Hello,
I just stumbled over the following change in libosmocore
diff --git a/src/vty/Makefile.am b/src/vty/Makefile.am
index 7353ab8..8d730c3 100644
--- a/src/vty/Makefile.am
+++ b/src/vty/Makefile.am
@@ -10,5 +10,5 @@ lib_LTLIBRARIES = libosmovty.la
libosmovty_la_SOURCES = buffer.c command.c vty.c vector.c utils.c \
telnet_interface.c logging_vty.c
-libosmovty_la_LIBADD = $(top_builddir)/src/libosmocore.la
+libosmovty_la_LIBADD = -losmocore $(top_builddir)/src/libosmocore.la
endif
from commit 2822296d
The -losmocore seems wrong as it is the library we're building here and
it's not necessarily already installed.
If I remove that part libosmocore builds for me again.
Regards,
Daniel Willmann
Hi,
as probably for most of us an official (testing) licence is out of reach, is
there a "workaround" for this problem?
- Is there some part of the official gsm bands that overlaps with local ISM
or other not-so-tightly-regulated frequencies?
(i.e, GSM1900 seems to have a small part that's not used by DECT...)
- Are there any "standard" gsm handsets that could be modified (preferably
in software) to work at 2,4GHz?
- Is UMA/GAN (http://en.wikipedia.org/wiki/Generic_Access_Network) something
that could be used with OpenBSC? As far as i understand the specification,
UMA is GSM Layer 3 over an GPRS/IPSEC tunnel to the BSC, so all the
GSM-Goodies should be there.
I realize the first two options would not exactly make it legal, but i'd
prefer the wrath of my neighbors over the suicide-squad from a carrier or
regulatory agency ;).
Any comments?
Regards,
Jay
Dear sir
I am new to openbsc.I have two NanoBTS(165cu).I'm facing some difficulty
which I'm summarizing below
I'm using Ubuntu10.04
1) Can we proceed with one nanobts.?
2)I've configured bts ip,unit id, oml ip of one bts.But not able to get the
firmware.
How to get it and configure for NanoBTS??
3)how to run openbsc ??
Please suggest the procedure to run the openbsc.
Thanks
Hi!
Collin Mulliner, Tobias Engel and myself have been meeting yesterday to
discuss a generic application interface for OpenBSC.
They are both doing security analysis and want to achieve a clean way
how an external application can get access to a more or less transparent
communication channel to the phone.
The purpose of this is to be able to send intentionally malformed
packets to the mobile phone GSM stack at various different levels within
the stack.
As of now, they have both hacked some custom code into openbsc that gets
them half way where they want to be - but not quite all the way.
The requirements can be summarized as follows:
1) Ability to establish a SDCCH or TCH channel by paging the phone
As of now, the 'silent call' feature from the VTY already does this.
2) Ability to send arbitrary layer3 protocol messages to the phone
Adding this is relatively easy (use rsl_sendmsg on the lchan from the
silent call)
3) Ability to receive responses from the phone, as well as error
conditions such as 'readio link failure'. We don't have a solution
for this yet, and we also have no clean way to identify what might
be a response from the phone to the external app, and what might
be a message from the phone to the normal network code in OpenBSC
4) Ability to selectively disable partial protocol handling in
OpenBSC. Let's say you want to play with the mobile phone call
control implementation. In this case, you want to make sure all CC
related messages go from/to the external program and not from the
regular OpenBSC network code.
So what I've been thinking of as a solution to the problem:
* store a bypass_flags bitmask related to the subscriber structure,
where we indicate values such as BYPASS_RR, BYPASS_MM, BYPASS_CC,
BYPASS_SAPI3.
* if we process an incoming message from the MS in gsm0408_rcvmsg(),
we check if a bypass flag matching the message is found. If yes,
forward the message to the external program
* if we want to send a message from our own protocol stack to the MS,
we check if a bypass flag matching the message is found. If yes,
we drop the message that we were about to send.
* any messages received from the application will be forwarded to the MS
The application interface protocol will likely have a close resemblance
to RSL RLL. We need to exchange the following primitives with the
application, like:
* ESTABLISH REQUEST -- app requests a channel be established to MS (by IMSI)
* ESTABLISH CONFIRM -- network confirms a channel has been established
* ESTABLISH INDICATION -- network tells app connection was made by MS
* [UNIT] DATA REQUEST -- app requests data to be sent to MS
* [UNIT] DATA INDICATION -- network indicates data was received from MS
* ERROR INDICATION -- network tells app something went wrong
* RELEASE REQUEST -- app asks network to release channel
* RELEASE CONFIRM -- net tells app that channel was released (as rqd)
* RELEASE INDICATION -- net tells app that channel was released (by MS)
The channel_number of RSL (indicating on-air timeslot) doesn't make much
sense in this context, of course.
The link_identifier on the other hand is great as it allows the app to
indicate SDCCH/FACCH or SACCH as well as the SAPI.
The actual RSL-like protocol would be encapsulated by UDP and available
on a socket of the MSC.
