baseband-devel

baseband-devel@lists.osmocom.org

1981 discussions

GSM 04.08 L2 pseudo length in ACCH System Information messages

by Vadim Yanitskiy

Hi everyone, I few days ago, during some usual R&D process, I noticed the following messages, appearing in the log output of OsmocomBB/mobile application: "ACCH message type 0xXX unknown." The network, a phone was connected to, was may own and based on more or less recent versions of OsmoNiTB, OsmoBTS, and OsmoTRX. Despite I used to see such messages before, I didn't pay too much attention. But this time I've decided to figure out, what's wrong there... The source of such messages is the gsm48_rr.c / gsm48_rr_rx_acch(): static int gsm48_rr_rx_acch(struct osmocom_ms *ms, struct msgb *msg) { // ... struct gsm48_system_information_type_header *sih = msgb_l3(msg); // ... switch (sih->system_information) { case GSM48_MT_RR_SYSINFO_5: return gsm48_rr_rx_sysinfo5(ms, msg); case GSM48_MT_RR_SYSINFO_5bis: return gsm48_rr_rx_sysinfo5bis(ms, msg); case GSM48_MT_RR_SYSINFO_5ter: return gsm48_rr_rx_sysinfo5ter(ms, msg); case GSM48_MT_RR_SYSINFO_6: return gsm48_rr_rx_sysinfo6(ms, msg); default: LOGP(DRR, LOGL_NOTICE, "ACCH message type 0x%02x unknown.\n", sih->system_information); return -EINVAL; } } To get I bit more details, I modified this function to print the whole L3 payload, and got some interesting results. As it turned out, the payloads were shifted one byte left - there was no 'l2_plen', which is assumed by: /* Section 9.1.3x System information Type header */ struct gsm48_system_information_type_header { uint8_t l2_plen; uint8_t rr_protocol_discriminator :4, skip_indicator:4; uint8_t system_information; } __attribute__ ((packed)); So, my first idea was that this is a bug of OsmocomBB, that would be fairly easy to fix, so after a quick look at the GSM 04.08 specification I wrote (and merged :/) this: https://gerrit.osmocom.org/#/c/5204/ And everything was great, until I connected a 'patched' mobile to a commercial mobile network... And all SI messages during a dedicated connection were false-identified as SI5ter. This seemed strange to me, so I decided to compare a SI message from commercial network with a message captured in my own one: https://habrastorage.org/webt/t8/zs/vv/t8zsvvjjglzfisnjqlnnsy4kgas.png And this confused me even more, then I've expected. Why there is 0x49? Wireshark false-identified this message as something related to SMS... What if this is exactly the 'l2_plen' assumed in OsmocomBB before? I looked at the specifications again, and found out that initially I refered an outdated 5.3.0 version, which was the first link in Google: http://www.etsi.org/deliver/etsi_gts/04/0408/05.03.00_60/gsmts_0408v050300p… while the latest one is 7.21.0: http://www.etsi.org/deliver/etsi_ts/100900_100999/100940/07.21.00_60/ts_100… So, I compared the 9.1.37-40 sections of both versions, and bingo! In the higher version ACCH System Information messages do have the 'L2 Pseudo Length' (10.5.2.19) field. Finally, what I've learned: - OsmocomBB / mobile follows the new version here (with l2_plen); - OsmoNiTB generates the ACCH SI messages without the l2_plen; - Recent Wireshark versions fail to decode the ACCH SI messages with l2_plen, while older ones are able to do that; - I should not merge the changes so quick. My questions are: - Which way of composing the SI messages is correct? - If both are correct, how to parse them correctly? - Should we change OsmoNiTB / OsmoBSC to follow the latest specs? And of course, I have to revert the change I've merged. With best regards, Vadim Yanitskiy.

7 years, 3 months

MS driver: GSM tester config integration

by Holger Freyther

Hey, pespin left a good comment about the question of how the MS driver and the GSM tester could be better integrated. I was about to write some argparse code for the MS driver but I think it is best to make this configurable as a scenario. In terms of scenario knobs I can see: - #MS - CDF function - IMSI generator (start with XXX and count upwards) - virtphy vs. trxcon? The actual test would remain separate (and maybe turn it into a suite at some point in the future). What do you think? What should I obey when parsing/handling config? holger

7 years, 3 months

port numbers in FakeTRX / trxcon

by Harald Welte

Hi Vadim, while playing with fake_trx and trxcon I was wondering about the port numbers you used. I think it's not the best idea to re-use the same port numbers / port number range on the MS side which are used on the network side. Is there any requirement to do so? why not simply shift the entire base port (5700) on the client side to something else like 6700? (Side note: The entrire TRX protocol using so many non-standard/non-IANA port numbers, not containing any version numbers for extensions, etc. is a mess, but that's for a separate discussion altogether. Would love to re-do this from scratch at some point) Regards, Harald -- - Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/ ============================================================================ "Privacy in residential applications is a desirable marketing option." (ETSI EN 300 175-7 Ch. A6)

7 years, 4 months

re: sciphone dream g2 mtk 6235 status? ;)

by Craig Comstock

Sorry for the premature mail posting. I did some more digging and found a quite good thread of information from around 2011 or so. http://baseband-devel.722152.n3.nabble.com/Mediatek-MT6235-status-Sciphone-… I note that Harald mentioned whether Marcin had suitable lab equipment and I was starting to wonder this as well. Harald, you suggested Racal 6103 or similar, spectrum analyzer/scope up to 900/1800/1900 MHz. I'm wondering if you have any more current recommendations for equipment. I would imagine I might use an RTL-SDR possibly to receive/monitor TX. I see Racal 6103 devices for around $100 on ebay so I could get one of those if need be. So I found the uboot sources and looked through and see board/mtk/sciphone_g2/mt6140.c which has the rf_tx <arfcn> uboot command. So I'll check fernvale/mtk6260 and see if similar code could be made for fernvale. -Craig

