July 2009 - OpenBSC - lists.osmocom.org

HAR2009 TODO list

by Harald Welte

Hi again, I'm currently in the train, so forgive me posting the initial TODO list to the mailing list rather than the wiki. I'll put it in the wiki soon. If you want to take on of the items, just let me know! What I think we have to do before HAR is as follows: == Actual code == === absolutely required === * finish and test the SMS implementation [Harald] * make sure we enable MS power control and impose a global limit of 100mW for the uplink (MS->BSC) direction by means of the MS POWER IE's and the BCCH information. That sounds like something for Dieter to figure out, especially since he has measurement equipment ;) * test dual-BTS-on-single-E1-card config [Harald] ** up to now, we have only tested with two nanoBTS, not BS-11 ! * test dual-TRX operation of BS-11 on OpenBSC [Stefan/Daniel, can you do that?] ** channel allocator can be tweaked to give 2nd TRX a preference for debugging [I'll add those to trac, since they are really important] === optional === * implement a 'provisioning mode' to OpenBSC that ** acccepts every new IMSI the first time we see it ** sends a SMS with a auth token to that mobile ** disconnects that mobile immediately * implement a web site / cgi script ** once user enters correct tuple of ISMI + auth code, we *** assign him a number (user cannot choose, we assign) *** set authorized=1 in the sql table * implement a web site bug tracker for user bug reports ** the should include detailed information about the phone model, his phone number and the exact timestamp, so we can match it in the pcap's * add more introspection code for the VTY interface to explore the run-time data structures in OpenBSC * implement different TCH assignment schemes (early / very early / OCASU) * do we really want a SDCCH/8 or is SDCCH/4 for each BTS sufficient? * some more testing with two BTS * in case we call a user who is currently offline/busy, generate SMS about missed call and store it in the SMS table * web interface ideas ** SMS gateway where people can send SMS from the web site *** SMS spam function for us in case we want to inform users about something ** simplistic phone book * enhance vty interface with administrative functions such as ** ability to close arbitrary channels (i.e. terminate a call) ** ability to kick-ban a user out of the network *** set authorized=0 *** perform authentication procedure with reject at its end * make sure we store all the 'this phone was registerd before to MCC/MNC/LAC' from the LOC UPD REQ data * make sure we really store the classmark1/2/3 together with IMEI in SQL table == Things to bring to the event == * spectrum analyzer [from CCCB] * stable OCXO reference to calibrate BS-11 internal clock ** this could be done before the event, but Harald has no precision clock source * trace mobiles / monitor mode mobiles (if anyone has some) * some poles to which we can mount the BS-11 ? == Misc == * draft 'usage terms & conditions' to be put on the registration web site and the HAR2009 wiki, indicating ** all signalling and traffic data will be stored for R&D purpose ** we do not employ authentication and/or encryption ** we do not provide any service guarantee ** this is for evaluation+testing only ** no handover/roaming and/or external calls ** no warranty for any damage to MS, SIM, ... ** IMSI/IMEI information will not be disclosed by us, but people can sniff it Regards, -- - Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/ ============================================================================ "Privacy in residential applications is a desirable marketing option." (ETSI EN 300 175-7 Ch. A6)

14 years, 8 months

2
4
0 0

UMA a possibility in the future?

by Dakota C

Hi, I'm a long time lurker into this project and I've wondered something for a bit of time.Knowing that we can use an ip.access nanoBTS to work on OpenBSC, why not adapt OpenBSC for UMA (unlicensed mobile access) standards? I know over here in the US we currently use UMA with T-Mobile over WiFi to communicate back to the T-Mobile servers and eventually off to the GSM and regular ol' networks. http://www.umatechnology.org/specifications/index.htm is the UMA specification, and to my knowledge T-Mobile US's @Home service uses the 1.0.3 protocol revision. To me it seems like it'd be trivial to make a derived copy of OpenBSC with UMA support up and running, but I'd like some other thoughts into this matter. I'm not a programmer by any means here, so if this is impossible, well, then so be it. -DC

14 years, 8 months

3
5
0 0

Re: wireshark, viewing Abis communication

by Nordin

Hello Harald, Should the plugin you added for Wireshark decode almost all messages or not? Cause on the OML layer a lot of OML messages are not decoded, is this behaviour normal? I now try to follow the communication flow, but can't seem to understand the multiple OML messages. It starts with 0x00, than a datalen and than protocol (0xFF) and than it starts with 0x80, 0x80,.... But I can't find 0x80 (messagetype) in OpenBSC source. I've checked ipaccess.h and ipaccess.c, but nothing...maybe I lokked at the wrong place.

14 years, 8 months

4
17
0 0

Re: How to attack mobile networks with an iPhone (according to Apple)

by Dieter Spaar

Hello David, On Wed, 29 Jul 2009 11:02:15 -0700, "David A. Burgess" <dburgess(a)jcis.net> wrote: > > So you can jailbreak an iPhone and get direct access to L3 to run a > DOS? That would be very interesting if it were true, but I suspect > it's just horseshit put in there to deceive the court, which isn't > hard to do in technology cases. I don't think its that easy (if it would be, why not modify the TSM30 instead which should be much easier). I just found it very interesting that Apple uses it as an argument. Of course such arguments are also bad for opening the phone GSM stack to a larger group of people (if this ever happens) or developing an open source GSM phone stack which could be used for anything else than research. Best regards, Dieter -- Dieter Spaar, Germany spaar(a)mirider.augusta.de

14 years, 8 months

4
4
0 0

Re: OpenBSC with 2.5G or 3G mobile devices support? / Tested Phones

by Dieter Spaar

Hello Nordin, On Tue, 07 Jul 2009 14:08:22 +0200, "Nordin" <bouchtaoui(a)gmail.com> wrote: > > I have good news now, I'm able to register to our bts manually. What I > did is download the latest openbsc sources and compiled the whole > project, that's it. I downloaded the project using git via port 80, I > posted a mail about that. So I guess the GPRS in the Rest Octets have > nothing to do, just the SIs were not complete. I'll analyze what went > wrong with the SIs. You don't mention which git branch you use, so its probably the master branch. If you look at the recent changes you will notice that the SYSTEM INFORMATION 3 and 4 rest octets are now set to the padding bytes which means they contain no information (which also means no GPRS). So this is the most important part where you have to look for differences. I can confirm that a HTC Touch Pro will not register to the BTS if the GPRS indication is set, it will register if it is not set. Best regards, Dieter -- Dieter Spaar, Germany spaar(a)mirider.augusta.de

14 years, 8 months

3
4
0 0

Re: Dummy load / direct wire connection concept

by Dieter Spaar

Hello Philipp, On Sun, 26 Jul 2009 21:43:22 +0200, "dexter" <zero-kelvin(a)gmx.de> wrote: > > I have no experience in those things, i never connected a sender and a > receiver directly for measurement proposes. I am afraid to damage BTS > and/or MS by trying the first solution. If you want to connect the BTS and an MS directly, you have to use an attenuator to reduce the signal to some "reasonable" level. To give you some numbers about "reasonable": The maximum RF output level of two different GSM tester which are intended for direct connection to an MS are -14 dBm for one of them and -40 dBm for the other. To be on the safe side I would make sure that the level is below -40 dBm, this is more than enough for good receiption (poor receiption is around -100 dBm). If the signal is too strong, you can damage the MS and/or BTS. Please note that I have not tried to connect a BTS and an MS yet, my experience comes from the GSM testers only. One problem I see with this approach is how to handle the separate RX and TX connectors of the BS-11. > What do you think, what would you do? How do you ensure that you do not > interfere with the with the official GSM networks? I think sometimes it > would be very nice to make 100% sure that no HF signals leave the desktop. I you can't make sure that no RF signal is emitted, you can at least try to cause as little trouble as possible: - use a GSM channel which is not used by an official network, make sure that there is at least one free guard channel in between the channel you use and the official channels. - set the power level of the BTS to its minimum (0.03 Watt for the BS-11) and set the NM_ATT_RF_MAXPOWR_R attribute to its maximum (6 for the BS-11). For the BS-11 the RF output level should then be around 1 dBm. - If you want to further reduce the BTS power, you can put an attenuator between antenna and TX output. - for the MS make sure that the power class is as low as possible when activatig a channel. - set the power for RACH access to a low level (in SYSTEM INFORMATION TYPE 3 and 4). - use an MCC and MNC which is not an official one. - only allow a know MS to register on your network. - To make sure that normal MSs won't be able to see your network, you can set the cell to "barred". However you then need a special MS to test, for example the Nokia Network Monitor allows to set the MS in a mode which allows to access barred cells. And with a special Test SIM it should be possible to access such a cell with other phones too (the "cell test" operation mode has to be enabled on the SIM). Best regards, Dieter -- Dieter Spaar, Germany spaar(a)mirider.augusta.de

