OpenBSC

openbsc@lists.osmocom.org

14 participants
4198 discussions

Re: RRLP
by Dieter Spaar 26 Oct '09

26 Oct '09

Hello Sylvain, On Mon, 26 Oct 2009 10:19:55 +0100, "Sylvain Munaut" <246tnt(a)gmail.com> wrote: > > So a lot of phones seem to support this and with assistance data could > maybe provide a location. > Did you try to correlate IMEI manufacturer part with the messages ? No, not yet. > Do you have any log of a successful response ? Maybe I screw up the > encoding of the position somehow. Yes, here is an example. This is the response from the phone 42 11 00 00 6A 57 9F B6 41 29 B1 B0 10 8D 84 00 6C 9C 9C 01 B1 0C This is decoded PDU (asn1c was used): PDU ::= { referenceNumber: 2 component: MsrPosition-Rsp ::= { locationInfo: LocationInfo ::= { refFrame: 0 gpsTOW: 6969247 fixType: 1 posEstimate: 90 4A 6C 6C 04 23 61 00 1B 27 27 00 6C 43 } } } And those are the coordinates from "posEstimate" (I did not care about the height): 52.329040 - 52 19'44" N 5.819342 - 5 49' 9" E Best regards, Dieter -- Dieter Spaar, Germany spaar(a)mirider.augusta.de

1 0

Re: RRLP
by Dieter Spaar 26 Oct '09

26 Oct '09

Hello, here is a summary of the RRLP requests from HAR2009. It is the summary from a time periode of about 10 hours near the end of the event. Total number of RRLP responses: 2179 "methodNotSupported" response: 122 "notEnoughSats" response: 667 "gpsAssDataMissing" response: 1368 Successful positions returned: 22 Number of different phones: 86 Phones which returned "methodNotSupported": 5 Phones which returned a position: 7 Requested assitance data for the "gpsAssDataMissing" response: 530 Navigation Model, Reference Location, Reference Time 468 Navigation Model, Reference Location 141 Navigation Model 123 Almanac, Navigation Model, Reference Location, Reference Time 58 Almanac, Navigation Model, Reference Location, Reference Time, Real-Time Integrity 27 Almanac, Navigation Model, Reference Location 13 Almanac, UTC Model, Ionospheric Model, Navigation Model, Reference Location, Reference Time, Real-Time Integrity 5 Reference Location 3 Navigation Model, Reference Time And this was the request sent to the phones: PDU: 40 01 78 A8 referenceNumber 2 msrPositionReq methodType msBased Accuracy 60 positionMethod gps measureResponseTime 2 useMultipleSets oneSet Best regards, Dieter -- Dieter Spaar, Germany spaar(a)mirider.augusta.de

2 1

Re: RRLP
by Dieter Spaar 25 Oct '09

25 Oct '09

Hello Sylvain, On Sun, 25 Oct 2009 19:50:53 +0100, "Sylvain Munaut" <246tnt(a)gmail.com> wrote: > Does anyone have a clue ? You already had a look at TS 44.031 ? It describes the RRLP procedures in detail. It also mentiones that the RRLP maximum PDU size is 242 bytes and that you have to use RRLP pseudo-segmentation to deliver larger PDUs, however it also mentiones that "legacy" MS and SMLC may exceed this PDU size. Best regards, Dieter -- Dieter Spaar, Germany spaar(a)mirider.augusta.de