What do you think?
Regards,
Harald
--
- Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/
============================================================================
"Privacy in residential applications is a desirable marketing option."
(ETSI EN 300 175-7 Ch. A6)
For our ongoing experiment, we are hoping to tether some laptops onto the
EDGE connection, either through a USB style dongle or a USB cord into a
phone that allows it to be treated like a modem (And for some old school
phones, maybe even a Serial port connection). These situations require a
number to be dialed, what I believe is a USSD code, and sometimes a username
and password to be entered. I am not talking about newer smart phones where
the connection is sometimes shared using advanced drivers. Has anyone been
able to do this with OpenBSC?
Chris Rankine
Hi all,
Some people have been working together in order to finally start with
support of the Ericsson RBS2308 (and similar models) in OpenBSC.
The biggest issue so far is bringing up the actualy LAPD on the E1/T1 link.
It seems Ericsson is using some dynamic timeslot configuration between BSC
and BTS, so unlike e.g. Siemens, you cannot explicitly configure the OML E1
timeslot on the BTS using local configuration tools.
The current working assumption is: Somehow the BSC produces bit-patterns on the
E1 link and uses them to let the BTS know where to start LAPD for OML.
One contributor was friendly enough to do raw bit-traces of a Racal 6113
connected to the Ericsson RBS, and they look like this:
Racal to BTS
Initialization
openbsc:/etc/dahdi# cat /dev/dahdi/1 | hexdump
0000000 aaaa aaaa aaaa aaaa aaaa aaaa aaaa aaaa
*
00092e0 aaaa aaaa aaaa aaaa aaaa aaaa aaaa 55aa
00092f0 ffff ffff ffff ffff ffff ffff ffff ffff
*
0009600 ffff ffff ffff ffff ffff ffff ffff 7e7e
0009610 7e7e 7e7e 7e7e 7e7e 7e7e 7e7e 7e7e 7e7e
*
00096b0 7e7e 7e7e 7e7e 7e7e 7e7e 7e7e 7e7e 5f7e
00096c0 3e5f 49ce cfef cfcf cfcf cfcf cfcf cfcf
00096d0 cfcf cfcf cfcf cfcf cfcf cfcf cfcf cfcf
*
I've written a small C program to do soft-hdlc decode.
* a pattern of alternating bits (0xaa)
* a pattern of all-1 bits(0xff)
* a sequence of FLAG symbols (01111110)
* a HDLC message FA 7D 7F 4E F2, which is a TEI=62/SAPI=62 SABME
(SAPI 62 / TEI62 is configured for OML on the BTS)
The interesting part is:
1) this is a SABME from BSC to BTS, whereas GSM 08.56
specifically says the BTS is the TE and the BSC the NT
2) we have not seen any TEI manager related messages(L2ML)
Keep alives afterwards, about every 8 seconds
001d5e0 cfcf cfcf cfcf ebcb 04e4 a805 f323 f3f3
001d5f0 f3f3 f3f3 f3f3 f3f3 f3f3 f3f3 f3f3 f3f3
*
0031630 f3f3 f2f3 f9fa 0101 086a fcfc fcfc fcfc
0031640 fcfc fcfc fcfc fcfc fcfc fcfc fcfc fcfc
*
0045680 fcfc fcfc fcfc fcfc fcfc fcfc bebe 4040
0045690 825a 3f3f 3f3f 3f3f 3f3f 3f3f 3f3f 3f3f
00456a0 3f3f 3f3f 3f3f 3f3f 3f3f 3f3f 3f3f 3f3f
*
00596e0 3f3f 2f3f 90af 1610 8fa0 cfcf cfcf cfcf
00596f0 cfcf cfcf cfcf cfcf cfcf cfcf cfcf cfcf
*
006d730 cfcf cfcf cfcf cfcf cbcf e4eb 0504 23a8
006d740 f3f3 f3f3 f3f3 f3f3 f3f3 f3f3 f3f3 f3f3
*
0081790 faf2 01f9 6a01 fc08 fcfc fcfc fcfc fcfc
00817a0 fcfc fcfc fcfc fcfc fcfc fcfc fcfc fcfc
*
00957e0 fcfc fcfc fcfc befc 40be 5a40 3f82 3f3f
00957f0 3f3f 3f3f 3f3f 3f3f 3f3f 3f3f 3f3f 3f3f
If you decode this, you get
FA 7D 01 01 AD 20 (LAPD RR)
FA 7D 01 01 21 AC (LAPD RR)
FA 7D 01 01 AD 20 (LAPD RR)
FA 7D 01 01 AD 20 (LAPD RR)
FA 7D 01 01 AD 20 (LAPD RR)
FA 7D 01 01 AD 20 (LAPD RR)
FA 7D 01 01 AD 20 (LAPD RR)
