Gitiles
Code Review Sign In
gerrit.osmocom.org / osmo-mgw / 33a6184a9e19697b6ed8abc4f3abffaa9f2c7563 / . / src / bsc_hack.c
blob: 274a9cf1235c14d0f3a05937773734dbcb2cc9ba [file] [log] [blame]
Harald Welte52b1f982008-12-23 20:25:15 +0000[diff] [blame]1/* A hackish minimal BSC (+MSC +HLR) implementation */
2
3/* (C) 2008 by Harald Welte <laforge@gnumonks.org>
4 * All Rights Reserved
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License along
17 * with this program; if not, write to the Free Software Foundation, Inc.,
18 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
19 *
20 */
21
Harald Weltef6b7a902008-12-26 00:05:11 +0000[diff] [blame]22#include <unistd.h>
23#include <stdlib.h>
24#include <stdio.h>
25#include <stdarg.h>
26#include <time.h>
27#include <string.h>
Harald Weltead384642008-12-26 10:20:07 +0000[diff] [blame]28#include <errno.h>
Harald Welte52b1f982008-12-23 20:25:15 +0000[diff] [blame]29
Holger Freytherb332f612008-12-27 12:46:51 +0000[diff] [blame]30#define _GNU_SOURCE
31#include <getopt.h>
32
Harald Welte255539c2008-12-28 02:26:27 +0000[diff] [blame]33#include <openbsc/db.h>
34#include <openbsc/timer.h>
Harald Welte8470bf22008-12-25 23:28:35 +0000[diff] [blame]35#include <openbsc/gsm_data.h>
Harald Welte255539c2008-12-28 02:26:27 +0000[diff] [blame]36#include <openbsc/gsm_04_08.h>
Harald Weltead384642008-12-26 10:20:07 +0000[diff] [blame]37#include <openbsc/select.h>
Harald Welte8470bf22008-12-25 23:28:35 +0000[diff] [blame]38#include <openbsc/abis_rsl.h>
39#include <openbsc/abis_nm.h>
Harald Welte702d8702008-12-26 20:25:35 +0000[diff] [blame]40#include <openbsc/debug.h>
Holger Freyther5677ae32008-12-27 09:41:03 +0000[diff] [blame]41#include <openbsc/misdn.h>
Harald Welte52b1f982008-12-23 20:25:15 +0000[diff] [blame]42
43/* global pointer to the gsm network data structure */
44static struct gsm_network *gsmnet;
45
Holger Freytherefde7fb2008-12-28 14:14:56 +0000[diff] [blame]46/* MCC and MNC for the Location Area Identifier */
47static int MCC = 1;
48static int MNC = 1;
49
50
Harald Welte52b1f982008-12-23 20:25:15 +0000[diff] [blame]51/* The following definitions are for OM and NM packets that we cannot yet
52 * generate by code but we just pass on */
53
54// BTS Site Manager, SET ATTRIBUTES
55
56/*
57 Object Class: BTS Site Manager
58 Instance 1: FF
59 Instance 2: FF
60 Instance 3: FF
61SET ATTRIBUTES
62 sAbisExternalTime: 2007/09/08 14:36:11
63 omLAPDRelTimer: 30sec
64 shortLAPDIntTimer: 5sec
65 emergencyTimer1: 10 minutes
66 emergencyTimer2: 0 minutes
67*/
68
69unsigned char msg_1[] =
70{
71 0xD0, 0x00, 0xFF, 0xFF, 0xFF, 0x91, 0x07, 0xD7, 0x09, 0x08, 0x0E, 0x24,
72 0x0B, 0xCE, 0x02, 0x00, 0x1E, 0xE8, 0x01, 0x05, 0x42, 0x02, 0x00, 0x0A, 0x44,
73 0x02, 0x00, 0x00
74};
75
76// BTS, SET BTS ATTRIBUTES
77
78/*
79 Object Class: BTS
80 BTS relat. Number: 0
81 Instance 2: FF
82 Instance 3: FF
83SET BTS ATTRIBUTES
84 bsIdentityCode / BSIC:
85 PLMN_colour_code: 7h
86 BS_colour_code: 7h
87 BTS Air Timer T3105: 4 ,unit 10 ms
88 btsIsHopping: FALSE
89 periodCCCHLoadIndication: 255sec
90 thresholdCCCHLoadIndication: 100%
91 cellAllocationNumber: 00h = GSM 900
92 enableInterferenceClass: 00h = Disabled
93 fACCHQual: 6 (FACCH stealing flags minus 1)
94 intaveParameter: 31 SACCH multiframes
95 interferenceLevelBoundaries:
96 Interference Boundary 1: 0Ah
97 Interference Boundary 2: 0Fh
98 Interference Boundary 3: 14h
99 Interference Boundary 4: 19h
100 Interference Boundary 5: 1Eh
101 mSTxPwrMax: 11
102 GSM range: 2=39dBm, 15=13dBm, stepsize 2 dBm