1 0

RRLP
by Sylvain Munaut 25 Oct '09

25 Oct '09

Hi, I've been working on improving RRLP support lately. Most precisely, providing real assistance data sourced directly from a GPS receiver attached to the control PC. My problem right now is that the generated APDU is about 1500 bytes and obviously there is no way that fits in a single L3 frame. GSM 04.08 9.1.53 describes the format of the APDU and there is a 4 bits flag fields, which from what I understand occupies the 4 upper fields of the first octet and that allows fragmentation. From reading the IE description in 10.5.2.49 I should set : 0x10 for the first segment 0x30 for the intermediate segments 0x20 for the last segment Which is what I tried, by modifying the gsm48_send_rr_app_info function like this : http://yourpaste.net/3558/ Unfortunately, I couldn't make it work. When I set the segment size to try and have L3 frame of 251 bytes, I get some RSL error back and when I use a smaller size, the MS seems to interpret each segment separately and not reconstituting them ... Does anyone have a clue ? Sylvain Here's a log, where you see the MS answering independently to the 3 segments (with errors since you can't just decode partial data ...): <0002> gsm_04_08.c:280 lchan (bts=0,trx=0,ts=0,ch=0) decreases usage to: 0 <0004> gsm_04_08.c:901 -> LOCATION UPDATE ACCEPT <0002> gsm_04_08_utils.c:144 (bts 0 trx 0 ts 0 pd 05) Sending 0x02 to MS. l3_len = 14 <0004> gsm_04_08.c:1222 -> MM INFO <0002> gsm_04_08_utils.c:144 (bts 0 trx 0 ts 0 pd 05) Sending 0x32 to MS. l3_len = 22 <0008> gsm_04_08.c:1651 TX APPLICATION INFO id=0x00, len=688 <0008> gsm_04_08.c:1669 TX APPLICATION INFO Segment ofs=0 len=230 id=10 <0002> gsm_04_08_utils.c:144 (bts 0 trx 0 ts 0 pd 06) Sending 0x38 to MS. l3_len = 234 <0008> gsm_04_08.c:1669 TX APPLICATION INFO Segment ofs=230 len=230 id=30 <0002> gsm_04_08_utils.c:144 (bts 0 trx 0 ts 0 pd 06) Sending 0x38 to MS. l3_len = 234 <0008> gsm_04_08.c:1669 TX APPLICATION INFO Segment ofs=460 len=228 id=20 <0002> gsm_04_08_utils.c:144 (bts 0 trx 0 ts 0 pd 06) Sending 0x38 to MS. l3_len = 232 <0001> abis_rsl.c:1282 channel=(bts=0,trx=0,ts=0) chan_nr=0x20 sapi=0 DATA INDICATION <0004> gsm_04_08.c:1438 TMSI Reallocation Completed. Subscriber: 206205003327508 <0001> abis_rsl.c:1282 channel=(bts=0,trx=0,ts=0) chan_nr=0x20 sapi=0 DATA INDICATION <0020> gsm_04_08.c:1594 RX APPLICATION INFO id/flags=0x00 apdu_len=2 apdu=48 20 <0010> abis_rsl.c:997 channel=(bts=0,trx=0,ts=0) chan_nr=0x28 CONNECTION FAIL: CAUSE=0x01(Radio Link Failure) RELEASING. <0010> abis_rsl.c:720 RF Channel Release CMD channel=(bts=0,trx=0,ts=0) chan_nr=0x28 <0010> abis_rsl.c:997 channel=(bts=0,trx=0,ts=0) chan_nr=0x28 RF CHANNEL RELEASE ACK <0001> abis_rsl.c:1282 channel=(bts=0,trx=0,ts=0) chan_nr=0x20 sapi=0 DATA INDICATION <0020> gsm_04_08.c:1594 RX APPLICATION INFO id/flags=0x00 apdu_len=2 apdu=88 10 <0010> abis_rsl.c:720 RF Channel Release CMD channel=(bts=0,trx=0,ts=0) chan_nr=0x28 <0010> abis_rsl.c:997 channel=(bts=0,trx=0,ts=0) chan_nr=0x28 RF CHANNEL RELEASE ACK <0001> abis_rsl.c:1282 channel=(bts=0,trx=0,ts=0) chan_nr=0x20 sapi=0 DATA INDICATION <0020> gsm_04_08.c:1594 RX APPLICATION INFO id/flags=0x00 apdu_len=2 apdu=c8 00 <0001> abis_rsl.c:1282 channel=(bts=0,trx=0,ts=0) chan_nr=0x20 sapi=0 RELEASE INDICATION <0010> abis_rsl.c:720 RF Channel Release CMD channel=(bts=0,trx=0,ts=0) chan_nr=0x20 <0010> abis_rsl.c:997 channel=(bts=0,trx=0,ts=0) chan_nr=0x20 RF CHANNEL RELEASE ACK <0002> gsm_subscriber_base.c:150 subscr 201 usage decreased usage to: 0

1 0

ip.access nanobts 1800 model 139, get "disabled" states
by Oystein Homelien 25 Oct '09