14 years, 8 months

2
1
0 0

How to attack mobile networks with an iPhone (according to Apple)

by Dieter Spaar

Hello, not sure if you already noticed this statement from Apple: http://www.wired.com/threatlevel/2009/07/jailbreak/ Best regards, Dieter -- Dieter Spaar, Germany spaar(a)mirider.augusta.de

14 years, 8 months

3
2
0 0

Re: ip.access RTP capture using Version 1 (FR) codec

by Dieter Spaar

Hello Harald, On Wed, 29 Jul 2009 16:55:23 +0200, "Harald Welte" <laforge(a)gnumonks.org> wrote: > > Great! can you please provide one FR and one EFR pcap file for Andreas > Eversberg? It's probably best to replace the two corrupted files that I've > attached to the nanoBTS wiki-page. I am not sure if my two FR and EFR cpatures are good examples for the Wiki, the call is from one person only (me) counting numbers and saying "Hello Test" or similar things and you hear the voice on both channels because the two phones are close to each other. Of course they are good enough as an example for implementing the RTP media feature. So let me know if I shall provide them to Andreas only (Andreas, shall I send them to you as email, they are about 240 KByte as ZIP file ?). > You do have a wiki account, I assume. I don't think so, at least I have not yet requested an account. Best regards, Dieter -- Dieter Spaar, Germany spaar(a)mirider.augusta.de

14 years, 8 months

1
0
0 0

Re: ip.access RTP capture using Version 1 (FR) codec

by Dieter Spaar

Hello Harald, On Wed, 29 Jul 2009 15:48:32 +0200, "Harald Welte" <laforge(a)gnumonks.org> wrote: > > I'm telling you, OpenBSC's RTP proxy works fine. I've just made another call > and there are no drop-outs of .8 seconds or anything like that. I am sure that the proxy is working, I never doubt that. I guess for some reason Wireshark is just missing the data. I was joking about Windows versus Linux performance, but maybe this was not clear enough. > As all it uses is the sockets API, i.e. the very same calls that the > input/ipaccess.c module already uses, I think it should be very easy to make it > build using the posix compatibility of cygwin. I tried it in the meantime. No problem at all. The git version works as expected and Wireshark does not miss any packets here, each call is about 30 seconds. I tried it with EFR and FR, Wireshark can save the RTP payload, for EFR I had to convert the data first so that they fit to the GSM 06.35 reference implementation (they use a strange format which stores every bit into two bytes). For FR, Toast can convert the payload immediately. Tested on Windows XP and cygwin, Wireshark and bsc_hack running on the same machine. Best regards, Dieter -- Dieter Spaar, Germany spaar(a)mirider.augusta.de

14 years, 8 months

2
1
0 0

OpenBSC should now have full support for BS-11 with two TRX

by Harald Welte

Hi! Please note: =========================== commit d46299da00f923b24043aa37fa2bae17ffcc1ff7 make channel allocator policy multi-TRX aware For now, we assume that TRX1 (and higher) all have a TCH/F configuration on all of their timeslots commit 67b4c30a9de972d199830bba5535e934bd47ac0f complete TRX1 support for BS11 * remove old HAVE_TRX1 definition, replace it with '-1' commandline argument * make sure we actually configure the OML TRX attributes with a different ARFCN than TRX0 * make sure we configure timeslot 0 of TRX1 also in TCH/F mode This code is untested, but if you have a dual-trx BS-11, and the second TRX is activated, you should be able to run bsc_hack with the -1 option to enable and use the second trx. It works like this: * TRX1 shares E1 timeslot 0 for signalling * TRX1 RSL link uses TEI2 (TRX0 uses 1) * TRX1 on ARFCN+2, i.e. if you have TRX0 on 122, TRX1 will be 124 =========================== I'm very happy if somebody wans to test this. First of all, it is important to see if there are any error messages during OML and RSL brigup, and if the TEI2 link is actually established from mISDN. If you want to actually use the second TRX, you will either have to make sure all TCH/H on TRX0 are used (establish sufficient simultaneous calls), or hack chan_alloc.c to give a preference to TRX1, or to do round-robin or whatever :) Regards, -- - Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/ ============================================================================ "Privacy in residential applications is a desirable marketing option." (ETSI EN 300 175-7 Ch. A6)

14 years, 8 months

1
0
0 0

Re: ip.access RTP capture using Version 1 (FR) codec

by Dieter Spaar

Hello Harald, On Wed, 29 Jul 2009 14:43:12 +0200, "Harald Welte" <laforge(a)gnumonks.org> wrote: > > If you're interested, you can certainly try for yourself with your nanoBTS... > You are joking, right ? How should it work on my Windows machine if it does not work on Linux ;-) ? Best regards, Dieter -- Dieter Spaar, Germany spaar(a)mirider.augusta.de

14 years, 8 months

3
2
0 0

Re: TDMA frame, Time slot and speech data transfer confusion.

by Dieter Spaar

Hello Nordin, On Wed, 29 Jul 2009 11:51:59 +0200, "Nordin" <bouchtaoui(a)gmail.com> wrote: > > I can't find a good link about how several MSs on one ARFCN can send and > receive speech data. Have a look at the following, the first is a general introduction with good references to the GSM specification, the second is about speech coding: http://en.wikipedia.org/wiki/Um_Interface http://www.gsmfordummies.com/encoding/encoding.shtml Best regards, Dieter -- Dieter Spaar, Germany spaar(a)mirider.augusta.de

14 years, 8 months

1
0
0 0

Re: ip.access RTP capture using Version 1 (FR) codec

by Dieter Spaar

Hello Harald, On Wed, 29 Jul 2009 12:33:59 +0200, "Harald Welte" <laforge(a)gnumonks.org> wrote: > > The FR pcap file is attached to this mail. I'll also put it to the nanoBTS wiki > page, like the EFR capture before. I hope this helps you to decode the voice > samples. Decoding with Toast would work fine but there is the same problem, lots of missing packets. If I look at the capture timestamps, there seem to miss about 0.8 seconds of data at regular intervals (the first disruption is at packet number 681, the next at 710, 742, ...). These are also the positions where the Wireshark RTP analysis complains about wrong sequence numbers. Best regards, Dieter -- Dieter Spaar, Germany spaar(a)mirider.augusta.de

14 years, 8 months

2
1
0 0

Re: application TCH support for nanoBTS

by Dieter Spaar

Hello Harald, On Tue, 28 Jul 2009 20:58:46 CEST, "Dieter Spaar" <spaar(a)mirider.augusta.de> wrote: > > I just took a quick look at the dump with Wireshark, its possible to > safe the raw RTP payload from within Wireshark and it looks OK (31-byte > EFR packages starting with 0xC in the high nibble). However I have > no ready-made EFR decoder available so I can't decode the speech. I did play a little bit with the EFR reference implementation from GSM 06.35. Its possible to convert the data and I can understand a few words (a "Yes" at the beginning and a "Bye" at the end). However it seems that several RTP packages are missing, also the RTP Analysis Tool of Wireshark says so (according to it more than 80% is missing). Anyway, basically EFR decoding seems to work as expected. Best regards, Dieter -- Dieter Spaar, Germany spaar(a)mirider.augusta.de

14 years, 8 months

1
0
0 0

TDMA frame, Time slot and speech data transfer confusion.

by Nordin

Hi guys, I read Goller's documentation "About the GSM-Dm-Channels", but I'm a bit confused about something. I understand that one TDMA frame has a period of 4.615 ms and consists of 8 Time slots, each of a period of 576.9 us. When a MS registers to the BTS, it gets one Time-slot, but how is speech transfered? Normally the Fs (samplefrequency) is 8 KHz, this means every 128 us one byte sample. If I have one timeslot of let's say 577 us , than there is a gap of 7 other timeslots, which makes a 4 ms gap. Also the speech data is compressed. How is that damn speech data multiplexed with other MSs and finally received on the other side as 8 bit samplevalue at a rate of 128 us (8 KHz). It gets fuzzy to me, cause I wrote a microcontroller project which, among other things, samples audio and than transfered to a GSM module. This is done at 8 KHz samplerate, so how is that done when I have only one TimeSlot of 577 us every 4 ms period? I can't find a good link about how several MSs on one ARFCN can send and receive speech data. Thank you.