103 DCS1800 range: 0=30dBm, 15=0dBm, stepsize 2 dBm
104 PCS1900 range: 0=30dBm, 15=0dBm, stepsize 2 dBm
105 30=33dBm, 31=32dBm
106 ny1:
107 Maximum number of repetitions for PHYSICAL INFORMATION message (GSM 04.08): 20
108 powerOutputThresholds:
109 Out Power Fault Threshold: -10 dB
110 Red Out Power Threshold: - 6 dB
111 Excessive Out Power Threshold: 5 dB
112 rACHBusyThreshold: -127 dBm
113 rACHLoadAveragingSlots: 250 ,number of RACH burst periods
114 rfResourceIndicationPeriod: 125 SACCH multiframes
115 T200:
116 SDCCH: 044 in 5 ms
117 FACCH/Full rate: 031 in 5 ms
118 FACCH/Half rate: 041 in 5 ms
119 SACCH with TCH SAPI0: 090 in 10 ms
120 SACCH with SDCCH: 090 in 10 ms
121 SDCCH with SAPI3: 090 in 5 ms
122 SACCH with TCH SAPI3: 135 in 10 ms
123 tSync: 9000 units of 10 msec
124 tTrau: 9000 units of 10 msec
125 enableUmLoopTest: 00h = disabled
126 enableExcessiveDistance: 00h = Disabled
127 excessiveDistance: 64km
128 hoppingMode: 00h = baseband hopping
129 cellType: 00h = Standard Cell
130 BCCH ARFCN / bCCHFrequency: 1
131*/
132
133unsigned char msg_2[] =
134{
135 0x41, 0x01, 0x00, 0xFF, 0xFF, 0x09, 0x3F, 0x0A, 0x04, 0x61, 0x00, 0x0B,
136 0xFF, 0x0C, 0x64, 0x62, 0x00, 0x66, 0x00, 0x6E, 0x06, 0x18, 0x1F, 0x19,
137 0x0A, 0x0F, 0x14, 0x19, 0x1E, 0x7B, 0x0B, 0x23, 0x14, 0x28, 0x00, 0x04,
138 0x03, 0x2A, 0x7F, 0x2B, 0x00, 0xFA, 0x8F, 0x7D, 0x33, 0x2C, 0x1F, 0x29,
139 0x5A, 0x5A, 0x5A, 0x87, 0x94, 0x23, 0x28, 0x95, 0x23, 0x28, 0x35, 0x01,
140 0x00, 0x46, 0x01, 0x00, 0x58, 0x01, 0x40, 0xC5, 0x01, 0x00, 0xF2, 0x01,
141 0x00, 0x08, 0x00, HARDCODED_ARFCN/*0x01*/,
142};
143
144// Handover Recognition, SET ATTRIBUTES
145
146/*
147Illegal Contents GSM Formatted O&M Msg
148 Object Class: Handover Recognition
149 BTS relat. Number: 0
150 Instance 2: FF
151 Instance 3: FF
152SET ATTRIBUTES
153 enableDelayPowerBudgetHO: 00h = Disabled
154 enableDistanceHO: 00h = Disabled
155 enableInternalInterCellHandover: 00h = Disabled
156 enableInternalIntraCellHandover: 00h = Disabled
157 enablePowerBudgetHO: 00h = Disabled
158 enableRXLEVHO: 00h = Disabled
159 enableRXQUALHO: 00h = Disabled
160 hoAveragingDistance: 8 SACCH multiframes
161 hoAveragingLev:
162 A_LEV_HO: 8 SACCH multiframes
163 W_LEV_HO: 1 SACCH multiframes
164 hoAveragingPowerBudget: 16 SACCH multiframes
165 hoAveragingQual:
166 A_QUAL_HO: 8 SACCH multiframes
167 W_QUAL_HO: 2 SACCH multiframes
168 hoLowerThresholdLevDL: (10 - 110) dBm
169 hoLowerThresholdLevUL: (5 - 110) dBm
170 hoLowerThresholdQualDL: 06h = 6.4% < BER < 12.8%
171 hoLowerThresholdQualUL: 06h = 6.4% < BER < 12.8%
172 hoThresholdLevDLintra : (20 - 110) dBm
173 hoThresholdLevULintra: (20 - 110) dBm
174 hoThresholdMsRangeMax: 20 km
175 nCell: 06h
176 timerHORequest: 3 ,unit 2 SACCH multiframes
177*/
178
179unsigned char msg_3[] =
180{
181 0xD0, 0xA1, 0x00, 0xFF, 0xFF, 0xD0, 0x00, 0x64, 0x00, 0x67, 0x00, 0x68,
182 0x00, 0x6A, 0x00, 0x6C, 0x00, 0x6D, 0x00, 0x6F, 0x08, 0x70, 0x08, 0x01,
183 0x71, 0x10, 0x10, 0x10, 0x72, 0x08, 0x02, 0x73, 0x0A, 0x74, 0x05, 0x75,
184 0x06, 0x76, 0x06, 0x78, 0x14, 0x79, 0x14, 0x7A, 0x14, 0x7D, 0x06, 0x92,
185 0x03, 0x20, 0x01, 0x00, 0x45, 0x01, 0x00, 0x48, 0x01, 0x00, 0x5A, 0x01,
186 0x00, 0x5B, 0x01, 0x05, 0x5E, 0x01, 0x1A, 0x5F, 0x01, 0x20, 0x9D, 0x01,
187 0x00, 0x47, 0x01, 0x00, 0x5C, 0x01, 0x64, 0x5D, 0x01, 0x1E, 0x97, 0x01,
188 0x20, 0xF7, 0x01, 0x3C,
189};
190
191// Power Control, SET ATTRIBUTES
192
193/*
194 Object Class: Power Control
195 BTS relat. Number: 0
196 Instance 2: FF
197 Instance 3: FF
198SET ATTRIBUTES
