Gitiles
Code Review Sign In
gerrit.osmocom.org / osmo-mgw / 177466199f40d7e67bd22227363f0873b928ac6c / . / src / bsc_hack.c
blob: 1f454e419ecaf8237da232dfdce403ec7d89e5fd [file] [log] [blame]
Harald Welte52b1f982008-12-23 20:25:15 +0000[diff] [blame]1/* A hackish minimal BSC (+MSC +HLR) implementation */
2
3/* (C) 2008 by Harald Welte <laforge@gnumonks.org>
4 * All Rights Reserved
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License along
17 * with this program; if not, write to the Free Software Foundation, Inc.,
18 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
19 *
20 */
21
Harald Weltef6b7a902008-12-26 00:05:11 +0000[diff] [blame]22#include <unistd.h>
23#include <stdlib.h>
24#include <stdio.h>
25#include <stdarg.h>
26#include <time.h>
27#include <string.h>
Harald Weltead384642008-12-26 10:20:07 +0000[diff] [blame]28#include <errno.h>
Harald Welte52b1f982008-12-23 20:25:15 +0000[diff] [blame]29
Holger Freytherb332f612008-12-27 12:46:51 +0000[diff] [blame]30#define _GNU_SOURCE
31#include <getopt.h>
32
Harald Welte255539c2008-12-28 02:26:27 +0000[diff] [blame]33#include <openbsc/db.h>
34#include <openbsc/timer.h>
Harald Welte8470bf22008-12-25 23:28:35 +0000[diff] [blame]35#include <openbsc/gsm_data.h>
Harald Welte255539c2008-12-28 02:26:27 +0000[diff] [blame]36#include <openbsc/gsm_04_08.h>
Harald Weltead384642008-12-26 10:20:07 +0000[diff] [blame]37#include <openbsc/select.h>
Harald Welte8470bf22008-12-25 23:28:35 +0000[diff] [blame]38#include <openbsc/abis_rsl.h>
39#include <openbsc/abis_nm.h>
Harald Welte702d8702008-12-26 20:25:35 +0000[diff] [blame]40#include <openbsc/debug.h>
Holger Freyther5677ae32008-12-27 09:41:03 +0000[diff] [blame]41#include <openbsc/misdn.h>
Harald Welte52b1f982008-12-23 20:25:15 +0000[diff] [blame]42
43/* global pointer to the gsm network data structure */
44static struct gsm_network *gsmnet;
45
Holger Freytherefde7fb2008-12-28 14:14:56 +0000[diff] [blame]46/* MCC and MNC for the Location Area Identifier */
47static int MCC = 1;
48static int MNC = 1;
49
50
Harald Welte52b1f982008-12-23 20:25:15 +0000[diff] [blame]51/* The following definitions are for OM and NM packets that we cannot yet
52 * generate by code but we just pass on */
53
54// BTS Site Manager, SET ATTRIBUTES
55
56/*
57 Object Class: BTS Site Manager
58 Instance 1: FF
59 Instance 2: FF
60 Instance 3: FF
61SET ATTRIBUTES
62 sAbisExternalTime: 2007/09/08 14:36:11
63 omLAPDRelTimer: 30sec
64 shortLAPDIntTimer: 5sec
65 emergencyTimer1: 10 minutes
66 emergencyTimer2: 0 minutes
67*/
68
69unsigned char msg_1[] =
70{
71 0xD0, 0x00, 0xFF, 0xFF, 0xFF, 0x91, 0x07, 0xD7, 0x09, 0x08, 0x0E, 0x24,
72 0x0B, 0xCE, 0x02, 0x00, 0x1E, 0xE8, 0x01, 0x05, 0x42, 0x02, 0x00, 0x0A, 0x44,
73 0x02, 0x00, 0x00
74};
75
76// BTS, SET BTS ATTRIBUTES
77
78/*
79 Object Class: BTS
80 BTS relat. Number: 0
81 Instance 2: FF
82 Instance 3: FF
83SET BTS ATTRIBUTES
84 bsIdentityCode / BSIC:
85 PLMN_colour_code: 7h
86 BS_colour_code: 7h
87 BTS Air Timer T3105: 4 ,unit 10 ms
88 btsIsHopping: FALSE
89 periodCCCHLoadIndication: 255sec
90 thresholdCCCHLoadIndication: 100%
91 cellAllocationNumber: 00h = GSM 900
92 enableInterferenceClass: 00h = Disabled
93 fACCHQual: 6 (FACCH stealing flags minus 1)
94 intaveParameter: 31 SACCH multiframes
95 interferenceLevelBoundaries:
96 Interference Boundary 1: 0Ah
97 Interference Boundary 2: 0Fh
