Hi, Sylvain Munaut
Another method, same error, and i tried any _ONE_ ts, it's no problem.
static const struct mframe_sched_item mf_ccch[] = { { .sched_set = SNIFF_CCCH0, .modulo = 51, .frame_nr = 6 }, { .sched_set = SNIFF_CCCH2, .modulo = 51, .frame_nr = 6 }, { .sched_set = SNIFF_CCCH4, .modulo = 51, .frame_nr = 6 }, { .sched_set = SNIFF_CCCH6, .modulo = 51, .frame_nr = 6 }, { .sched_set = SNIFF_CCCH0, .modulo = 51, .frame_nr = 12 }, { .sched_set = SNIFF_CCCH2, .modulo = 51, .frame_nr = 12 }, { .sched_set = SNIFF_CCCH4, .modulo = 51, .frame_nr = 12 }, { .sched_set = SNIFF_CCCH6, .modulo = 51, .frame_nr = 12 }, { .sched_set = SNIFF_CCCH0, .modulo = 51, .frame_nr = 16 }, { .sched_set = SNIFF_CCCH2, .modulo = 51, .frame_nr = 16 }, { .sched_set = SNIFF_CCCH4, .modulo = 51, .frame_nr = 16 }, { .sched_set = SNIFF_CCCH6, .modulo = 51, .frame_nr = 16 }, { .sched_set = SNIFF_CCCH0, .modulo = 51, .frame_nr = 22 }, { .sched_set = SNIFF_CCCH2, .modulo = 51, .frame_nr = 22 }, { .sched_set = SNIFF_CCCH4, .modulo = 51, .frame_nr = 22 }, { .sched_set = SNIFF_CCCH6, .modulo = 51, .frame_nr = 22 }, { .sched_set = SNIFF_CCCH0, .modulo = 51, .frame_nr = 26 }, { .sched_set = SNIFF_CCCH2, .modulo = 51, .frame_nr = 26 }, { .sched_set = SNIFF_CCCH4, .modulo = 51, .frame_nr = 26 }, { .sched_set = SNIFF_CCCH6, .modulo = 51, .frame_nr = 26 }, { .sched_set = SNIFF_CCCH0, .modulo = 51, .frame_nr = 32 }, { .sched_set = SNIFF_CCCH2, .modulo = 51, .frame_nr = 32 }, { .sched_set = SNIFF_CCCH4, .modulo = 51, .frame_nr = 32 }, { .sched_set = SNIFF_CCCH6, .modulo = 51, .frame_nr = 32 }, { .sched_set = SNIFF_CCCH0, .modulo = 51, .frame_nr = 36 }, { .sched_set = SNIFF_CCCH2, .modulo = 51, .frame_nr = 36 }, { .sched_set = SNIFF_CCCH4, .modulo = 51, .frame_nr = 36 }, { .sched_set = SNIFF_CCCH6, .modulo = 51, .frame_nr = 36 }, { .sched_set = SNIFF_CCCH0, .modulo = 51, .frame_nr = 42 }, { .sched_set = SNIFF_CCCH2, .modulo = 51, .frame_nr = 42 }, { .sched_set = SNIFF_CCCH4, .modulo = 51, .frame_nr = 42 }, { .sched_set = SNIFF_CCCH6, .modulo = 51, .frame_nr = 42 }, { .sched_set = SNIFF_CCCH0, .modulo = 51, .frame_nr = 46 }, { .sched_set = SNIFF_CCCH2, .modulo = 51, .frame_nr = 46 }, { .sched_set = SNIFF_CCCH4, .modulo = 51, .frame_nr = 46 }, { .sched_set = SNIFF_CCCH6, .modulo = 51, .frame_nr = 46 }, { .sched_set = NULL } };
const struct tdma_sched_item sniff_ccch0_sched_set[] = { SCHED_ITEM_DT(l1s_sniff_cmd, 0, 0, 0), SCHED_END_FRAME(), SCHED_ITEM_DT(l1s_sniff_cmd, 0, 0, 1), SCHED_END_FRAME(), SCHED_ITEM(l1s_sniff_resp, -5, 0, 0), SCHED_ITEM_DT(l1s_sniff_cmd, 0, 0, 2), SCHED_END_FRAME(), SCHED_ITEM(l1s_sniff_resp, -5, 0, 1), SCHED_ITEM_DT(l1s_sniff_cmd, 0, 0, 3), SCHED_END_FRAME(), SCHED_ITEM(l1s_sniff_resp, -5, 0, 2), SCHED_END_FRAME(), SCHED_ITEM(l1s_sniff_resp, -5, 0, 3), SCHED_END_FRAME(), SCHED_END_SET() }; const struct tdma_sched_item sniff_ccch2_sched_set[] = { SCHED_ITEM_DT(l1s_sniff_cmd, 0, 4, 0), SCHED_END_FRAME(), SCHED_ITEM_DT(l1s_sniff_cmd, 0, 4, 1), SCHED_END_FRAME(), SCHED_ITEM(l1s_sniff_resp, -5, 4, 0), SCHED_ITEM_DT(l1s_sniff_cmd, 0, 4, 2), SCHED_END_FRAME(), SCHED_ITEM(l1s_sniff_resp, -5, 4, 1), SCHED_ITEM_DT(l1s_sniff_cmd, 0, 4, 3), SCHED_END_FRAME(), SCHED_ITEM(l1s_sniff_resp, -5, 4, 2), SCHED_END_FRAME(), SCHED_ITEM(l1s_sniff_resp, -5, 4, 3), SCHED_END_FRAME(), SCHED_END_SET() }; const struct tdma_sched_item sniff_ccch4_sched_set[] = { SCHED_ITEM_DT(l1s_sniff_cmd, 0, 8, 