25 Oct '09

Hello, I am trying to get my nanobts 1800 model 139 working. It is set up for dhcp and correctly contacts my openbsc instance. I get lots of "disabled" states and I am curious if you have any hints for me. I suspect there may be a bts firmware version problem. Any help is appreciated! See log below. ipaccess_find: MAC Address='00:02:95:00:xx:xx' IP Address='xxxx' Unit ID='1801/0/0' Location 1='' Location 2='BTS_NBT131G' Equipment Version='111_029_21' Software Version='120a002_v149b32d0' Unit Name='nbts-00-02-95-x' Serial Number='x' config: ! OpenBSC configuration saved from vty ! ! password foo ! line vty no login ! network network country code 242 mobile network code 99 short name analyzer long name AnaLyzer auth policy accept-all encryption a5 0 bts 0 type nanobts band 1800 cell_identity 0 location_area_code 1 training_sequence_code 7 base_station_id_code 63 ms max power 12 channel allocator ascending ip.access unit_id 1801 0 trx 0 arfcn 576 max_power_red 12 rsl e1 line 0 timeslot 1 sub-slot full rsl e1 tei 1 timeslot 0 phys_chan_config CCCH+SDCCH4 e1 line 0 timeslot 1 sub-slot full timeslot 1 phys_chan_config SDCCH8 e1 line 0 timeslot 2 sub-slot 1 timeslot 2 phys_chan_config TCH/F e1 line 0 timeslot 2 sub-slot 2 timeslot 3 phys_chan_config TCH/F e1 line 0 timeslot 2 sub-slot 3 timeslot 4 phys_chan_config TCH/F e1 line 0 timeslot 3 sub-slot 0 timeslot 5 phys_chan_config TCH/F e1 line 0 timeslot 3 sub-slot 1 timeslot 6 phys_chan_config TCH/F e1 line 0 timeslot 3 sub-slot 2 timeslot 7 phys_chan_config TCH/F e1 line 0 timeslot 3 sub-slot 3 log: <0020> abis_nm.c:805 OC=SITE MANAGER(00) INST=(ff,ff,ff) STATE CHG: OP_STATE=Disabled AVAIL=Not installed(07) <0020> abis_nm.c:805 OC=BTS(01) INST=(00,ff,ff) STATE CHG: OP_STATE=Disabled AVAIL=Not installed(07) <0020> abis_nm.c:805 OC=BASEBAND TRANSCEIVER(04) INST=(00,00,ff) STATE CHG: OP_STATE=Disabled AVAIL=Not installed(07) <0020> abis_nm.c:805 OC=CHANNEL(03) INST=(00,00,00) STATE CHG: OP_STATE=Disabled AVAIL=Not installed(07) <0020> abis_nm.c:805 OC=CHANNEL(03) INST=(00,00,01) STATE CHG: OP_STATE=Disabled AVAIL=Not installed(07) <0020> abis_nm.c:805 OC=CHANNEL(03) INST=(00,00,02) STATE CHG: OP_STATE=Disabled AVAIL=Not installed(07) <0020> abis_nm.c:805 OC=CHANNEL(03) INST=(00,00,03) STATE CHG: OP_STATE=Disabled AVAIL=Not installed(07) <0020> abis_nm.c:805 OC=CHANNEL(03) INST=(00,00,04) STATE CHG: OP_STATE=Disabled AVAIL=Not installed(07) <0020> abis_nm.c:805 OC=CHANNEL(03) INST=(00,00,05) STATE CHG: OP_STATE=Disabled AVAIL=Not installed(07) <0020> abis_nm.c:805 OC=CHANNEL(03) INST=(00,00,06) STATE CHG: OP_STATE=Disabled AVAIL=Not