14 years, 8 months

2
1
0 0

ip.access RTP capture using Version 1 (FR) codec

by Harald Welte

Hi! Using git version 58ca5b7ae70365c1285b2ea0cb3c3370a8f108a9 of openbsc, plus the patch from the attachment, I was able to do a V1 (FR) call, not only EFR. The FR pcap file is attached to this mail. I'll also put it to the nanoBTS wiki page, like the EFR capture before. I hope this helps you to decode the voice samples. Regards, Harald -- - Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/ ============================================================================ "Privacy in residential applications is a desirable marketing option." (ETSI EN 300 175-7 Ch. A6)

14 years, 8 months

1
0
0 0

AW: HAR2009 TODO list

by Andreas.Eversberg

> If everything works fine at HAR, we can do the bigger/better version at 26C3, > at least if we can somehow find more than the 2-3 nanoBTS1800 that we currently > have - at least for a couple of days. hi harald, i am looking forward to be at 26C3. i doubt that we can get a frequency for a test network on the 900 band, because all frequencies are assigned to GSM operators. therefore only nanoBTS1800 can be run legaly with a test license of "bundesnetzagentur". currently the application interface does not support audio streams of the nanoBTS, so other networks (ISDN/DECT/SIP) cannot be connected yet. i would like to finish audio processing for nanoBTS. can you provide me with some pcap files? a short complete call (few seconds) of one rtp session (including setup, some spoken words, and termination) would help. also the call must be made with full rate codec, so i can test the playload on the GSM codec i have. (not the enhanced full rate codec) regards, andreas

14 years, 8 months

3
4
0 0

GSM license approval for HAR2009

by Harald Welte

Hi! For those who are planning to attend HAR2009 (http://har2009.org/): We have just received regulatory approval for four ARFCN in the GSM900 band during HAR2009. The Power on each ARFCN for BTS and MS is restricted to 100mW. There are also some GSM1800 ARFCN's that we can use with up to 200mW, though I don't yet know their values and how many. I have created a wiki page at https://wiki.har2009.org/page/GSM for further coordination of GSM related activities at HAR2009. It would be great to know which other OpenBSC users/hackers will be present at the event. As there are multiple things that I'm planning to do at HAR2009, I would be happy about any help that I might get from you guys. Basically there will be * A 'stable' GSM network with BS-11 and OpenBSC for people to test their phone interoperability with OpenBSC by making/receiving calls and SMS. * A nanoBTS1800 for use by OpenBSC hackers only to test/fix OpenBSC stuff before putting it on the BS-11 'stable' network * work on airprobe. Especially for the 'stable' network, there is a lot of help required, among others: * physical setup of the BS-11 * registration of mobile phones into the network. It would probably be good to have a setup where people can plug their SIM into a SIM card reader (or phone that can read the IMSI). We can then create the SQL entry with their IMSI and extension. * making sure the network runs and OpenBSC / hfcmulti gets restarted in case something hangs. Please just respond to this mail if you want to help in any way. Regards, -- - Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/ ============================================================================ "Privacy in residential applications is a desirable marketing option." (ETSI EN 300 175-7 Ch. A6)

14 years, 8 months

4
11
0 0

Re: application TCH support for nanoBTS

by Dieter Spaar

Hello Harald, On Tue, 28 Jul 2009 19:18:52 +0200, "Harald Welte" <laforge(a)gnumonks.org> wrote: > > Using this mode, I have created a pcap file with OML+RSL bringup, followed by > one call between two MS (extn. 1005 calls 1003) where all RTP/RTCP packets are > visible. The call uses EFR, since that is hardcoded in many places all over > OpenBSC at the moment. > > The pcap file is available from > http://bs11-abis.gnumonks.org/trac/attachment/wiki/nanoBTS/ipaccess-startup… I just took a quick look at the dump with Wireshark, its possible to safe the raw RTP payload from within Wireshark and it looks OK (31-byte EFR packages starting with 0xC in the high nibble). However I have no ready-made EFR decoder available so I can't decode the speech. Best regards, Dieter -- Dieter Spaar, Germany spaar(a)mirider.augusta.de

14 years, 8 months

1
0
0 0

ip.access RTP setup details

by Harald Welte

Hi! While writing the RTP proxy, I've been playing with the ip.access RTP related code for quite a bit. This is as far as I have understood it so far: Setting up a voice call (for one MS) * sending IPACCESS_BIND via RSL, specifying * the GSM channel number IE * the IP speech mode IE, indicating * 0x1- : uni-directional, rx-only * 0x-1 : EFR (0: FR, 2: AMR) * receiving IPACCESS_BIND_ACK via RSL, specifying * the GSM channel number IE * the ip.access connection identifier * the locally-bound UDP port for RTP * the locally-bound IP address for RTP * optionally: the RTP payload type * sending IPACCESS_CONNECT via RSL, specifying * the GSM channel number IE * the ip.access connection identifier (from BIND_ACK) * the remote UDP port number for RTP * the remote IP address for RTP * the IP speech mode IE, indicating * 0x0-: bi-directional * 0x-1: EFR (0: FR, 2: AMR) * optionally: the RTP payload type, if BIND_CAK specified it Misc observations: * if BIND is called with IP speech mode IE 0x10 (uni-directional FR), then no RTP payload type is returned in BIND_ACK. Instead, the standard type for GSM 06.10 (0x03) is used in the packets. * I'm not sure which RTP payload type (and IP speech mode) is which, i.e. if the payload type of BIND/BIND_ACK specifies "expect this payload type for incoming packets" or "use this payload type for all RTP packets originated by this side" -- - Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/ ============================================================================ "Privacy in residential applications is a desirable marketing option." (ETSI EN 300 175-7 Ch. A6)

14 years, 8 months

1
0
0 0

Re: CCCH

by Dieter Spaar

Hello Eric, On Fri, 17 Jul 2009 17:52:17 +0200, "Eric Cathelinaud" <e.cathelinaud(a)googlemail.com> wrote: > > If nothing possible I will try to deal with the 470ms period. > Can you tell me if the mobile will RACH at each paging request or if it can > miss some? If the MS receives a paging request for itself and is allowed to access the network, than it will start the immediate assign procedure (The details are in GSM 04.08, a good overview with reference to the specification is at http://en.wikipedia.org/wiki/Um_Interface, many thanks to David Burgess for writing it down). The MS will not react on further paging request as long as the immediate assign procedure is running. > I already saw in OpenBSC that the paging request is sometimes send more than > once for a call so I am not sure. May be it could be something to fixe in > the code? Or the phone sometimes doesn't react as it should? The BSC can't be sure that a single paging request is received by the MS so it (optionally) has to repeat it (there can be distortions, weak signal and so on). > Normally the RACH is sent 3 time slots after the paging request right? I don't think so, the RACH is always on TS0 of the uplink (at least this is how I understand it) and the PCH is not necessarily on TS0 (depending on the configuration). The reaction of the MS surley depends on the firmware/hardware of the phone and how fast it works, so you don't have a fixed delay. The MS usually has enough time to react, the T3113 timer defines how long to wait for a PAGING RESPONSE and than optionally repeat the paging request (if and how often the paging request is repeated, is not defined in the specification). I don't have exact numbers for the T3113 timer because its up to network, but common values seems to be around 5 seconds. Best regards, Dieter -- Dieter Spaar, Germany spaar(a)mirider.augusta.de

