Gitiles
Code Review Sign In
gerrit.osmocom.org / osmo-mgw / 24287b6bb2ab10622b63a1aeb989e80e06d5ff81 / . / src / bsc_hack.c
blob: f673fd1aefefbe1e2503b49a5bed4a4c96b0bafc [file] [log] [blame]
Harald Welte52b1f982008-12-23 20:25:15 +0000[diff] [blame]1/* A hackish minimal BSC (+MSC +HLR) implementation */
2
3/* (C) 2008 by Harald Welte <laforge@gnumonks.org>
4 * All Rights Reserved
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License along
17 * with this program; if not, write to the Free Software Foundation, Inc.,
18 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
19 *
20 */
21
Harald Weltef6b7a902008-12-26 00:05:11 +0000[diff] [blame]22#include <unistd.h>
23#include <stdlib.h>
24#include <stdio.h>
25#include <stdarg.h>
26#include <time.h>
27#include <string.h>
Harald Weltead384642008-12-26 10:20:07 +0000[diff] [blame]28#include <errno.h>
Harald Welte52b1f982008-12-23 20:25:15 +0000[diff] [blame]29
Holger Freytherb332f612008-12-27 12:46:51 +0000[diff] [blame]30#define _GNU_SOURCE
31#include <getopt.h>
32
Harald Welte255539c2008-12-28 02:26:27 +0000[diff] [blame]33#include <openbsc/db.h>
34#include <openbsc/timer.h>
Harald Welte8470bf22008-12-25 23:28:35 +0000[diff] [blame]35#include <openbsc/gsm_data.h>
Harald Welte255539c2008-12-28 02:26:27 +0000[diff] [blame]36#include <openbsc/gsm_04_08.h>
Harald Weltead384642008-12-26 10:20:07 +0000[diff] [blame]37#include <openbsc/select.h>
Harald Welte8470bf22008-12-25 23:28:35 +0000[diff] [blame]38#include <openbsc/abis_rsl.h>
39#include <openbsc/abis_nm.h>
Harald Welte702d8702008-12-26 20:25:35 +0000[diff] [blame]40#include <openbsc/debug.h>
Holger Freyther5677ae32008-12-27 09:41:03 +0000[diff] [blame]41#include <openbsc/misdn.h>
Harald Welte52b1f982008-12-23 20:25:15 +0000[diff] [blame]42
43/* global pointer to the gsm network data structure */
44static struct gsm_network *gsmnet;
45
Holger Freytherefde7fb2008-12-28 14:14:56 +0000[diff] [blame]46/* MCC and MNC for the Location Area Identifier */
47static int MCC = 1;
48static int MNC = 1;
49
50
Harald Welte52b1f982008-12-23 20:25:15 +0000[diff] [blame]51/* The following definitions are for OM and NM packets that we cannot yet
52 * generate by code but we just pass on */
53
54// BTS Site Manager, SET ATTRIBUTES
55
56/*
57 Object Class: BTS Site Manager
58 Instance 1: FF
59 Instance 2: FF
60 Instance 3: FF
61SET ATTRIBUTES
62 sAbisExternalTime: 2007/09/08 14:36:11
63 omLAPDRelTimer: 30sec
64 shortLAPDIntTimer: 5sec
65 emergencyTimer1: 10 minutes
66 emergencyTimer2: 0 minutes
67*/
68
69unsigned char msg_1[] =
70{
71 0xD0, 0x00, 0xFF, 0xFF, 0xFF, 0x91, 0x07, 0xD7, 0x09, 0x08, 0x0E, 0x24,
72 0x0B, 0xCE, 0x02, 0x00, 0x1E, 0xE8, 0x01, 0x05, 0x42, 0x02, 0x00, 0x0A, 0x44,
73 0x02, 0x00, 0x00
74};
75
76// BTS, SET BTS ATTRIBUTES
77
78/*
79 Object Class: BTS
80 BTS relat. Number: 0
81 Instance 2: FF
82 Instance 3: FF
83SET BTS ATTRIBUTES
84 bsIdentityCode / BSIC:
85 PLMN_colour_code: 7h
86 BS_colour_code: 7h
87 BTS Air Timer T3105: 4 ,unit 10 ms
88 btsIsHopping: FALSE
89 periodCCCHLoadIndication: 255sec
90 thresholdCCCHLoadIndication: 100%
91 cellAllocationNumber: 00h = GSM 900
92 enableInterferenceClass: 00h = Disabled
93 fACCHQual: 6 (FACCH stealing flags minus 1)
