[PATCH] osmocom-bb[master]: fake_trx: add a new tool for burst generation

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/gerrit-log@lists.osmocom.org/.

Harald Welte gerrit-no-reply at lists.osmocom.org
Thu Feb 22 15:33:13 UTC 2018


Review at  https://gerrit.osmocom.org/6752

fake_trx: add a new tool for burst generation

This change introduces a new tool named 'burst_gen.py'. One can
be used for sending GSM bursts either to L1 (OsmoBTS or OsmocomBB)
or to TRX (OsmoTRX and GR-GSM TRX). Currently it is only possible
to send random bursts of different types: NB, FB, SB, AB.

Change-Id: Ie14281222d29536b8690517e57af2a1007fcbc91
---
M src/target/fake_trx/README
A src/target/fake_trx/burst_gen.py
A src/target/fake_trx/rand_burst_gen.py
3 files changed, 428 insertions(+), 0 deletions(-)


  git pull ssh://gerrit.osmocom.org:29418/osmocom-bb refs/changes/52/6752/1

diff --git a/src/target/fake_trx/README b/src/target/fake_trx/README
index ac138e0..6b1c413 100644
--- a/src/target/fake_trx/README
+++ b/src/target/fake_trx/README
@@ -22,3 +22,8 @@
   - ctrl_cmd.py - another peripheral tool, which could be used
     for sending CTRL commands directly in manual mode, and also
     for application fuzzing.
+
+  - burst_gen.py - a tool for sending GSM bursts either to L1
+    (OsmoBTS or OsmocomBB) or to TRX (OsmoTRX and GR-GSM TRX).
+    Currently it is only possible to send random bursts of
+    different types: NB, FB, SB, AB.
diff --git a/src/target/fake_trx/burst_gen.py b/src/target/fake_trx/burst_gen.py
new file mode 100755
index 0000000..195158a
--- /dev/null
+++ b/src/target/fake_trx/burst_gen.py
@@ -0,0 +1,246 @@
+#!/usr/bin/env python2
+# -*- coding: utf-8 -*-
+
+# Simple tool to send custom messages via TRX DATA interface,
+# which may be also useful for fuzzing and testing
+#
+# (C) 2017 by Vadim Yanitskiy <axilirator at gmail.com>
+#
+# All Rights Reserved
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+import random
+import signal
+import getopt
+import select
+import sys
+
+from udp_link import UDPLink
+from rand_burst_gen import RandBurstGen
+
+COPYRIGHT = \
+	"Copyright (C) 2017 by Vadim Yanitskiy <axilirator at gmail.com>\n" \
+	"License GPLv2+: GNU GPL version 2 or later " \
+	"<http://gnu.org/licenses/gpl.html>\n" \
+	"This is free software: you are free to change and redistribute it.\n" \
+	"There is NO WARRANTY, to the extent permitted by law.\n"
+
+class DATAInterface(UDPLink):
+	# GSM PHY definitions
+	GSM_HYPERFRAME = 2048 * 26 * 51
+
+	def send_l1_msg(self, burst,
+		tn = None, fn = None, rssi = None):
+		# Generate random timeslot index if not preset
+		if tn is None:
+			tn = random.randint(0, 7)
+
+		# Generate random frame number if not preset
+		if fn is None:
+			fn = random.randint(0, self.GSM_HYPERFRAME)
+
+		# Generate random RSSI if not preset
+		if rssi is None:
+			rssi = -random.randint(-75, -50)
+
+		# Prepare a buffer for header and burst
+		buf = []
+