0), SCHED_END_FRAME(), SCHED_ITEM_DT(l1s_sniff_cmd, 0, 8, 1), SCHED_END_FRAME(), SCHED_ITEM(l1s_sniff_resp, -5, 8, 0), SCHED_ITEM_DT(l1s_sniff_cmd, 0, 8, 2), SCHED_END_FRAME(), SCHED_ITEM(l1s_sniff_resp, -5, 8, 1), SCHED_ITEM_DT(l1s_sniff_cmd, 0, 8, 3), SCHED_END_FRAME(), SCHED_ITEM(l1s_sniff_resp, -5, 8, 2), SCHED_END_FRAME(), SCHED_ITEM(l1s_sniff_resp, -5, 8, 3), SCHED_END_FRAME(), SCHED_END_SET() }; const struct tdma_sched_item sniff_ccch6_sched_set[] = { SCHED_ITEM_DT(l1s_sniff_cmd, 0, 12, 0), SCHED_END_FRAME(), SCHED_ITEM_DT(l1s_sniff_cmd, 0, 12, 1), SCHED_END_FRAME(), SCHED_ITEM(l1s_sniff_resp, -5, 12, 0), SCHED_ITEM_DT(l1s_sniff_cmd, 0, 12, 2), SCHED_END_FRAME(), SCHED_ITEM(l1s_sniff_resp, -5, 12, 1), SCHED_ITEM_DT(l1s_sniff_cmd, 0, 12, 3), SCHED_END_FRAME(), SCHED_ITEM(l1s_sniff_resp, -5, 12, 2), SCHED_END_FRAME(), SCHED_ITEM(l1s_sniff_resp, -5, 12, 3), SCHED_END_FRAME(), SCHED_END_SET() };
======= 2011-09-26 14:10:17 =======
the bts arround me uses MultiCCCH, it's CCCH_CONF = 110 (6), so it uses TS0, TS2, TS4 and TS6 in a frame for PCH/AGCH.
Mmm ,interesting, I had never seen that option being used before. What network is this.
but the burst_ind only CCCH-CONF 0 & 1 are supported, it can sniff TS0 only, so only catch 1/4 IMM ASS for me. my OWN phone, it's just not in TS0 (i use nokia netmonitor to check it), so i can't catch it at all (phones use IMSI to decide page group).
Well, it's your own phone (or any known target phone), you know the IMSI, hence the paging group ...
i think the bottleneck is the DSP, as the DSP task (ALLC_DSP_TASK) can only process one TS of a frame (it's enough for phone), i think maybe backup/restore the DSP task variable patch needed, i'm new to the DSP disassemble and patch, anyone can help? thanks
That's gonna be _very_ hard, the DSP uses _plenty_ of global variables ...
But OTOH, instead of using the normal 'RX task', you can use the sniff task to listen to the CCCH. The sniff task will _not_ do the channel decoding (i.e. you'll have to call xcch_decode to get the actual 23 bytes L2 frame), but it can sniff up to 4 bursts in a frame. just look at how sdcch sniffing is done, it currently sniff 2 timeslot 0 & 3 (to get DL & UL).
This way you won't need any hard DSP patching, just a minor patch on the firmware to convert CCCH listening to burst_ind (leave the BCCH task as-it is, just mod the CCCH). And then a patch in the host app to call xcch_decode appropriately and feed the results 'as if' it cames from the phone directly.
Cheers,
Sylvain
= = = = = = = = = = = = = = = = = = = =
Best regards Aegean Chou aegean2000@21cn.com 2011-09-28
Hi,
const struct tdma_sched_item sniff_ccch0_sched_set[] = { SCHED_ITEM_DT(l1s_sniff_cmd, 0, 0, 0), SCHED_END_FRAME(), SCHED_ITEM_DT(l1s_sniff_cmd, 0, 0, 1), SCHED_END_FRAME(), SCHED_ITEM(l1s_sniff_resp, -5, 0, 0), SCHED_ITEM_DT(l1s_sniff_cmd, 0, 0, 2), SCHED_END_FRAME(), SCHED_ITEM(l1s_sniff_resp, -5, 0, 1), SCHED_ITEM_DT(l1s_sniff_cmd, 0, 0, 3), SCHED_END_FRAME(), SCHED_ITEM(l1s_sniff_resp, -5, 0, 2), SCHED_END_FRAME(), SCHED_ITEM(l1s_sniff_resp, -5, 0, 3), SCHED_END_FRAME(), SCHED_END_SET() };
You must set the 'priority' field properly as well. It defines in which order the item will be executed in a frame.
For TSx command, put it as x For TSx response, put it as -12+x
So for TS2, the l1s_sniff_cmd would be 2 and the l1s_sniff_resp would be -10
Cheers,
Sylvain
baseband-devel@lists.osmocom.org
-
Aegean Chou -
Sylvain Munaut