This patch introduces cell re-relection. When camping on a cell, it
scanns neighbour cells. If a 'better' cell is found, the cell is selected.
If the cell is in a different location area, a location upating is
performed under certain conditions.
The 'better' cell depends on various informations that are broadcasted on
the BCCH of a neihbour cell and of course the RX level. Most operators
don't set these informations, so the 'better' cell depend on a better
RX level for the same location area, or a much better RX level (6 dBm)
at a different location area.
There were many issues at the idle mode process that has been fixed.
Expecially when moving, the state machines got stuck, so no more cell search
was possible, or no further calls / location updating was possible.
In order to see the process of cell selection, enter the VTY interface and
enable the network monitor:
enable
monitor network 1 (where '1' is the instance of the MS)
In order to see the current state of the processes, enter:
show ms
The ARFC counts from 1 to 1023, and then to 0. The index of these loops
count from 1 to 1024. The index 1024 stands for ARFCN 0.
This also reverses commit eb77945e16.
If we use a larger field to store the IMSI, we can create overflows when
copying the imsi to other structures that are only 16 bytes in size.
Detected by Smatch:
src/host/layer23/src/mobile/subscriber.c +195 gsm_subscr_testcard(39) error: strcpy() 'set->test_imsi' too large for 'subscr->imsi' (20 vs 16)
This function can be called by a TDMA-driven L1 which will never actually want
to receive unsolicited/asynchronous PH-DATA.req primitives, but who will simply
directly poll the LAPDm transmit queue by calling the abovementioned function
We also introduce some related functions like
lapdm_{entity,channel}_set_mode()
lapdm_{entity,channel}_reset()
This is all in preparation for the Osmo-BTS Work.
This makes it possible to use GSM 850 and PCS 1900 bands, as used in the
US. The support relies on the phone hardware.
Each band (900, DCS, 850, PCS, 480 and 450) can be enabled and
disabled individually for each setting.
This patch changes include paths to get osmocom-bb working with
the current libosmocore tree.
Among all these renames, you can notice several tweaks that I
added on purpose, and that require some explanation, they are:
* hexdump() in osmocon.c and osmoload.c has been renamed to avoid
clashing with hexdump() defined in libosmocore.
* gsmmap now depends on libosmogsm. Actually I had to cleanup
Makefile.am because I was experiencing weird linking problems,
probably due to a bug in the autotools. With the change included
in this patch, I got it compiled and linked here correctly.
This patch has been tested with the phone Motorola C123 and the
following images files:
* firmware/board/compal_e88/hello_world.compalram.bin
* firmware/board/compal_e88/layer1.compalram.bin
Using the osmocon, bcch_scan and mobile tools.
Signed-off-by: Pablo Neira Ayuso <pablo@gnumonks.org>
Be able to add extra (short) options from the 'applet' to
the main application. Use this to print the help mentioning
app specific options, pass the getopt string and handle the
command line parsing for it.
Change cell_log to keep the logname in the app_cell_log.c
and then access it from the cell_log.c implementation.
Make it possible that each l23 app can inject the copyright string,
also prepare to have callbacks for the config handling and other
places. This will be useful to add app specific config options.
All functions for handling mobile instances and mobile relevant parts are
moved to mobile/app_mobile.c, the mobile/main.c and mobile/mncc.c become a
simple out-of-the-box mobile application. (making calls)
The mobile/main.c can be replaced easily by a different application now.
this application may have it's own call control implementation (layer 4).
Full configurations via VTY is still possible and required in this case.
To create another instance: 'ms <name> create'
To remove an instance: 'no ms <name>'
If no instance exists, 'ms 1' is created automatically on startup.
Each instance can be enabled / disabled by using 'shutdown' or
'no shutdown'. Multiple instances may share the same layer2 socket (same
phone hardware), but in this case only one instance can be enabled at the
same time. This makes it much easier to select different settings without
modifying them.
A 'shutdown' initiates the IMSI detach procedure before shutdown is
completed. A 'shutdown force' will immidiately shutdown.
There is no need to restart the software anymore, if fundamental settings
are changed. In this case, a 'shutdown' followed by a 'no shutdown' will
do the job.
If you already have an old osmocom.cfg, you need to "no shutdown" it.
Everything else behaves as before.