199 enableMsPowerControl: 00h = Disabled
200 enablePowerControlRLFW: 00h = Disabled
201 pcAveragingLev:
202 A_LEV_PC: 4 SACCH multiframes
203 W_LEV_PC: 1 SACCH multiframes
204 pcAveragingQual:
205 A_QUAL_PC: 4 SACCH multiframes
206 W_QUAL_PC: 2 SACCH multiframes
207 pcLowerThresholdLevDL: 0Fh
208 pcLowerThresholdLevUL: 0Ah
209 pcLowerThresholdQualDL: 05h = 3.2% < BER < 6.4%
210 pcLowerThresholdQualUL: 05h = 3.2% < BER < 6.4%
211 pcRLFThreshold: 0Ch
212 pcUpperThresholdLevDL: 14h
213 pcUpperThresholdLevUL: 0Fh
214 pcUpperThresholdQualDL: 04h = 1.6% < BER < 3.2%
215 pcUpperThresholdQualUL: 04h = 1.6% < BER < 3.2%
216 powerConfirm: 2 ,unit 2 SACCH multiframes
217 powerControlInterval: 2 ,unit 2 SACCH multiframes
218 powerIncrStepSize: 02h = 4 dB
219 powerRedStepSize: 01h = 2 dB
220 radioLinkTimeoutBs: 64 SACCH multiframes
221 enableBSPowerControl: 00h = disabled
222*/
223
224unsigned char msg_4[] =
225{
226 0xD0, 0xA2, 0x00, 0xFF, 0xFF, 0x69, 0x00, 0x6B, 0x00, 0x7E, 0x04, 0x01,
227 0x7F, 0x04, 0x02, 0x80, 0x0F, 0x81, 0x0A, 0x82, 0x05, 0x83, 0x05, 0x84,
228 0x0C, 0x85, 0x14, 0x86, 0x0F, 0x87, 0x04, 0x88, 0x04, 0x89, 0x02, 0x8A,
229 0x02, 0x8B, 0x02, 0x8C, 0x01, 0x8D, 0x40, 0x65, 0x01, 0x00 // set to 0x01 to enable BSPowerControl
230};
231
232
233// Transceiver, SET TRX ATTRIBUTES (TRX 0)
234
235/*
236 Object Class: Transceiver
237 BTS relat. Number: 0
238 Tranceiver number: 0
239 Instance 3: FF
240SET TRX ATTRIBUTES
241 aRFCNList (HEX): 0001
242 txPwrMaxReduction: 00h = 0dB
243 radioMeasGran: 254 SACCH multiframes
244 radioMeasRep: 01h = enabled
245 memberOfEmergencyConfig: 01h = TRUE
246 trxArea: 00h = TRX doesn't belong to a concentric cell
247*/
248
249unsigned char msg_6[] =
250{
251 0x44, 0x02, 0x00, 0x00, 0xFF, 0x05, 0x01, 0x00, HARDCODED_ARFCN /*0x01*/, 0x2D,
252 0x00, 0xDC, 0x01, 0xFE, 0xDD, 0x01, 0x01, 0x9B, 0x01, 0x01, 0x9F, 0x01, 0x00,
253};
254
255
256static void bootstrap_om(struct gsm_bts *bts)
257{
258 struct gsm_bts_trx *trx = &bts->trx[0];
259
Harald Weltead384642008-12-26 10:20:07 +0000[diff] [blame]260 fprintf(stdout, "bootstrapping OML\n");
261
Harald Welte52b1f982008-12-23 20:25:15 +0000[diff] [blame]262 /* stop sending event reports */
263 abis_nm_event_reports(bts, 0);
264
265 /* begin DB transmission */
266 abis_nm_db_transmission(bts, 1);
267
Harald Welte702d8702008-12-26 20:25:35 +0000[diff] [blame]268 /* end DB transmission */
269 abis_nm_db_transmission(bts, 0);
270
271 /* Reset BTS Site manager resource */
272 abis_nm_reset_resource(bts);
273
274 /* begin DB transmission */
275 abis_nm_db_transmission(bts, 1);
276
Harald Welte52b1f982008-12-23 20:25:15 +0000[diff] [blame]277 abis_nm_raw_msg(bts, sizeof(msg_1), msg_1); /* set BTS SiteMgr attr*/
278 abis_nm_raw_msg(bts, sizeof(msg_2), msg_2); /* set BTS attr */
279 abis_nm_raw_msg(bts, sizeof(msg_3), msg_3); /* set BTS handover attr */
280 abis_nm_raw_msg(bts, sizeof(msg_4), msg_4); /* set BTS power control attr */
281
282 /* Connect signalling of bts0/trx0 to e1_0/ts1/64kbps */
283 abis_nm_conn_terr_sign(trx, 0, 1, 0xff);
284 abis_nm_raw_msg(bts, sizeof(msg_6), msg_6); /* SET TRX ATTRIBUTES */
285
286 /* Use TEI 1 for signalling */
287 abis_nm_establish_tei(bts, 0, 0, 1, 0xff, 0x01);
288 abis_nm_set_channel_attr(&trx->ts[0], NM_CHANC_SDCCH_CBCH);
289#if 0
290 /* TRX 1 */
291 abis_nm_conn_terr_sign(&bts->trx[1], 0, 1, 0xff);
292 /* FIXME: TRX ATTRIBUTE */
293 abis_nm_establish_tei(bts, 0, 0, 1, 0xff, 0x02);
294#endif
295
296 /* SET CHANNEL ATTRIBUTE TS1 */
297 abis_nm_set_channel_attr(&trx->ts[1], 0x09);
