baseband-devel

baseband-devel@lists.osmocom.org

3 participants
2004 discussions

ARM Core and UI
by Anton Gorbachev 29 Mar '17

29 Mar '17

Dear Osmocom members, I am new in OsmocomBB but trying to understand how all the stuff works. And I have a question. As I understood we have DigitalBB Calypso in our Motorola phones which consist of DSP and ARM Cores. If we are talking about "normal" phone firmware, In DSP L1 processing is done, in ARM core L2 and L3 processing of GSM stack is done. But we must also have some "regular" OS somewhere, am I right? So I mean all the menus, applications like "Settings", "Phone book", etc. In modern phones, I believe Adnroid or iOS communicate with some RTOS running in ARM core of DigitalBB. But what is about Motorola phone? Does it have separate ARM processor/RAM for a refular firmware? Did you create some applications for ARM part of DigitalBB and some applications for UI which run outside the RTOS? It's possible that I am confusing with all the terms but I would appreciate if you help me to understand. Kind regards, Anton

2 1

Connecting OSMOCOM to OpenBTS
by Usama Muneeb 26 Mar '17

26 Mar '17

I recently set up OpenBTS which is working perfectly. I can make a test call by calling 2600 using an Android phone. However when I try "show subscriber" in OSMOCOM, various BTS are listed, with their MNC and MCC values but OpenBTS is not listed. Any solution to this? P.S. I've determined the MNC and MCC values for OpenBTS which are 001 and 01 respectively.

3 3

git.osmocom.org cgit improvements
by Harald Welte 20 Mar '17

20 Mar '17

Hi all, today I've deployed some cgit improvements on https://git.osmocom.org/, in the hope that it makes this tool even more useful: 1) syntax highlighting of source code (requested by Hoernchen) The source code is now highlighted by pygments. I don't really understand why somebody would want to look at source code a lot in a browser, but well, it was as easy as to enable the existing pygments based filter plugin. 2) rendering of "about" page from README.md As you might have noticed, I've introduced a README.md in a number of repositoires, and cgit is now rendering an about page for every repository, e.g. at http://git.osmocom.org/libosmo-abis/about/ 3) gerrit change-ID hyperlink generation All gerrit Change-IDs in commit messages are now automatically converted to hyperlinks to the respective gerrit change, see e.g. the below example: http://git.osmocom.org/openbsc/commit/?id=6dd0fc685b7149f67a5fe17a5bce55c44… Please note that this works for the "Change-Id" line of the actual change, but also for change-ids in the free text (e.g. "this depends on change-id ... in libosmocore") 4) Osmocom ticket/issue hyperlink generation Any Line that matches the "^((Relate|Close|Fixe)[ds]):" prefix is scanned for occurrences of "OS#(\d+)" which are then amended with hyperlinks to the respective issue on osmocom.org Please note the OS# prefix is mandatory, so things like "OS#1614, 1615" will not work, as can be seen at http://git.osmocom.org/osmo-pcu/commit/?id=0a8fae8d141c2cfa4387ffe9b35402d5… Please format your commit messages accordingly. Regards, Harald -- - Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/ ============================================================================ "Privacy in residential applications is a desirable marketing option." (ETSI EN 300 175-7 Ch. A6)

