OpenBSC July 2009

openbsc@lists.osmocom.org

19 participants
61 discussions

CCCH
by Eric Cathelinaud 15 Jul '09

15 Jul '09

2009/7/10 Harald Welte <laforge(a)gnumonks.org> On Thu, Jul 09, 2009 at 01:18:05PM +0200, Eric Cathelinaud wrote: > > Hi everybody > > > > I just would like to be sure that the paging is only sent on TS0 with > > OpenBSC, that is to say PCH (which is on CCCH) is only sent on TS0. > > I read that it could be sent on more time slots (TS2, TS4 and TS6 also) > in > > the GSM specifications. Is it the case in the soft or you just keep the > > normal multiplexage setting (TS0 only for CCCH+BCCH, 1 slot for dedicated > > channels and 6 slots for the traffic channels)? > > we only run one timeslot (TS0) for the CCCH (and thus the PCH). Using more > timeslots is only required in really large BTS with many TRX - not a case > we particularly care about right now. > > -- > - Harald Welte <laforge(a)gnumonks.org> > http://laforge.gnumonks.org/ > > ============================================================================ > "Privacy in residential applications is a desirable marketing option." > (ETSI EN 300 175-7 Ch. A6) > Ok thanks I was just thinking about performing a recursive paging in order to see how much time I have until the battery of a mobile phone run out. Does anyone know if the mobile phone answers at every paging or if it doesn't "listen" all the time? I think it listens periodically. If anyone can give me a clue, that would be appreciated. Eric Cathelinaud

1 0

OpenBSC unsubscribe notification
by mailman-bounces＠lists.gnumonks.org 14 Jul '09

14 Jul '09

pylon(a)koeln.ccc.de has been removed from OpenBSC.

1 0

Re: Authentication and Encryption
by Dieter Spaar 12 Jul '09

12 Jul '09

Hello Harald, On Sun, 12 Jul 2009 16:02:11 +0200, "Harald Welte" <laforge(a)gnumonks.org> wrote: > > Thanks a lot for your investigation. Are you planning to take it beyond the > hack and do a clean implementation that we can merge at some point? To implement it in a clean way in my opinion requires some discussion about how to do it so that it fits into the architecture: - When do the authentication, most certainly during the first Loacation Update, but when else ? - Where to store the subscriber Ki for authentication and the information about which algorithm is used ? Also store for each subscriber if authentication and/or encryption should to be used. - Where to cache Kc, its not necessary to authenticate every time when encryption for a channel is turned on. Kc from a previous authentication can be used several times. - Where to turn on encryption, every time a channel is allocated ? Those are just a few thoughts. I guess discussion about the details probably takes longer than if you or Holger implement it during your ongoing work on OpenBSC. Currently you both are the main people working on OpenBSC at several places of the implementation and a clean integration of authentication and encryption affects a lot of those places too. I am reluctant to interfere here, not because of the time it takes (its not that much) but because any changes should fit to what you plan to do. If anyone want to see the technical details, I can provide them, its rather simple and straightforward. Best regards, Dieter -- Dieter Spaar, Germany spaar(a)mirider.augusta.de