298 /* Connect traffic of bts0/trx0/ts1 to e1_0/ts2/b */
299 abis_nm_conn_terr_traf(&trx->ts[1], 0, 2, 1);
300
301 /* SET CHANNEL ATTRIBUTE TS2 */
302 abis_nm_set_channel_attr(&trx->ts[2], 0x09);
303 /* Connect traffic of bts0/trx0/ts2 to e1_0/ts2/c */
304 abis_nm_conn_terr_traf(&trx->ts[2], 0, 2, 2);
305
306 /* SET CHANNEL ATTRIBUTE TS3 */
307 abis_nm_set_channel_attr(&trx->ts[3], 0x09);
308 /* Connect traffic of bts0/trx0/ts3 to e1_0/ts2/d */
309 abis_nm_conn_terr_traf(&trx->ts[3], 0, 2, 3);
310
311 /* SET CHANNEL ATTRIBUTE TS4 */
312 abis_nm_set_channel_attr(&trx->ts[4], 0x09);
313 /* Connect traffic of bts0/trx0/ts4 to e1_0/ts3/a */
314 abis_nm_conn_terr_traf(&trx->ts[4], 0, 3, 0);
315
316 /* SET CHANNEL ATTRIBUTE TS5 */
317 abis_nm_set_channel_attr(&trx->ts[5], 0x09);
318 /* Connect traffic of bts0/trx0/ts5 to e1_0/ts3/b */
319 abis_nm_conn_terr_traf(&trx->ts[5], 0, 3, 1);
320
321 /* SET CHANNEL ATTRIBUTE TS6 */
322 abis_nm_set_channel_attr(&trx->ts[6], 0x09);
323 /* Connect traffic of bts0/trx0/ts6 to e1_0/ts3/c */
324 abis_nm_conn_terr_traf(&trx->ts[6], 0, 3, 2);
325
326 /* SET CHANNEL ATTRIBUTE TS7 */
327 abis_nm_set_channel_attr(&trx->ts[7], 0x09);
328 /* Connect traffic of bts0/trx0/ts7 to e1_0/ts3/d */
329 abis_nm_conn_terr_traf(&trx->ts[7], 0, 3, 3);
330
331 /* end DB transmission */
332 abis_nm_db_transmission(bts, 0);
333
334 /* Reset BTS Site manager resource */
335 abis_nm_reset_resource(bts);
336
337 /* restart sending event reports */
338 abis_nm_event_reports(bts, 1);
339}
340
341
342
343struct bcch_info {
344 u_int8_t type;
345 u_int8_t len;
346 const u_int8_t *data;
347};
348
349/*
350SYSTEM INFORMATION TYPE 1
351 Cell channel description
352 Format-ID bit map 0
353 CA-ARFCN Bit 124...001 (Hex): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01
354 RACH Control Parameters
355 maximum 7 retransmissions
356 8 slots used to spread transmission
357 cell not barred for access
358 call reestablishment not allowed
359 Access Control Class = 0000
360*/
Holger Freytherb9ddfd02008-12-28 16:32:45 +0000[diff] [blame]361static u_int8_t si1[] = {
Holger Freyther4d505472008-12-28 16:32:42 +0000[diff] [blame]362 /* header */0x55, 0x06, 0x19,
363 /* ccdesc */0x04 /*0x00*/, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
364 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 /*0x01*/,
365 /* rach */0xD5, 0x00, 0x00,
366 /* s1 reset*/0x2B
Harald Welte52b1f982008-12-23 20:25:15 +0000[diff] [blame]367};
368
369/*
370 SYSTEM INFORMATION TYPE 2
371 Neighbour Cells Description
372 EXT-IND: Carries the complete BA
373 BA-IND = 0
374 Format-ID bit map 0
375 CA-ARFCN Bit 124...001 (Hex): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
376 NCC permitted (NCC) = FF
377 RACH Control Parameters
378 maximum 7 retransmissions
379 8 slots used to spread transmission
380 cell not barred for access
381 call reestablishment not allowed
382 Access Control Class = 0000
383*/
Holger Freytherb9ddfd02008-12-28 16:32:45 +0000[diff] [blame]384static u_int8_t si2[] = {
Holger Freyther4d505472008-12-28 16:32:42 +0000[diff] [blame]385 /* header */0x59, 0x06, 0x1A,
386 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
387 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
388 /* ncc */0xFF,
389 /* rach*/0xD5, 0x00, 0x00
Harald Welte52b1f982008-12-23 20:25:15 +0000[diff] [blame]390};
391
392/*
393SYSTEM INFORMATION TYPE 3
394 Cell identity = 00001 (1h)
395 Location area identification
396 Mobile Country Code (MCC): 001
397 Mobile Network Code (MNC): 01