3 3

Complexity of emergency-only baseband development
by Denver Gingerich 13 Mar '17

13 Mar '17

Hi everyone, I'm building some FOSS tools that let people send/receive calls/SMS without a cell plan (mainly using VoIP carriers that also offer SMS/MMS). Eventually I would like to be able to bundle these tools with a phone that runs only free software. In order to still provide standard emergency calling features (112/999/911 calling/SMS), the phone would require a free baseband (like OsmocomBB), but it would not need to offer any non-emergency phone features, since those would be handled by the aforementioned FOSS tools primarily on wifi. As I understand it, OsmocomBB can currently be run on certain Calypso-based phones, but does require a larger computer be connected to run part of the baseband. If one were to only require emergency calling features in OsmocomBB, would that larger computer still be required? If so, would developing the remaining pieces needed to run directly on the phone be substantially easier for an emergency-only use case than for a complete all-purpose use case? I'm guessing that there are certain parts of OsmocomBB that would not be required for emergency-only operation (perhaps some of the SIM card communication, for example), but I haven't written baseband software before so I don't have a good sense of how large the differences would be. So I'd be curious to know if the emergency-only use case is substantially easier to develop for, or if it's roughly the same complexity as developing for the all-purpose use case, or somewhere in between. My apologies if this isn't the right list for such questions; I'm happy to post elsewhere if that is more appropriate. Thanks for reading! Denver http://soprani.ca/

3 2

Quectel modem documentation etc
by Fisher Grubb 10 Mar '17

10 Mar '17

Hi all, I know of some publicly available documentation and tools. I assume you have it, let me know if you don't and I'll post links. I downloaded it last year for UC20 (124MB zip file),and EC21 (60MB zip file). Fisher

1 0

SMS not received in mobile - Virtual layer1 (osmo-nitb + osmo-bts + osmocom-bb/mobile)
by Sebastian Stumpf 10 Mar '17

10 Mar '17

Hi, Some of my sent SMS are not received by my mobile and I try to figure out if this is a problem with my virtual layer 1, configuration or something in the layers 2+. I use: osmo-nitb: 1 subscriber in hlr (id 1, ext 017519191919) osmo-bts: virt-phy, arfcn 666, TS0=CCCH+SDCCH4, TS1=SDCCH8 MS layer23 app mobile: is the subscriber from osmo-nitb MS layer1 virt-phy: virtual gsmtap layer between bts and mobile I want: Send a sms to subscriber 017519191919. osmo-nitb VTY: OpenBSC# subscriber id 1 sms sender id 1 send Test I have 2 outcomes, first one is the failure. See https://www.dropbox.com/s/eunpfioq518t09a/mobile--ms-virt--bts-virt--bsc-ni… for the pcap. Do not wonder about the duplicated gsmtap messages from mobile, the ones to ip 225.0.0.1 are over virt-phy layer, the ones to localhost from the gsmtap logging option from mobile. Filter them out via "gsmtap && (ip.dst != 127.0.0.1)". 602-613: RR channel establishment with RA and IA as reaction to paging in 590 627,631: SABM from BTS to establish async balanced mode on SAPI3 (SMS) and the ACK from MS 656,684,699: I-Data frames on SAPI3 containing the sms 660,688,703: ReceiveReady's from MS (That ACK all I-frames before N(R)-1 as far as I understood) For me, that looks good and I really do not understand why the MS will not answer with the CP-ACK/RP-ACK after receiving the SMS Data in 699. The LAPDM link will stay up for some more time and be used by the network for retransmission of the sms (1149), but MS will never react to it on the SMS layer (CP-ACK, RP-ACK). Here is the console log for the mobile (https://www.dropbox.com/s/6gug5cd4up5qv7y/mobile--ms-virt--bts-virt--bsc-ni…). The paging is answered in line 378: Fri Mar 10 10:42:06 2017 DLLAPD <0012> lapd_core.c:793 SABM(E) received in state LAPD_STATE_IDLE Second outcome is a successfully sent sms from network to ms. See https://www.dropbox.com/s/ghdn7pc0j4vifbe/mobile--ms-virt--bts-virt--bsc-ni… for the pcap. What is different here? There is no paging, but the sms is sent within the dedicated channel used for the location update initiated by the phone started up. Why there is another outcome, I don't know. 169-181: RR channel establishment with RA and IA as part of mibiles startup routine to make location update 188,416: Location udpdate procedure on SAPI0 230,234: SABM from BTS to establish async balanced mode on SAPI3 (SMS) and the ACK from MS 396,444: I-Data frames on SAPI3 containing the sms 400,449: RR's from MS 450: CP-ACK for BTS 482,499: RP-ACK I-Frames for Network (osmo-nitb) Again, the console log of the mobile (https://www.dropbox.com/s/cujsn40d43g6wxk/mobile--ms-virt--bts-virt--bsc-ni…). The SABM on SAPI3 on downlink is received in line 206: Fri Mar 10 11:06:13 2017 DLLAPD <0012> lapd_core.c:793 SABM(E) received in state LAPD_STATE_IDLE The signaling looks quite similar in both cases, but one time the mobiles sms handler responds to CP-DATA msg containing the SMS, the other time not. Can someone find an error in the signaling I did not see? Is there a known Bug? To be honest, I last merged my branch with master some time ago (~ Jan 18 2017) and thus did not update osmo-nitb and the libraries since then to avoid compatibility problems. Have there been recent changes that could cause that behavior? Thank you and Kind Regards, Sebastian