14 years, 8 months

2
1
0 0

Re: mISDNdebugtool status

by Dieter Spaar

Hello Eric, On Thu, 23 Jul 2009 11:35:33 +0200, "Eric Cathelinaud" <e.cathelinaud(a)googlemail.com> wrote: > > I would like to ask another question. I can see on which time slot the burst > is sent but i can't see the frame and the multiframe number. Is it available > somewhere? Not in the Abis communication, its the BTS which cares about frames but not the BSC. For the nanoBTS it is most certainly possible to get debug traces from the debug port (but probably not on Abis) which contain the frame number, but I am not aware that the same is possible for the BS-11. If you are interested in this low-level Layer 1 stuff, you might have a look at OpenBTS, you can adjust nearly everything or trace at a really low level. Best regards, Dieter -- Dieter Spaar, Germany spaar(a)mirider.augusta.de

14 years, 8 months

3
8
0 0

Just starting!!

by raza shah

Hi folks, I hope this finds you all in the best of health. As a start, I have read some basic GSM articles and went through bsc_hack.c. Few questions are bugging me and I would appreciate some info regarding them: (1) With which type(s) of BTS does OpenBSC work? (2) What is OML NM? (3) What is the best way to follow the path in the code in case of a call? Thanks. _________________________________________________________________ Show them the way! Add maps and directions to your party invites. http://www.microsoft.com/windows/windowslive/products/events.aspx

14 years, 8 months

3
2
0 0

Re: wireshark, viewing Abis communication

by Dieter Spaar

Hello Nordin, On Mon, 27 Jul 2009 14:11:56 +0200, "Nordin" <bouchtaoui(a)gmail.com> wrote: > > I downloaded the latest developer's Wireshark 1.1.3, with no result. I > know it's easy asking for an Abis-parser, but I thought there was a > patch for it. If you take one of the latest daily automated Wireshark builds it will work, even on Windows. No need to compile the sources if you don't want to. I use "1.3.0-SVN-29061" and it contains Harald's patch for the nanoBTS. Best regards, Dieter -- Dieter Spaar, Germany spaar(a)mirider.augusta.de

14 years, 8 months

2
2
0 0

wireshark, viewing Abis communication

by Eric Cathelinaud

Hi, I am trying to deal with wireshark to understand what happening in each function in the code. It says that the file seems to be corrupted: "The capture files appears to be damaged or corrupted. (libpcap: LAPD file has a 15-byte packet, too small to have even a LAPD pseudo-header)" Is it a problem? I still can read the Abis communication. I saw that some rsl packets are malformed. Is it coming from a missing implementation in the code that need to be fixed? Thanks Eric

14 years, 8 months

4
17
0 0

AW: HAR2009 TODO list

by Andreas.Eversberg

>On Thu, Jul 23, 2009 at 12:26:14AM +0200, Harald Welte wrote: >> Hi again, >> >> I'm currently in the train, so forgive me posting the initial TODO list >> to the mailing list rather than the wiki. > >this is now at http://bs11-abis.gnumonks.org/trac/wiki/HAR2009 Check out Eventphone. They run DECT network. Why not linking to their network? I am not at HAR, but I can help setting it up. An extra E1 card is required to link to Eventphone's machine... http://www.eventphone.de/guru/?language=de

14 years, 8 months

2
1
0 0

Looking for 32.768MHz OCXO for BS-11 calibration

by Harald Welte

Hi! So for everyone who has problems with BS-11 clock accuracy, what would be the theoretical straight-forward way to solve the problem, is to replace the 32.768MHz crystal oscillator on the E1 card with a OCXO of the same frequency. So what we're looking for is an OCXO with +/- 0.05ppm or higher stability for 3.3V power supply. Unfortunately I was not able to find one at that frequency, even digikey doesn't have one. If anyone can find a source for a OCXO in the abovementioned parameter range (and small quantities), I think quite a number of people would be interested in buying one and connecting it to their E1 boards. Any help is much appreciated. Thanks! -- - Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/ ============================================================================ "Privacy in residential applications is a desirable marketing option." (ETSI EN 300 175-7 Ch. A6)

14 years, 8 months

2
4
0 0

Some changes to the gsm_transaction data model

by Harald Welte

Hi! For finishing proper SMS support, I need supoprt for transactions. Similar to Call Control, SMS can also have a number of different transactions active of any time. Before my changes, the transactions were tied to call control, which is obviously not good if that code is to be reused from SMS. Also, the transaction was linked to the gsm_network as well as the gsm_lchan. I think both are somehow wrong. Why are they not a property of the network? Because a transaction always belongs to a 'MM entity' (gsm spec language), or a gsm_subscriber in openbsc terminology. That subscriber then is part of a gsm_network. And why are they not part of a gsm_lchan? Because a transaction can be initiated on one lchan and then move to another lchan, e.g. in case a SMS is sent just before a call is made, where we start on an SDCCH and might continue on a SACCH. I will keep the lchan pointer in the meaning of 'current lchan through which we transmit messages to the remote MM entity'. Tying the transaction to the subscriber neatly addresses both of those issues. Regards, -- - Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/ ============================================================================ "Privacy in residential applications is a desirable marketing option." (ETSI EN 300 175-7 Ch. A6)

14 years, 9 months

1
0
0 0

new to OpenBSC

by raza shah

Hi everyone, I am new to OpenBSC and I think the best way to contribute to it is to get to know the source code first. I would appreciate any help regarding how to begin understanding the source code. And what are the main features of the code? What is the best approach to start learning OpenBSC. And is there any good material on OpenBSC.? Thanks. _________________________________________________________________ Share your memories online with anyone you want. http://www.microsoft.com/middleeast/windows/windowslive/products/photos-sha…

14 years, 9 months

3
2
0 0

Re: GSM license approval for HAR2009

by Dieter Spaar

Hello Harald, On Wed, 22 Jul 2009 23:49:00 +0200, "Harald Welte" <laforge(a)gnumonks.org> wrote: > > Even with two BTS at two TRX (exercising all our four ARFCN), the total call > capacity is not more than 13 simultanesous MS-to-MS calls (since each call > requires two timeslots). Yes we could do half-rate, but we have no software > support for that so far. You have the adjacent channels 121 to 124 for GSM 900 ? As far as I am aware, adjacent channels will disturb each other. From what I know, real networks usually have one free guard channel in between. So at least the configuration of using adjacent channels should be checked in advance (but you don't know how well different phones behave). Best regards, Dieter -- Dieter Spaar, Germany spaar(a)mirider.augusta.de

14 years, 9 months

3
2
0 0

AW: mISDNdebugtool status

by Andreas.Eversberg

> can you comment on the status of mISDNdebugtool? As it seems, Eric is having > some problems using it. Also, in current mISDNuser.git (socket branch), > it doesn't compile since mISDNdebugtool.h is missing. hi, sorry for the late answer. i don't exactly know what this was for. i think it was used to debug the driver itself. to actually log frames from isdn interface and write a pcap file you need misdn_log. for logging first card use "misdn_log" or "misdn_log -c0". for writing pcap file use "misdn_log -c0 -w <file>" this connects to given isdn interface and shows transmitted data also. it must be started AFTER the application or it will set the mode to TE-mode. so first run bsc_hack, then start misdn_log. andreas

14 years, 9 months

2
1
0 0

Re: GSM license approval for HAR2009

by Dieter Spaar

Hello Stefan, On Wed, 22 Jul 2009 19:36:16 +0200, "Stefan Schmidt" <stefan(a)datenfreihafen.org> wrote: > > Hmm, if we would calculate with 200 cards we would have ~80 USD costs for them. > Maybe not the baddest thing. Let's wait to what conclusion we come here before > going ahead. A technical solution that let the user handle the registration on > it's own is still my favorit. Sadly we can't estimate how many subscribers we > will get. :) I don't know if you get a better price if you buy such a large amount of the SIM cards, but I would ask. One advantage of handing out SIM cards: You can play with authentication and encryption if you want to. The A3/A8 algorithm in the SIM cards seems to be different from COMP128-V1 (at least with the SIM I tested) so you cannot retrieve Ki. However you could run the authentication in advance and record a few challenge-reponse pairs and use them later. And if you take one Euro as deposit for the SIM, you might get them back or don't care if not. Best regards, Dieter -- Dieter Spaar, Germany spaar(a)mirider.augusta.de

