolutely useless, some L1 implementations, such as
trxcon and OpenBTS, still do expect them when checking
the message length.
Let's add an optional (disabled by default) argument to gen_msg(),
that would enable adding those two dummy bytes.
Change-Id: I0cf1314c399411886420176704cadd6e6d84787f
The built-in struct module is already used for toa256 decoding,
so let's use it for toa256 encoding, and TDMA frame number
coding too - no need to (re)implement the wheel!
Change-Id: I10d2e15ac57a0524e9bc1c80ed6a0f6f5a263436
A timeslot can be reconfigured at runtime, this is normal.
We should neither complain nor reject such commands.
Change-Id: I0a69ebceed5aa724093e6d1b23faad8c16705055
False is not iterable, so we should properly handle the case
when parsing of the whole DATA dump was failed (e.g. due to
incorrect offset specified).
Change-Id: I5443efb39bb9d3377290ce7ec5e34016cae0edb2
Found using Flake8, F841 "local variable 'pf_group' is assigned
to but never used". The filtering related options should be
defined in 'pf_group' group, not in 'cnt_group'.
Change-Id: I15d17c134cbbbd54d761113a56c1f83910ab6407
Found using Flake8:
- data_if.py:57:4: F405 'log' may be undefined, or defined
from star imports: data_msg
- clck_gen.py:29:1: F401 'time' imported but unused
- clck_gen.py:30:1: F401 'sys' imported but unused
- trx_sniff.py:28:1: F401 'signal' imported but unused
Change-Id: Id0c42319b445db218b77fd5e99a9a0a89724281d
This change extends DATAInterface class with new methods:
- recv_raw_data() - read raw data from socket;
- recv_l12trx_msg() - read raw data and parse as L12TRX;
- recv_trx2l1_msg() - read raw data and parse as TRX2L1;
which would simplify the further usage of this class.
Change-Id: I761c4e63864622d3882b8f9c80ea43b58f092cb1
It makes much more sense to read data from socket in handle_rx(),
instead of expecting a buffer with received data from caller.
Change-Id: I83479c60c54e36a2a7582714a6043090585957ae
There is no need to (re)define the arguments of UDPLink's constructor.
Let's use non-keyworded variable length argument list (*args).
Change-Id: Ia312a5e15ce88d5f7e8d76c4ea8c93c59d91be5a
Since I8fd2a2ab7784b38bde5ebcfd0359b7e2cb53f5a7, SETTA command
handling was broken, because the range limitation was removed
together with argument parsing. Let's fix this.
Change-Id: If582af3849359866de129504cc5b2dc6d64edbd5
Since we have introduced ApplicationBase class, that are used
by all existing applications, let's merge the copyright
printing helper into it.
Change-Id: I8b70ec2dd08cb2ffed733d2c4e1215b094f8d3d5
Before this change, it was impossible to configure logging
parameters from command line, such as log level and format.
This change introduces the following optional arguments:
--log-level - logging level for stderr (by default, DEBUG);
--log-format - logging message format for stderr;
--log-file-name - enable logging to a given file;
--log-file-level - logging level for file (by default, DEBUG);
--log-file-format - logging message format for file;
which are defined in a new class called ApplicationBase, so
all existing applications should inherit them now.
Change-Id: Ic3b0440cd73946ad444bd7e48feb7a92d45f6488
Both '--bind-addr' and '--burst-type' had the same short '-b'.
Let's use the upper case version for '--burst-type'.
Change-Id: Ib8a46e25cbc6266c3e147582f9e8045362270151
There are multiple advantages of using Python's logging module:
- advanced message formatting (file name, line number, etc.),
- multiple logging targets (e.g. stderr, file, socket),
- logging levels (e.g. DEBUG, INFO, ERROR),
- the pythonic way ;)
so, let's replace multiple print() calls by logging calls,
add use the following logging message format by default:
[%(levelname)s] %(filename)s:%(lineno)d %(message)s
Examples:
[INFO] ctrl_if_bts.py:57 Starting transceiver...