installed(07) <0020> abis_nm.c:805 OC=CHANNEL(03) INST=(00,00,07) STATE CHG: OP_STATE=Disabled AVAIL=Not installed(07) <0020> abis_nm.c:805 OC=RADIO CARRIER(02) INST=(00,00,ff) STATE CHG: OP_STATE=Disabled AVAIL=Not installed(07) <0020> abis_nm.c:805 OC=GPRS NSE(f0) INST=(00,ff,ff) STATE CHG: <0020> abis_nm.c:805 OC=GPRS CELL(f1) INST=(00,00,ff) STATE CHG: <0020> abis_nm.c:805 OC=GPRS NSVC(f2) INST=(00,00,ff) STATE CHG: <0020> abis_nm.c:805 OC=GPRS NSVC(f2) INST=(00,01,ff) STATE CHG: <0020> abis_nm.c:863 Software Activate Request ACKing and Activating <0020> abis_nm.c:887 Found SW config: 42 12 00 08 31 32 30 61 30 30 32 00 13 00 0a 76 31 34 39 62 33 32 64 30 00 42 12 00 08 31 32 30 61 30 30 32 00 13 00 0a 76 31 34 39 62 34 34 64 30 00 <0020> abis_nm.c:805 OC=SITE MANAGER(00) INST=(ff,ff,ff) STATE CHG: OP_STATE=Disabled AVAIL=Not installed(07) <0020> abis_nm.c:805 OC=SITE MANAGER(00) INST=(ff,ff,ff) Software Activated Report <0020> abis_nm.c:805 OC=SITE MANAGER(00) INST=(ff,ff,ff) STATE CHG: OP_STATE=Disabled AVAIL=Off line(03) <0020> abis_nm.c:863 Software Activate Request ACKing and Activating <0020> abis_nm.c:887 Found SW config: 42 12 00 08 31 32 30 61 30 30 32 00 13 00 0a 76 31 34 39 62 33 32 64 30 00 <0020> abis_nm.c:863 Software Activate Request NACKing for GPRS obj_class 0xf0 <0020> abis_nm.c:805 OC=BTS(01) INST=(00,ff,ff) Software Activated Report <0020> abis_nm.c:805 OC=BTS(01) INST=(00,ff,ff) STATE CHG: OP_STATE=Disabled AVAIL=Dependency(05) <0020> abis_nm.c:1671 Set BTS Attr (bts=0) <0020> abis_nm.c:1855 Sending OPSTART obj_class=0x01 obj_inst=(0x00, 0xff, 0xff) <0020> abis_nm.c:863 Software Activate Request ACKing and Activating <0020> abis_nm.c:887 Found SW config: 42 12 00 08 31 32 30 61 30 30 31 00 13 00 0a 76 31 34 39 62 34 34 64 30 00 42 12 00 08 31 32 30 61 30 30 31 00 13 00 0a 76 31 34 39 62 33 32 64 30 00 42 12 00 08 31 32 30 61 30 30 32 00 13 00 0a 76 31 34 39 62 33 32 64 30 00 <0020> abis_nm.c:863 Software Activate Request ACKing and Activating <0020> abis_nm.c:887 Found SW config: 42 12 00 08 31 32 30 61 30 30 31 00 13 00 0a 76 31 34 39 62 34 34 64 30 00 42 12 00 08 31 32 30 61 30 30 31 00 13 00 0a 76 31 34 39 62 33 32 64 30 00 42 12 00 08 31 32 30 61 30 30 32 00 13 00 0a 76 31 34 39 62 33 32 64 30 00 <0020> abis_nm.c:805 OC=BTS(01) INST=(00,ff,ff) STATE CHG: OP_STATE=Disabled AVAIL=Dependency(05) <0020> abis_nm.c:805 OC=BTS(01) INST=(00,ff,ff) STATE CHG: OP_STATE=Disabled AVAIL=Dependency(05) ADM=Unlocked <0020> abis_nm.c:805 OC=BASEBAND TRANSCEIVER(04) INST=(00,00,ff) Software Activated Report <0020> abis_nm.c:1855 Sending OPSTART obj_class=0x04 obj_inst=(0x00, 0x00, 