14 years, 9 months

1
0
0 0

Re: GSM license approval for HAR2009

by Dieter Spaar

Hello Stefan, On Wed, 22 Jul 2009 18:32:28 +0200, "Stefan Schmidt" <stefan(a)datenfreihafen.org> wrote: > > Hmm, another idea pops up into my mind right now. Any chance we can get a big > bunch of pre paid SIMs without money on the account? If we would get some 100s > of them we could prepare them in advance and just hand out to the people. Kai Muenz mentioned it on the list already, there are GSM SIMs available at http://www.dealextreme.com/details.dx/sku.16159. 10 pieces cost $US 3.94 including shipping. If you don't mind about a Chinese SIM Toolkit Menu which you can't read and also don't mind to remove a little bit of glue from some of the SIMs, they are fine for this purpose. Best regards, Dieter -- Dieter Spaar, Germany spaar(a)mirider.augusta.de

14 years, 9 months

2
1
0 0

Re: Spectrum analysis shows strange carrier

by Dieter Spaar

Hello Philipp, On Mon, 20 Jul 2009 20:19:16 CEST, "Dieter Spaar" <spaar(a)mirider.augusta.de> wrote: > > Not sure what you are measuring on peak one and two, but channel 123 > should be 959.6 MHz, this is most certainly the third peak. There might > be small signals (e.g. from the oscillator of the BS-11) on other > frequencies, but they should be much smaller than the main signal. In the meantime I did check with my spectrum analyzer. There is indeed a signal coming from the BS-11, even if nothing else is connected to the BS-11 (no serial connection, no E1). The signal starts to be emitted after the firmware download is complete. I could measure the signal at 942.4 MHz, the level is about -42 dBm (cable connection from the spectrum analyzer to TRX0, low-quality cable). The signal strength does not depend on the power amplifier setting, I wonder where it comes from (some internal oscillator working at that frequency ?). The signal is not very strong, so it should not cause major trouble (besides disturbing a weak signal which might be there from an "official" source if you are close to the BS-11). Best regards, Dieter -- Dieter Spaar, Germany spaar(a)mirider.augusta.de

14 years, 9 months

2
1
0 0

Re: Spectrum analysis shows strange carrier

by Dieter Spaar

Hello Philipp, On Mon, 20 Jul 2009 18:39:47 +0200, "dexter" <zero-kelvin(a)gmx.de> wrote: > > We have a Toy-Spectrum-Analyser here, so i have measured the output of > our BS-11 when initalized with -f 123 > > http://www.root.runningserver.com/pub/openbsc_spektralanalyse.png > Not sure what you are measuring on peak one and two, but channel 123 should be 959.6 MHz, this is most certainly the third peak. There might be small signals (e.g. from the oscillator of the BS-11) on other frequencies, but they should be much smaller than the main signal. I don't know what the specification for a BTS allows as level for emitting on other frequencies, so I can't give you any numbers how strong those other signals can be. Best regards, Dieter -- Dieter Spaar, Germany spaar(a)mirider.augusta.de

14 years, 9 months

3
2
0 0

Spectrum analysis shows strange carrier

by dexter

Hi folks. We have a Toy-Spectrum-Analyser here, so i have measured the output of our BS-11 when initalized with -f 123 http://www.root.runningserver.com/pub/openbsc_spektralanalyse.png Why are there 2 carriers emitted by the BTS? I thought that openBSC uses only one TRX. I have verfied that the carrier must be emitted by the BTS. If i stop the BTS the carrier vanishes and the T-Mobile carrier comes through (much weaker, of cause) I have no explaination for this effect, can anyone give me a hint? regards Philipp

14 years, 9 months

2
1
0 0

mISDNdebugtool status

by Harald Welte

Hi Andreas, since youre experience with mISDN is much better than mine, can you comment on the status of mISDNdebugtool? As it seems, Eric is having some problems using it. Also, in current mISDNuser.git (socket branch), it doesn't compile since mISDNdebugtool.h is missing. What we're trying to do is to generate pcap files that we can throw at wireshark. Thanks in advance, -- - Harald Welte <laforge(a)gnumonks.org> http://gnumonks.org/ ============================================================================ We all know Linux is great...it does infinite loops in 5 seconds. -- Linus

14 years, 9 months

1
0
0 0

Re: CCCH

by Dieter Spaar

Hello Eric, On Thu, 16 Jul 2009 17:53:53 +0200, "Eric Cathelinaud" <e.cathelinaud(a)googlemail.com> wrote: > > Yes I would like to make the cell phone answer as fast as possible but > without the need of a user interaction. So I am trying to get RACH as fast > as possible and I think the paging function is the most suitable for this. A > RACH for each frame would be really nice. At least one RACH out of 2 frames, > then i can have at least 1 RACH per 10 ms. I don't think you have much influence on setting the paging reorganisation mode, this is done by the BTS when it detects that something has changed with paging (the BTS can detect it by looking for changes in the SYSTEM INFORMATION messages). I did a quick test with a nanoBTS 1800, if for example BS_PA_MFRMS is changed, the BTS will activate the paging reorganisation mode while switching the parameter. I can confirm that with the Nokia Network Monitor, it displays the page mode and indicates "paging reorganisation" for a short amount of time (about one second). You can try to constantly switch the SYSTEM INFORMATION data related to paging, but I don't know if this will help with what you want to do. Also please note that I have not tried it with the BS-11. Best regard, Dieter -- Dieter Spaar, Germany spaar(a)mirider.augusta.de

14 years, 9 months

2
1
0 0

Re: CCCH

by Dieter Spaar

Hello Eric, On Thu, 16 Jul 2009 15:44:21 +0200, "Eric Cathelinaud" <e.cathelinaud(a)googlemail.com> wrote: > > I don't know if the mobile phone will answer everytimes if i try to do a > paging on it for each successive frame. Or if he will answer the first time > and ignore the other paging requests after. Maybe you can explain what you want to achieve, this might help to give an answere. I initially thought you want to measure the standby time of the phone, this is why posted the information about the BS_PA_MFRMS parameter, it usually determines the standby time (if BS_PA_MFRMS is maximum, you usually get the longest standby time). But now it seem you want the phone to react as fast as possible on a paging request, but maybe I don't understand what you want to do. Best regards, Dieter PS: The calculation of the paging group is done by OpenBSC and not by the BTS. -- Dieter Spaar, Germany spaar(a)mirider.augusta.de

14 years, 9 months

1
0
0 0

Re: CCCH

by Dieter Spaar

Hello Eric, On Wed, 15 Jul 2009 11:00:14 +0200, "Eric Cathelinaud" <e.cathelinaud(a)googlemail.com> wrote: > > I was just thinking about performing a recursive paging in order to see how > much time I have until the battery of a mobile phone run out. > Does anyone know if the mobile phone answers at every paging or if it > doesn't "listen" all the time? I think it listens periodically. If anyone > can give me a clue, that would be appreciated. This is an excerpt from a posting to another mainling list, I just quote it because I don't want to repeat what I already wrote: > - The phone is in "idle" mode (no speech/data traffic) > and periodically receives the paging channel (PCH) to > find out if its being called. Further the phone measures > the signal strength of neighbor cells and every now > and then (not that frequent as the above actions) > receives the cell information in the broadcast common > control channel (BCCH) of the serving cell and of > at most six neighbor cells with the strongest signal. .... > - The time between receiving the PCH is determined by a > parameter of the serving cell (BS_PA_MFRMS, range 2 to 9). > Its measured in 51-multiframes until the PCH for the phone > repeats (if you want to know the details have a look at > the GSM specs ;-) . The length of a 51-multiframe is > 235.8 ms, this means the time between receiving the PCH > is in the range 471.9 ms to 2122.2 ms. In this time the > idle phone most of the time sleeps or receives the BCCH > of the serving cell or one of the neighbor cells with > the strongest signal (at most six). Best regards, Dieter -- Dieter Spaar, Germany spaar(a)mirider.augusta.de