98 Interference Boundary 3: 14h
99 Interference Boundary 4: 19h
100 Interference Boundary 5: 1Eh
101 mSTxPwrMax: 11
102 GSM range: 2=39dBm, 15=13dBm, stepsize 2 dBm
103 DCS1800 range: 0=30dBm, 15=0dBm, stepsize 2 dBm
104 PCS1900 range: 0=30dBm, 15=0dBm, stepsize 2 dBm
105 30=33dBm, 31=32dBm
106 ny1:
107 Maximum number of repetitions for PHYSICAL INFORMATION message (GSM 04.08): 20
108 powerOutputThresholds:
109 Out Power Fault Threshold: -10 dB
110 Red Out Power Threshold: - 6 dB
111 Excessive Out Power Threshold: 5 dB
112 rACHBusyThreshold: -127 dBm
113 rACHLoadAveragingSlots: 250 ,number of RACH burst periods
114 rfResourceIndicationPeriod: 125 SACCH multiframes
115 T200:
116 SDCCH: 044 in 5 ms
117 FACCH/Full rate: 031 in 5 ms
118 FACCH/Half rate: 041 in 5 ms
119 SACCH with TCH SAPI0: 090 in 10 ms
120 SACCH with SDCCH: 090 in 10 ms
121 SDCCH with SAPI3: 090 in 5 ms
122 SACCH with TCH SAPI3: 135 in 10 ms
123 tSync: 9000 units of 10 msec
124 tTrau: 9000 units of 10 msec
125 enableUmLoopTest: 00h = disabled
126 enableExcessiveDistance: 00h = Disabled
127 excessiveDistance: 64km
128 hoppingMode: 00h = baseband hopping
129 cellType: 00h = Standard Cell
130 BCCH ARFCN / bCCHFrequency: 1
131*/
132
133unsigned char msg_2[] =
134{
135 0x41, 0x01, 0x00, 0xFF, 0xFF, 0x09, 0x3F, 0x0A, 0x04, 0x61, 0x00, 0x0B,
136 0xFF, 0x0C, 0x64, 0x62, 0x00, 0x66, 0x00, 0x6E, 0x06, 0x18, 0x1F, 0x19,
137 0x0A, 0x0F, 0x14, 0x19, 0x1E, 0x7B, 0x0B, 0x23, 0x14, 0x28, 0x00, 0x04,
138 0x03, 0x2A, 0x7F, 0x2B, 0x00, 0xFA, 0x8F, 0x7D, 0x33, 0x2C, 0x1F, 0x29,
139 0x5A, 0x5A, 0x5A, 0x87, 0x94, 0x23, 0x28, 0x95, 0x23, 0x28, 0x35, 0x01,
140 0x00, 0x46, 0x01, 0x00, 0x58, 0x01, 0x40, 0xC5, 0x01, 0x00, 0xF2, 0x01,
141 0x00, 0x08, 0x00, HARDCODED_ARFCN/*0x01*/,
142};
143
144// Handover Recognition, SET ATTRIBUTES
145
146/*
147Illegal Contents GSM Formatted O&M Msg
148 Object Class: Handover Recognition
149 BTS relat. Number: 0
150 Instance 2: FF
151 Instance 3: FF
152SET ATTRIBUTES
153 enableDelayPowerBudgetHO: 00h = Disabled
154 enableDistanceHO: 00h = Disabled
155 enableInternalInterCellHandover: 00h = Disabled
156 enableInternalIntraCellHandover: 00h = Disabled
157 enablePowerBudgetHO: 00h = Disabled
158 enableRXLEVHO: 00h = Disabled
159 enableRXQUALHO: 00h = Disabled
160 hoAveragingDistance: 8 SACCH multiframes
161 hoAveragingLev:
162 A_LEV_HO: 8 SACCH multiframes
163 W_LEV_HO: 1 SACCH multiframes
164 hoAveragingPowerBudget: 16 SACCH multiframes
165 hoAveragingQual:
166 A_QUAL_HO: 8 SACCH multiframes
167 W_QUAL_HO: 2 SACCH multiframes
168 hoLowerThresholdLevDL: (10 - 110) dBm
169 hoLowerThresholdLevUL: (5 - 110) dBm
170 hoLowerThresholdQualDL: 06h = 6.4% < BER < 12.8%
171 hoLowerThresholdQualUL: 06h = 6.4% < BER < 12.8%
172 hoThresholdLevDLintra : (20 - 110) dBm
173 hoThresholdLevULintra: (20 - 110) dBm
174 hoThresholdMsRangeMax: 20 km
175 nCell: 06h
176 timerHORequest: 3 ,unit 2 SACCH multiframes
177*/
178
179unsigned char msg_3[] =
180{
181 0xD0, 0xA1, 0x00, 0xFF, 0xFF, 0xD0, 0x00, 0x64, 0x00, 0x67, 0x00, 0x68,
182 0x00, 0x6A, 0x00, 0x6C, 0x00, 0x6D, 0x00, 0x6F, 0x08, 0x70, 0x08, 0x01,
183 0x71, 0x10, 0x10, 0x10, 0x72, 0x08, 0x02, 0x73, 0x0A, 0x74, 0x05, 0x75,
184 0x06, 0x76, 0x06, 0x78, 0x14, 0x79, 0x14, 0x7A, 0x14, 0x7D, 0x06, 0x92,
185 0x03, 0x20, 0x01, 0x00, 0x45, 0x01, 0x00, 0x48, 0x01, 0x00, 0x5A, 0x01,