398 Location Area Code (LAC): 00001 (1h)
399 Control Channel Description
400 Attach-detach: MSs in the cell are not allowed to apply IMSI attach /detach
401 0 blocks reserved for access grant
402 1 channel used for CCCH, with SDCCH
403 5 multiframes period for PAGING REQUEST
404 Time-out T3212 = 0
405 Cell Options BCCH
406 Power control indicator: not set
407 MSs shall not use uplink DTX
408 Radio link timeout = 36
409 Cell Selection Parameters
410 Cell reselect hysteresis = 6 dB RXLEV hysteresis for LA re-selection
411 max.TX power level MS may use for CCH = 2
412 Additional Reselect Parameter Indication (ACS) = only SYSTEM INFO 4: The SI rest octets, if present, shall be used to derive the value of PI and possibly C2 parameters
413 Half rate support (NECI): New establishment causes are not supported
414 min.RX signal level for MS = 0
415 RACH Control Parameters
416 maximum 7 retransmissions
417 8 slots used to spread transmission
418 cell not barred for access
419 call reestablishment not allowed
420 Access Control Class = 0000
421 SI 3 Rest Octets
422 Cell Bar Qualify (CBQ): 0
423 Cell Reselect Offset = 0 dB
424 Temporary Offset = 0 dB
425 Penalty Time = 20 s
426 System Information 2ter Indicator (2TI): 0 = not available
427 Early Classmark Sending Control (ECSC): 0 = forbidden
428 Scheduling Information is not sent in SYSTEM INFORMATION TYPE 9 on the BCCH
429*/
Holger Freytherb9ddfd02008-12-28 16:32:45 +0000[diff] [blame]430static u_int8_t si3[] = {
Holger Freyther4d505472008-12-28 16:32:42 +0000[diff] [blame]431 /* header */0x49, 0x06, 0x1B,
432 /* cell */0x00, 0x01,
433 /* lai */0x00, 0xF1, 0x10, 0x00, 0x01,
434 /* desc */0x01, 0x03, 0x00,
435 /* option*/0x28,
436 /* selection*/0x62, 0x00,
437 /* rach */0xD5, 0x00, 0x00,
438 /* reset*/0x80, 0x00, 0x00, 0x2B
Harald Welte52b1f982008-12-23 20:25:15 +0000[diff] [blame]439};
440
441/*
442SYSTEM INFORMATION TYPE 4
443 Location area identification
444 Mobile Country Code (MCC): 001
445 Mobile Network Code (MNC): 01
446 Location Area Code (LAC): 00001 (1h)
447 Cell Selection Parameters
448 Cell reselect hysteresis = 6 dB RXLEV hysteresis for LA re-selection
449 max.TX power level MS may use for CCH = 2
450 Additional Reselect Parameter Indication (ACS) = only SYSTEM INFO 4: The SI rest octets, if present, shall be used to derive the value of PI and possibly C2 parameters
451 Half rate support (NECI): New establishment causes are not supported
452 min.RX signal level for MS = 0
453 RACH Control Parameters
454 maximum 7 retransmissions
455 8 slots used to spread transmission
456 cell not barred for access
457 call reestablishment not allowed
458 Access Control Class = 0000
459 Channel Description
460 Type = SDCCH/4[2]
461 Timeslot Number: 0
462 Training Sequence Code: 7h
463 ARFCN: 1
464 SI Rest Octets
465 Cell Bar Qualify (CBQ): 0
466 Cell Reselect Offset = 0 dB
467 Temporary Offset = 0 dB
468 Penalty Time = 20 s
469*/
Holger Freytherb9ddfd02008-12-28 16:32:45 +0000[diff] [blame]470static u_int8_t si4[] = {
Holger Freyther4d505472008-12-28 16:32:42 +0000[diff] [blame]471 /* header */0x41, 0x06, 0x1C,
472 /* lai */0x00, 0xF1, 0x10, 0x00, 0x01,
473 /* sel */0x62, 0x00,
474 /* rach*/0xD5, 0x00, 0x00,
475 /* var */0x64, 0x30, 0xE0, HARDCODED_ARFCN/*0x01*/, 0x80, 0x00, 0x00,
Harald Welte52b1f982008-12-23 20:25:15 +0000[diff] [blame]476 0x2B, 0x2B, 0x2B
477};
478
479/*
480 SYSTEM INFORMATION TYPE 5
481 Neighbour Cells Description
482 EXT-IND: Carries the complete BA
483 BA-IND = 0
484 Format-ID bit map 0