14 years, 9 months

3
3
0 0

CCCH

by Eric Cathelinaud

2009/7/10 Harald Welte <laforge(a)gnumonks.org> On Thu, Jul 09, 2009 at 01:18:05PM +0200, Eric Cathelinaud wrote: > > Hi everybody > > > > I just would like to be sure that the paging is only sent on TS0 with > > OpenBSC, that is to say PCH (which is on CCCH) is only sent on TS0. > > I read that it could be sent on more time slots (TS2, TS4 and TS6 also) > in > > the GSM specifications. Is it the case in the soft or you just keep the > > normal multiplexage setting (TS0 only for CCCH+BCCH, 1 slot for dedicated > > channels and 6 slots for the traffic channels)? > > we only run one timeslot (TS0) for the CCCH (and thus the PCH). Using more > timeslots is only required in really large BTS with many TRX - not a case > we particularly care about right now. > > -- > - Harald Welte <laforge(a)gnumonks.org> > http://laforge.gnumonks.org/ > > ============================================================================ > "Privacy in residential applications is a desirable marketing option." > (ETSI EN 300 175-7 Ch. A6) > Ok thanks I was just thinking about performing a recursive paging in order to see how much time I have until the battery of a mobile phone run out. Does anyone know if the mobile phone answers at every paging or if it doesn't "listen" all the time? I think it listens periodically. If anyone can give me a clue, that would be appreciated. Eric Cathelinaud

14 years, 9 months

1
0
0 0

OpenBSC unsubscribe notification

by mailman-bounces＠lists.gnumonks.org

pylon(a)koeln.ccc.de has been removed from OpenBSC.

14 years, 9 months

1
0
0 0

Re: Authentication and Encryption

by Dieter Spaar

Hello Harald, On Sun, 12 Jul 2009 16:02:11 +0200, "Harald Welte" <laforge(a)gnumonks.org> wrote: > > Thanks a lot for your investigation. Are you planning to take it beyond the > hack and do a clean implementation that we can merge at some point? To implement it in a clean way in my opinion requires some discussion about how to do it so that it fits into the architecture: - When do the authentication, most certainly during the first Loacation Update, but when else ? - Where to store the subscriber Ki for authentication and the information about which algorithm is used ? Also store for each subscriber if authentication and/or encryption should to be used. - Where to cache Kc, its not necessary to authenticate every time when encryption for a channel is turned on. Kc from a previous authentication can be used several times. - Where to turn on encryption, every time a channel is allocated ? Those are just a few thoughts. I guess discussion about the details probably takes longer than if you or Holger implement it during your ongoing work on OpenBSC. Currently you both are the main people working on OpenBSC at several places of the implementation and a clean integration of authentication and encryption affects a lot of those places too. I am reluctant to interfere here, not because of the time it takes (its not that much) but because any changes should fit to what you plan to do. If anyone want to see the technical details, I can provide them, its rather simple and straightforward. Best regards, Dieter -- Dieter Spaar, Germany spaar(a)mirider.augusta.de

14 years, 9 months

2
1
0 0

Authentication and Encryption

by Dieter Spaar

Hello, I did a few tests with Authentication and Encryption. Its just a quick hack and nothing which can be integrated into OpenBSC in a clean way but the process was rather straightforward: - For my tests I used the location update request. - I sent the AUTHENTICATION REQUEST to the MS. - When I received the AUTHENTICATION RESPONSE from the MS, I compared SRES with the expected value. If the expected value was received, I send the ENCRYPTION COMMAND with Kc to the BTS. If the wrong SRES was received, I send an AUTHENTICATION REJECT to the MS. - The BTS will now send the CIPHERING MODE COMMAND to the MS and activate encryption. - The CIPHERING MODE COMPLETE command from the MS will already be received encrypted. I have not recorded the RF traffic to check if encryption is really enabled. But the Nokia Netmonitor indicated encryption, additionally if I send the wrong Kc in the ENCRYPTION COMMAND, the location update does not complete. I have not tested speech traffic yet, but it most certainly works the same way. One thing which might be interesting is how to get SRES and Kc because the A3/A8 algorithm on the SIM is usually not known. There are a few ways how to do it: - one could record a few results from a SIM and only send RAND values where the pre-recorded results are known. - the SIM communication could be intercepted (for example with a device like the "Turbo Lite" from www.bladox.com) and if the APDU for authentication is sent, one can run its own A3/A8 algorithm instead of the one from the card. - if one has a SIM with the broken and known COMP128, its possible to find Ki so that the authentication response from the card can be calculated. - Test SIMs (for GSM Test Equipment) have implemented a know A3/A8 algorithm (XOR) and so the authentication response can be calculated. - One can buy one of those SIM clone cards (they are called Super-SIM Magic-SIM, 16in1 SIM or similar). They are of not much use for official networks because only a few (if any) providers use COMP128 any more and this is the algorithm those card implement (and expect it to be in the card which should be cloned). You can buy such SIM cards rather cheap (around 5 Euro). They usually come with a software (Windows) which allows to set the IMSI and Ki for COMP128. So you have a card with a know A3/A8 algorithm (COMP128) and a know Ki. I used one of those SIM clone cards for my experiments, the SIM worked fine in an older Nokia 3310 (at least for this test). I don't know how well it will work in other phones but for this rathe low price its probably worth a try. Best regards, Dieter -- Dieter Spaar, Germany spaar(a)mirider.augusta.de

14 years, 9 months

2
1
0 0

ip.access Abis-over-IP dissector now part of wireshark

by Harald Welte

Hi! JFYI: My dissector for the Abis-IP adaption layer of ip.access has been merged into wireshark (as of svn revision 29059). -- - Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/ ============================================================================ "Privacy in residential applications is a desirable marketing option." (ETSI EN 300 175-7 Ch. A6)