+		# Put timeslot index
+		buf.append(tn)
+
+		# Put frame number
+		buf.append((fn >> 24) & 0xff)
+		buf.append((fn >> 16) & 0xff)
+		buf.append((fn >>  8) & 0xff)
+		buf.append((fn >>  0) & 0xff)
+
+		# Put RSSI
+		buf.append(rssi)
+
+		# HACK: put fake TOA value
+		buf += [0x00] * 2
+
+		# Put burst
+		buf += burst
+
+		# Put two unused bytes
+		buf += [0x00] * 2
+
+		# Send message
+		self.send(bytearray(buf))
+
+	def send_trx_msg(self, burst,
+		tn = None, fn = None, pwr = None):
+		# Generate random timeslot index if not preset
+		if tn is None:
+			tn = random.randint(0, 7)
+
+		# Generate random frame number if not preset
+		if fn is None:
+			fn = random.randint(0, self.GSM_HYPERFRAME)
+
+		# Generate random power level if not preset
+		if pwr is None:
+			pwr = random.randint(0, 34)
+
+		# Prepare a buffer for header and burst
+		buf = []
+
+		# Put timeslot index
+		buf.append(tn)
+
+		# Put frame number
+		buf.append((fn >> 24) & 0xff)
+		buf.append((fn >> 16) & 0xff)
+		buf.append((fn >>  8) & 0xff)
+		buf.append((fn >>  0) & 0xff)
+
+		# Put transmit power level
+		buf.append(pwr)
+
+		# Put burst
+		buf += burst
+
+		# Send message
+		self.send(bytearray(buf))
+
+class Application:
+	# Application variables
+	remote_addr = "127.0.0.1"
+	base_port = 5700
+	conn_mode = "TRX"
+
+	burst_type = None
+	burst_count = 1
+
+	def __init__(self):
+		self.print_copyright()
+		self.parse_argv()
+
+		# Set up signal handlers
+		signal.signal(signal.SIGINT, self.sig_handler)
+
+	def run(self):
+		# Init DATA interface with TRX or L1
+		if self.conn_mode == "TRX":
+			self.data_if = DATAInterface(self.remote_addr,
+				self.base_port + 2, self.base_port + 102)
+		elif self.conn_mode == "L1":
+			self.data_if = DATAInterface(self.remote_addr,
+				self.base_port + 102, self.base_port + 2)
+		else:
+			self.print_help("[!] Unknown connection type")
+			sys.exit(2)
+
+		# Init random burst generator
+		self.gen = RandBurstGen()
+
+		# Send as much bursts as required
+		for i in range(self.burst_count):
+			# Generate a random burst
+			if self.burst_type == "NB":
+				buf = self.gen.gen_nb()
+			elif self.burst_type == "FB":
+				buf = self.gen.gen_fb()
+			elif self.burst_type == "SB":
+				buf = self.gen.gen_sb()
+			elif self.burst_type == "AB":
+				buf = self.gen.gen_ab()
+			else:
+				self.print_help("[!] Unknown burst type")
+				self.shutdown()
+				sys.exit(2)
+
+			print("[i] Sending %d/%d %s burst to %s..."
+				% (i + 1, self.burst_count, self.burst_type,
+					self.conn_mode))
+
+			# Send to TRX or L1
+			if self.conn_mode == "TRX":
+				self.data_if.send_trx_msg(buf)
+			elif self.conn_mode == "L1":
+				self.data_if.send_l1_msg(buf)
+
+		self.shutdown()
+
+	def print_copyright(self):
+		print(COPYRIGHT)
+
+	def print_help(self, msg = None):
+		s  = " Usage: " + sys.argv[0] + " [options]\n\n" \
+			 " Some help...\n" \
+			 "  -h --help           this text\n\n"
+