186 0x00, 0x5B, 0x01, 0x05, 0x5E, 0x01, 0x1A, 0x5F, 0x01, 0x20, 0x9D, 0x01,
187 0x00, 0x47, 0x01, 0x00, 0x5C, 0x01, 0x64, 0x5D, 0x01, 0x1E, 0x97, 0x01,
188 0x20, 0xF7, 0x01, 0x3C,
189};
190
191// Power Control, SET ATTRIBUTES
192
193/*
194 Object Class: Power Control
195 BTS relat. Number: 0
196 Instance 2: FF
197 Instance 3: FF
198SET ATTRIBUTES
199 enableMsPowerControl: 00h = Disabled
200 enablePowerControlRLFW: 00h = Disabled
201 pcAveragingLev:
202 A_LEV_PC: 4 SACCH multiframes
203 W_LEV_PC: 1 SACCH multiframes
204 pcAveragingQual:
205 A_QUAL_PC: 4 SACCH multiframes
206 W_QUAL_PC: 2 SACCH multiframes
207 pcLowerThresholdLevDL: 0Fh
208 pcLowerThresholdLevUL: 0Ah
209 pcLowerThresholdQualDL: 05h = 3.2% < BER < 6.4%
210 pcLowerThresholdQualUL: 05h = 3.2% < BER < 6.4%
211 pcRLFThreshold: 0Ch
212 pcUpperThresholdLevDL: 14h
213 pcUpperThresholdLevUL: 0Fh
214 pcUpperThresholdQualDL: 04h = 1.6% < BER < 3.2%
215 pcUpperThresholdQualUL: 04h = 1.6% < BER < 3.2%
216 powerConfirm: 2 ,unit 2 SACCH multiframes
217 powerControlInterval: 2 ,unit 2 SACCH multiframes
218 powerIncrStepSize: 02h = 4 dB
219 powerRedStepSize: 01h = 2 dB
220 radioLinkTimeoutBs: 64 SACCH multiframes
221 enableBSPowerControl: 00h = disabled
222*/
223
224unsigned char msg_4[] =
225{
226 0xD0, 0xA2, 0x00, 0xFF, 0xFF, 0x69, 0x00, 0x6B, 0x00, 0x7E, 0x04, 0x01,
227 0x7F, 0x04, 0x02, 0x80, 0x0F, 0x81, 0x0A, 0x82, 0x05, 0x83, 0x05, 0x84,
228 0x0C, 0x85, 0x14, 0x86, 0x0F, 0x87, 0x04, 0x88, 0x04, 0x89, 0x02, 0x8A,
229 0x02, 0x8B, 0x02, 0x8C, 0x01, 0x8D, 0x40, 0x65, 0x01, 0x00 // set to 0x01 to enable BSPowerControl
230};
231
232
233// Transceiver, SET TRX ATTRIBUTES (TRX 0)
234
235/*
236 Object Class: Transceiver
237 BTS relat. Number: 0
238 Tranceiver number: 0
239 Instance 3: FF
240SET TRX ATTRIBUTES
241 aRFCNList (HEX): 0001
242 txPwrMaxReduction: 00h = 0dB
243 radioMeasGran: 254 SACCH multiframes
244 radioMeasRep: 01h = enabled
245 memberOfEmergencyConfig: 01h = TRUE
246 trxArea: 00h = TRX doesn't belong to a concentric cell
247*/
248
249unsigned char msg_6[] =
250{
251 0x44, 0x02, 0x00, 0x00, 0xFF, 0x05, 0x01, 0x00, HARDCODED_ARFCN /*0x01*/, 0x2D,
252 0x00, 0xDC, 0x01, 0xFE, 0xDD, 0x01, 0x01, 0x9B, 0x01, 0x01, 0x9F, 0x01, 0x00,
253};
254
255
256static void bootstrap_om(struct gsm_bts *bts)
257{
258 struct gsm_bts_trx *trx = &bts->trx[0];
259
Harald Weltead384642008-12-26 10:20:07 +0000[diff] [blame]260 fprintf(stdout, "bootstrapping OML\n");
261
Harald Welte52b1f982008-12-23 20:25:15 +0000[diff] [blame]262 /* stop sending event reports */
263 abis_nm_event_reports(bts, 0);
264
265 /* begin DB transmission */
266 abis_nm_db_transmission(bts, 1);
267
Harald Welte702d8702008-12-26 20:25:35 +0000[diff] [blame]268 /* end DB transmission */
269 abis_nm_db_transmission(bts, 0);
270
271 /* Reset BTS Site manager resource */
272 abis_nm_reset_resource(bts);
273
274 /* begin DB transmission */
275 abis_nm_db_transmission(bts, 1);
276
Harald Welte52b1f982008-12-23 20:25:15 +0000[diff] [blame]277 abis_nm_raw_msg(bts, sizeof(msg_1), msg_1); /* set BTS SiteMgr attr*/
278 abis_nm_raw_msg(bts, sizeof(msg_2), msg_2); /* set BTS attr */
279 abis_nm_raw_msg(bts, sizeof(msg_3), msg_3); /* set BTS handover attr */
280 abis_nm_raw_msg(bts, sizeof(msg_4), msg_4); /* set BTS power control attr */
281
282 /* Connect signalling of bts0/trx0 to e1_0/ts1/64kbps */
283 abis_nm_conn_terr_sign(trx, 0, 1, 0xff);