94 intaveParameter: 31 SACCH multiframes
95 interferenceLevelBoundaries:
96 Interference Boundary 1: 0Ah
97 Interference Boundary 2: 0Fh
98 Interference Boundary 3: 14h
99 Interference Boundary 4: 19h
100 Interference Boundary 5: 1Eh
101 mSTxPwrMax: 11
102 GSM range: 2=39dBm, 15=13dBm, stepsize 2 dBm
103 DCS1800 range: 0=30dBm, 15=0dBm, stepsize 2 dBm
104 PCS1900 range: 0=30dBm, 15=0dBm, stepsize 2 dBm
105 30=33dBm, 31=32dBm
106 ny1:
107 Maximum number of repetitions for PHYSICAL INFORMATION message (GSM 04.08): 20
108 powerOutputThresholds:
109 Out Power Fault Threshold: -10 dB
110 Red Out Power Threshold: - 6 dB
111 Excessive Out Power Threshold: 5 dB
112 rACHBusyThreshold: -127 dBm
113 rACHLoadAveragingSlots: 250 ,number of RACH burst periods
114 rfResourceIndicationPeriod: 125 SACCH multiframes
115 T200:
116 SDCCH: 044 in 5 ms
117 FACCH/Full rate: 031 in 5 ms
118 FACCH/Half rate: 041 in 5 ms
119 SACCH with TCH SAPI0: 090 in 10 ms
120 SACCH with SDCCH: 090 in 10 ms
121 SDCCH with SAPI3: 090 in 5 ms
122 SACCH with TCH SAPI3: 135 in 10 ms
123 tSync: 9000 units of 10 msec
124 tTrau: 9000 units of 10 msec
125 enableUmLoopTest: 00h = disabled
126 enableExcessiveDistance: 00h = Disabled
127 excessiveDistance: 64km
128 hoppingMode: 00h = baseband hopping
129 cellType: 00h = Standard Cell
130 BCCH ARFCN / bCCHFrequency: 1
131*/
132
133unsigned char msg_2[] =
134{
135 0x41, 0x01, 0x00, 0xFF, 0xFF, 0x09, 0x3F, 0x0A, 0x04, 0x61, 0x00, 0x0B,
136 0xFF, 0x0C, 0x64, 0x62, 0x00, 0x66, 0x00, 0x6E, 0x06, 0x18, 0x1F, 0x19,
137 0x0A, 0x0F, 0x14, 0x19, 0x1E, 0x7B, 0x0B, 0x23, 0x14, 0x28, 0x00, 0x04,
138 0x03, 0x2A, 0x7F, 0x2B, 0x00, 0xFA, 0x8F, 0x7D, 0x33, 0x2C, 0x1F, 0x29,
139 0x5A, 0x5A, 0x5A, 0x87, 0x94, 0x23, 0x28, 0x95, 0x23, 0x28, 0x35, 0x01,
140 0x00, 0x46, 0x01, 0x00, 0x58, 0x01, 0x40, 0xC5, 0x01, 0x00, 0xF2, 0x01,
141 0x00, 0x08, 0x00, HARDCODED_ARFCN/*0x01*/,
142};
143
144// Handover Recognition, SET ATTRIBUTES
145
146/*
147Illegal Contents GSM Formatted O&M Msg
148 Object Class: Handover Recognition
149 BTS relat. Number: 0
150 Instance 2: FF
151 Instance 3: FF
152SET ATTRIBUTES
153 enableDelayPowerBudgetHO: 00h = Disabled
154 enableDistanceHO: 00h = Disabled
155 enableInternalInterCellHandover: 00h = Disabled
156 enableInternalIntraCellHandover: 00h = Disabled
157 enablePowerBudgetHO: 00h = Disabled
158 enableRXLEVHO: 00h = Disabled
159 enableRXQUALHO: 00h = Disabled
160 hoAveragingDistance: 8 SACCH multiframes
161 hoAveragingLev:
162 A_LEV_HO: 8 SACCH multiframes
163 W_LEV_HO: 1 SACCH multiframes
164 hoAveragingPowerBudget: 16 SACCH multiframes
165 hoAveragingQual:
166 A_QUAL_HO: 8 SACCH multiframes
167 W_QUAL_HO: 2 SACCH multiframes
168 hoLowerThresholdLevDL: (10 - 110) dBm
169 hoLowerThresholdLevUL: (5 - 110) dBm
170 hoLowerThresholdQualDL: 06h = 6.4% < BER < 12.8%
171 hoLowerThresholdQualUL: 06h = 6.4% < BER < 12.8%
172 hoThresholdLevDLintra : (20 - 110) dBm
173 hoThresholdLevULintra: (20 - 110) dBm
174 hoThresholdMsRangeMax: 20 km
175 nCell: 06h
176 timerHORequest: 3 ,unit 2 SACCH multiframes
177*/
178
179unsigned char msg_3[] =
180{
181 0xD0, 0xA1, 0x00, 0xFF, 0xFF, 0xD0, 0x00, 0x64, 0x00, 0x67, 0x00, 0x68,
182 0x00, 0x6A, 0x00, 0x6C, 0x00, 0x6D, 0x00, 0x6F, 0x08, 0x70, 0x08, 0x01,