+		s += " TRX interface specific\n" \
+			 "  -m --conn-mode      Send bursts to: TRX (default) / L1\n"    \
+			 "  -r --remote-addr    Set remote address (default %s)\n"       \
+			 "  -p --base-port      Set base port number (default %d)\n\n"
+
+		s += " Burst generation\n" \
+			 "  -b --burst-type     Random burst type (NB, FB, SB, AB)\n"    \
+			 "  -c --burst-count    How much bursts to send (default 1)\n"   \
+
+		print(s % (self.remote_addr, self.base_port))
+
+		if msg is not None:
+			print(msg)
+
+	def parse_argv(self):
+		try:
+			opts, args = getopt.getopt(sys.argv[1:],
+				"m:r:p:b:c:h",
+				[
+					"help",
+					"conn-mode=",
+					"remote-addr=",
+					"base-port=",
+					"burst-type=",
+					"burst-count=",
+				])
+		except getopt.GetoptError as err:
+			self.print_help("[!] " + str(err))
+			sys.exit(2)
+
+		for o, v in opts:
+			if o in ("-h", "--help"):
+				self.print_help()
+				sys.exit(2)
+
+			elif o in ("-m", "--conn-mode"):
+				self.conn_mode = v
+			elif o in ("-r", "--remote-addr"):
+				self.remote_addr = v
+			elif o in ("-p", "--base-port"):
+				self.base_port = int(v)
+
+			elif o in ("-b", "--burst-type"):
+				self.burst_type = v
+			elif o in ("-c", "--burst-count"):
+				self.burst_count = int(v)
+
+	def shutdown(self):
+		self.data_if.shutdown()
+
+	def sig_handler(self, signum, frame):
+		print("Signal %d received" % signum)
+		if signum is signal.SIGINT:
+			self.shutdown()
+			sys.exit(0)
+
+if __name__ == '__main__':
+	app = Application()
+	app.run()
\ No newline at end of file
diff --git a/src/target/fake_trx/rand_burst_gen.py b/src/target/fake_trx/rand_burst_gen.py
new file mode 100644
index 0000000..4475e59
--- /dev/null
+++ b/src/target/fake_trx/rand_burst_gen.py
@@ -0,0 +1,177 @@
+#!/usr/bin/env python2
+# -*- coding: utf-8 -*-
+
+# Virtual Um-interface (fake transceiver)
+# Random burst (NB, FB, SB, AB) generator
+#
+# (C) 2017 by Vadim Yanitskiy <axilirator at gmail.com>
+#
+# All Rights Reserved
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License along
+# with this program; if not, write to the Free Software Foundation, Inc.,
+# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+
+import random
+
+class RandBurstGen:
+	# GSM L1 definitions
+	GSM_BURST_LEN = 148
+
+	# GSM 05.02 Chapter 5.2.3 Normal Burst
+	nb_tsc_list = [
+		[
+			0, 0, 1, 0, 0, 1, 0, 1, 1, 1, 0, 0, 0,
+			0, 1, 0, 0, 0, 1, 0, 0, 1, 0, 1, 1, 1,
+		],
+		[
+			0, 0, 1, 0, 1, 1, 0, 1, 1, 1, 0, 1, 1,
+			1, 1, 0, 0, 0, 1, 0, 1, 1, 0, 1, 1, 1,
+		],
+		[
+			0, 1, 0, 0, 0, 0, 1, 1, 1, 0, 1, 1, 1,
+			0, 1, 0, 0, 1, 0, 0, 0, 0, 1, 1, 1, 0,
+		],
+		[
+			0, 1, 0, 0, 0, 1, 1, 1, 1, 0, 1, 1, 0,
+			1, 0, 0, 0, 1, 0, 0, 0, 1, 1, 1, 1, 0,
+		],
+		[
+			0, 0, 0, 1, 1, 0, 1, 0, 1, 1, 1, 0, 0,
+			1, 0, 0, 0, 0, 0, 1, 1, 0, 1, 0, 1, 1,
+		],
+		[
+			0, 1, 0, 0, 1, 1, 1, 0, 1, 0, 1, 1, 0,
+			0, 0, 0, 0, 1, 0, 0, 1, 1, 1, 0, 1, 0,
+		],
+		[
+			1, 0, 1, 0, 0, 1, 1, 1, 1, 1, 0, 1, 1,