There are two criterions for lossing a signal, idle mode and dedicated mode.
A counter counts down when a frame is dropped, and counts up when a valid
frame is received on certain channel. The loss criterion is reached, if the
counter reaches 0. The values added to / removed from the counter and the
limits depend on the process.
Supported features of hardware (support.c) can be disabled by config.
This way the full featured mobile can be downgraded to indicate less
features to the network, like disabling speech support or crypto support.
The cell provides SYSTEM INFORMATION 5* and 6. These are used to create a
list of neighbor cells to monitor. Because there is no neighbor cell
monitoring supported by layer1, the list has no valid results yet.
Currently the average RX level of received frames are used to generate a new
report every second. The report is transmitted to layer1 and used there
whenever a measurement report has to be transmitted.
The timing advance and the current transmit power (as requested by network),
is included with every report.
The SIM client is now complete. Because it usefull for multiple
applications, i moved it to the layer23/src/common directory.
The SIM reader works together with mobile process. Fixes were made.
Thanx to all for testing, finding bugs, and making it work as it is
supposed to do.
The current version uses special L1CTL messages to send and receive APDUs.
This will change in the future, when BTSAP interface is completed.
Please note that this client will not work until the layer1 SIM reader
fixes and extensions are committed.
To define/change a key for the test SIM, use the following sequence:
conf t
ms 1
test-sim
ki comp128 xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx xx
end
write
or use:
ki xor xx xx xx xx xx xx xx xx xx xx xx xx
Sylvain pointed out that CM SERVICE ACCEPT message is not requred, if
ciphering has been completed. In this case, an RR_SYNC_IND is sent
to mobility management, and treated there as CM SERVICE ACCEPT.
The layer23 will now set crypto mode and key when CIPHERING MODE COMMAND is
received. After crypto mode has been set, CIPHERING MODE COMPLETE is sent.
NOTE: Layer1 implements only the interface, there is no functionality to it
yet.
The SIM client is not the SIM reader. It is used to process higher layer
requests. One request may be: "read the IMSI file" or "unlock SIM card, here
is the key". It then selects the right file of SIM card and processes the
request by exchanging APDUs with the SIM reader.
NOTE: Because the reader inside layer 1 is not yet finished, the SIM client
will not work and cannot be tested yet.
Assignment command is now complete as well as frequency redifinition.
The handover process is partly complete. Further functionality depends
on layer1 capabilites. The measurement report is also incomplete.
This commit features handling of ASSIGNMENT COMMAND. Currently only channel
descriptions "after time" are processed, which is mostly the case.
The ASSIGNMENT COMMAND is essential, because public networks assign an
SDCCH4/8 before actually assigning a TCH.
This early support does not use the received postion, it just dumps it.
Later it can be used to set clock of the phone. Also it can be used
to calculate the location of a BTS.
This is required to detect duplicated messages during assignment or
handover. Each PDISC uses its own sequence number, but MM+CC+SS share the
same. The sequence number is only required in uplink direction.
Dieter: Please check, if your tester eats it now. Also try to trace if the
sequence number is set correctly.
The interface between l1 and upper layer is called by several
name. IMHO l1ctl is shorted and sounds good so try to unify
using that.
Signed-off-by: Sylvain Munaut <tnt@246tNt.com>
This split the headers and adapt the source.
We use osmocom/bb as a prefix because libosomore also
uses osmocom and generic names such as misc & common could
conflict in the future.
Signed-off-by: Sylvain Munaut <tnt@246tNt.com>
The radio ressource layer uses RSL messages to perform RACH requests now.
TX power and timing advance is controlled before RACH request, after IMM.ASS,
and during dedicated mode. (Note that TX power control is not yet supported
by layer 1.)
In dedicated mode a frame is sent to layer 1. Subsequent frames are queued
inside lapdm.c until a confirm from layer 1 is received. Since not all
pending frames are sent rapidly at once, the layer 1 does not crash anymore.
Also included in this commit: handling of reset confirm (maybe required
in the future after dedicated mode)
Now layer23 supports selecting TS 0-4 with SDCCH/8 channels.
But some tests showed me that it doesn't work. Please help debugging.
Added DM release function to l1ctl.c and gsm48_rr.c.
Holger Hans Peter Freyther
Harald Welte
Steve Markgraf
Sylvain Munaut