183 0x71, 0x10, 0x10, 0x10, 0x72, 0x08, 0x02, 0x73, 0x0A, 0x74, 0x05, 0x75,
184 0x06, 0x76, 0x06, 0x78, 0x14, 0x79, 0x14, 0x7A, 0x14, 0x7D, 0x06, 0x92,
185 0x03, 0x20, 0x01, 0x00, 0x45, 0x01, 0x00, 0x48, 0x01, 0x00, 0x5A, 0x01,
186 0x00, 0x5B, 0x01, 0x05, 0x5E, 0x01, 0x1A, 0x5F, 0x01, 0x20, 0x9D, 0x01,
187 0x00, 0x47, 0x01, 0x00, 0x5C, 0x01, 0x64, 0x5D, 0x01, 0x1E, 0x97, 0x01,
188 0x20, 0xF7, 0x01, 0x3C,
189};
190
191// Power Control, SET ATTRIBUTES
192
193/*
194 Object Class: Power Control
195 BTS relat. Number: 0
196 Instance 2: FF
197 Instance 3: FF
198SET ATTRIBUTES
199 enableMsPowerControl: 00h = Disabled
200 enablePowerControlRLFW: 00h = Disabled
201 pcAveragingLev:
202 A_LEV_PC: 4 SACCH multiframes
203 W_LEV_PC: 1 SACCH multiframes
204 pcAveragingQual:
205 A_QUAL_PC: 4 SACCH multiframes
206 W_QUAL_PC: 2 SACCH multiframes
207 pcLowerThresholdLevDL: 0Fh
208 pcLowerThresholdLevUL: 0Ah
209 pcLowerThresholdQualDL: 05h = 3.2% < BER < 6.4%
210 pcLowerThresholdQualUL: 05h = 3.2% < BER < 6.4%
211 pcRLFThreshold: 0Ch
212 pcUpperThresholdLevDL: 14h
213 pcUpperThresholdLevUL: 0Fh
214 pcUpperThresholdQualDL: 04h = 1.6% < BER < 3.2%
215 pcUpperThresholdQualUL: 04h = 1.6% < BER < 3.2%
216 powerConfirm: 2 ,unit 2 SACCH multiframes
217 powerControlInterval: 2 ,unit 2 SACCH multiframes
218 powerIncrStepSize: 02h = 4 dB
219 powerRedStepSize: 01h = 2 dB
220 radioLinkTimeoutBs: 64 SACCH multiframes
221 enableBSPowerControl: 00h = disabled
222*/
223
224unsigned char msg_4[] =
225{
226 0xD0, 0xA2, 0x00, 0xFF, 0xFF, 0x69, 0x00, 0x6B, 0x00, 0x7E, 0x04, 0x01,
227 0x7F, 0x04, 0x02, 0x80, 0x0F, 0x81, 0x0A, 0x82, 0x05, 0x83, 0x05, 0x84,
228 0x0C, 0x85, 0x14, 0x86, 0x0F, 0x87, 0x04, 0x88, 0x04, 0x89, 0x02, 0x8A,
229 0x02, 0x8B, 0x02, 0x8C, 0x01, 0x8D, 0x40, 0x65, 0x01, 0x00 // set to 0x01 to enable BSPowerControl
230};
231
232
233// Transceiver, SET TRX ATTRIBUTES (TRX 0)
234
235/*
236 Object Class: Transceiver
237 BTS relat. Number: 0
238 Tranceiver number: 0
239 Instance 3: FF
240SET TRX ATTRIBUTES
241 aRFCNList (HEX): 0001
242 txPwrMaxReduction: 00h = 0dB
243 radioMeasGran: 254 SACCH multiframes
244 radioMeasRep: 01h = enabled
245 memberOfEmergencyConfig: 01h = TRUE
246 trxArea: 00h = TRX doesn't belong to a concentric cell
247*/
248
249unsigned char msg_6[] =
250{
251 0x44, 0x02, 0x00, 0x00, 0xFF, 0x05, 0x01, 0x00, HARDCODED_ARFCN /*0x01*/, 0x2D,
252 0x00, 0xDC, 0x01, 0xFE, 0xDD, 0x01, 0x01, 0x9B, 0x01, 0x01, 0x9F, 0x01, 0x00,
253};
254
255
256static void bootstrap_om(struct gsm_bts *bts)
257{
258 struct gsm_bts_trx *trx = &bts->trx[0];
259
Harald Weltead384642008-12-26 10:20:07 +0000[diff] [blame]260 fprintf(stdout, "bootstrapping OML\n");
261
Harald Welte52b1f982008-12-23 20:25:15 +0000[diff] [blame]262 /* stop sending event reports */
263 abis_nm_event_reports(bts, 0);
264
265 /* begin DB transmission */
266 abis_nm_db_transmission(bts, 1);
267
Harald Welte702d8702008-12-26 20:25:35 +0000[diff] [blame]268 /* end DB transmission */
269 abis_nm_db_transmission(bts, 0);
270
271 /* Reset BTS Site manager resource */
272 abis_nm_reset_resource(bts);
273
274 /* begin DB transmission */
275 abis_nm_db_transmission(bts, 1);
276