2 1

Authentication and Encryption
by Dieter Spaar 12 Jul '09

12 Jul '09

Hello, I did a few tests with Authentication and Encryption. Its just a quick hack and nothing which can be integrated into OpenBSC in a clean way but the process was rather straightforward: - For my tests I used the location update request. - I sent the AUTHENTICATION REQUEST to the MS. - When I received the AUTHENTICATION RESPONSE from the MS, I compared SRES with the expected value. If the expected value was received, I send the ENCRYPTION COMMAND with Kc to the BTS. If the wrong SRES was received, I send an AUTHENTICATION REJECT to the MS. - The BTS will now send the CIPHERING MODE COMMAND to the MS and activate encryption. - The CIPHERING MODE COMPLETE command from the MS will already be received encrypted. I have not recorded the RF traffic to check if encryption is really enabled. But the Nokia Netmonitor indicated encryption, additionally if I send the wrong Kc in the ENCRYPTION COMMAND, the location update does not complete. I have not tested speech traffic yet, but it most certainly works the same way. One thing which might be interesting is how to get SRES and Kc because the A3/A8 algorithm on the SIM is usually not known. There are a few ways how to do it: - one could record a few results from a SIM and only send RAND values where the pre-recorded results are known. - the SIM communication could be intercepted (for example with a device like the "Turbo Lite" from www.bladox.com) and if the APDU for authentication is sent, one can run its own A3/A8 algorithm instead of the one from the card. - if one has a SIM with the broken and known COMP128, its possible to find Ki so that the authentication response from the card can be calculated. - Test SIMs (for GSM Test Equipment) have implemented a know A3/A8 algorithm (XOR) and so the authentication response can be calculated. - One can buy one of those SIM clone cards (they are called Super-SIM Magic-SIM, 16in1 SIM or similar). They are of not much use for official networks because only a few (if any) providers use COMP128 any more and this is the algorithm those card implement (and expect it to be in the card which should be cloned). You can buy such SIM cards rather cheap (around 5 Euro). They usually come with a software (Windows) which allows to set the IMSI and Ki for COMP128. So you have a card with a know A3/A8 algorithm (COMP128) and a know Ki. I used one of those SIM clone cards for my experiments, the SIM worked fine in an older Nokia 3310 (at least for this test). I don't know how well it will work in other phones but for this rathe low price its probably worth a try. Best regards, Dieter -- Dieter Spaar, Germany spaar(a)mirider.augusta.de

2 1

ip.access Abis-over-IP dissector now part of wireshark
by Harald Welte 10 Jul '09

10 Jul '09

Hi! JFYI: My dissector for the Abis-IP adaption layer of ip.access has been merged into wireshark (as of svn revision 29059). -- - Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/ ============================================================================ "Privacy in residential applications is a desirable marketing option." (ETSI EN 300 175-7 Ch. A6)