+			0, 0, 0, 1, 0, 1, 0, 0, 1, 1, 1, 1, 1,
+		],
+		[
+			1, 1, 1, 0, 1, 1, 1, 1, 0, 0, 0, 1, 0,
+			0, 1, 0, 1, 1, 1, 0, 1, 1, 1, 1, 0, 0,
+		],
+	]
+
+	# GSM 05.02 Chapter 5.2.5 SCH training sequence
+	sb_tsc = [
+		1, 0, 1, 1, 1, 0, 0, 1, 0, 1, 1, 0, 0, 0, 1, 0,
+		0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 1, 1, 1, 1,
+		0, 0, 1, 0, 1, 1, 0, 1, 0, 1, 0, 0, 0, 1, 0, 1,
+		0, 1, 1, 1, 0, 1, 1, 0, 0, 0, 0, 1, 1, 0, 1, 1,
+	]
+
+	# GSM 05.02 Chapter 5.2.6 Dummy Burst
+	db_bits = [
+		0, 0, 0,
+		1, 1, 1, 1, 1, 0, 1, 1, 0, 1, 1, 1, 0, 1, 1, 0,
+		0, 0, 0, 0, 1, 0, 1, 0, 0, 1, 0, 0, 1, 1, 1, 0, 
+		0, 0, 0, 0, 1, 0, 0, 1, 0, 0, 0, 1, 0, 0, 0, 0,
+		0, 0, 0, 1, 1, 1, 1, 1, 0, 0, 0, 1, 1, 1, 0, 0, 
+		0, 1, 0, 1, 1, 1, 0, 0, 0, 1, 0, 1, 1, 1, 0, 0,
+		0, 1, 0, 1, 0, 1, 1, 1, 0, 1, 0, 0, 1, 0, 1, 0, 
+		0, 0, 1, 1, 0, 0, 1, 1, 0, 0, 1, 1, 1, 0, 0, 1,
+		1, 1, 1, 0, 1, 0, 0, 1, 1, 1, 1, 1, 0, 0, 0, 1, 
+		0, 0, 1, 0, 1, 1, 1, 1, 1, 0, 1, 0, 1, 0, 
+		0, 0, 0,
+	]
+
+	# GSM 05.02 Chapter 5.2.7 Access burst
+	ab_tsc = [
+		0, 1, 0, 0, 1, 0, 1, 1, 0, 1, 1, 1, 1, 1,
+		1, 1, 1, 0, 0, 1, 1, 0, 0, 1, 1, 0, 1, 0,
+		1, 0, 1, 0, 0, 0, 1, 1, 1, 1, 0, 0, 0,
+	]
+
+	# Generate a normal burst
+	def gen_nb(self, seq_idx = 0):
+		buf = []
+
+		# Tailing bits
+		buf += [0] * 3
+
+		# Random data 1 / 2
+		for i in range(0, 57):
+			buf.append(random.randint(0, 1))
+
+		# Steal flag 1 / 2
+		buf.append(random.randint(0, 1))
+
+		# Training sequence
+		buf += self.nb_tsc_list[seq_idx]
+
+		# Steal flag 2 / 2
+		buf.append(random.randint(0, 1))
+
+		# Random data 2 / 2
+		for i in range(0, 57):
+			buf.append(random.randint(0, 1))
+
+		# Tailing bits
+		buf += [0] * 3
+
+		return buf
+
+	# Generate a frequency correction burst
+	def gen_fb(self):
+		return [0] * self.GSM_BURST_LEN
+
+	# Generate a synchronization burst
+	def gen_sb(self):
+		buf = []
+
+		# Tailing bits
+		buf += [0] * 3
+
+		# Random data 1 / 2
+		for i in range(0, 39):
+			buf.append(random.randint(0, 1))
+
+		# Training sequence
+		buf += self.sb_tsc
+
+		# Random data 2 / 2
+		for i in range(0, 39):
+			buf.append(random.randint(0, 1))
+
+		# Tailing bits
+		buf += [0] * 3
+
+		return buf
+
+	# Generate a dummy burst
+	def gen_db(self):
+		return self.db_bits
+
+	# Generate an access burst
+	def gen_ab(self):
+		buf = []
+
+		# Tailing bits
+		buf += [0] * 8
+
+		# Training sequence
+		buf += self.ab_tsc
+
+		# Random data
+		for i in range(0, 36):
+			buf.append(random.randint(0, 1))
+
+		# Tailing bits
+		buf += [0] * 3
+
+		# Guard period
+		buf += [0] * 60
+
+		return buf

-- 
To view, visit https://gerrit.osmocom.org/6752
To unsubscribe, visit https://gerrit.osmocom.org/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ie14281222d29536b8690517e57af2a1007fcbc91
Gerrit-PatchSet: 1
Gerrit-Project: osmocom-bb
Gerrit-Branch: master
Gerrit-Owner: Harald Welte <laforge at gnumonks.org>



More information about the gerrit-log mailing list