Harald Welte52b1f982008-12-23 20:25:15 +0000[diff] [blame]277 abis_nm_raw_msg(bts, sizeof(msg_1), msg_1); /* set BTS SiteMgr attr*/
278 abis_nm_raw_msg(bts, sizeof(msg_2), msg_2); /* set BTS attr */
279 abis_nm_raw_msg(bts, sizeof(msg_3), msg_3); /* set BTS handover attr */
280 abis_nm_raw_msg(bts, sizeof(msg_4), msg_4); /* set BTS power control attr */
281
282 /* Connect signalling of bts0/trx0 to e1_0/ts1/64kbps */
283 abis_nm_conn_terr_sign(trx, 0, 1, 0xff);
284 abis_nm_raw_msg(bts, sizeof(msg_6), msg_6); /* SET TRX ATTRIBUTES */
285
286 /* Use TEI 1 for signalling */
287 abis_nm_establish_tei(bts, 0, 0, 1, 0xff, 0x01);
288 abis_nm_set_channel_attr(&trx->ts[0], NM_CHANC_SDCCH_CBCH);
289#if 0
290 /* TRX 1 */
291 abis_nm_conn_terr_sign(&bts->trx[1], 0, 1, 0xff);
292 /* FIXME: TRX ATTRIBUTE */
293 abis_nm_establish_tei(bts, 0, 0, 1, 0xff, 0x02);
294#endif
295
296 /* SET CHANNEL ATTRIBUTE TS1 */
297 abis_nm_set_channel_attr(&trx->ts[1], 0x09);
298 /* Connect traffic of bts0/trx0/ts1 to e1_0/ts2/b */
299 abis_nm_conn_terr_traf(&trx->ts[1], 0, 2, 1);
300
301 /* SET CHANNEL ATTRIBUTE TS2 */
302 abis_nm_set_channel_attr(&trx->ts[2], 0x09);
303 /* Connect traffic of bts0/trx0/ts2 to e1_0/ts2/c */
304 abis_nm_conn_terr_traf(&trx->ts[2], 0, 2, 2);
305
306 /* SET CHANNEL ATTRIBUTE TS3 */
307 abis_nm_set_channel_attr(&trx->ts[3], 0x09);
308 /* Connect traffic of bts0/trx0/ts3 to e1_0/ts2/d */
309 abis_nm_conn_terr_traf(&trx->ts[3], 0, 2, 3);
310
311 /* SET CHANNEL ATTRIBUTE TS4 */
312 abis_nm_set_channel_attr(&trx->ts[4], 0x09);
313 /* Connect traffic of bts0/trx0/ts4 to e1_0/ts3/a */
314 abis_nm_conn_terr_traf(&trx->ts[4], 0, 3, 0);
315
316 /* SET CHANNEL ATTRIBUTE TS5 */
317 abis_nm_set_channel_attr(&trx->ts[5], 0x09);
318 /* Connect traffic of bts0/trx0/ts5 to e1_0/ts3/b */
319 abis_nm_conn_terr_traf(&trx->ts[5], 0, 3, 1);
320
321 /* SET CHANNEL ATTRIBUTE TS6 */
322 abis_nm_set_channel_attr(&trx->ts[6], 0x09);
323 /* Connect traffic of bts0/trx0/ts6 to e1_0/ts3/c */
324 abis_nm_conn_terr_traf(&trx->ts[6], 0, 3, 2);
325
326 /* SET CHANNEL ATTRIBUTE TS7 */
327 abis_nm_set_channel_attr(&trx->ts[7], 0x09);
328 /* Connect traffic of bts0/trx0/ts7 to e1_0/ts3/d */
329 abis_nm_conn_terr_traf(&trx->ts[7], 0, 3, 3);
330
331 /* end DB transmission */
332 abis_nm_db_transmission(bts, 0);
333
334 /* Reset BTS Site manager resource */
335 abis_nm_reset_resource(bts);
336
337 /* restart sending event reports */
338 abis_nm_event_reports(bts, 1);
339}
340
341
342
343struct bcch_info {
344 u_int8_t type;
345 u_int8_t len;
346 const u_int8_t *data;
347};
348
349/*
350SYSTEM INFORMATION TYPE 1
351 Cell channel description
352 Format-ID bit map 0
353 CA-ARFCN Bit 124...001 (Hex): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01
354 RACH Control Parameters
355 maximum 7 retransmissions
356 8 slots used to spread transmission
357 cell not barred for access
358 call reestablishment not allowed
359 Access Control Class = 0000
360*/
361static const u_int8_t si1[] = {
362 0x55, 0x06, 0x19, 0x04 /*0x00*/, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
363 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 /*0x01*/,0xD5,
364 0x00, 0x00, 0x2B
365};
366
367/*
368 SYSTEM INFORMATION TYPE 2
369 Neighbour Cells Description
370 EXT-IND: Carries the complete BA