1 0

Cleanup some parsing in the mncc.c code
by Holger Freyther 10 Jul '09

10 Jul '09

Hey Harald, did you have this in mind when mentioning that the parsing of the data derived informations could be driven by a struct? z. From 594cf586dedaecfc5e755a6d0fc9ac69dc513e91 Mon Sep 17 00:00:00 2001 From: Holger Hans Peter Freyther <zecke(a)selfish.org> Date: Mon, 29 Jun 2009 17:21:37 +0200 Subject: [PATCH] Generic data derived informations parsing... Declare what elements to parse in a struct and then trigger the generic parsing routine. --- openbsc/src/msc_mncc.c | 211 ++++++++++++++++++++--------------------------- 1 files changed, 90 insertions(+), 121 deletions(-) diff --git a/openbsc/src/msc_mncc.c b/openbsc/src/msc_mncc.c index b54e184..5329fa1 100644 --- a/openbsc/src/msc_mncc.c +++ b/openbsc/src/msc_mncc.c @@ -112,6 +112,39 @@ static const char *cc_state_names[] = { "illegal state 31", }; +typedef int (*dd_decoder)(void* data, const u_int8_t *lv); + +struct dd_parser { + int information_element; + int mncc_field; + int offset; + dd_decoder decoder; +}; + +#define DECLARE_DECODER3(IE_NAME, M_NAME, name) \ + { .information_element = GSM48_IE_##IE_NAME, \ + .mncc_field = MNCC_F_##M_NAME, \ + .offset = offsetof(struct gsm_mncc, name), \ + .decoder = (dd_decoder)decode_##name, \ + } + + +#define DECLARE_DECODER(NAME, name) \ + DECLARE_DECODER3(NAME, NAME, name) + +static void parse_data_derived_information(struct dd_parser *parser, const int length, + struct tlv_parsed *tp, struct gsm_mncc *rel) +{ + int i; + + for (i = 0; i < length; ++i) { + if (TLVP_PRESENT(tp, parser[i].information_element)) { + rel->fields |= parser[i].mncc_field; + parser[i].decoder(rel + parser[i].offset, + TLVP_VAL(tp, parser[i].information_element)-1); + } + } +} static int mncc_handle_lchan_signal(unsigned int subsys, unsigned int signal, void *handler_data, void *signal_data) @@ -1420,31 +1453,15 @@ static int msc_cc_rx_disconnect(struct gsm_trans *trans, struct msgb *msg) memset(&disc, 0, sizeof(struct gsm_mncc)); disc.callref = trans->callref; tlv_parse(&tp, &rsl_att_tlvdef, gh->data, payload_len, GSM48_IE_CAUSE, 0); - /* cause */ - if (TLVP_PRESENT(&tp, GSM48_IE_CAUSE)) { - disc.fields |= MNCC_F_CAUSE; - decode_cause(&disc.cause, - TLVP_VAL(&tp, GSM48_IE_CAUSE)-1); - } - /* facility */ - if (TLVP_PRESENT(&tp, GSM48_IE_FACILITY)) { - disc.fields |= MNCC_F_FACILITY; - decode_facility(&disc.facility, - TLVP_VAL(&tp, GSM48_IE_FACILITY)-1); - } - /* user-user */ - if (TLVP_PRESENT(&tp, GSM48_IE_USER_USER)) { - disc.fields |= MNCC_F_USERUSER; - decode_useruser(&disc.useruser, - TLVP_VAL(&tp, GSM48_IE_USER_USER)-1); - } - /* ss-version */ - if (TLVP_PRESENT(&tp, GSM48_IE_SS_VERS)) { - disc.fields |= MNCC_F_SSVERSION; - decode_ssversion(&disc.ssversion, - TLVP_VAL(&tp, GSM48_IE_SS_VERS)-1); - } + static struct dd_parser parser[] = { + DECLARE_DECODER(CAUSE, cause), + DECLARE_DECODER(FACILITY, facility), + DECLARE_DECODER3(USER_USER, USERUSER, useruser), + DECLARE_DECODER3(SS_VERS, SSVERSION, ssversion), + }; + + parse_data_derived_information(&parser[0], ARRAY_SIZE(parser), &tp, &disc); return mncc_recvmsg(trans->network, trans, MNCC_DISC_IND, &disc); } @@ -1509,30 +1526,15 @@ static int msc_cc_rx_release(struct gsm_trans *trans, struct msgb *msg) memset(&rel, 0, sizeof(struct gsm_mncc)); rel.callref = trans->callref; tlv_parse(&tp, &rsl_att_tlvdef, gh->data, payload_len, 0, 0); - /* cause */ - if (TLVP_PRESENT(&tp, GSM48_IE_CAUSE)) { - rel.fields |= MNCC_F_CAUSE; - decode_cause(&rel.cause, - TLVP_VAL(&tp, GSM48_IE_CAUSE)-1); - } - /* facility */ - if (TLVP_PRESENT(&tp, GSM48_IE_FACILITY)) { - rel.fields |= MNCC_F_FACILITY; - decode_facility(&rel.facility, - TLVP_VAL(&tp, GSM48_IE_FACILITY)-1); - } - /* user-user */ - if (TLVP_PRESENT(&tp, GSM48_IE_USER_USER)) { - rel.fields |= MNCC_F_USERUSER; - decode_useruser(&rel.useruser, - TLVP_VAL(&tp, GSM48_IE_USER_USER)-1); - } - /* ss-version */ - if (TLVP_PRESENT(&tp, GSM48_IE_SS_VERS)) { - rel.fields |= MNCC_F_SSVERSION; - decode_ssversion(&rel.ssversion, - TLVP_VAL(&tp, GSM48_IE_SS_VERS)-1); - } + + static struct dd_parser parser[] = { + DECLARE_DECODER(CAUSE, cause), + DECLARE_DECODER(FACILITY, facility), + DECLARE_DECODER3(USER_USER, USERUSER, useruser), + DECLARE_DECODER3(SS_VERS, SSVERSION, ssversion), + }; + + parse_data_derived_information(&parser[0], ARRAY_SIZE(parser), &tp, &rel); if (trans->state == GSM_CSTATE_RELEASE_REQ) { /* release collision 5.4.5 */ @@ -1598,30 +1600,15 @@ static int msc_cc_rx_release_compl(struct gsm_trans *trans, struct msgb *msg) memset(&rel, 0, sizeof(struct gsm_mncc)); rel.callref = trans->callref; tlv_parse(&tp, &rsl_att_tlvdef, gh->data, payload_len, 0, 0); - /* cause */ - if (TLVP_PRESENT(&tp, GSM48_IE_CAUSE)) { - rel.fields |= MNCC_F_CAUSE; - decode_cause(&rel.cause, - TLVP_VAL(&tp, GSM48_IE_CAUSE)-1); - } - /* facility */ - if (TLVP_PRESENT(&tp, GSM48_IE_FACILITY)) { - rel.fields |= MNCC_F_FACILITY; - decode_facility(&rel.facility, - TLVP_VAL(&tp, GSM48_IE_FACILITY)-1); - } - /* user-user */ - if (TLVP_PRESENT(&tp, GSM48_IE_USER_USER)) { - rel.fields |= MNCC_F_USERUSER; - decode_useruser(&rel.useruser, - TLVP_VAL(&tp, GSM48_IE_USER_USER)-1); - } - /* ss-version */ - if (TLVP_PRESENT(&tp, GSM48_IE_SS_VERS)) { - rel.fields |= MNCC_F_SSVERSION; - decode_ssversion(&rel.ssversion, - TLVP_VAL(&tp, GSM48_IE_SS_VERS)-1); - } + + static struct dd_parser parser[] = { + DECLARE_DECODER(CAUSE, cause), + DECLARE_DECODER(FACILITY, facility), + DECLARE_DECODER3(USER_USER, USERUSER, useruser), + DECLARE_DECODER3(SS_VERS, SSVERSION, ssversion), + }; + + parse_data_derived_information(&parser[0], ARRAY_SIZE(parser), &tp, &rel); if (trans->callref) { switch (trans->state) { @@ -1684,19 +1671,13 @@ static int msc_cc_rx_facility(struct gsm_trans *trans, struct msgb *msg) memset(&fac, 0, sizeof(struct gsm_mncc)); fac.callref = trans->callref; tlv_parse(&tp, &rsl_att_tlvdef, gh->data, payload_len, GSM48_IE_FACILITY, 0); - /* facility */ - if (TLVP_PRESENT(&tp, GSM48_IE_FACILITY)) { - fac.fields |= MNCC_F_FACILITY; - decode_facility(&fac.facility, - TLVP_VAL(&tp, GSM48_IE_FACILITY)-1); - } - /* ss-version */ - if (TLVP_PRESENT(&tp, GSM48_IE_SS_VERS)) { - fac.fields |= MNCC_F_SSVERSION; - decode_ssversion(&fac.ssversion, - TLVP_VAL(&tp, GSM48_IE_SS_VERS)-1); - } + static struct dd_parser parser[] = { + DECLARE_DECODER(FACILITY, facility), + DECLARE_DECODER3(SS_VERS, SSVERSION, ssversion), + }; + + parse_data_derived_information(&parser[0], ARRAY_SIZE(parser), &tp, &fac); return mncc_recvmsg(trans->network, trans, MNCC_FACILITY_IND, &fac); } @@ -1807,12 +1788,11 @@ static int msc_cc_rx_start_dtmf(struct gsm_trans *trans, struct msgb *msg) dtmf.callref = trans->callref; tlv_parse(&tp, &rsl_att_tlvdef, gh->data, payload_len, 0, 0); /* keypad facility */ - if (TLVP_PRESENT(&tp, GSM48_IE_KPD_FACILITY)) { - dtmf.fields |= MNCC_F_KEYPAD; - decode_keypad(&dtmf.keypad, - TLVP_VAL(&tp, GSM48_IE_KPD_FACILITY)-1); - } + static struct dd_parser parser[] = { + DECLARE_DECODER3(KPD_FACILITY, KEYPAD, keypad), + }; + parse_data_derived_information(&parser[0], ARRAY_SIZE(parser), &tp, &dtmf); return mncc_recvmsg(trans->network, trans, MNCC_START_DTMF_IND, &dtmf); } @@ -1884,15 +1864,12 @@ static int msc_cc_rx_modify(struct gsm_trans *trans, struct msgb *msg) memset(&modify, 0, sizeof(struct gsm_mncc)); modify.callref = trans->callref; tlv_parse(&tp, &rsl_att_tlvdef, gh->data, payload_len, GSM48_IE_BEARER_CAP, 0); - /* bearer capability */ - if (TLVP_PRESENT(&tp, GSM48_IE_BEARER_CAP)) { - modify.fields |= MNCC_F_BEARER_CAP; - decode_bearer_cap(&modify.bearer_cap, - TLVP_VAL(&tp, GSM48_IE_BEARER_CAP)-1); - } + static struct dd_parser parser[] = { + DECLARE_DECODER(BEARER_CAP, bearer_cap), + }; + parse_data_derived_information(&parser[0], ARRAY_SIZE(parser), &tp, &modify); new_cc_state(trans, GSM_CSTATE_MO_ORIG_MODIFY); - return mncc_recvmsg(trans->network, trans, MNCC_MODIFY_IND, &modify); } @@ -1928,15 +1905,12 @@ static int msc_cc_rx_modify_complete(struct gsm_trans *trans, struct msgb *msg) memset(&modify, 0, sizeof(struct gsm_mncc)); modify.callref = trans->callref; tlv_parse(&tp, &rsl_att_tlvdef, gh->data, payload_len, GSM48_IE_BEARER_CAP, 0); - /* bearer capability */ - if (TLVP_PRESENT(&tp, GSM48_IE_BEARER_CAP)) { - modify.fields |= MNCC_F_BEARER_CAP; - decode_bearer_cap(&modify.bearer_cap, - TLVP_VAL(&tp, GSM48_IE_BEARER_CAP)-1); - } + static struct dd_parser parser[] = { + DECLARE_DECODER(BEARER_CAP, bearer_cap), + }; + parse_data_derived_information(&parser[0], ARRAY_SIZE(parser), &tp, &modify); new_cc_state(trans, GSM_CSTATE_ACTIVE); - return mncc_recvmsg(trans->network, trans, MNCC_MODIFY_CNF, &modify); } @@ -1970,19 +1944,13 @@ static int msc_cc_rx_modify_reject(struct gsm_trans *trans, struct msgb *msg) memset(&modify, 0, sizeof(struct gsm_mncc)); modify.callref = trans->callref; tlv_parse(&tp, &rsl_att_tlvdef, gh->data, payload_len, GSM48_IE_BEARER_CAP, GSM48_IE_CAUSE); - /* bearer capability */ - if (TLVP_PRESENT(&tp, GSM48_IE_BEARER_CAP)) { - modify.fields |= GSM48_IE_BEARER_CAP; - decode_bearer_cap(&modify.bearer_cap, - TLVP_VAL(&tp, GSM48_IE_BEARER_CAP)-1); - } - /* cause */ - if (TLVP_PRESENT(&tp, GSM48_IE_CAUSE)) { - modify.fields |= MNCC_F_CAUSE; - decode_cause(&modify.cause, - TLVP_VAL(&tp, GSM48_IE_CAUSE)-1); - } + + static struct dd_parser parser[] = { + DECLARE_DECODER(BEARER_CAP, bearer_cap), + DECLARE_DECODER(CAUSE, cause), + }; + parse_data_derived_information(&parser[0], ARRAY_SIZE(parser), &tp, &modify); new_cc_state(trans, GSM_CSTATE_ACTIVE); return mncc_recvmsg(trans->network, trans, MNCC_MODIFY_REJ, &modify); @@ -2070,12 +2038,13 @@ static int msc_cc_rx_userinfo(struct gsm_trans *trans, struct msgb *msg) memset(&user, 0, sizeof(struct gsm_mncc)); user.callref = trans->callref; tlv_parse(&tp, &rsl_att_tlvdef, gh->data, payload_len, GSM48_IE_USER_USER, 0); - /* user-user */ - if (TLVP_PRESENT(&tp, GSM48_IE_USER_USER)) { - user.fields |= MNCC_F_USERUSER; - decode_useruser(&user.useruser, - TLVP_VAL(&tp, GSM48_IE_USER_USER)-1); - } + + static struct dd_parser parser[] = { + DECLARE_DECODER3(USER_USER, USERUSER, useruser), + }; + + parse_data_derived_information(&parser[0], ARRAY_SIZE(parser), &tp, &user); + /* more data */ if (TLVP_PRESENT(&tp, GSM48_IE_MORE_DATA)) user.more = 1; -- 1.6.3.1