7 years, 4 months

Re: [OsmoBTS - Bug #2944] OsmoBTS master does not work with CalypsoBTS based transceivers

by Harald Welte

On Thu, Feb 15, 2018 at 06:38:50PM +0000, pespin [REDMINE] wrote: > So we now have the patches reviewed (+2) but due to the branch being old and having no jenkins.sh, Jenkins Builder set validate -1, and I'm not able to merge it. Help on how to fight against gerrit is required here. I could manually override the V-1 and set it to V+1. However, I guess the better solution would be to first merge a patch that adds jenkins.sh to the respective branch, and then re-trigger the validation of those patches. This way we would have a working solution even for future patches. Or even better: Rebas those old but still relevant branches on top of current master, and they would get the jenkins.sh and associated build verification for free. Do we have any volunteers for this? -- - Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/ ============================================================================ "Privacy in residential applications is a desirable marketing option." (ETSI EN 300 175-7 Ch. A6)

7 years, 4 months

sciphone dream g2 mtk 6235 status? ;)

by Craig Comstock

Hello, I have several of these devices now and am working on porting fernly code for the fernvale board (and other mtk626x devices) to osmocom-bb. I found this document: https://elinux.org/images/9/9a/Getting_the_First_Open_Source_GSM_Stack_in_L… and was wondering about the "GSM RF chips slide" which seems to indicate that you may have written RF HW drivers enough to transmit? I don't see the u-boot sources from the links at https://osmocom.org/projects/baseband/wiki/SciphoneDreamG2 but interestingly I can get to them directly with git. :) git clone git://git.osmocom.org/uboot-mt623x.git So I will take a look at what you have and see if I can get somewhere with these devices. If you have any suggestions please let me know. Cheers, Craig

7 years, 5 months

GAPK merge request

by Vadim Yanitskiy

Hi Sylvain, as you probably already know, I made a few changes in GAPK and now they are in a separate branch called 'fixeria/lib'. In a few words, the main idea of this set of changes is to compose a shared library called libosmogapk and add some basic test coverage. Please see: http://git.osmocom.org/gapk/log/?h=fixeria/lib As you're the maintainer and author of this project, I would like to ask you: is it possible to merge this branch into the mainline? At the moment, the new library is used by OsmocomBB, see: http://git.osmocom.org/osmocom-bb/commit/?h=fixeria/audio&id=0ed60f68b86b47… and moreover I am developing a set of GNU Radio blocks for GSM audio transcoding based on the GAPK library. Probably, some other projects may also benefit from a possibility to link against a shared library and use its features... If you support this idea, please let me know, which way of merging the branch is better for you: - using Gerrit, where I am not sure: if I will send a merge commit for review, would it 'drag' the whole long chain of commits, or the only one? - or using your write access rights. In both cases, I'll provide you detailed description of the merge commit. But first, I need to know your decision. With best regards, Vadim Yanitskiy.

7 years, 5 months

help : osmocombb transfer problem

by hao_zhang

sorry to bother you, i install openbsc and osmocombb in a pc. i want to transfer authentication information rand from osmocombb to openbsc, and transfer sres information from openbsc to osmocombb. What should I do? thanks zhanghao

7 years, 5 months

Building RFFE to work on MSM

by Marek Sebera

Hi, if following architecture is correct https://images.anandtech.com/doci/6541/RadioToday2.png What are currently available chips, using which we can build the RFFE part of BBP (such as Analog Devices ADF4602 or Avago ACPM-7600) so we can start working on UMTS/LTE software/protocol stack implementation on some commonly available Intel/ARM/AMD SoC (or multi-core SoC) ? If the RFFE part of BBP will be stable, work needed on MSM (Mobile Station Modem, i know it's Qalcomm's term) will be tremendous, but not unreal. Also might be partially ported current osmocomBB, but without working RFFE it is really hard to get the software started imho. Or is there something I don't get right now? Thank you Cheers! Marek

7 years, 5 months

Re: osmocomBB with osmo-bts stuck need help

by Vadim Yanitskiy

Hi, > I tried to install Jolly branch many times and this is > the debug result which always stop when sync to BTS. > > I was thinking the package is broken? testing with sylvain > is work, just like yesterday my registering still problem. > but this Jolly branch even cannot produce sync. Hmm, I just found out that both handover related commands are implemented in jolly/testing, but not in sylvain/testing: http://git.osmocom.org/osmocom-bb/tree/src/host/layer23/src/ transceiver/trx.c?h=jolly/testing#n440 http://git.osmocom.org/osmocom-bb/tree/src/host/layer23/src/ transceiver/trx.c?h=sylvain/testing#n369 You can implement a dummy command handler for sylvain/testing. Or use jolly's branch. But as I remember, there was a problem with some firmware images: http://osmocom.org/projects/baseband/wiki/Toolchain > note: as of 2013-10-20, if you use a toolchain with gcc >=4.8, > the firmware can be compiled, but will hang as soon as you want > to sync to an ARFCN. This issue has been fixed in master. > > http://cgit.osmocom.org/osmocom-bb/commit/ > ?id=a903b3c1ee27047c79728b18ff6340d23d1aad2e I think this information is enough to solve your problem. And moreover, we are using the openbsc mailing list, while there is a dedicated one. Let's finish this thread here. And good luck! With best regards, Vadim Yanitskiy.

7 years, 5 months

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

baseband-devel