485 CA-ARFCN Bit 124...001 (Hex): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
486*/
487
Holger Freytherb9ddfd02008-12-28 16:32:45 +0000[diff] [blame]488static u_int8_t si5[] = {
Holger Freyther4d505472008-12-28 16:32:42 +0000[diff] [blame]489 /* header without l2 len*/0x06, 0x1D,
490 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
491 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
Harald Welte52b1f982008-12-23 20:25:15 +0000[diff] [blame]492};
493
494// SYSTEM INFORMATION TYPE 6
495
496/*
497SACCH FILLING
498 System Info Type: SYSTEM INFORMATION 6
499 L3 Information (Hex): 06 1E 00 01 xx xx 10 00 01 28 FF
500
501SYSTEM INFORMATION TYPE 6
502 Cell identity = 00001 (1h)
503 Location area identification
504 Mobile Country Code (MCC): 001
505 Mobile Network Code (MNC): 01
506 Location Area Code (LAC): 00001 (1h)
507 Cell Options SACCH
508 Power control indicator: not set
509 MSs shall not use uplink DTX on a TCH-F. MS shall not use uplink DTX on TCH-H.
510 Radio link timeout = 36
511 NCC permitted (NCC) = FF
512*/
513
Holger Freytherb9ddfd02008-12-28 16:32:45 +0000[diff] [blame]514static u_int8_t si6[] = {
Holger Freyther4d505472008-12-28 16:32:42 +0000[diff] [blame]515 /* header */0x06, 0x1E,
516 /* cell id*/ 0x00, 0x01,
517 /* lai */ 0x00, 0xF1, 0x10, 0x00, 0x01,
518 /* options */ 0x28,
519 /* ncc */ 0xFF,
Harald Welte52b1f982008-12-23 20:25:15 +0000[diff] [blame]520};
521
522
523
524static const struct bcch_info bcch_infos[] = {
525 {
526 .type = RSL_SYSTEM_INFO_1,
527 .len = sizeof(si1),
528 .data = si1,
529 }, {
530 .type = RSL_SYSTEM_INFO_2,
531 .len = sizeof(si2),
532 .data = si2,
533 }, {
534 .type = RSL_SYSTEM_INFO_3,
535 .len = sizeof(si3),
536 .data = si3,
537 }, {
538 .type = RSL_SYSTEM_INFO_4,
539 .len = sizeof(si4),
540 .data = si4,
541 },
542};
543
Holger Freyther24287b62008-12-28 16:32:41 +0000[diff] [blame]544static_assert(sizeof(si1) == sizeof(struct gsm48_system_information_type_1), type1)
545static_assert(sizeof(si2) == sizeof(struct gsm48_system_information_type_2), type2)
546static_assert(sizeof(si3) == sizeof(struct gsm48_system_information_type_3), type3)
547static_assert(sizeof(si4) >= sizeof(struct gsm48_system_information_type_4), type4)
Harald Welte104604e2008-12-28 16:36:11 +0000[diff] [blame]548static_assert(sizeof(si5) == sizeof(struct gsm48_system_information_type_5), type5)
549static_assert(sizeof(si6) >= sizeof(struct gsm48_system_information_type_6), type6)
Holger Freyther24287b62008-12-28 16:32:41 +0000[diff] [blame]550
Harald Welte52b1f982008-12-23 20:25:15 +0000[diff] [blame]551/* set all system information types */
552static int set_system_infos(struct gsm_bts *bts)
553{
554 int i;
555
556 for (i = 0; i < ARRAY_SIZE(bcch_infos); i++) {
557 rsl_bcch_info(bts, bcch_infos[i].type,
558 bcch_infos[i].data,
559 bcch_infos[i].len);
560 }
561 rsl_sacch_filling(bts, RSL_SYSTEM_INFO_5, si5, sizeof(si5));
562 rsl_sacch_filling(bts, RSL_SYSTEM_INFO_6, si6, sizeof(si6));
Harald Weltead384642008-12-26 10:20:07 +0000[diff] [blame]563
564 return 0;
Harald Welte52b1f982008-12-23 20:25:15 +0000[diff] [blame]565}
566
567static void activate_traffic_channels(struct gsm_bts_trx *trx)
568{
569 int i;
570
571 /* channel 0 is CCCH */
572 for (i = 1; i < 8; i++)
573 rsl_chan_activate_tch_f(&trx->ts[i]);
574}
575
Holger Freytherb9ddfd02008-12-28 16:32:45 +0000[diff] [blame]576/*
577 * Patch the various SYSTEM INFORMATION tables to update
578 * the LAI
579 */
580static void patch_tables(struct gsm_bts *bts)
581{
582 /* covert the raw packet to the struct */