284 abis_nm_raw_msg(bts, sizeof(msg_6), msg_6); /* SET TRX ATTRIBUTES */
285
286 /* Use TEI 1 for signalling */
287 abis_nm_establish_tei(bts, 0, 0, 1, 0xff, 0x01);
288 abis_nm_set_channel_attr(&trx->ts[0], NM_CHANC_SDCCH_CBCH);
289#if 0
290 /* TRX 1 */
291 abis_nm_conn_terr_sign(&bts->trx[1], 0, 1, 0xff);
292 /* FIXME: TRX ATTRIBUTE */
293 abis_nm_establish_tei(bts, 0, 0, 1, 0xff, 0x02);
294#endif
295
296 /* SET CHANNEL ATTRIBUTE TS1 */
297 abis_nm_set_channel_attr(&trx->ts[1], 0x09);
298 /* Connect traffic of bts0/trx0/ts1 to e1_0/ts2/b */
299 abis_nm_conn_terr_traf(&trx->ts[1], 0, 2, 1);
300
301 /* SET CHANNEL ATTRIBUTE TS2 */
302 abis_nm_set_channel_attr(&trx->ts[2], 0x09);
303 /* Connect traffic of bts0/trx0/ts2 to e1_0/ts2/c */
304 abis_nm_conn_terr_traf(&trx->ts[2], 0, 2, 2);
305
306 /* SET CHANNEL ATTRIBUTE TS3 */
307 abis_nm_set_channel_attr(&trx->ts[3], 0x09);
308 /* Connect traffic of bts0/trx0/ts3 to e1_0/ts2/d */
309 abis_nm_conn_terr_traf(&trx->ts[3], 0, 2, 3);
310
311 /* SET CHANNEL ATTRIBUTE TS4 */
312 abis_nm_set_channel_attr(&trx->ts[4], 0x09);
313 /* Connect traffic of bts0/trx0/ts4 to e1_0/ts3/a */
314 abis_nm_conn_terr_traf(&trx->ts[4], 0, 3, 0);
315
316 /* SET CHANNEL ATTRIBUTE TS5 */
317 abis_nm_set_channel_attr(&trx->ts[5], 0x09);
318 /* Connect traffic of bts0/trx0/ts5 to e1_0/ts3/b */
319 abis_nm_conn_terr_traf(&trx->ts[5], 0, 3, 1);
320
321 /* SET CHANNEL ATTRIBUTE TS6 */
322 abis_nm_set_channel_attr(&trx->ts[6], 0x09);
323 /* Connect traffic of bts0/trx0/ts6 to e1_0/ts3/c */
324 abis_nm_conn_terr_traf(&trx->ts[6], 0, 3, 2);
325
326 /* SET CHANNEL ATTRIBUTE TS7 */
327 abis_nm_set_channel_attr(&trx->ts[7], 0x09);
328 /* Connect traffic of bts0/trx0/ts7 to e1_0/ts3/d */
329 abis_nm_conn_terr_traf(&trx->ts[7], 0, 3, 3);
330
331 /* end DB transmission */
332 abis_nm_db_transmission(bts, 0);
333
334 /* Reset BTS Site manager resource */
335 abis_nm_reset_resource(bts);
336
337 /* restart sending event reports */
338 abis_nm_event_reports(bts, 1);
339}
340
341
342
343struct bcch_info {
344 u_int8_t type;
345 u_int8_t len;
346 const u_int8_t *data;
347};
348
349/*
350SYSTEM INFORMATION TYPE 1
351 Cell channel description
352 Format-ID bit map 0
353 CA-ARFCN Bit 124...001 (Hex): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01
354 RACH Control Parameters
355 maximum 7 retransmissions
356 8 slots used to spread transmission
357 cell not barred for access
358 call reestablishment not allowed
359 Access Control Class = 0000
360*/
361static const u_int8_t si1[] = {
Holger Freyther4d505472008-12-28 16:32:42 +0000[diff] [blame]362 /* header */0x55, 0x06, 0x19,
363 /* ccdesc */0x04 /*0x00*/, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
364 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 /*0x01*/,
365 /* rach */0xD5, 0x00, 0x00,
366 /* s1 reset*/0x2B
Harald Welte52b1f982008-12-23 20:25:15 +0000[diff] [blame]367};
368
369/*
370 SYSTEM INFORMATION TYPE 2
371 Neighbour Cells Description
372 EXT-IND: Carries the complete BA
373 BA-IND = 0
374 Format-ID bit map 0
375 CA-ARFCN Bit 124...001 (Hex): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
376 NCC permitted (NCC) = FF
377 RACH Control Parameters
378 maximum 7 retransmissions
379 8 slots used to spread transmission
380 cell not barred for access
381 call reestablishment not allowed
382 Access Control Class = 0000
383*/