371 BA-IND = 0
372 Format-ID bit map 0
373 CA-ARFCN Bit 124...001 (Hex): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
374 NCC permitted (NCC) = FF
375 RACH Control Parameters
376 maximum 7 retransmissions
377 8 slots used to spread transmission
378 cell not barred for access
379 call reestablishment not allowed
380 Access Control Class = 0000
381*/
382static const u_int8_t si2[] = {
383 0x59, 0x06, 0x1A, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
384 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xD5, 0x00,
385 0x00
386};
387
388/*
389SYSTEM INFORMATION TYPE 3
390 Cell identity = 00001 (1h)
391 Location area identification
392 Mobile Country Code (MCC): 001
393 Mobile Network Code (MNC): 01
394 Location Area Code (LAC): 00001 (1h)
395 Control Channel Description
396 Attach-detach: MSs in the cell are not allowed to apply IMSI attach /detach
397 0 blocks reserved for access grant
398 1 channel used for CCCH, with SDCCH
399 5 multiframes period for PAGING REQUEST
400 Time-out T3212 = 0
401 Cell Options BCCH
402 Power control indicator: not set
403 MSs shall not use uplink DTX
404 Radio link timeout = 36
405 Cell Selection Parameters
406 Cell reselect hysteresis = 6 dB RXLEV hysteresis for LA re-selection
407 max.TX power level MS may use for CCH = 2
408 Additional Reselect Parameter Indication (ACS) = only SYSTEM INFO 4: The SI rest octets, if present, shall be used to derive the value of PI and possibly C2 parameters
409 Half rate support (NECI): New establishment causes are not supported
410 min.RX signal level for MS = 0
411 RACH Control Parameters
412 maximum 7 retransmissions
413 8 slots used to spread transmission
414 cell not barred for access
415 call reestablishment not allowed
416 Access Control Class = 0000
417 SI 3 Rest Octets
418 Cell Bar Qualify (CBQ): 0
419 Cell Reselect Offset = 0 dB
420 Temporary Offset = 0 dB
421 Penalty Time = 20 s
422 System Information 2ter Indicator (2TI): 0 = not available
423 Early Classmark Sending Control (ECSC): 0 = forbidden
424 Scheduling Information is not sent in SYSTEM INFORMATION TYPE 9 on the BCCH
425*/
426unsigned char si3[] = {
427 0x49, 0x06, 0x1B, 0x00, 0x01, 0x00, 0xF1, 0x10, 0x00, 0x01,
428 0x01, 0x03, 0x00, 0x28, 0x62, 0x00, 0xD5, 0x00, 0x00, 0x80,
429 0x00, 0x00, 0x2B
430};
431
432/*
433SYSTEM INFORMATION TYPE 4
434 Location area identification
435 Mobile Country Code (MCC): 001
436 Mobile Network Code (MNC): 01
437 Location Area Code (LAC): 00001 (1h)
438 Cell Selection Parameters
439 Cell reselect hysteresis = 6 dB RXLEV hysteresis for LA re-selection
440 max.TX power level MS may use for CCH = 2
441 Additional Reselect Parameter Indication (ACS) = only SYSTEM INFO 4: The SI rest octets, if present, shall be used to derive the value of PI and possibly C2 parameters
442 Half rate support (NECI): New establishment causes are not supported
443 min.RX signal level for MS = 0
444 RACH Control Parameters
445 maximum 7 retransmissions
446 8 slots used to spread transmission
447 cell not barred for access
448 call reestablishment not allowed
449 Access Control Class = 0000
450 Channel Description
451 Type = SDCCH/4[2]
452 Timeslot Number: 0
453 Training Sequence Code: 7h
454 ARFCN: 1