583 struct gsm48_system_information_type_3 *type_3 =
584 (struct gsm48_system_information_type_3*)&si3;
585 struct gsm48_system_information_type_4 *type_4 =
586 (struct gsm48_system_information_type_4*)&si4;
587 struct gsm48_system_information_type_6 *type_6 =
588 (struct gsm48_system_information_type_6*)&si6;
589
590 /* assign the MCC and MNC */
591 gsm0408_generate_lai(&type_3->lai, bts->network->country_code,
592 bts->network->network_code, bts->location_area_code);
593 gsm0408_generate_lai(&type_4->lai, bts->network->country_code,
594 bts->network->network_code, bts->location_area_code);
595 gsm0408_generate_lai(&type_6->lai, bts->network->country_code,
596 bts->network->network_code, bts->location_area_code);
597}
598
599
Harald Weltead384642008-12-26 10:20:07 +0000[diff] [blame]600static void bootstrap_rsl(struct gsm_bts *bts)
Harald Welte52b1f982008-12-23 20:25:15 +0000[diff] [blame]601{
Harald Weltead384642008-12-26 10:20:07 +0000[diff] [blame]602 fprintf(stdout, "bootstrapping RSL\n");
Holger Freytherb9ddfd02008-12-28 16:32:45 +0000[diff] [blame]603 patch_tables(bts);
Harald Welte52b1f982008-12-23 20:25:15 +0000[diff] [blame]604 set_system_infos(bts);
605
606 /* FIXME: defer this until the channels are used */
Harald Welte702d8702008-12-26 20:25:35 +0000[diff] [blame]607 //activate_traffic_channels(&bts->trx[0]);
Harald Welte52b1f982008-12-23 20:25:15 +0000[diff] [blame]608}
609
Harald Weltead384642008-12-26 10:20:07 +0000[diff] [blame]610static void mi_cb(int event, struct gsm_bts *bts)
611{
612 switch (event) {
613 case EVT_E1_OML_UP:
614 bootstrap_om(bts);
615 break;
616 case EVT_E1_RSL_UP:
617 bootstrap_rsl(bts);
618 break;
619 default:
620 /* FIXME: deal with TEI or L1 link loss */
621 break;
622 }
623}
624
625static int bootstrap_network(void)
Harald Welte52b1f982008-12-23 20:25:15 +0000[diff] [blame]626{
627 struct gsm_bts *bts;
628
629 /* initialize our data structures */
Holger Freytherefde7fb2008-12-28 14:14:56 +0000[diff] [blame]630 gsmnet = gsm_network_init(1, MCC, MNC);
Harald Weltead384642008-12-26 10:20:07 +0000[diff] [blame]631 if (!gsmnet)
632 return -ENOMEM;
633
Harald Welte52b1f982008-12-23 20:25:15 +0000[diff] [blame]634 bts = &gsmnet->bts[0];
635 bts->location_area_code = 1;
636 bts->trx[0].arfcn = HARDCODED_ARFCN;
637
Harald Weltead384642008-12-26 10:20:07 +0000[diff] [blame]638 if (mi_setup(bts, 0, mi_cb) < 0)
639 return -EIO;
640
641 return 0;
Harald Welte52b1f982008-12-23 20:25:15 +0000[diff] [blame]642}
Harald Weltef6b7a902008-12-26 00:05:11 +0000[diff] [blame]643
Holger Freytherb332f612008-12-27 12:46:51 +0000[diff] [blame]644static void print_usage()
645{
646 printf("Usage: bsc_hack\n");
647}
648
649static void print_help()
650{
651 printf(" Some useful help...\n");
652 printf(" -d option --debug=DRLL:DCC:DMM:DRR:DRSL:DNM enable debugging\n");
Holger Freytherefde7fb2008-12-28 14:14:56 +0000[diff] [blame]653 printf(" -s --disable-color\n");
654 printf(" -n --network-code number(MNC) \n");
655 printf(" -c --country-code number (MCC) \n");
Holger Freytherb332f612008-12-27 12:46:51 +0000[diff] [blame]656 printf(" -h --help this text\n");
657}
658
659static void handle_options(int argc, char** argv)
660{
661 while (1) {
662 int option_index = 0, c;
663 static struct option long_options[] = {
664 {"help", 0, 0, 'h'},
665 {"debug", 1, 0, 'd'},
Holger Freytherefde7fb2008-12-28 14:14:56 +0000[diff] [blame]666 {"disable-color", 0, 0, 's'},
667 {"network-code", 1, 0, 'n'},
668 {"country-code", 1, 0, 'c'},