0xff) <0020> abis_nm.c:805 OC=BASEBAND TRANSCEIVER(04) INST=(00,00,ff) STATE CHG: OP_STATE=Disabled AVAIL=Dependency(05) <0020> abis_nm.c:805 OC=CHANNEL(03) INST=(00,00,00) Software Activated Report <0020> abis_nm.c:805 OC=CHANNEL(03) INST=(00,00,00) STATE CHG: OP_STATE=Disabled AVAIL=Dependency(05) <0020> abis_nm.c:1768 Set Chan Attr (bts=0,trx=0,ts=0) <0020> abis_nm.c:1855 Sending OPSTART obj_class=0x03 obj_inst=(0x00, 0x00, 0x00) <0020> abis_nm.c:805 OC=CHANNEL(03) INST=(00,00,01) Software Activated Report <0020> abis_nm.c:805 OC=CHANNEL(03) INST=(00,00,01) STATE CHG: OP_STATE=Disabled AVAIL=Dependency(05) <0020> abis_nm.c:1768 Set Chan Attr (bts=0,trx=0,ts=1) <0020> abis_nm.c:1855 Sending OPSTART obj_class=0x03 obj_inst=(0x00, 0x00, 0x01) <0020> abis_nm.c:805 OC=CHANNEL(03) INST=(00,00,02) Software Activated Report <0020> abis_nm.c:805 OC=CHANNEL(03) INST=(00,00,02) STATE CHG: OP_STATE=Disabled AVAIL=Dependency(05) <0020> abis_nm.c:1768 Set Chan Attr (bts=0,trx=0,ts=2) <0020> abis_nm.c:1855 Sending OPSTART obj_class=0x03 obj_inst=(0x00, 0x00, 0x02) <0020> abis_nm.c:805 OC=CHANNEL(03) INST=(00,00,03) Software Activated Report <0020> abis_nm.c:805 OC=CHANNEL(03) INST=(00,00,03) STATE CHG: OP_STATE=Disabled AVAIL=Dependency(05) <0020> abis_nm.c:1768 Set Chan Attr (bts=0,trx=0,ts=3) <0020> abis_nm.c:1855 Sending OPSTART obj_class=0x03 obj_inst=(0x00, 0x00, 0x03) <0020> abis_nm.c:805 OC=CHANNEL(03) INST=(00,00,04) Software Activated Report <0020> abis_nm.c:805 OC=CHANNEL(03) INST=(00,00,04) STATE CHG: OP_STATE=Disabled AVAIL=Dependency(05) <0020> abis_nm.c:1768 Set Chan Attr (bts=0,trx=0,ts=4) <0020> abis_nm.c:1855 Sending OPSTART obj_class=0x03 obj_inst=(0x00, 0x00, 0x04) <0020> abis_nm.c:805 OC=CHANNEL(03) INST=(00,00,05) Software Activated Report <0020> abis_nm.c:805 OC=CHANNEL(03) INST=(00,00,05) STATE CHG: OP_STATE=Disabled AVAIL=Dependency(05) <0020> abis_nm.c:1768 Set Chan Attr (bts=0,trx=0,ts=5) <0020> abis_nm.c:1855 Sending OPSTART obj_class=0x03 obj_inst=(0x00, 0x00, 0x05) <0020> abis_nm.c:805 OC=CHANNEL(03) INST=(00,00,06) Software Activated Report <0020> abis_nm.c:805 OC=CHANNEL(03) INST=(00,00,06) STATE CHG: OP_STATE=Disabled AVAIL=Dependency(05) <0020> abis_nm.c:1768 Set Chan Attr (bts=0,trx=0,ts=6) <0020> abis_nm.c:1855 Sending OPSTART obj_class=0x03 obj_inst=(0x00, 0x00, 0x06) <0020> abis_nm.c:805 OC=CHANNEL(03) INST=(00,00,07) Software Activated Report <0020> abis_nm.c:805 OC=CHANNEL(03) INST=(00,00,07) STATE CHG: OP_STATE=Disabled AVAIL=Dependency(05) <0020> abis_nm.c:1768 Set Chan Attr (bts=0,trx=0,ts=7) <0020> abis_nm.c:1855 Sending OPSTART obj_class=0x03 obj_inst=(0x00, 