384static const u_int8_t si2[] = {
Holger Freyther4d505472008-12-28 16:32:42 +0000[diff] [blame]385 /* header */0x59, 0x06, 0x1A,
386 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
387 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
388 /* ncc */0xFF,
389 /* rach*/0xD5, 0x00, 0x00
Harald Welte52b1f982008-12-23 20:25:15 +0000[diff] [blame]390};
391
392/*
393SYSTEM INFORMATION TYPE 3
394 Cell identity = 00001 (1h)
395 Location area identification
396 Mobile Country Code (MCC): 001
397 Mobile Network Code (MNC): 01
398 Location Area Code (LAC): 00001 (1h)
399 Control Channel Description
400 Attach-detach: MSs in the cell are not allowed to apply IMSI attach /detach
401 0 blocks reserved for access grant
402 1 channel used for CCCH, with SDCCH
403 5 multiframes period for PAGING REQUEST
404 Time-out T3212 = 0
405 Cell Options BCCH
406 Power control indicator: not set
407 MSs shall not use uplink DTX
408 Radio link timeout = 36
409 Cell Selection Parameters
410 Cell reselect hysteresis = 6 dB RXLEV hysteresis for LA re-selection
411 max.TX power level MS may use for CCH = 2
412 Additional Reselect Parameter Indication (ACS) = only SYSTEM INFO 4: The SI rest octets, if present, shall be used to derive the value of PI and possibly C2 parameters
413 Half rate support (NECI): New establishment causes are not supported
414 min.RX signal level for MS = 0
415 RACH Control Parameters
416 maximum 7 retransmissions
417 8 slots used to spread transmission
418 cell not barred for access
419 call reestablishment not allowed
420 Access Control Class = 0000
421 SI 3 Rest Octets
422 Cell Bar Qualify (CBQ): 0
423 Cell Reselect Offset = 0 dB
424 Temporary Offset = 0 dB
425 Penalty Time = 20 s
426 System Information 2ter Indicator (2TI): 0 = not available
427 Early Classmark Sending Control (ECSC): 0 = forbidden
428 Scheduling Information is not sent in SYSTEM INFORMATION TYPE 9 on the BCCH
429*/
430unsigned char si3[] = {
Holger Freyther4d505472008-12-28 16:32:42 +0000[diff] [blame]431 /* header */0x49, 0x06, 0x1B,
432 /* cell */0x00, 0x01,
433 /* lai */0x00, 0xF1, 0x10, 0x00, 0x01,
434 /* desc */0x01, 0x03, 0x00,
435 /* option*/0x28,
436 /* selection*/0x62, 0x00,
437 /* rach */0xD5, 0x00, 0x00,
438 /* reset*/0x80, 0x00, 0x00, 0x2B
Harald Welte52b1f982008-12-23 20:25:15 +0000[diff] [blame]439};
440
441/*
442SYSTEM INFORMATION TYPE 4
443 Location area identification
444 Mobile Country Code (MCC): 001
445 Mobile Network Code (MNC): 01
446 Location Area Code (LAC): 00001 (1h)
447 Cell Selection Parameters
448 Cell reselect hysteresis = 6 dB RXLEV hysteresis for LA re-selection
449 max.TX power level MS may use for CCH = 2
450 Additional Reselect Parameter Indication (ACS) = only SYSTEM INFO 4: The SI rest octets, if present, shall be used to derive the value of PI and possibly C2 parameters
451 Half rate support (NECI): New establishment causes are not supported
452 min.RX signal level for MS = 0
453 RACH Control Parameters
454 maximum 7 retransmissions
455 8 slots used to spread transmission
456 cell not barred for access
457 call reestablishment not allowed
458 Access Control Class = 0000
459 Channel Description
460 Type = SDCCH/4[2]
461 Timeslot Number: 0
462 Training Sequence Code: 7h
463 ARFCN: 1
464 SI Rest Octets
465 Cell Bar Qualify (CBQ): 0
466 Cell Reselect Offset = 0 dB
467 Temporary Offset = 0 dB