14 years, 9 months

1
0
0 0

Cleanup some parsing in the mncc.c code

by Holger Freyther

Hey Harald, did you have this in mind when mentioning that the parsing of the data derived informations could be driven by a struct? z. From 594cf586dedaecfc5e755a6d0fc9ac69dc513e91 Mon Sep 17 00:00:00 2001 From: Holger Hans Peter Freyther <zecke(a)selfish.org> Date: Mon, 29 Jun 2009 17:21:37 +0200 Subject: [PATCH] Generic data derived informations parsing... Declare what elements to parse in a struct and then trigger the generic parsing routine. --- openbsc/src/msc_mncc.c | 211 ++++++++++++++++++++--------------------------- 1 files changed, 90 insertions(+), 121 deletions(-) diff --git a/openbsc/src/msc_mncc.c b/openbsc/src/msc_mncc.c index b54e184..5329fa1 100644 --- a/openbsc/src/msc_mncc.c +++ b/openbsc/src/msc_mncc.c @@ -112,6 +112,39 @@ static const char *cc_state_names[] = { "illegal state 31", }; +typedef int (*dd_decoder)(void* data, const u_int8_t *lv); + +struct dd_parser { + int information_element; + int mncc_field; + int offset; + dd_decoder decoder; +}; + +#define DECLARE_DECODER3(IE_NAME, M_NAME, name) \ + { .information_element = GSM48_IE_##IE_NAME, \ + .mncc_field = MNCC_F_##M_NAME, \ + .offset = offsetof(struct gsm_mncc, name), \ + .decoder = (dd_decoder)decode_##name, \ + } + + +#define DECLARE_DECODER(NAME, name) \ + DECLARE_DECODER3(NAME, NAME, name) + +static void parse_data_derived_information(struct dd_parser *parser, const int length, + struct tlv_parsed *tp, struct gsm_mncc *rel) +{ + int i; + + for (i = 0; i < length; ++i) { + if (TLVP_PRESENT(tp, parser[i].information_element)) { + rel->fields |= parser[i].mncc_field; + parser[i].decoder(rel + parser[i].offset, + TLVP_VAL(tp, parser[i].information_element)-1); + } + } +} static int mncc_handle_lchan_signal(unsigned int subsys, unsigned int signal, void *handler_data, void *signal_data) @@ -1420,31 +1453,15 @@ static int msc_cc_rx_disconnect(struct gsm_trans *trans, struct msgb *msg) memset(&disc, 0, sizeof(struct gsm_mncc)); disc.callref = trans->callref; tlv_parse(&tp, &rsl_att_tlvdef, gh->data, payload_len, GSM48_IE_CAUSE, 0); - /* cause */ - if (TLVP_PRESENT(&tp, GSM48_IE_CAUSE)) { - disc.fields |= MNCC_F_CAUSE; - decode_cause(&disc.cause, - TLVP_VAL(&tp, GSM48_IE_CAUSE)-1); - } - /* facility */ - if (TLVP_PRESENT(&tp, GSM48_IE_FACILITY)) { - disc.fields |= MNCC_F_FACILITY; - decode_facility(&disc.facility, - TLVP_VAL(&tp, GSM48_IE_FACILITY)-1); - } - /* user-user */ - if (TLVP_PRESENT(&tp, GSM48_IE_USER_USER)) { - disc.fields |= MNCC_F_USERUSER; - decode_useruser(&disc.useruser, - TLVP_VAL(&tp, GSM48_IE_USER_USER)-1); - } - /* ss-version */ - if (TLVP_PRESENT(&tp, GSM48_IE_SS_VERS)) { - disc.fields |= MNCC_F_SSVERSION; - decode_ssversion(&disc.ssversion, - TLVP_VAL(&tp, GSM48_IE_SS_VERS)-1); - } + static struct dd_parser parser[] = { + DECLARE_DECODER(CAUSE, cause), + DECLARE_DECODER(FACILITY, facility), + DECLARE_DECODER3(USER_USER, USERUSER, useruser), + DECLARE_DECODER3(SS_VERS, SSVERSION, ssversion), + }; + + parse_data_derived_information(&parser[0], ARRAY_SIZE(parser), &tp, &disc); return mncc_recvmsg(trans->network, trans, MNCC_DISC_IND, &disc); } @@ -1509,30 +1526,15 @@ static int msc_cc_rx_release(struct gsm_trans *trans, struct msgb *msg) memset(&rel, 0, sizeof(struct gsm_mncc)); rel.callref = trans->callref; tlv_parse(&tp, &rsl_att_tlvdef, gh->data, payload_len, 0, 0); - /* cause */ - if (TLVP_PRESENT(&tp, GSM48_IE_CAUSE)) { - rel.fields |= MNCC_F_CAUSE; - decode_cause(&rel.cause, - TLVP_VAL(&tp, GSM48_IE_CAUSE)-1); - } - /* facility */ - if (TLVP_PRESENT(&tp, GSM48_IE_FACILITY)) { - rel.fields |= MNCC_F_FACILITY; - decode_facility(&rel.facility, - TLVP_VAL(&tp, GSM48_IE_FACILITY)-1); - } - /* user-user */ - if (TLVP_PRESENT(&tp, GSM48_IE_USER_USER)) { - rel.fields |= MNCC_F_USERUSER; - decode_useruser(&rel.useruser, - TLVP_VAL(&tp, GSM48_IE_USER_USER)-1); - } - /* ss-version */ - if (TLVP_PRESENT(&tp, GSM48_IE_SS_VERS)) { - rel.fields |= MNCC_F_SSVERSION; - decode_ssversion(&rel.ssversion, - TLVP_VAL(&tp, GSM48_IE_SS_VERS)-1); - } + + static struct dd_parser parser[] = { + DECLARE_DECODER(CAUSE, cause), + DECLARE_DECODER(FACILITY, facility), + DECLARE_DECODER3(USER_USER, USERUSER, useruser), + DECLARE_DECODER3(SS_VERS, SSVERSION, ssversion), + }; + + parse_data_derived_information(&parser[0], ARRAY_SIZE(parser), &tp, &rel); if (trans->state == GSM_CSTATE_RELEASE_REQ) { /* release collision 5.4.5 */ @@ -1598,30 +1600,15 @@ static int msc_cc_rx_release_compl(struct gsm_trans *trans, struct msgb *msg) memset(&rel, 0, sizeof(struct gsm_mncc)); rel.callref = trans->callref; tlv_parse(&tp, &rsl_att_tlvdef, gh->data, payload_len, 0, 0); - /* cause */ - if (TLVP_PRESENT(&tp, GSM48_IE_CAUSE)) { - rel.fields |= MNCC_F_CAUSE; - decode_cause(&rel.cause, - TLVP_VAL(&tp, GSM48_IE_CAUSE)-1); - } - /* facility */ - if (TLVP_PRESENT(&tp, GSM48_IE_FACILITY)) { - rel.fields |= MNCC_F_FACILITY; - decode_facility(&rel.facility, - TLVP_VAL(&tp, GSM48_IE_FACILITY)-1); - } - /* user-user */ - if (TLVP_PRESENT(&tp, GSM48_IE_USER_USER)) { - rel.fields |= MNCC_F_USERUSER; - decode_useruser(&rel.useruser, - TLVP_VAL(&tp, GSM48_IE_USER_USER)-1); - } - /* ss-version */ - if (TLVP_PRESENT(&tp, GSM48_IE_SS_VERS)) { - rel.fields |= MNCC_F_SSVERSION; - decode_ssversion(&rel.ssversion, - TLVP_VAL(&tp, GSM48_IE_SS_VERS)-1); - } + + static struct dd_parser parser[] = { + DECLARE_DECODER(CAUSE, cause), + DECLARE_DECODER(FACILITY, facility), + DECLARE_DECODER3(USER_USER, USERUSER, useruser), + DECLARE_DECODER3(SS_VERS, SSVERSION, ssversion), + }; + + parse_data_derived_information(&parser[0], ARRAY_SIZE(parser), &tp, &rel); if (trans->callref) { switch (trans->state) { @@ -1684,19 +1671,13 @@ static int msc_cc_rx_facility(struct gsm_trans *trans, struct msgb *msg) memset(&fac, 0, sizeof(struct gsm_mncc)); fac.callref = trans->callref; tlv_parse(&tp, &rsl_att_tlvdef, gh->data, payload_len, GSM48_IE_FACILITY, 0); - /* facility */ - if (TLVP_PRESENT(&tp, GSM48_IE_FACILITY)) { - fac.fields |= MNCC_F_FACILITY; - decode_facility(&fac.facility, - TLVP_VAL(&tp, GSM48_IE_FACILITY)-1); - } - /* ss-version */ - if (TLVP_PRESENT(&tp, GSM48_IE_SS_VERS)) { - fac.fields |= MNCC_F_SSVERSION; - decode_ssversion(&fac.ssversion, - TLVP_VAL(&tp, GSM48_IE_SS_VERS)-1); - } + static struct dd_parser parser[] = { + DECLARE_DECODER(FACILITY, facility), + DECLARE_DECODER3(SS_VERS, SSVERSION, ssversion), + }; + + parse_data_derived_information(&parser[0], ARRAY_SIZE(parser), &tp, &fac); return mncc_recvmsg(trans->network, trans, MNCC_FACILITY_IND, &fac); } @@ -1807,12 +1788,11 @@ static int msc_cc_rx_start_dtmf(struct gsm_trans *trans, struct msgb *msg) dtmf.callref = trans->callref; tlv_parse(&tp, &rsl_att_tlvdef, gh->data, payload_len, 0, 0); /* keypad facility */ - if (TLVP_PRESENT(&tp, GSM48_IE_KPD_FACILITY)) { - dtmf.fields |= MNCC_F_KEYPAD; - decode_keypad(&dtmf.keypad, - TLVP_VAL(&tp, GSM48_IE_KPD_FACILITY)-1); - } + static struct dd_parser parser[] = { + DECLARE_DECODER3(KPD_FACILITY, KEYPAD, keypad), + }; + parse_data_derived_information(&parser[0], ARRAY_SIZE(parser), &tp, &dtmf); return mncc_recvmsg(trans->network, trans, MNCC_START_DTMF_IND, &dtmf); } @@ -1884,15 +1864,12 @@ static int msc_cc_rx_modify(struct gsm_trans *trans, struct msgb *msg) memset(&modify, 0, sizeof(struct gsm_mncc)); modify.callref = trans->callref; tlv_parse(&tp, &rsl_att_tlvdef, gh->data, payload_len, GSM48_IE_BEARER_CAP, 0); - /* bearer capability */ - if (TLVP_PRESENT(&tp, GSM48_IE_BEARER_CAP)) { - modify.fields |= MNCC_F_BEARER_CAP; - decode_bearer_cap(&modify.bearer_cap, - TLVP_VAL(&tp, GSM48_IE_BEARER_CAP)-1); - } + static struct dd_parser parser[] = { + DECLARE_DECODER(BEARER_CAP, bearer_cap), + }; + parse_data_derived_information(&parser[0], ARRAY_SIZE(parser), &tp, &modify); new_cc_state(trans, GSM_CSTATE_MO_ORIG_MODIFY); - return mncc_recvmsg(trans->network, trans, MNCC_MODIFY_IND, &modify); } @@ -1928,15 +1905,12 @@ static int msc_cc_rx_modify_complete(struct gsm_trans *trans, struct msgb *msg) memset(&modify, 0, sizeof(struct gsm_mncc)); modify.callref = trans->callref; tlv_parse(&tp, &rsl_att_tlvdef, gh->data, payload_len, GSM48_IE_BEARER_CAP, 0); - /* bearer capability */ - if (TLVP_PRESENT(&tp, GSM48_IE_BEARER_CAP)) { - modify.fields |= MNCC_F_BEARER_CAP; - decode_bearer_cap(&modify.bearer_cap, - TLVP_VAL(&tp, GSM48_IE_BEARER_CAP)-1); - } + static struct dd_parser parser[] = { + DECLARE_DECODER(BEARER_CAP, bearer_cap), + }; + parse_data_derived_information(&parser[0], ARRAY_SIZE(parser), &tp, &modify); new_cc_state(trans, GSM_CSTATE_ACTIVE); - return mncc_recvmsg(trans->network, trans, MNCC_MODIFY_CNF, &modify); } @@ -1970,19 +1944,13 @@ static int msc_cc_rx_modify_reject(struct gsm_trans *trans, struct msgb *msg) memset(&modify, 0, sizeof(struct gsm_mncc)); modify.callref = trans->callref; tlv_parse(&tp, &rsl_att_tlvdef, gh->data, payload_len, GSM48_IE_BEARER_CAP, GSM48_IE_CAUSE); - /* bearer capability */ - if (TLVP_PRESENT(&tp, GSM48_IE_BEARER_CAP)) { - modify.fields |= GSM48_IE_BEARER_CAP; - decode_bearer_cap(&modify.bearer_cap, - TLVP_VAL(&tp, GSM48_IE_BEARER_CAP)-1); - } - /* cause */ - if (TLVP_PRESENT(&tp, GSM48_IE_CAUSE)) { - modify.fields |= MNCC_F_CAUSE; - decode_cause(&modify.cause, - TLVP_VAL(&tp, GSM48_IE_CAUSE)-1); - } + + static struct dd_parser parser[] = { + DECLARE_DECODER(BEARER_CAP, bearer_cap), + DECLARE_DECODER(CAUSE, cause), + }; + parse_data_derived_information(&parser[0], ARRAY_SIZE(parser), &tp, &modify); new_cc_state(trans, GSM_CSTATE_ACTIVE); return mncc_recvmsg(trans->network, trans, MNCC_MODIFY_REJ, &modify); @@ -2070,12 +2038,13 @@ static int msc_cc_rx_userinfo(struct gsm_trans *trans, struct msgb *msg) memset(&user, 0, sizeof(struct gsm_mncc)); user.callref = trans->callref; tlv_parse(&tp, &rsl_att_tlvdef, gh->data, payload_len, GSM48_IE_USER_USER, 0); - /* user-user */ - if (TLVP_PRESENT(&tp, GSM48_IE_USER_USER)) { - user.fields |= MNCC_F_USERUSER; - decode_useruser(&user.useruser, - TLVP_VAL(&tp, GSM48_IE_USER_USER)-1); - } + + static struct dd_parser parser[] = { + DECLARE_DECODER3(USER_USER, USERUSER, useruser), + }; + + parse_data_derived_information(&parser[0], ARRAY_SIZE(parser), &tp, &user); + /* more data */ if (TLVP_PRESENT(&tp, GSM48_IE_MORE_DATA)) user.more = 1; -- 1.6.3.1