455 SI Rest Octets
456 Cell Bar Qualify (CBQ): 0
457 Cell Reselect Offset = 0 dB
458 Temporary Offset = 0 dB
459 Penalty Time = 20 s
460*/
461static const u_int8_t si4[] = {
462 0x41, 0x06, 0x1C, 0x00, 0xF1, 0x10, 0x00, 0x01, 0x62, 0x00,
463 0xD5, 0x00, 0x00, 0x64, 0x30, 0xE0, HARDCODED_ARFCN/*0x01*/, 0x80, 0x00, 0x00,
464 0x2B, 0x2B, 0x2B
465};
466
467/*
468 SYSTEM INFORMATION TYPE 5
469 Neighbour Cells Description
470 EXT-IND: Carries the complete BA
471 BA-IND = 0
472 Format-ID bit map 0
473 CA-ARFCN Bit 124...001 (Hex): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
474*/
475
476static const u_int8_t si5[] = {
477 0x06, 0x1D, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
478 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
479};
480
481// SYSTEM INFORMATION TYPE 6
482
483/*
484SACCH FILLING
485 System Info Type: SYSTEM INFORMATION 6
486 L3 Information (Hex): 06 1E 00 01 xx xx 10 00 01 28 FF
487
488SYSTEM INFORMATION TYPE 6
489 Cell identity = 00001 (1h)
490 Location area identification
491 Mobile Country Code (MCC): 001
492 Mobile Network Code (MNC): 01
493 Location Area Code (LAC): 00001 (1h)
494 Cell Options SACCH
495 Power control indicator: not set
496 MSs shall not use uplink DTX on a TCH-F. MS shall not use uplink DTX on TCH-H.
497 Radio link timeout = 36
498 NCC permitted (NCC) = FF
499*/
500
501static const u_int8_t si6[] = {
502 0x06, 0x1E, 0x00, 0x01, 0x00, 0xF1, 0x10, 0x00, 0x01, 0x28, 0xFF,
503};
504
505
506
507static const struct bcch_info bcch_infos[] = {
508 {
509 .type = RSL_SYSTEM_INFO_1,
510 .len = sizeof(si1),
511 .data = si1,
512 }, {
513 .type = RSL_SYSTEM_INFO_2,
514 .len = sizeof(si2),
515 .data = si2,
516 }, {
517 .type = RSL_SYSTEM_INFO_3,
518 .len = sizeof(si3),
519 .data = si3,
520 }, {
521 .type = RSL_SYSTEM_INFO_4,
522 .len = sizeof(si4),
523 .data = si4,
524 },
525};
526
Holger Freyther24287b62008-12-28 16:32:41 +0000[diff] [blame^]527static_assert(sizeof(si1) == sizeof(struct gsm48_system_information_type_1), type1)
528static_assert(sizeof(si2) == sizeof(struct gsm48_system_information_type_2), type2)
529static_assert(sizeof(si3) == sizeof(struct gsm48_system_information_type_3), type3)
530static_assert(sizeof(si4) >= sizeof(struct gsm48_system_information_type_4), type4)
531static_assert(sizeof(si5) == sizeof(struct gsm48_system_information_type_5)-1, type5)
532static_assert(sizeof(si6) >= sizeof(struct gsm48_system_information_type_6)-1, type6)
533
Harald Welte52b1f982008-12-23 20:25:15 +0000[diff] [blame]534/* set all system information types */
535static int set_system_infos(struct gsm_bts *bts)
536{
537 int i;
538
539 for (i = 0; i < ARRAY_SIZE(bcch_infos); i++) {
540 rsl_bcch_info(bts, bcch_infos[i].type,
541 bcch_infos[i].data,
542 bcch_infos[i].len);
543 }
544 rsl_sacch_filling(bts, RSL_SYSTEM_INFO_5, si5, sizeof(si5));
545 rsl_sacch_filling(bts, RSL_SYSTEM_INFO_6, si6, sizeof(si6));
Harald Weltead384642008-12-26 10:20:07 +0000[diff] [blame]546
547 return 0;
Harald Welte52b1f982008-12-23 20:25:15 +0000[diff] [blame]548}
549
550static void activate_traffic_channels(struct gsm_bts_trx *trx)
551{
552 int i;
553
554 /* channel 0 is CCCH */
555 for (i = 1; i < 8; i++)
556 rsl_chan_activate_tch_f(&trx->ts[i]);