[DEBUG] clck_gen.py:87 IND CLOCK 26826
[DEBUG] ctrl_if_bts.py:71 Recv POWEROFF cmd
[INFO] ctrl_if_bts.py:73 Stopping transceiver...
[INFO] fake_trx.py:127 Shutting down...
Please note that there is no way to filter messages by logging
level yet. This is to be introduced soon, together with argparse.
Change-Id: I7fcafabafe8323b58990997a47afdd48b6d1f357
The randomization of both UL/DL RSSI and ToA values is optional,
and can be configured from the control interface (see both
FAKE_RSSI and FAKE_TOA commands).
The command line options for enabling / disabling the randomization
were redundant, so let's get rid of them and check if the
corresponding treshold value is set.
Change-Id: I6adc13b8989ade2fab895673525c0ca17bf9b3f2
For some reason, the time-slot pass-filtering was only done for
DL bursts, but not for UL bursts. BurstForwarder shall not pass
UL bursts for unconfigured time-slots too.
Let's also print a warning if an UL burst is sent on a not
configured time-slot, i.e. before sending SETSLOT command.
Change-Id: Idb7f5b212e5814aeff8ca8bc875ad066674267cd
Previously it was only possible to configure a single time-slot
that would be pass-filtered by a BurstForwarder instance. In some
applications it would be useful to configure multiple time-slots,
so let's refactor the time-slot pass-filtering algorithm.
Change-Id: Ie1490adaf7a7c62c966aeb60c1898eaf3b5a1e84
Instead of having all configuration variables of BurstForwarder
initialized in the class heading, let's introduce two functions
for initialization (resetting to defaults) of both UL/DL params.
This would allow to reset a BurstForwarder instance from the
control interface in follow-up patches.
Let's also introduce some basic documentation for the class
fields, which were defined in the heading previously.
Change-Id: I6b1bf41cf22f01a7e7ecc91c625fb0d2bf4bfeac
The idea of SETFH command is to instruct transceiver to enable
frequency hopping mode using the following parameters:
CMD SETFH <HSN> <MAIO> <CH1> <CH2> [... <CHN>]
Note: since the length of a CTRL command is limited to 128
symbols (BTW: why?), the amount of channels is also limited.
Change-Id: Id3d44e6a2796f1ce8523a49dedd5d484052a5c7f
This change revives the main idea of:
Change-Id: I32517567847fd5c54b1742f18bf409ff81e316fa
to stop ignoring the VTY bind address from the config file.
Furthermore, it deprecates (and disables) both 'u' and 'v'
command line options, because they are redundant.
Change-Id: I99e0ec1717edd29b3be231be86616cc7effe5d95
The process should be aborted if a non-existing command line
option or an incorrect parameter value is passed.
Change-Id: Ib656ad12f12429ed15dc2a1554901ffa51148ff6
The VTY requisites are always being printed by libosmovty,
there is no need to duplicate this information.
Change-Id: I688f66175ea67d4c6a46819bee7d300ad9ce7cc7
This reverts commit c8de8cb1e1
(Change-Id I32517567847fd5c54b1742f18bf409ff81e316fa by Max),
because several problems were introduced, in particular:
a) Help message of mobile application is broken:
"The VTY IP to telnet to. (default (null))",
"The VTY port number to telnet to. (default 127.0.0.1)".
b) Default VTY bind addres != parsed from the config file.
c) The (vty_ip == NULL) is resolved only when an external
MNCC handler is used, otherwise NULL is passed to
l23_app_init().
Change-Id: Ic63a4eb828ff32d3744886b4f5f6f5019c798620
Previously the vty bind config parameter was always ignored. Fix this by using proper
default value from the config unless it's explicitly set via command-line parameter.
Change-Id: I32517567847fd5c54b1742f18bf409ff81e316fa
Log via LOGP() like the rest of the file instead of fprintf() for
consistency. While at it, also print error cause.