468 Penalty Time = 20 s
469*/
470static const u_int8_t si4[] = {
Holger Freyther4d505472008-12-28 16:32:42 +0000[diff] [blame]471 /* header */0x41, 0x06, 0x1C,
472 /* lai */0x00, 0xF1, 0x10, 0x00, 0x01,
473 /* sel */0x62, 0x00,
474 /* rach*/0xD5, 0x00, 0x00,
475 /* var */0x64, 0x30, 0xE0, HARDCODED_ARFCN/*0x01*/, 0x80, 0x00, 0x00,
Harald Welte52b1f982008-12-23 20:25:15 +0000[diff] [blame]476 0x2B, 0x2B, 0x2B
477};
478
479/*
480 SYSTEM INFORMATION TYPE 5
481 Neighbour Cells Description
482 EXT-IND: Carries the complete BA
483 BA-IND = 0
484 Format-ID bit map 0
485 CA-ARFCN Bit 124...001 (Hex): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
486*/
487
488static const u_int8_t si5[] = {
Holger Freyther4d505472008-12-28 16:32:42 +0000[diff] [blame]489 /* header without l2 len*/0x06, 0x1D,
490 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
491 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
Harald Welte52b1f982008-12-23 20:25:15 +0000[diff] [blame]492};
493
494// SYSTEM INFORMATION TYPE 6
495
496/*
497SACCH FILLING
498 System Info Type: SYSTEM INFORMATION 6
499 L3 Information (Hex): 06 1E 00 01 xx xx 10 00 01 28 FF
500
501SYSTEM INFORMATION TYPE 6
502 Cell identity = 00001 (1h)
503 Location area identification
504 Mobile Country Code (MCC): 001
505 Mobile Network Code (MNC): 01
506 Location Area Code (LAC): 00001 (1h)
507 Cell Options SACCH
508 Power control indicator: not set
509 MSs shall not use uplink DTX on a TCH-F. MS shall not use uplink DTX on TCH-H.
510 Radio link timeout = 36
511 NCC permitted (NCC) = FF
512*/
513
514static const u_int8_t si6[] = {
Holger Freyther4d505472008-12-28 16:32:42 +0000[diff] [blame]515 /* header */0x06, 0x1E,
516 /* cell id*/ 0x00, 0x01,
517 /* lai */ 0x00, 0xF1, 0x10, 0x00, 0x01,
518 /* options */ 0x28,
519 /* ncc */ 0xFF,
Harald Welte52b1f982008-12-23 20:25:15 +0000[diff] [blame]520};
521
522
523
524static const struct bcch_info bcch_infos[] = {
525 {
526 .type = RSL_SYSTEM_INFO_1,
527 .len = sizeof(si1),
528 .data = si1,
529 }, {
530 .type = RSL_SYSTEM_INFO_2,
531 .len = sizeof(si2),
532 .data = si2,
533 }, {
534 .type = RSL_SYSTEM_INFO_3,
535 .len = sizeof(si3),
536 .data = si3,
537 }, {
538 .type = RSL_SYSTEM_INFO_4,
539 .len = sizeof(si4),
540 .data = si4,
541 },
542};
543
Holger Freyther24287b62008-12-28 16:32:41 +0000[diff] [blame]544static_assert(sizeof(si1) == sizeof(struct gsm48_system_information_type_1), type1)
545static_assert(sizeof(si2) == sizeof(struct gsm48_system_information_type_2), type2)
546static_assert(sizeof(si3) == sizeof(struct gsm48_system_information_type_3), type3)
547static_assert(sizeof(si4) >= sizeof(struct gsm48_system_information_type_4), type4)
548static_assert(sizeof(si5) == sizeof(struct gsm48_system_information_type_5)-1, type5)
549static_assert(sizeof(si6) >= sizeof(struct gsm48_system_information_type_6)-1, type6)
550
Harald Welte52b1f982008-12-23 20:25:15 +0000[diff] [blame]551/* set all system information types */
552static int set_system_infos(struct gsm_bts *bts)
553{
554 int i;
555
556 for (i = 0; i < ARRAY_SIZE(bcch_infos); i++) {
557 rsl_bcch_info(bts, bcch_infos[i].type,
558 bcch_infos[i].data,
559 bcch_infos[i].len);
560 }
561 rsl_sacch_filling(bts, RSL_SYSTEM_INFO_5, si5, sizeof(si5));
562 rsl_sacch_filling(bts, RSL_SYSTEM_INFO_6, si6, sizeof(si6));
Harald Weltead384642008-12-26 10:20:07 +0000[diff] [blame]563
