GSM MAP invoke? (was Re: Persistent Uplink activity from Moto KRZR K3)

This is merely a historical archive of years 2008-2021, before the migration to mailman3.

A maintained and still updated list archive can be found at https://lists.osmocom.org/hyperkitty/list/OpenBSC@lists.osmocom.org/.

Keith keith at rhizomatica.org
Thu May 26 12:29:17 UTC 2016


On 10/05/2016 09:01, Alexander Chemeris wrote:

> MEAS RES means that there is an open logical channel between the phone and
> the BTS. Have you looked at the list of open channels at the NITB VTY?
That's right, of course! Yes, there's an open channel.
>
> A useful log would be a pcap trace of communication between OpenBSC and
> OsmoBTS (make sure osmo-trx communication is filtered out).
Ok, I took a look at that and compared to it other MS. - This phone
sends a GSM MAP invoke Service Request right after the Location Update.

I don't know if it's more helpful for me to describe it or just send the
dump, but I'm also not sure about sending the capture to the list.
So.. let me go for the description route initially:

At least according to Wireshark, the MS is sending a DTAP Register, "Non
Call related SS message"
 GSM MAP invoke interrogateSS -
 invoke: cfu - call forwarding unconditional,
 basicService: teleservice,
 teleservice: allSpeechTransmissionServices.

(Is that something to do with call diverts setup?) I have two of these
phones, one does this, the other does not. - regardless of the inserted SIM)

The SS Version Indicator at the end of the message is 7f 01 00

This is happening as the NITB log gives:
./openbsc/openbsc/src/libmsc/gsm_04_08.c:958 <- CM SERVICE REQUEST
serv_type=0x08 MI(TMSI)=1448232929
./openbsc/openbsc/src/libbsc/gsm_04_08_utils.c:692 -> CM SERVICE ACK

And from there that channel stays open until I power off the phone.

I had a look there to see if I could trace from what happens in
gsm48_rx_mm_serv_req() up to the ACK being sent, but I'm afraid I get a
little bit lost in the code flow as my c skills are not really up to the
task, thinking I might intervene and identify some part of this "invoke"
and reject it, but there I'm really not sure how to go about it at all.

Now, I see the ack being sent from _gsm48_rx_mm_serv_req_sec_cb() but I
don't really understand how this is called. I see that function name as
a parameter to gsm48_secure_channel() but there I'm lost.

Any clues are most welcome!

Many thanks,

Keith.








More information about the OpenBSC mailing list