Change-Id: Id205bcd9bdb7c3e4b96493d50be8381a6fa80ac6
Fixes following ASan warning:
git/osmocom-bb/src/host/layer23/src/misc/../common/main.c:146:2: runtime error: null pointer passed as argument 2, which is declared to never be null
The warning however is harmless since in that case, app_len = 0 and thus
size to copy is 0.
Change-Id: I009a5b53f1e5be72ce347d64d3a7cb1d95d37ea3
Unlike the DATA messages, traffic frames may have different length.
Instead of having fixed payload (i.e. TCH frame) length, let's
introduce a flexible array member. This would allow one to
calculate the frame length using the MSGB API.
Change-Id: I119fa36c84e95c3003d57c19e25f8146ed45c3c6
L1CTL implementation (i.e. l1ctl.c) is not a good place for the
SIM specific stuff. Let's move it to the proper place (i.e. sim.c).
As a bonus, this change fixes a possible problem of loosing the
cached APDUs if two or more L2&3 applications are using a single
LAPDm connection. The APDU buffer is dedicated per MS now.
Change-Id: I564c610e45aa3b630ca5d1ec6bc1cace0dc9c566
Previously the wildcard address (i.e. '0.0.0.0') was hard-coded
as the bind address of TRX interface. Let's make it configurable
by introducing a command line option.
Note that the '--trx-ip' option was deprecated by '--trx-remote',
because it isn't clean whether it is remore or local address. It
still can be used, but was removed from help message.
Change-Id: Ic2f43632cc57bb6f722eba05219e438f97fecb95
Since FakeTRX is a proxy, it basically emulates transceiver for
both osmo-bts-trx and trxcon, hence there are two separate and
independent control interfaces (usually, ports 6701 and 5701).
All simulation commands (see 'FAKE_*') are usually implemented
on both interfaces separately:
- ctrl_if_bb.py - simulation commands affecting Uplink,
- ctrl_if_bts.py - simulation commands affecting Downlink.
This change introduces the 'FAKE_RSSI' command for both CTRL
interfaces in two variations:
- absolute: CMD FAKE_RSSI <BASE> <THRESH>
- relative: CMD FAKE_RSSI <+-BASE_DELTA>
where 'THRESH' affects optional value randomization.
Change-Id: Ic01c31fb0304345dd7337c3ee1c7ee3c2d3e8460
Almost all handlers for received L1CTL messages are also affected
by the bug fixed in I7fe2e00bb45ba07c9bb7438445eededfa09c96f3. In
short, they do verify the length of 'msg->l2h' or 'msg->l3h', but
not the 'msg->l1h'. Let's fix this, and also add missing checks.
Change-Id: I866bb5d97a1cc1b6cb887877bb444b9e3dca977a
As we assign the payload following L1CTL header to 'msg->l1h',
it makes sense to avoid possible naming confusion.
Change-Id: I5d21ca8664b3445f472d3ffde90d0e11805dcb16
The actual L1CTL header is pointed by 'msg->l1h', not 'l2h'!
Since msg->l2h is NULL (because nobody set it), the result of
msgb_l2len() would always be bigger than size of L1CTL header,
as it is calculated in the following way:
return msgb->tail - (uint8_t *)msgb_l2(msgb);
So, in case if 'msg->l2h' is NULL, it turns into:
return msgb->tail - 0;
Change-Id: I7fe2e00bb45ba07c9bb7438445eededfa09c96f3
In l1ctl_recv() we actually expect to 'see' the L1CTL header
instead of the DL info header. Let's fix this.
Change-Id: Ic7d017bef04f3c186565d5dade36959df1019bd8
There is no need to keep the L1CTL header in messages being sent
towards the upper layers, but the L1 info header can be used by
L2&3 to obtain some information, e.g. TDMA frame number.
Change-Id: Id64249f1b7a1c2be578263ba62aa195c452ab7e8
This change extends sched_trx_chan_nr2pchan_config() with Osmocom
specific cbits related to CBCH, so now one can to decode
CBCH channels in dedicated mode (see L1CTL_DM_EST_REQ).