557}
558
Harald Weltead384642008-12-26 10:20:07 +0000[diff] [blame]559static void bootstrap_rsl(struct gsm_bts *bts)
Harald Welte52b1f982008-12-23 20:25:15 +0000[diff] [blame]560{
Harald Weltead384642008-12-26 10:20:07 +0000[diff] [blame]561 fprintf(stdout, "bootstrapping RSL\n");
Harald Welte52b1f982008-12-23 20:25:15 +0000[diff] [blame]562 set_system_infos(bts);
563
564 /* FIXME: defer this until the channels are used */
Harald Welte702d8702008-12-26 20:25:35 +0000[diff] [blame]565 //activate_traffic_channels(&bts->trx[0]);
Harald Welte52b1f982008-12-23 20:25:15 +0000[diff] [blame]566}
567
Harald Weltead384642008-12-26 10:20:07 +0000[diff] [blame]568static void mi_cb(int event, struct gsm_bts *bts)
569{
570 switch (event) {
571 case EVT_E1_OML_UP:
572 bootstrap_om(bts);
573 break;
574 case EVT_E1_RSL_UP:
575 bootstrap_rsl(bts);
576 break;
577 default:
578 /* FIXME: deal with TEI or L1 link loss */
579 break;
580 }
581}
582
Holger Freytherefde7fb2008-12-28 14:14:56 +0000[diff] [blame]583/*
584 * Patch the various SYSTEM INFORMATION tables to update
585 * the LAI
586 */
587static void patch_tables(void)
588{
589}
590
Harald Weltead384642008-12-26 10:20:07 +0000[diff] [blame]591static int bootstrap_network(void)
Harald Welte52b1f982008-12-23 20:25:15 +0000[diff] [blame]592{
593 struct gsm_bts *bts;
594
595 /* initialize our data structures */
Holger Freytherefde7fb2008-12-28 14:14:56 +0000[diff] [blame]596 gsmnet = gsm_network_init(1, MCC, MNC);
Harald Weltead384642008-12-26 10:20:07 +0000[diff] [blame]597 if (!gsmnet)
598 return -ENOMEM;
599
Harald Welte52b1f982008-12-23 20:25:15 +0000[diff] [blame]600 bts = &gsmnet->bts[0];
601 bts->location_area_code = 1;
602 bts->trx[0].arfcn = HARDCODED_ARFCN;
603
Harald Weltead384642008-12-26 10:20:07 +0000[diff] [blame]604 if (mi_setup(bts, 0, mi_cb) < 0)
605 return -EIO;
606
607 return 0;
Harald Welte52b1f982008-12-23 20:25:15 +0000[diff] [blame]608}
Harald Weltef6b7a902008-12-26 00:05:11 +0000[diff] [blame]609
Holger Freytherb332f612008-12-27 12:46:51 +0000[diff] [blame]610static void print_usage()
611{
612 printf("Usage: bsc_hack\n");
613}
614
615static void print_help()
616{
617 printf(" Some useful help...\n");
618 printf(" -d option --debug=DRLL:DCC:DMM:DRR:DRSL:DNM enable debugging\n");
Holger Freytherefde7fb2008-12-28 14:14:56 +0000[diff] [blame]619 printf(" -s --disable-color\n");
620 printf(" -n --network-code number(MNC) \n");
621 printf(" -c --country-code number (MCC) \n");
Holger Freytherb332f612008-12-27 12:46:51 +0000[diff] [blame]622 printf(" -h --help this text\n");
623}
624
625static void handle_options(int argc, char** argv)
626{
627 while (1) {
628 int option_index = 0, c;
629 static struct option long_options[] = {
630 {"help", 0, 0, 'h'},
631 {"debug", 1, 0, 'd'},
Holger Freytherefde7fb2008-12-28 14:14:56 +0000[diff] [blame]632 {"disable-color", 0, 0, 's'},
633 {"network-code", 1, 0, 'n'},
634 {"country-code", 1, 0, 'c'},
Holger Freytherb332f612008-12-27 12:46:51 +0000[diff] [blame]635 {0, 0, 0, 0}
636 };
637
638 c = getopt_long(argc, argv, "hnd:",
639 long_options, &option_index);
640 if (c == -1)
641 break;
642
643 switch (c) {
644 case 'h':
645 print_usage();
646 print_help();
647 exit(0);
