Gitiles
Code Review Sign In
gerrit.osmocom.org / osmo-mgw / 5e85c8ea4099a8df3520adc167a117dea62564c1 / . / src / bsc_hack.c
blob: 6885d0eba0d22caf435b199fc5537672c0d5c07f [file] [log] [blame]
Harald Welte52b1f982008-12-23 20:25:15 +0000[diff] [blame]1/* A hackish minimal BSC (+MSC +HLR) implementation */
2
3/* (C) 2008 by Harald Welte <laforge@gnumonks.org>
4 * All Rights Reserved
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License along
17 * with this program; if not, write to the Free Software Foundation, Inc.,
18 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
19 *
20 */
21
Harald Weltef6b7a902008-12-26 00:05:11 +0000[diff] [blame]22#include <unistd.h>
23#include <stdlib.h>
24#include <stdio.h>
25#include <stdarg.h>
26#include <time.h>
27#include <string.h>
Harald Weltead384642008-12-26 10:20:07 +0000[diff] [blame]28#include <errno.h>
Harald Welte52b1f982008-12-23 20:25:15 +0000[diff] [blame]29
Holger Freytherb332f612008-12-27 12:46:51 +0000[diff] [blame]30#define _GNU_SOURCE
31#include <getopt.h>
32
Harald Welte255539c2008-12-28 02:26:27 +0000[diff] [blame]33#include <openbsc/db.h>
34#include <openbsc/timer.h>
Harald Welte8470bf22008-12-25 23:28:35 +0000[diff] [blame]35#include <openbsc/gsm_data.h>
Harald Welte255539c2008-12-28 02:26:27 +0000[diff] [blame]36#include <openbsc/gsm_04_08.h>
Harald Weltead384642008-12-26 10:20:07 +0000[diff] [blame]37#include <openbsc/select.h>
Harald Welte8470bf22008-12-25 23:28:35 +0000[diff] [blame]38#include <openbsc/abis_rsl.h>
39#include <openbsc/abis_nm.h>
Harald Welte702d8702008-12-26 20:25:35 +0000[diff] [blame]40#include <openbsc/debug.h>
Holger Freyther5677ae32008-12-27 09:41:03 +0000[diff] [blame]41#include <openbsc/misdn.h>
Harald Welte52b1f982008-12-23 20:25:15 +0000[diff] [blame]42
43/* global pointer to the gsm network data structure */
44static struct gsm_network *gsmnet;
45
Holger Freytherefde7fb2008-12-28 14:14:56 +0000[diff] [blame]46/* MCC and MNC for the Location Area Identifier */
47static int MCC = 1;
48static int MNC = 1;
49
50
Harald Welte52b1f982008-12-23 20:25:15 +0000[diff] [blame]51/* The following definitions are for OM and NM packets that we cannot yet
52 * generate by code but we just pass on */
53
54// BTS Site Manager, SET ATTRIBUTES
55
56/*
57 Object Class: BTS Site Manager
58 Instance 1: FF
59 Instance 2: FF
60 Instance 3: FF
61SET ATTRIBUTES
62 sAbisExternalTime: 2007/09/08 14:36:11
63 omLAPDRelTimer: 30sec
64 shortLAPDIntTimer: 5sec
65 emergencyTimer1: 10 minutes
66 emergencyTimer2: 0 minutes
67*/
68
69unsigned char msg_1[] =
70{
71 0xD0, 0x00, 0xFF, 0xFF, 0xFF, 0x91, 0x07, 0xD7, 0x09, 0x08, 0x0E, 0x24,
72 0x0B, 0xCE, 0x02, 0x00, 0x1E, 0xE8, 0x01, 0x05, 0x42, 0x02, 0x00, 0x0A, 0x44,
73 0x02, 0x00, 0x00
74};
75
76// BTS, SET BTS ATTRIBUTES
77
78/*
79 Object Class: BTS
80 BTS relat. Number: 0
81 Instance 2: FF
82 Instance 3: FF
83SET BTS ATTRIBUTES
84 bsIdentityCode / BSIC:
85 PLMN_colour_code: 7h
86 BS_colour_code: 7h
87 BTS Air Timer T3105: 4 ,unit 10 ms
88 btsIsHopping: FALSE
89 periodCCCHLoadIndication: 255sec
90 thresholdCCCHLoadIndication: 100%
91 cellAllocationNumber: 00h = GSM 900
92 enableInterferenceClass: 00h = Disabled
93 fACCHQual: 6 (FACCH stealing flags minus 1)
94 intaveParameter: 31 SACCH multiframes
95 interferenceLevelBoundaries:
96 Interference Boundary 1: 0Ah
97 Interference Boundary 2: 0Fh
98 Interference Boundary 3: 14h
99 Interference Boundary 4: 19h
100 Interference Boundary 5: 1Eh
101 mSTxPwrMax: 11
102 GSM range: 2=39dBm, 15=13dBm, stepsize 2 dBm
103 DCS1800 range: 0=30dBm, 15=0dBm, stepsize 2 dBm
104 PCS1900 range: 0=30dBm, 15=0dBm, stepsize 2 dBm
105 30=33dBm, 31=32dBm
106 ny1:
107 Maximum number of repetitions for PHYSICAL INFORMATION message (GSM 04.08): 20