Holger Freytherb332f612008-12-27 12:46:51 +0000[diff] [blame]669 {0, 0, 0, 0}
670 };
671
Holger Freyther33a61842008-12-28 16:57:19 +0000[diff] [blame^]672 c = getopt_long(argc, argv, "hc:n:d:s",
Holger Freytherb332f612008-12-27 12:46:51 +0000[diff] [blame]673 long_options, &option_index);
674 if (c == -1)
675 break;
676
677 switch (c) {
678 case 'h':
679 print_usage();
680 print_help();
681 exit(0);
Holger Freytherefde7fb2008-12-28 14:14:56 +0000[diff] [blame]682 case 's':
Holger Freytherb332f612008-12-27 12:46:51 +0000[diff] [blame]683 debug_use_color(0);
684 break;
685 case 'd':
686 debug_parse_category_mask(optarg);
687 break;
Holger Freytherefde7fb2008-12-28 14:14:56 +0000[diff] [blame]688 case 'n':
689 MNC = atoi(optarg);
690 break;
691 case 'c':
692 MCC = atoi(optarg);
693 break;
Holger Freytherb332f612008-12-27 12:46:51 +0000[diff] [blame]694 default:
695 /* ignore */
696 break;
697 }
698 }
699}
700
Harald Welte255539c2008-12-28 02:26:27 +0000[diff] [blame]701static struct timer_list pag_timer;
702
703/* handles uppercase decimal and hexadecimal */
704static u_int8_t char2bcd(char c)
705{
706 if (c <= '9')
707 return c - '0';
708 else
709 return c - 'A';
710}
711
712static int string_to_mi(u_int8_t *mi, const char *string,
713 u_int8_t type)
714{
715 u_int8_t *cur = mi+3;
716
717 mi[0] = GSM48_IE_MOBILE_ID;
718 //mi[1] = TMSI_LEN;
719 mi[2] = type & GSM_MI_TYPE_MASK;
720
721 if (strlen(string) & 0x01)
722 mi[2] |= char2bcd(*string++) << 4;
723 else
724 mi[2] |= 0xf0;
725
726 while (*string && *(string+1))
727 *cur++ = char2bcd(*string++) | (char2bcd(*string++) << 4);
728
729 mi[1] = cur - mi;
730
731 return cur - mi;
732}
733
734static const char *nokia_imsi = "7240311131388";
735static const char *rokr_imsi = "4660198001300";
736
737void pag_timer_cb(void *data)
738{
739 struct gsm_bts *bts = &gsmnet->bts[0];
740 u_int8_t mi[128];
741 struct gsm_subscriber _subscr, *subscr = &_subscr;
742 unsigned int paging_group, mi_len;
743 u_int64_t num_imsi;
744 const char *imsi = nokia_imsi;
745
746 printf("FEUER\n");
747
748#if 1
749 memset(subscr, 0, sizeof(*subscr));
750 strcpy(subscr->imsi, imsi);
751 db_get_subscriber(GSM_SUBSCRIBER_IMSI, subscr);
752 if (!subscr)
753 return;
754
755 mi_len = generate_mid_from_tmsi(mi, strtoul(subscr->tmsi, NULL, 10));
756#else
757 mi_len = string_to_mi(mi, imsi, GSM_MI_TYPE_IMSI);
758#endif
759
760 num_imsi = strtoull(imsi, NULL, 10);
761 paging_group = get_paging_group(num_imsi, 1, 3);
762
763 for (paging_group = 0; paging_group < 3; paging_group++)
764 rsl_paging_cmd(bts, paging_group, mi_len, mi, RSL_CHANNEED_TCH_F);
765
766 schedule_timer(&pag_timer, 10, 0);
767}
768
Harald Weltef6b7a902008-12-26 00:05:11 +0000[diff] [blame]769int main(int argc, char **argv)
770{
Holger Freytherb332f612008-12-27 12:46:51 +0000[diff] [blame]771 /* parse options */
772 handle_options(argc, argv);
773
Harald Welte75a983f2008-12-27 21:34:06 +0000[diff] [blame]774 if (db_init()) {
775 printf("DB: Failed to init database. Please check the option settings.\n");
776 return 1;
777 }
778 printf("DB: Database initialized.\n");
779
780 if (db_prepare()) {
781 printf("DB: Failed to prepare database.\n");
782 return 1;
783 }
784 printf("DB: Database prepared.\n");
785
Harald Weltef6b7a902008-12-26 00:05:11 +0000[diff] [blame]786 bootstrap_network();
787
Harald Welte255539c2008-12-28 02:26:27 +0000[diff] [blame]788 pag_timer.cb = pag_timer_cb;
789 schedule_timer(&pag_timer, 10, 0);
790
Harald Weltef6b7a902008-12-26 00:05:11 +0000[diff] [blame]791 while (1) {
792 bsc_select_main();
793 }
794}