2 3

CCCH
by Eric Cathelinaud 10 Jul '09

10 Jul '09

Hi everybody I just would like to be sure that the paging is only sent on TS0 with OpenBSC, that is to say PCH (which is on CCCH) is only sent on TS0. I read that it could be sent on more time slots (TS2, TS4 and TS6 also) in the GSM specifications. Is it the case in the soft or you just keep the normal multiplexage setting (TS0 only for CCCH+BCCH, 1 slot for dedicated channels and 6 slots for the traffic channels)? Thanks Eric Cathelinaud

3 2

Re: OpenBSC with 2.5G or 3G mobile devices support? / Tested Phones
by Dieter Spaar 07 Jul '09

07 Jul '09

Hello Nordin, On Tue, 07 Jul 2009 16:31:36 +0200, "Nordin" <bouchtaoui(a)gmail.com> wrote: > > But this means that your HTC needs more relevant GPRS settings before > deciding to register. So it than searches for altenatives, but since the > BA list is empty it starts all over again and the whole process repeats, > which might result in a long procedure before it gives up. This is what > it might could be the reason, I'm not sure. If the GPRS Indicator is set, SYSTEM INFORMATION 13 is needed to describe the GPRS properties. But SYSTEM INFORMATION 13 is not set yet (not possible for the BS-11 anyway) so the phone won't find it. Probably some phones don't care about it but some others insist to find it before going to register. This is probably one of the many places where there is no rule in the specification what should be done in such a situation so its up to the developer of the firmware (the phone could register and return an error only when GPRS is actually needed for a data connection). Of course I don't mean that the specification is incomplete, it just expects that certain things are done "right" (who would expect that people outside of the mobile phone industry play with a BTS ;-). Best regards, Dieter -- Dieter Spaar, Germany spaar(a)mirider.augusta.de

1 0

Re: OpenBSC with 2.5G or 3G mobile devices support? / Tested Phones
by Dieter Spaar 07 Jul '09

07 Jul '09

Hello Nordin, On Mon, 06 Jul 2009 12:00:27 +0200, "Nordin" <bouchtaoui(a)gmail.com> wrote: > > I tried the parameters as you suggested for SI 1 as well as SI3, but > with no success. But I'm still curious if someone else on the list > registered a PDA-like mobilephone (with GPRS support) to his BTS > (BS11/nanoBTS1800). If so, I would like to try out his/her SI's settings. > With the modification I have sent I can register a HTC Touch Pro to the BS11 and the nanoBTS 1800. If GPRS is set in SYSTEM INFORMATION 3, the phone will not register. The process is a bit unstable, if the phone is powered on, the location update works as expected, if I try to register manually, it sometime fails without actually communication with the BTS. I don't know the reason for this behaviour yet. Best regards, Dieter -- Dieter Spaar, Germany spaar(a)mirider.augusta.de

2 1

Git repository via HTTP (port 80)
by Nordin 07 Jul '09

07 Jul '09

Hello guys, I made a repository for the OpenBSC project, see: http://repo.or.cz/w/openbsc.git Now you can update/clone the project from http://repo.or.cz/r/openbsc.git, like this: git clone http://repo.or.cz/r/openbsc.git It will be updated every hour (mirror mode). I needed that because our firewall blocks the git port 9418. Thank you for the tip Holger Freyther :) If you have any questions, don't hestitate to ask.

1 0

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

OpenBSC July 2009