14 years, 9 months

2
3
0 0

CCCH

by Eric Cathelinaud

Hi everybody I just would like to be sure that the paging is only sent on TS0 with OpenBSC, that is to say PCH (which is on CCCH) is only sent on TS0. I read that it could be sent on more time slots (TS2, TS4 and TS6 also) in the GSM specifications. Is it the case in the soft or you just keep the normal multiplexage setting (TS0 only for CCCH+BCCH, 1 slot for dedicated channels and 6 slots for the traffic channels)? Thanks Eric Cathelinaud

14 years, 9 months

3
2
0 0

Re: OpenBSC with 2.5G or 3G mobile devices support? / Tested Phones

by Dieter Spaar

Hello Nordin, On Tue, 07 Jul 2009 16:31:36 +0200, "Nordin" <bouchtaoui(a)gmail.com> wrote: > > But this means that your HTC needs more relevant GPRS settings before > deciding to register. So it than searches for altenatives, but since the > BA list is empty it starts all over again and the whole process repeats, > which might result in a long procedure before it gives up. This is what > it might could be the reason, I'm not sure. If the GPRS Indicator is set, SYSTEM INFORMATION 13 is needed to describe the GPRS properties. But SYSTEM INFORMATION 13 is not set yet (not possible for the BS-11 anyway) so the phone won't find it. Probably some phones don't care about it but some others insist to find it before going to register. This is probably one of the many places where there is no rule in the specification what should be done in such a situation so its up to the developer of the firmware (the phone could register and return an error only when GPRS is actually needed for a data connection). Of course I don't mean that the specification is incomplete, it just expects that certain things are done "right" (who would expect that people outside of the mobile phone industry play with a BTS ;-). Best regards, Dieter -- Dieter Spaar, Germany spaar(a)mirider.augusta.de

14 years, 9 months

1
0
0 0

Re: OpenBSC with 2.5G or 3G mobile devices support? / Tested Phones

by Dieter Spaar

Hello Nordin, On Mon, 06 Jul 2009 12:00:27 +0200, "Nordin" <bouchtaoui(a)gmail.com> wrote: > > I tried the parameters as you suggested for SI 1 as well as SI3, but > with no success. But I'm still curious if someone else on the list > registered a PDA-like mobilephone (with GPRS support) to his BTS > (BS11/nanoBTS1800). If so, I would like to try out his/her SI's settings. > With the modification I have sent I can register a HTC Touch Pro to the BS11 and the nanoBTS 1800. If GPRS is set in SYSTEM INFORMATION 3, the phone will not register. The process is a bit unstable, if the phone is powered on, the location update works as expected, if I try to register manually, it sometime fails without actually communication with the BTS. I don't know the reason for this behaviour yet. Best regards, Dieter -- Dieter Spaar, Germany spaar(a)mirider.augusta.de

14 years, 9 months

2
1
0 0

Git repository via HTTP (port 80)

by Nordin

Hello guys, I made a repository for the OpenBSC project, see: http://repo.or.cz/w/openbsc.git Now you can update/clone the project from http://repo.or.cz/r/openbsc.git, like this: git clone http://repo.or.cz/r/openbsc.git It will be updated every hour (mirror mode). I needed that because our firewall blocks the git port 9418. Thank you for the tip Holger Freyther :) If you have any questions, don't hestitate to ask.

14 years, 9 months

1
0
0 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

OpenBSC July 2009