Hello Harald,

On Sun, 5 Jul 2009 04:42:20 +0200, "Harald Welte" laforge@gnumonks.org wrote:

where did you find this XOR? I just searched through 04.07 and 04.08 and didn't find any indication thereof. Sure, the padding bit sequence ix 0x2b, so all spare bits have to be padded with that. But where did you get the XOR from?

I started to search deeper because I was a bit confused how the Message Decoding Tool from Joachim Goeller interpreted the rest octets. I looked at some phone firmware how they do it and found it there. Later I also found a good explanation at http://csn1.info (they sell a tool which can be used to generate message parsing source code for various specifications).

Also, this would mean that if we put explicitly 0x2b into the padding of our messages, then it would result in all-zero 0x00 on the air, since

0x2b xor 0x2b == 0x00

The XOR is actually only used for "L" and "H", basically it means that if a bit at an "L"/"H" position is different from the padding sequence, its an "H". At least this is how I understand it.

I'm now looking at an actual abis trace from a production cell with GPRS enabled, and it has

"0x80, 0x00, 0x80, 0x0b"

Here is how I would interpret it according to GSM 04.08, 10.5.2.34:

Selection Parameter:

byte 0: 0x80 ^ 0x2B = 0xAB, (bit 7) -> H (15 bits for parameter follow)

Power Offset:

byte 2: 0x80 ^ 0x2B = 0xAB, (bit 7) -> H ( 2 bits for parameter follow)

System Information 2ter Indicator:

byte 2: 0x80 ^ 0x2B = 0xAB, (bit 4) -> L (has no parameters)

Early Classmark Sending Control:

byte 2: 0x80 ^ 0x2B = 0xAB, (bit 3) -> H (has no parameters)

Scheduling if and where:

byte 2: 0x80 ^ 0x2B = 0xAB, (bit 2) -> L

GPRS Indicator:

byte 2: 0x80 ^ 0x2B = 0xAB, (bit 1) -> H ( 4 bits for parameter follow)

During early start of the BTS, SI3 rest octets are set to

"0x80, 0x00, 0x83, 0x2b"

The only difference is that at this stage GPRS is not yet set:

GPRS Indicator:

byte 2: 0x83 ^ 0x2B = 0xA8, (bit 1) -> L

Best regards, Dieter