0x00, 0x07) <0020> abis_nm.c:805 OC=RADIO CARRIER(02) INST=(00,00,ff) Software Activated Report <0020> abis_nm.c:1688 Set TRX Attr (bts=0,trx=0) <0020> abis_nm.c:1855 Sending OPSTART obj_class=0x02 obj_inst=(0x00, 0x00, 0xff) <0020> abis_nm.c:805 OC=RADIO CARRIER(02) INST=(00,00,ff) STATE CHG: OP_STATE=Disabled AVAIL=Dependency(05) <0020> abis_nm.c:2477 IPACCESS(0xe1): RSL CONNECT ACK IP=123.234.10.101 PORT=3003 <0020> abis_nm.c:805 OC=BASEBAND TRANSCEIVER(04) INST=(00,00,ff) STATE CHG: OP_STATE=Disabled AVAIL=Dependency(05) <0020> abis_nm.c:805 OC=BASEBAND TRANSCEIVER(04) INST=(00,00,ff) STATE CHG: OP_STATE=Disabled AVAIL=Dependency(05) ADM=Unlocked <0020> abis_nm.c:805 OC=CHANNEL(03) INST=(00,00,00) STATE CHG: OP_STATE=Disabled AVAIL=Dependency(05) <0020> abis_nm.c:805 OC=CHANNEL(03) INST=(00,00,00) STATE CHG: OP_STATE=Disabled AVAIL=Dependency(05) ADM=Unlocked <0020> abis_nm.c:805 OC=CHANNEL(03) INST=(00,00,01) STATE CHG: OP_STATE=Disabled AVAIL=Dependency(05) <0020> abis_nm.c:805 OC=CHANNEL(03) INST=(00,00,01) STATE CHG: OP_STATE=Disabled AVAIL=Dependency(05) ADM=Unlocked <0020> abis_nm.c:805 OC=CHANNEL(03) INST=(00,00,02) STATE CHG: OP_STATE=Disabled AVAIL=Dependency(05) <0020> abis_nm.c:805 OC=CHANNEL(03) INST=(00,00,02) STATE CHG: OP_STATE=Disabled AVAIL=Dependency(05) ADM=Unlocked <0020> abis_nm.c:805 OC=CHANNEL(03) INST=(00,00,03) STATE CHG: OP_STATE=Disabled AVAIL=Dependency(05) <0020> abis_nm.c:805 OC=CHANNEL(03) INST=(00,00,03) STATE CHG: OP_STATE=Disabled AVAIL=Dependency(05) ADM=Unlocked <0020> abis_nm.c:805 OC=CHANNEL(03) INST=(00,00,04) STATE CHG: OP_STATE=Disabled AVAIL=Dependency(05) <0020> abis_nm.c:805 OC=CHANNEL(03) INST=(00,00,04) STATE CHG: OP_STATE=Disabled AVAIL=Dependency(05) ADM=Unlocked <0020> abis_nm.c:805 OC=CHANNEL(03) INST=(00,00,05) STATE CHG: OP_STATE=Disabled AVAIL=Dependency(05) <0020> abis_nm.c:805 OC=CHANNEL(03) INST=(00,00,05) STATE CHG: OP_STATE=Disabled AVAIL=Dependency(05) ADM=Unlocked <0020> abis_nm.c:805 OC=CHANNEL(03) INST=(00,00,06) STATE CHG: OP_STATE=Disabled AVAIL=Dependency(05) <0020> abis_nm.c:805 OC=CHANNEL(03) INST=(00,00,06) STATE CHG: OP_STATE=Disabled AVAIL=Dependency(05) ADM=Unlocked <0020> abis_nm.c:805 OC=CHANNEL(03) INST=(00,00,07) STATE CHG: OP_STATE=Disabled AVAIL=Dependency(05) <0020> abis_nm.c:805 OC=CHANNEL(03) INST=(00,00,07) STATE CHG: OP_STATE=Disabled AVAIL=Dependency(05) ADM=Unlocked <0020> abis_nm.c:805 OC=RADIO CARRIER(02) INST=(00,00,ff) STATE CHG: OP_STATE=Disabled AVAIL=Dependency(05) <0020> abis_nm.c:805 OC=RADIO CARRIER(02) INST=(00,00,ff) STATE CHG: OP_STATE=Disabled AVAIL=Dependency(05) ADM=Unlocked yours, oystein