Change-Id: I9347c45638223cac34f4b48eb736e51a5055a36f
According to GSM TS 05.02, there are two ways to enable CBCH:
a) replace sub-slot number 2 of CCCH+SDCCH/4 (comb. V),
b) replace sub-slot number 2 of SDCCH/8 (comb. VII).
Unlike SDCCH/8 (case b), CCCH+SDCCH/4 can be allocated on TS0
only, and shall not use frequency hopping. This means that
implementing CBCH support on SDCCH/8 would require much more
efforts than on combined CCCH+SDCCH/4, as in last case CBCH
messages can be received without the need to switch from
idle to dedicated mode.
This change introduces a new ccch_mode item, which should be
used by the higher layers to indicate presence of CBCH channel
on C0/TS0, so the PHY would enable decoding of CBCH messages
on CCCH+SDCCH/4 (case a) in idle mode.
Regarding to CBCH on SDCCH/8 (case b), it makes sense to
extend the 'l1ctl_dm_est_req', so it would be handled in
dedicated mode on request from the higher layers.
Change-Id: Ia94ebf22a2ec439dfe1f31d703b832ae57b48ef2
According to GSM TS 05.02, section 3.3.5, Cell Broadcast Channel
(CBCH) is a downlink only channel, which is used to carry the
short message service cell broadcast (SMSCB). CBCH is optional,
and uses the same physical channel as SDCCH. More precisely,
CBCH replaces sub-slot number 2 of SDCCH channels when enabled.
This change introduces the CBCH enabled multi-frame layouts,
and two separate logical channel types:
- GSM_PCHAN_CCCH_SDCCH4_CBCH (lchan TRXC_SDCCH4_CBCH),
- GSM_PCHAN_SDCCH8_SACCH8C_CBCH (lchan TRXC_SDCCH8_CBCH).
Both logical channels are separately identified using
the following Osmocom specific cbits:
- TRXC_SDCCH4_CBCH - 0x18 (0b11000),
- TRXC_SDCCH8_CBCH - 0x19 (0b11001).
The reason of this separation is that we somehow need to
distinguish between CBCH on C0/TS0, and CBCH on CX/TS0.
Unlike TRXC_SDCCH8_CBCH, TRXC_SDCCH4_CBCH is enabled
automatically (TRX_CH_FLAG_AUTO), so CBCH messages
can be decoded on C0 while being in idle mode.
Change-Id: Iad9905fc3a8a012ff1ada26ff95af384816f9873
According to GSM TS 05.02, section 3.3.5, Cell Broadcast Channel
(CBCH) is a downlink only channel, which is used to carry the
short message service cell broadcast (SMSCB). CBCH is optional,
and uses the same physical channel as SDCCH. More precisely,
CBCH replaces sub-slot number 2 of SDCCH channels when enabled.
This change introduces the following CBCH related tasks:
- MF_TASK_SDCCH4_CBCH (CBCH on C0/TS0 SDCCH/4),
- MF_TASK_SDCCH8_CBCH (CBCH on SDCCH/8),
which are identified using the following Osmocom specific cbits:
- MF_TASK_SDCCH4_CBCH - 0x18 (0b11000),
- MF_TASK_SDCCH8_CBCH - 0x19 (0b11001).
The only way to enable these tasks at the moment is to send
L1CTL_DM_EST_REQ message with required cbits and tn.
Change-Id: I1d7f02cba1cd8f6527360589d2d2747b6426f78b
The mframe_task2chan_nr() is used to get the channel number
(encoded according to 08.58 Chapter 9.3.1) corresponding to
a given multi-frame task type.
It makes sense to at least print some debug message in cases
when there is no matching channel number for a given task type.
Change-Id: I34587b6c67015513de35d85a7a3291f452ee7f3b
The 'ccch_mode' enum from 'l1ctl_proto.h' to be extended in the
near future in order to reflect persistence of CBCH. Thus it
should be handled in a switch statement.
Change-Id: I75e3b8deac1da296efb178e65ff6992b5c407b80
According to GSM TS 08.58, chapter 9.3.1, channel number 0x08
describes sub-slot number 0 of SDCCH/8+ACCH. This is definitely
wrong. In OsmoBTS we use an Osmocom specific extension for packet
switched channels - 0xc0, so let's use it here too.