If we look at the BTS to Racal 6113 side:
Initialization
openbsc:/etc/dahdi# cat /dev/dahdi/1 | hexdump
0000000 e7e7 e7e7 e7e7 e7e7 e7e7 e7e7 e7e7 e7e7
*
000fe00 e7e7 e7e7 e7e7 e7e7 e7e7 e7e7 e5e7 f3f5
000fe10 1039 f971 f9f9 f9f9 f9f9 f9f9 f9f9 f9f9
000fe20 f9f9 f9f9 f9f9 f9f9 f9f9 f9f9 f9f9 f9f9
*
Keep Alives, every 8 seconds
0023e40 f9f9 f9f9 f9f9 f9f9 f9f9 7c7d 8080 04b5
0023e50 7e7e 7e7e 7e7e 7e7e 7e7e 7e7e 7e7e 7e7e
*
0037ea0 5f5f 2020 412d 9f1f 9f9f 9f9f 9f9f 9f9f
0037eb0 9f9f 9f9f 9f9f 9f9f 9f9f 9f9f 9f9f 9f9f
*
004bef0 9f9f 9f9f 9f9f 9f9f 979f c8d7 0b08 4750
004bf00 e7e7 e7e7 e7e7 e7e7 e7e7 e7e7 e7e7 e7e7
*
005ff40 e7e7 e7e7 e7e7 e7e7 e7e7 e7e7 e7e7 f5e5
005ff50 02f2 d402 f911 f9f9 f9f9 f9f9 f9f9 f9f9
005ff60 f9f9 f9f9 f9f9 f9f9 f9f9 f9f9 f9f9 f9f9
*
0073fa0 f9f9 f9f9 f9f9 7c7d 8080 04b5 7e7e 7e7e
0073fb0 7e7e 7e7e 7e7e 7e7e 7e7e 7e7e 7e7e 7e7e
*
0087ff0 7e7e 7e7e 7e7e 7e7e 7e7e 7e7e 5f7e 205f
0088000 2d20 1f41 9f9f 9f9f 9f9f 9f9f 9f9f 9f9f
0088010 9f9f 9f9f 9f9f 9f9f 9f9f 9f9f 9f9f 9f9f
*
009c050 9f9f 9f9f 979f c8d7 0b08 4750 e7e7 e7e7
009c060 e7e7 e7e7 e7e7 e7e7 e7e7 e7e7 e7e7 e7e7
*
Decoded, we get:
FA 7D 73 60 3A (LAPD UA)
FA 7D 01 01 AD 20 (LAPD RR)
FA 7D 25 25 AD 20 (LAPD unknown??)
FA 7D 01 01 AD 20 (LAPD RR)
FA 7D 01 01 AD 20 (LAPD RR)
FA 7D 01 01 AD 20 (LAPD RR)
FA 7D 01 01 AD 20 (LAPD RR)
FA 7D 01 01 AD 20 (LAPD RR)
So as a summary, it seems that
1) the BSC applies some magic pattern (0xaa / 0xff)
2) the BSC establishes the LAPD session for OML TEI/SAPI
3) there is no L2ML, contrary to lots of Ericsson Abis documentation
that you can find online.
We'll continue our attempts and see if we can get the OML up...
--
- Harald Welte <laforge(a)gnumonks.org> http://laforge.gnumonks.org/
============================================================================
"Privacy in residential applications is a desirable marketing option."
(ETSI EN 300 175-7 Ch. A6)
This is probably completely off-topic, but can thoses nano-bts also be
used for data, instead of voice?
I don't mean sms, but access to email and so-on.
It is not about performance, but being able to test gsm-dongles for
wireless internet. (not wifi)
Hans
hello
my 2nd bs-11(bts 1) has a defective trx0, so no c0 can be created. lets
have a look at gsm_bts_trx_alloc in gsm_data.c:
i changed
trx->bts = bts;
trx->nr = bts->num_trx++;
trx->nm_state.administrative = NM_STATE_UNLOCKED;
to
trx->bts = bts;
if(bts->nr == 1) {trx->nr = 1;}
else {trx->nr = bts->num_trx++;}
trx->nm_state.administrative = NM_STATE_UNLOCKED;
in gsm_bts_alloc, the primary trx should be created then, in the case of
bts 1 starting at trx1, since trx0 dont exist
unfortunately, i get a general protection fault :-(
hints very velcome!
T.
--
Wer Rechtschreibfehler findet, darf sie behalten!
hi list,
i came over line 523 in gsm_data.h:
/* CCCH is on C0 */
struct gsm_bts_trx *c0;
could this be the reason why a bs-11 without aktivated trx0 dont work /
isnt seen by handy?
T.
--
Wer Rechtschreibfehler findet, darf sie behalten!
Hi,
I've been playing with Dahdi and OpenBSC (I have an old T100P card) and
something I'm a little confused about is what is the proper configuration
for system.conf?
Does dahdi itself take care of the hdlc/lapd signalling (in which case I'd
expect the signalling channel to be set as dchan in
/etc/dahdi/system.conf) or is openbsc taking care of the hdlc/lapd
signalling (in which case I'd expect the signalling channel to be set as
clear)?
Thanks,
Gus Bourg