1 0

Re: Virtual layer 1 - Questions
by Harald Welte 03 Mar '17

03 Mar '17

Hi Sebastian, On Sun, Feb 12, 2017 at 02:29:05PM +0100, Sebastian Stumpf wrote: > The virtual layer 1 is currently in a state where the l23 app can > successfully connect to the bts and most of the signaling messages > will be forwarded and handled. TCH is not yet implemented. this is excellent news! Thanks for sticking with this and pushing it forward. > - Trying to initiate a call via the mobile vty will result in > VTY: > call 1 123 > OsmocomBB# > % (MS 1) > % Call has been rejected > call 1 123 > OsmocomBB# > % (MS 1) > % Call has been released > And no actual call setup message is transfered over the Um interface. > What could be reasons for that? I am using the test-sim option the > mobile app offers. I'm not sure if this is the root cause, but it seems there is some timeslot mis-matches in your traces. The Immediate Assignment contains TS 2 or TS 7, but I see Uplink frames for FACH on TS0, which is impossible (TS0 never has a channel combination with FACCH). Also, The uplink frames don't have the Uplink bit set in the GSMTAP header. This is a bit confusing, and I think it would be a good idea to introduce some consistency/invariant checking on both sides, i.e. the BTS should drop all non-uplink frames received, and the MS should drop all uplink frames received. I'm also surprised to see you're seeing an immediate assignment reject in downlink. This should only happen if all channels are allocated and the BTS is out of resources. Also, in your traces, there are typically several frames that are on the same timeslot in the same GSM frame number. This is not possible (probably related to the wrong TS above?). At maximum, there can be one L2 signalling message for a given TS + FN. Also, on the real radio interface a MAC block takes typically four frames on that channel, so the actual rate is lower. > - Occasionaly the T3210 timer is fired, which causes a new registering > within the network. well, it means that something got lost between MS and MSC for such a long time (between sending the LU REQ and receving a response) that the MS gives up. > LOG: > gsm48_mm.c:336 timer T3210 (loc. upd. timeout) has fired > How can i prevent that? The underlying problem must be resolved. On the simulated L1 you shouldn't loose messages, so this shouldn't happen if all messages arrive as expected on both sides. > - I did not implement a tdma or multiframe scheduler in the mobile > uplink as the logical channel is directly put to the gsmtap-header and > thus known by the bts. As Harald used a multiframe based scheduling > for the bts downlink, i wonder if this might be necessary, though. To > submit msgs with the correct frame number for example. It is primarily a question of how real the simulation should be. By using a multiframe scheduler one can make sure that the actual bandwidth/speed of GSM is maintained even over a virtual L1. Also, on the BTS side it must be present to schedule the BCCH (system information, ...) without which a MS would never even see the cell. I think one can do without on the MS side, but then the BTS must basically queue the incoming frames until the respective frame number indicated in the frame matches the current frame number. > - In my wireshark capture files, the gsmtap messages sent over the > multicast sockets are only recognized as UDP messages. I have to > "cast" them with the wireshark context menu "Decode as...". Why? This seems because you're using a non-standard port for the messages: In the capture I see UDP port 6666 rather than the IANA-registered port for GSMTAP which is 4729. > I would be super happy if someone of you could check out my project > (osmo-bts, branch stumpf/virt-phy + osmocom-bb, branch > stumpf/virt-phy) try to run it with the config files lying within the > project folders and tell me the problems they see :). I'll have a look, but not straight away now, sorry. > Here you can find a wireshark capture file of 2 mobiles connecting to > a virt bts. I also tried to init calls from both of them but the call > setup is not send. Already the LU is not working stable, so I think the first step is to stabilize this. You can see in packet 740 that the MS is sneding a LU Req, which the BTS forwards in frame 741 as RSL message to the NITB. The NITB then responds with an IDENTITY REQUEST which can be seen on RSL but which seems to disappear in the BTS without being ever sent on the virtual Um interface. As a result, the MS never sends the identity response, and the NITB will give up. I also see that the RACH requesets all are sent with a bogus frame number: 42. This will not work. The RACH request needs to be sent with the current frame number at the time being. Also, RACH retransmissions are happening way too quick. See Packets 600...644 where there are 7 RACH requests all within soemething like 10ms. The BTS then allocates 7 channels rather than one, ... So I think those lower-layer issues should be addressed before moving on to voice calls. Keep up the good work! Regards, Harald -- - Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/ ============================================================================ "Privacy in residential applications is a desirable marketing option." (ETSI EN 300 175-7 Ch. A6)