564 return 0;
Harald Welte52b1f982008-12-23 20:25:15 +0000[diff] [blame]565}
566
567static void activate_traffic_channels(struct gsm_bts_trx *trx)
568{
569 int i;
570
571 /* channel 0 is CCCH */
572 for (i = 1; i < 8; i++)
573 rsl_chan_activate_tch_f(&trx->ts[i]);
574}
575
Harald Weltead384642008-12-26 10:20:07 +0000[diff] [blame]576static void bootstrap_rsl(struct gsm_bts *bts)
Harald Welte52b1f982008-12-23 20:25:15 +0000[diff] [blame]577{
Harald Weltead384642008-12-26 10:20:07 +0000[diff] [blame]578 fprintf(stdout, "bootstrapping RSL\n");
Harald Welte52b1f982008-12-23 20:25:15 +0000[diff] [blame]579 set_system_infos(bts);
580
581 /* FIXME: defer this until the channels are used */
Harald Welte702d8702008-12-26 20:25:35 +0000[diff] [blame]582 //activate_traffic_channels(&bts->trx[0]);
Harald Welte52b1f982008-12-23 20:25:15 +0000[diff] [blame]583}
584
Harald Weltead384642008-12-26 10:20:07 +0000[diff] [blame]585static void mi_cb(int event, struct gsm_bts *bts)
586{
587 switch (event) {
588 case EVT_E1_OML_UP:
589 bootstrap_om(bts);
590 break;
591 case EVT_E1_RSL_UP:
592 bootstrap_rsl(bts);
593 break;
594 default:
595 /* FIXME: deal with TEI or L1 link loss */
596 break;
597 }
598}
599
Holger Freytherefde7fb2008-12-28 14:14:56 +0000[diff] [blame]600/*
601 * Patch the various SYSTEM INFORMATION tables to update
602 * the LAI
603 */
604static void patch_tables(void)
605{
606}
607
Harald Weltead384642008-12-26 10:20:07 +0000[diff] [blame]608static int bootstrap_network(void)
Harald Welte52b1f982008-12-23 20:25:15 +0000[diff] [blame]609{
610 struct gsm_bts *bts;
611
612 /* initialize our data structures */
Holger Freytherefde7fb2008-12-28 14:14:56 +0000[diff] [blame]613 gsmnet = gsm_network_init(1, MCC, MNC);
Harald Weltead384642008-12-26 10:20:07 +0000[diff] [blame]614 if (!gsmnet)
615 return -ENOMEM;
616
Harald Welte52b1f982008-12-23 20:25:15 +0000[diff] [blame]617 bts = &gsmnet->bts[0];
618 bts->location_area_code = 1;
619 bts->trx[0].arfcn = HARDCODED_ARFCN;
620
Harald Weltead384642008-12-26 10:20:07 +0000[diff] [blame]621 if (mi_setup(bts, 0, mi_cb) < 0)
622 return -EIO;
623
624 return 0;
Harald Welte52b1f982008-12-23 20:25:15 +0000[diff] [blame]625}
Harald Weltef6b7a902008-12-26 00:05:11 +0000[diff] [blame]626
Holger Freytherb332f612008-12-27 12:46:51 +0000[diff] [blame]627static void print_usage()
628{
629 printf("Usage: bsc_hack\n");
630}
631
632static void print_help()
633{
634 printf(" Some useful help...\n");
635 printf(" -d option --debug=DRLL:DCC:DMM:DRR:DRSL:DNM enable debugging\n");
Holger Freytherefde7fb2008-12-28 14:14:56 +0000[diff] [blame]636 printf(" -s --disable-color\n");
637 printf(" -n --network-code number(MNC) \n");
638 printf(" -c --country-code number (MCC) \n");
Holger Freytherb332f612008-12-27 12:46:51 +0000[diff] [blame]639 printf(" -h --help this text\n");
640}
641
642static void handle_options(int argc, char** argv)
643{
644 while (1) {
645 int option_index = 0, c;
646 static struct option long_options[] = {
647 {"help", 0, 0, 'h'},
648 {"debug", 1, 0, 'd'},
Holger Freytherefde7fb2008-12-28 14:14:56 +0000[diff] [blame]649 {"disable-color", 0, 0, 's'},
650 {"network-code", 1, 0, 'n'},
651 {"country-code", 1, 0, 'c'},
Holger Freytherb332f612008-12-27 12:46:51 +0000[diff] [blame]652 {0, 0, 0, 0}
653 };
654
655 c = getopt_long(argc, argv, "hnd:",
656 long_options, &option_index);