3 8

Final (?) USSD-branch patch
by Mike Haben 24 Oct '09

24 Oct '09

- Improved handling of extension-number string (as per review) - Guard against a buffer-overflow if mobile sends a too-long USSD - declare some function-parameters const - fix gsm_ts_name function to display the right BTS number (bts->nr rather than bts->bts_nr) Hope this all looks OK... Best regards, Mike H.

1 0

[PATCH] USSD - address remaining review points, and guard against buffer overflow Signed-off-by: Mike Haben <michael.haben@btinternet.com>
by Mike Haben 24 Oct '09

24 Oct '09

--- openbsc/include/openbsc/gsm_04_80.h | 10 ++++++---- openbsc/include/openbsc/gsm_subscriber.h | 7 ++++--- openbsc/src/gsm_04_80.c | 9 ++++++--- openbsc/src/gsm_data.c | 2 +- openbsc/src/ussd.c | 6 +++--- 5 files changed, 20 insertions(+), 14 deletions(-) mode change 100644 => 100755 openbsc/include/openbsc/gsm_04_80.h mode change 100644 => 100755 openbsc/include/openbsc/gsm_subscriber.h mode change 100644 => 100755 openbsc/src/gsm_04_80.c mode change 100644 => 100755 openbsc/src/gsm_data.c mode change 100644 => 100755 openbsc/src/ussd.c diff --git a/openbsc/include/openbsc/gsm_04_80.h b/openbsc/include/openbsc/gsm_04_80.h old mode 100644 new mode 100755 index 9bdf2c2..c240bbe --- a/openbsc/include/openbsc/gsm_04_80.h +++ b/openbsc/include/openbsc/gsm_04_80.h @@ -125,17 +125,19 @@ #include <openbsc/msgb.h> +#define MAX_LEN_USSD_STRING 31 + struct ussd_request { - char text[32]; + char text[MAX_LEN_USSD_STRING + 1]; u_int8_t transaction_id; u_int8_t invoke_id; }; -int gsm0480_decode_ussd_request(struct msgb *msg, +int gsm0480_decode_ussd_request(const struct msgb *msg, struct ussd_request *request); -int gsm0480_send_ussd_response(struct msgb *in_msg, const char* response_text, +int gsm0480_send_ussd_response(const struct msgb *in_msg, const char* response_text, const struct ussd_request *req); -int gsm0480_send_ussd_reject(struct msgb *msg, +int gsm0480_send_ussd_reject(const struct msgb *msg, const struct ussd_request *request); #endif diff --git a/openbsc/include/openbsc/gsm_subscriber.h b/openbsc/include/openbsc/gsm_subscriber.h old mode 100644 new mode 100755 index ea70c3a..b181917 --- a/openbsc/include/openbsc/gsm_subscriber.h +++ b/openbsc/include/openbsc/gsm_subscriber.h @@ -8,13 +8,14 @@ #define GSM_IMEI_LENGTH 17 #define GSM_IMSI_LENGTH 17 #define GSM_NAME_LENGTH 128 -#define GSM_EXTENSION_LENGTH 128 + +#define GSM_EXTENSION_LENGTH 6 +#define GSM_MIN_EXTEN 20000 +#define GSM_MAX_EXTEN 49999 /* reserved according to GSM 03.03 § 2.4 */ #define GSM_RESERVED_TMSI 0xFFFFFFFF -#define GSM_MIN_EXTEN 20000 -#define GSM_MAX_EXTEN 49999 #define GSM_SUBSCRIBER_FIRST_CONTACT 0x00000001 #define tmsi_from_string(str) strtoul(str, NULL, 10) diff --git a/openbsc/src/gsm_04_80.c b/openbsc/src/gsm_04_80.c old mode 100644 new mode 100755 index 5d85c82..7f5089d --- a/openbsc/src/gsm_04_80.c +++ b/openbsc/src/gsm_04_80.c @@ -70,7 +70,7 @@ static inline unsigned char *msgb_push_TLV1(struct msgb *msgb, u_int8_t tag, /* Decode a mobile-originated USSD-request message */ -int gsm0480_decode_ussd_request(struct msgb *msg, struct ussd_request *req) +int gsm0480_decode_ussd_request(const struct msgb *msg, struct ussd_request *req) { int rc = 0; u_int8_t *parse_ptr = msgb_l3(msg); @@ -230,6 +230,9 @@ static int parse_process_uss_req(u_int8_t *uss_req_data, u_int8_t length, if ((dcs == 0x0F) && (uss_req_data[5] == ASN1_OCTET_STRING_TAG)) { num_chars = (uss_req_data[6] * 8) / 7; + /* Prevent a mobile-originated buffer-overrun! */ + if (num_chars > MAX_LEN_USSD_STRING) + num_chars = MAX_LEN_USSD_STRING; gsm_7bit_decode(req->text, &(uss_req_data[7]), num_chars); /* append null-terminator */ @@ -242,7 +245,7 @@ static int parse_process_uss_req(u_int8_t *uss_req_data, u_int8_t length, } /* Send response to a mobile-originated ProcessUnstructuredSS-Request */ -int gsm0480_send_ussd_response(struct msgb *in_msg, const char* response_text, +int gsm0480_send_ussd_response(const struct msgb *in_msg, const char* response_text, const struct ussd_request *req) { struct msgb *msg = gsm48_msgb_alloc(); @@ -295,7 +298,7 @@ int gsm0480_send_ussd_response(struct msgb *in_msg, const char* response_text, return gsm48_sendmsg(msg, NULL); } -int gsm0480_send_ussd_reject(struct msgb *in_msg, +int gsm0480_send_ussd_reject(const struct msgb *in_msg, const struct ussd_request *req) { struct msgb *msg = gsm48_msgb_alloc(); diff --git a/openbsc/src/gsm_data.c b/openbsc/src/gsm_data.c old mode 100644 new mode 100755 index 6767c3f..2344d96 --- a/openbsc/src/gsm_data.c +++ b/openbsc/src/gsm_data.c @@ -224,7 +224,7 @@ static char ts2str[255]; char *gsm_ts_name(struct gsm_bts_trx_ts *ts) { snprintf(ts2str, sizeof(ts2str), "(bts=%d,trx=%d,ts=%d)", - ts->trx->bts->bts_nr, ts->trx->nr, ts->nr); + ts->trx->bts->nr, ts->trx->nr, ts->nr); return ts2str; } diff --git a/openbsc/src/ussd.c b/openbsc/src/ussd.c old mode 100644 new mode 100755 index e414b1c..a3d11f0 --- a/openbsc/src/ussd.c +++ b/openbsc/src/ussd.c @@ -63,9 +63,9 @@ int handle_rcv_ussd(struct msgb *msg) static int send_own_number(const struct msgb *msg, const struct ussd_request *req) { char *own_number = msg->lchan->subscr->extension; - /* Need trailing CR as EOT character */ - char response_string[] = "Your extension is xxxxx\r"; + char response_string[GSM_EXTENSION_LENGTH + 20]; - memcpy(response_string + 18, own_number, 5); + /* Need trailing CR as EOT character */ + snprintf(response_string, sizeof(response_string), "Your extension is %s\r", own_number); return gsm0480_send_ussd_response(msg, response_string, req); } -- 1.6.0.4 --------------090904070701030605040309--