Change-Id: I11925408d6e63baf1eac880839ecd717843fba6a
In some conditions it's required to maintain continuous burst
transmission (e.g. on C0). If there is nothing to transmit at
a given moment, either a LAPDm func=UI fill frame,
or a "dummy" Paging Request is used.
In case of 'ccch_scan' application, they are useless.
Let's detect and omit them.
Change-Id: I6ccecb1a78bdac3e467bdc14b7a01afbe17aa53c
By definition, 'ccch_scan' application is intended to be used for
monitoring of CCCH channels on C0/TS0. There is no need to send
RACH requests, therefore there is no need to care about the
mobile allocation from SI1 message.
Most likely, this "dead" code was copy-pasted from mobile
application. Let's clean it up!
Change-Id: I7c2f47cbc825a5e5a50863d842729d3d8408b9dd
According to 3GPP TS 04.08, section 3.4.1, SACCH logical channel
accompanies either a traffic or a signaling channel. It has the
particularity that continuous transmission must occur in both
directions, so on the Uplink direction measurement result messages
are sent at each possible occasion when nothing else has to be sent.
The LAPDm fill frames (0x01, 0x03, 0x01, 0x2b, ...) are not
applicable on SACCH channels!
Unfortunately, 3GPP TS 04.08 doesn't clearly state which "else
messages" besides Measurement Reports can be send by the MS on
SACCH channels. However, in sub-clause 3.4.1 it's stated that
the interval between two successive measurement result messages
shall not exceed one L2 frame.
This change introduces a separate handler for SACCH primitives,
which dequeues a SACCH primitive from transmit queue, if present.
Otherwise it dequeues a cached Measurement Report (the last
received one). Finally, if the cache is empty, a "dummy"
measurement report is used. When it's possible,
a non-MR primitive is prioritized.
Change-Id: If1b8dc74ced746d6270676fdde75fcda32f91a3d
Related: OS#2988
Enforcing pointer to a 'trx_instance' structure is not flexible,
because it is used as parent talloc context only.
Change-Id: I5ab2ef5cea76f955bf72ef54541b3b75cdc2d23f
Having access to a logical channel state is required by the
follow-up change, which will introduce a separate function
for dequeuing SACCH primitives.
Change-Id: Ibde0acf8e6be224b1007be707a636eaad68c8d36
Unlike xCCH, TCH/H channels are using block diagonal interleaving,
so every single burst carries 57 bits of one traffic frame, and 57
bits of another one. Moreover, unlike TCH/F where both traffic
and FACCH/F frames are interleaved over 8 bursts, a FACCH/H is
interleaved over 6 bursts, while a traffic frame is interleaved
over 4 bursts.
This is why a TCH/H burst transmission can't be initiated on
an arbitrary TDMA frame number. It shall be aligned as of
stated in GSM 05.02, clause 7, table 1.
This change introduces two basic functions:
- sched_tchh_block_map_fn - checks if a TCH/H block transmission
can be initiated / finished on a given frame number
and a given channel type;
- sched_tchh_block_dl_first_fn - calculates TDMA frame number of
the first burst using given frame number of the last burst;
and some auxiliary wrappers to simplify the usage of
sched_tchh_block_map_fn().
Change-Id: Iaf4cb33f1b79df23f8a90c8b14ebe0cd9907fbb9
The 'normal' math operations, such as addition and substraction,
are not applicable for TDMA frame numbers because they may result
in out-of-range values.
Having TDMA frame math helpers in a single place would allow
one to avoid possible out-of-range result mistakes.
Change-Id: Ibb66ba846cc3d6c2eaa88414569e5f3751128047
GSM48_CMODE_SIGN means 'signaling only', so we shall not send
bad frame indications in this state. Instead, it makes sense
to send dummy L2 frames like we do for xCCH channels.
Change-Id: Ie39d53522cafab265099076b3194fa96aff217ba