Holger Freytherefde7fb2008-12-28 14:14:56 +0000[diff] [blame]648 case 's':
Holger Freytherb332f612008-12-27 12:46:51 +0000[diff] [blame]649 debug_use_color(0);
650 break;
651 case 'd':
652 debug_parse_category_mask(optarg);
653 break;
Holger Freytherefde7fb2008-12-28 14:14:56 +0000[diff] [blame]654 case 'n':
655 MNC = atoi(optarg);
656 break;
657 case 'c':
658 MCC = atoi(optarg);
659 break;
Holger Freytherb332f612008-12-27 12:46:51 +0000[diff] [blame]660 default:
661 /* ignore */
662 break;
663 }
664 }
665}
666
Harald Welte255539c2008-12-28 02:26:27 +0000[diff] [blame]667static struct timer_list pag_timer;
668
669/* handles uppercase decimal and hexadecimal */
670static u_int8_t char2bcd(char c)
671{
672 if (c <= '9')
673 return c - '0';
674 else
675 return c - 'A';
676}
677
678static int string_to_mi(u_int8_t *mi, const char *string,
679 u_int8_t type)
680{
681 u_int8_t *cur = mi+3;
682
683 mi[0] = GSM48_IE_MOBILE_ID;
684 //mi[1] = TMSI_LEN;
685 mi[2] = type & GSM_MI_TYPE_MASK;
686
687 if (strlen(string) & 0x01)
688 mi[2] |= char2bcd(*string++) << 4;
689 else
690 mi[2] |= 0xf0;
691
692 while (*string && *(string+1))
693 *cur++ = char2bcd(*string++) | (char2bcd(*string++) << 4);
694
695 mi[1] = cur - mi;
696
697 return cur - mi;
698}
699
700static const char *nokia_imsi = "7240311131388";
701static const char *rokr_imsi = "4660198001300";
702
703void pag_timer_cb(void *data)
704{
705 struct gsm_bts *bts = &gsmnet->bts[0];
706 u_int8_t mi[128];
707 struct gsm_subscriber _subscr, *subscr = &_subscr;
708 unsigned int paging_group, mi_len;
709 u_int64_t num_imsi;
710 const char *imsi = nokia_imsi;
711
712 printf("FEUER\n");
713
714#if 1
715 memset(subscr, 0, sizeof(*subscr));
716 strcpy(subscr->imsi, imsi);
717 db_get_subscriber(GSM_SUBSCRIBER_IMSI, subscr);
718 if (!subscr)
719 return;
720
721 mi_len = generate_mid_from_tmsi(mi, strtoul(subscr->tmsi, NULL, 10));
722#else
723 mi_len = string_to_mi(mi, imsi, GSM_MI_TYPE_IMSI);
724#endif
725
726 num_imsi = strtoull(imsi, NULL, 10);
727 paging_group = get_paging_group(num_imsi, 1, 3);
728
729 for (paging_group = 0; paging_group < 3; paging_group++)
730 rsl_paging_cmd(bts, paging_group, mi_len, mi, RSL_CHANNEED_TCH_F);
731
732 schedule_timer(&pag_timer, 10, 0);
733}
734
Harald Weltef6b7a902008-12-26 00:05:11 +0000[diff] [blame]735int main(int argc, char **argv)
736{
Holger Freytherb332f612008-12-27 12:46:51 +0000[diff] [blame]737 /* parse options */
738 handle_options(argc, argv);
739
Harald Welte75a983f2008-12-27 21:34:06 +0000[diff] [blame]740 if (db_init()) {
741 printf("DB: Failed to init database. Please check the option settings.\n");
742 return 1;
743 }
744 printf("DB: Database initialized.\n");
745
746 if (db_prepare()) {
747 printf("DB: Failed to prepare database.\n");
748 return 1;
749 }
750 printf("DB: Database prepared.\n");
751
Holger Freytherefde7fb2008-12-28 14:14:56 +0000[diff] [blame]752 patch_tables();
Harald Weltef6b7a902008-12-26 00:05:11 +0000[diff] [blame]753 bootstrap_network();
754
Harald Welte255539c2008-12-28 02:26:27 +0000[diff] [blame]755 pag_timer.cb = pag_timer_cb;
756 schedule_timer(&pag_timer, 10, 0);
757
Harald Weltef6b7a902008-12-26 00:05:11 +0000[diff] [blame]758 while (1) {
759 bsc_select_main();
760 }
761}