1 0

Re: cheap ip.access nano BTS on ebay
by Bjoern Heller 22 Oct '09

22 Oct '09

Hallo, ich bitte dich/alle aber da nicht zu viel Wirbel drum zu machen, damit die nicht bei ihrem eventuell vorhandenem restlichen Bestand die Preise hoch ziehen... http://stores.ebay.de/BLLCORP Gruss Bjoern Am 22.10.2009 um 23:33 schrieb Martin Kluge: > Hi Bjoern, > > könntest Du mit evtl. mal den Namen/Kontaktdaten des Händlers > schicken? > > > Vielen Dank, > Martin > > On Thu, Oct 22, 2009 at 04:21:00PM +0200, Bjoern Heller wrote: >> Hello, >> >> yesterday I got a ip.access nano BTS >> MODEL 165B V33 PCS 1900 >> for 133 Euro (incl. shipping) on Ebay. >> >> The seller has maybe more in stock... >> >> I know, that it`s only 1900 band but maybe interesting for some >> people. >> >> regards >> Bjoern >> >> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - >> Björn Heller >> Jabber: tec(a)jabber.hellercom.de >> > > -- > Dipl. Inf. (FH) Martin Kluge > > Email : mk(a)elxsi.de > Phone : +49 (700) 00101000 > Fax : +49 (941) 599267834 > Website : http://www.elxsi.de > GPG Key : http://www.elxsi.de/key.pub > RIPE : KLM-RIPE / AS35292 > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Björn Heller Jabber: tec(a)jabber.hellercom.de

1 0

AW: Running an licensed experimental GSM network at 26c3
by Andreas.Eversberg 22 Oct '09

22 Oct '09

hi, i also did my part: http://events.ccc.de/congress/2009/wiki/index.php/Linux-Call-Router harald, you may add yours to the projects category: http://events.ccc.de/congress/2009/wiki/index.php/Category:Projects. if you would like to join with me, then go ahead, link your project to my page and increase the number of seats, and note on both project pages that both projects are together in one area. if anyone requires special equipment, let me know or bring it yourself. e.g. if we like to play with OpenBTS in conjunction with Asterisk, we need another server, since my server is in use for the ISDN/ASTERISK/DECT <-> GSM link. andreas -----Ursprüngliche Nachricht----- Von: Alexander Chemeris [mailto:alexander.chemeris@gmail.com] Gesendet: Montag, 12. Oktober 2009 22:18 An: Harald Welte Cc: Andreas.Eversberg; openbsc; openbts-discuss(a)lists.sourceforge.net Betreff: Re: Running an licensed experimental GSM network at 26c3 Hi Harald, David, Andreas, On Sun, Oct 11, 2009 at 13:19, Harald Welte <laforge(a)gnumonks.org> wrote: > On Sat, Oct 10, 2009 at 09:33:31PM +0400, Alexander Chemeris wrote: >> We'll bring one or two our USRPs for OpenBTS testing even if David Burgess >> won't be able to come, and we would love to be located near OpenBSC guys >> and you. But that'll be our first time at 26C3 and we're little bit >> lost - should we send some request to get the space? > > I think the process for applying for tablespace in the hackcenter has not yet > started. > > Meanwhile I've created a http://events.ccc.de/congress/2009/wiki/index.php/GSM > wiki page where we can add stuff to, similar to the 25C3 and HAR2009. Great, thank you. I'll keep my eye on it.

2 2

cheap ip.access nano BTS on ebay
by Bjoern Heller 22 Oct '09

22 Oct '09

Hello, yesterday I got a ip.access nano BTS MODEL 165B V33 PCS 1900 for 133 Euro (incl. shipping) on Ebay. The seller has maybe more in stock... I know, that it`s only 1900 band but maybe interesting for some people. regards Bjoern - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Björn Heller Jabber: tec(a)jabber.hellercom.de

1 0

Jump to page:

2025

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

OpenBSC