2 6

Re: Flashing Problem: C117
by Craig Comstock 18 Feb '17

18 Feb '17

You know that generally flashing the phone isn't needed. You can load all of the different osmocom images just with the osmocon loader into ram and "do things". The flashing can brick your device. Just my $0.02, Craig -------------------------------------------- On Sat, 2/18/17, Dennis Schneck <dennisschneck(a)web.de> wrote: Subject: Flashing Problem: C117 To: baseband-devel(a)lists.osmocom.org Date: Saturday, February 18, 2017, 2:44 AM Hello, i try to Flash a Motorola C117. But did not work ... what did i wrong ? $ sudo host/osmocon/osmocon -p /dev/ttyUSB0 -m c123xor target/firmware/board/compal_e88/loader.compalram.bin got 1 bytes from modem, data looks like: 00 . got 2 bytes from modem, data looks like: 00 00 .. got 4 bytes from modem, data looks like: 1b f6 02 00 .... got 1 bytes from modem, data looks like: 41 A got 1 bytes from modem, data looks like: 01 . got 1 bytes from modem, data looks like: 40 @ Received PROMPT1 from phone, responding with CMD read_file(target/firmware/board/compal_e88/loader.compalram.bin): file_size=27072, hdr_len=4, dnload_len=27079 got 1 bytes from modem, data looks like: 1b . got 1 bytes from modem, data looks like: f6 . got 1 bytes from modem, data looks like: 02 . got 1 bytes from modem, data looks like: 00 . got 1 bytes from modem, data looks like: 41 A got 1 bytes from modem, data looks like: 02 . got 1 bytes from modem, data looks like: 43 C Received PROMPT2 from phone, starting download handle_write(): 4096 bytes (4096/27079) handle_write(): 4096 bytes (8192/27079) handle_write(): 4096 bytes (12288/27079) handle_write(): 4096 bytes (16384/27079) handle_write(): 4096 bytes (20480/27079) handle_write(): 4096 bytes (24576/27079) handle_write(): 2503 bytes (27079/27079) handle_write(): finished got 1 bytes from modem, data looks like: 1b . got 1 bytes from modem, data looks like: f6 . got 1 bytes from modem, data looks like: 02 . got 1 bytes from modem, data looks like: 00 . got 1 bytes from modem, data looks like: 41 A got 1 bytes from modem, data looks like: 03 . got 1 bytes from modem, data looks like: 42 B Received DOWNLOAD ACK from phone, your code is running now! Received DOWNLOAD ACK from phone, your code is running now! battery_compal_e88_init: starting up OsmocomBB Loader (revision osmocon_v0.0.0-1773-g0cdf4b0-modified) ====================================================================== Running on compal_e88 in environment compalram $ sudo host/osmocon/osmoload memdump 0x000000 0x2000 compal_loader.bin [sudo] password for builder: Dumping 8192 bytes of memory at 0x0 to file compal_loader.bin ...................................done. builder@buildervm:~/build/osmocom-bb/src$ sudo host/osmocon/osmoload funlock 0x010000 0x10000 Unlocking 65536 bytes of flash at 0x10000 requesting flash info to determine block layout chip 0 at 0x00000000 of 2097152 bytes in 2 regions region 0 with 31 blocks of 65536 bytes each block 0 with 65536 bytes at 0x00000000 on chip 0 block 1 with 65536 bytes at 0x00010000 on chip 0 block 2 with 65536 bytes at 0x00020000 on chip 0 block 3 with 65536 bytes at 0x00030000 on chip 0 block 4 with 65536 bytes at 0x00040000 on chip 0 block 5 with 65536 bytes at 0x00050000 on chip 0 block 6 with 65536 bytes at 0x00060000 on chip 0 block 7 with 65536 bytes at 0x00070000 on chip 0 block 8 with 65536 bytes at 0x00080000 on chip 0 block 9 with 65536 bytes at 0x00090000 on chip 0 block 10 with 65536 bytes at 0x000a0000 on chip 0 block 11 with 65536 bytes at 0x000b0000 on chip 0 block 12 with 65536 bytes at 0x000c0000 on chip 0 block 13 with 65536 bytes at 0x000d0000 on chip 0 block 14 with 65536 bytes at 0x000e0000 on chip 0 block 15 with 65536 bytes at 0x000f0000 on chip 0 block 16 with 65536 bytes at 0x00100000 on chip 0 block 17 with 65536 bytes at 0x00110000 on chip 0 block 18 with 65536 bytes at 0x00120000 on chip 0 block 19 with 65536 bytes at 0x00130000 on chip 0 block 20 with 65536 bytes at 0x00140000 on chip 0 block 21 with 65536 bytes at 0x00150000 on chip 0 block 22 with 65536 bytes at 0x00160000 on chip 0 block 23 with 65536 bytes at 0x00170000 on chip 0 block 24 with 65536 bytes at 0x00180000 on chip 0 block 25 with 65536 bytes at 0x00190000 on chip 0 block 26 with 65536 bytes at 0x001a0000 on chip 0 block 27 with 65536 bytes at 0x001b0000 on chip 0 block 28 with 65536 bytes at 0x001c0000 on chip 0 block 29 with 65536 bytes at 0x001d0000 on chip 0 block 30 with 65536 bytes at 0x001e0000 on chip 0 region 1 with 8 blocks of 8192 bytes each block 31 with 8192 bytes at 0x001f0000 on chip 0 block 32 with 8192 bytes at 0x001f2000 on chip 0 block 33 with 8192 bytes at 0x001f4000 on chip 0 block 34 with 8192 bytes at 0x001f6000 on chip 0 block 35 with 8192 bytes at 0x001f8000 on chip 0 block 36 with 8192 bytes at 0x001fa000 on chip 0 block 37 with 8192 bytes at 0x001fc000 on chip 0 block 38 with 8192 bytes at 0x001fe000 on chip 0 confirmed operation on chip 0 address 0x00010000, status FAILED operation done Thanks

1 0

Flashing Problem: target/firmware/board/compal_e88/menu.e88loader.bin mssing
by Dennis Schneck 18 Feb '17

18 Feb '17

1 0

Flashing Problem: C117 - additional info
by Dennis Schneck 18 Feb '17

18 Feb '17

1 1

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

baseband-devel