657 if (c == -1)
658 break;
659
660 switch (c) {
661 case 'h':
662 print_usage();
663 print_help();
664 exit(0);
Holger Freytherefde7fb2008-12-28 14:14:56 +0000[diff] [blame]665 case 's':
Holger Freytherb332f612008-12-27 12:46:51 +0000[diff] [blame]666 debug_use_color(0);
667 break;
668 case 'd':
669 debug_parse_category_mask(optarg);
670 break;
Holger Freytherefde7fb2008-12-28 14:14:56 +0000[diff] [blame]671 case 'n':
672 MNC = atoi(optarg);
673 break;
674 case 'c':
675 MCC = atoi(optarg);
676 break;
Holger Freytherb332f612008-12-27 12:46:51 +0000[diff] [blame]677 default:
678 /* ignore */
679 break;
680 }
681 }
682}
683
Harald Welte255539c2008-12-28 02:26:27 +0000[diff] [blame]684static struct timer_list pag_timer;
685
686/* handles uppercase decimal and hexadecimal */
687static u_int8_t char2bcd(char c)
688{
689 if (c <= '9')
690 return c - '0';
691 else
692 return c - 'A';
693}
694
695static int string_to_mi(u_int8_t *mi, const char *string,
696 u_int8_t type)
697{
698 u_int8_t *cur = mi+3;
699
700 mi[0] = GSM48_IE_MOBILE_ID;
701 //mi[1] = TMSI_LEN;
702 mi[2] = type & GSM_MI_TYPE_MASK;
703
704 if (strlen(string) & 0x01)
705 mi[2] |= char2bcd(*string++) << 4;
706 else
707 mi[2] |= 0xf0;
708
709 while (*string && *(string+1))
710 *cur++ = char2bcd(*string++) | (char2bcd(*string++) << 4);
711
712 mi[1] = cur - mi;
713
714 return cur - mi;
715}
716
717static const char *nokia_imsi = "7240311131388";
718static const char *rokr_imsi = "4660198001300";
719
720void pag_timer_cb(void *data)
721{
722 struct gsm_bts *bts = &gsmnet->bts[0];
723 u_int8_t mi[128];
724 struct gsm_subscriber _subscr, *subscr = &_subscr;
725 unsigned int paging_group, mi_len;
726 u_int64_t num_imsi;
727 const char *imsi = nokia_imsi;
728
729 printf("FEUER\n");
730
731#if 1
732 memset(subscr, 0, sizeof(*subscr));
733 strcpy(subscr->imsi, imsi);
734 db_get_subscriber(GSM_SUBSCRIBER_IMSI, subscr);
735 if (!subscr)
736 return;
737
738 mi_len = generate_mid_from_tmsi(mi, strtoul(subscr->tmsi, NULL, 10));
739#else
740 mi_len = string_to_mi(mi, imsi, GSM_MI_TYPE_IMSI);
741#endif
742
743 num_imsi = strtoull(imsi, NULL, 10);
744 paging_group = get_paging_group(num_imsi, 1, 3);
745
746 for (paging_group = 0; paging_group < 3; paging_group++)
747 rsl_paging_cmd(bts, paging_group, mi_len, mi, RSL_CHANNEED_TCH_F);
748
749 schedule_timer(&pag_timer, 10, 0);
750}
751
Harald Weltef6b7a902008-12-26 00:05:11 +0000[diff] [blame]752int main(int argc, char **argv)
753{
Holger Freytherb332f612008-12-27 12:46:51 +0000[diff] [blame]754 /* parse options */
755 handle_options(argc, argv);
756
Harald Welte75a983f2008-12-27 21:34:06 +0000[diff] [blame]757 if (db_init()) {
758 printf("DB: Failed to init database. Please check the option settings.\n");
759 return 1;
760 }
761 printf("DB: Database initialized.\n");
762
763 if (db_prepare()) {
764 printf("DB: Failed to prepare database.\n");
765 return 1;
766 }
767 printf("DB: Database prepared.\n");
768
Holger Freytherefde7fb2008-12-28 14:14:56 +0000[diff] [blame]769 patch_tables();
Harald Weltef6b7a902008-12-26 00:05:11 +0000[diff] [blame]770 bootstrap_network();
771
Harald Welte255539c2008-12-28 02:26:27 +0000[diff] [blame]772 pag_timer.cb = pag_timer_cb;
773 schedule_timer(&pag_timer, 10, 0);
774
Harald Weltef6b7a902008-12-26 00:05:11 +0000[diff] [blame]775 while (1) {
776 bsc_select_main();
777 }
778}