108 powerOutputThresholds:
109 Out Power Fault Threshold: -10 dB
110 Red Out Power Threshold: - 6 dB
111 Excessive Out Power Threshold: 5 dB
112 rACHBusyThreshold: -127 dBm
113 rACHLoadAveragingSlots: 250 ,number of RACH burst periods
114 rfResourceIndicationPeriod: 125 SACCH multiframes
115 T200:
116 SDCCH: 044 in 5 ms
117 FACCH/Full rate: 031 in 5 ms
118 FACCH/Half rate: 041 in 5 ms
119 SACCH with TCH SAPI0: 090 in 10 ms
120 SACCH with SDCCH: 090 in 10 ms
121 SDCCH with SAPI3: 090 in 5 ms
122 SACCH with TCH SAPI3: 135 in 10 ms
123 tSync: 9000 units of 10 msec
124 tTrau: 9000 units of 10 msec
125 enableUmLoopTest: 00h = disabled
126 enableExcessiveDistance: 00h = Disabled
127 excessiveDistance: 64km
128 hoppingMode: 00h = baseband hopping
129 cellType: 00h = Standard Cell
130 BCCH ARFCN / bCCHFrequency: 1
131*/
132
133unsigned char msg_2[] =
134{
135 0x41, 0x01, 0x00, 0xFF, 0xFF, 0x09, 0x3F, 0x0A, 0x04, 0x61, 0x00, 0x0B,
136 0xFF, 0x0C, 0x64, 0x62, 0x00, 0x66, 0x00, 0x6E, 0x06, 0x18, 0x1F, 0x19,
137 0x0A, 0x0F, 0x14, 0x19, 0x1E, 0x7B, 0x0B, 0x23, 0x14, 0x28, 0x00, 0x04,
138 0x03, 0x2A, 0x7F, 0x2B, 0x00, 0xFA, 0x8F, 0x7D, 0x33, 0x2C, 0x1F, 0x29,
139 0x5A, 0x5A, 0x5A, 0x87, 0x94, 0x23, 0x28, 0x95, 0x23, 0x28, 0x35, 0x01,
140 0x00, 0x46, 0x01, 0x00, 0x58, 0x01, 0x40, 0xC5, 0x01, 0x00, 0xF2, 0x01,
141 0x00, 0x08, 0x00, HARDCODED_ARFCN/*0x01*/,
142};
143
144// Handover Recognition, SET ATTRIBUTES
145
146/*
147Illegal Contents GSM Formatted O&M Msg
148 Object Class: Handover Recognition
149 BTS relat. Number: 0
150 Instance 2: FF
151 Instance 3: FF
152SET ATTRIBUTES
153 enableDelayPowerBudgetHO: 00h = Disabled
154 enableDistanceHO: 00h = Disabled
155 enableInternalInterCellHandover: 00h = Disabled
156 enableInternalIntraCellHandover: 00h = Disabled
157 enablePowerBudgetHO: 00h = Disabled
158 enableRXLEVHO: 00h = Disabled
159 enableRXQUALHO: 00h = Disabled
160 hoAveragingDistance: 8 SACCH multiframes
161 hoAveragingLev:
162 A_LEV_HO: 8 SACCH multiframes
163 W_LEV_HO: 1 SACCH multiframes
164 hoAveragingPowerBudget: 16 SACCH multiframes
165 hoAveragingQual:
166 A_QUAL_HO: 8 SACCH multiframes
167 W_QUAL_HO: 2 SACCH multiframes
168 hoLowerThresholdLevDL: (10 - 110) dBm
169 hoLowerThresholdLevUL: (5 - 110) dBm
170 hoLowerThresholdQualDL: 06h = 6.4% < BER < 12.8%
171 hoLowerThresholdQualUL: 06h = 6.4% < BER < 12.8%
172 hoThresholdLevDLintra : (20 - 110) dBm
173 hoThresholdLevULintra: (20 - 110) dBm
174 hoThresholdMsRangeMax: 20 km
175 nCell: 06h
176 timerHORequest: 3 ,unit 2 SACCH multiframes
177*/
178
179unsigned char msg_3[] =
180{
181 0xD0, 0xA1, 0x00, 0xFF, 0xFF, 0xD0, 0x00, 0x64, 0x00, 0x67, 0x00, 0x68,
182 0x00, 0x6A, 0x00, 0x6C, 0x00, 0x6D, 0x00, 0x6F, 0x08, 0x70, 0x08, 0x01,
183 0x71, 0x10, 0x10, 0x10, 0x72, 0x08, 0x02, 0x73, 0x0A, 0x74, 0x05, 0x75,
184 0x06, 0x76, 0x06, 0x78, 0x14, 0x79, 0x14, 0x7A, 0x14, 0x7D, 0x06, 0x92,
185 0x03, 0x20, 0x01, 0x00, 0x45, 0x01, 0x00, 0x48, 0x01, 0x00, 0x5A, 0x01,
186 0x00, 0x5B, 0x01, 0x05, 0x5E, 0x01, 0x1A, 0x5F, 0x01, 0x20, 0x9D, 0x01,
187 0x00, 0x47, 0x01, 0x00, 0x5C, 0x01, 0x64, 0x5D, 0x01, 0x1E, 0x97, 0x01,
188 0x20, 0xF7, 0x01, 0x3C,
189};
190
191// Power Control, SET ATTRIBUTES
192
193/*
194 Object Class: Power Control
195 BTS relat. Number: 0
196 Instance 2: FF
197 Instance 3: FF
198SET ATTRIBUTES
199 enableMsPowerControl: 00h = Disabled
200 enablePowerControlRLFW: 00h = Disabled
201 pcAveragingLev:
202 A_LEV_PC: 4 SACCH multiframes
203 W_LEV_PC: 1 SACCH multiframes
204 pcAveragingQual:
205 A_QUAL_PC: 4 SACCH multiframes
206 W_QUAL_PC: 2 SACCH multiframes
207 pcLowerThresholdLevDL: 0Fh
208 pcLowerThresholdLevUL: 0Ah
209 pcLowerThresholdQualDL: 05h = 3.2% < BER < 6.4%
210 pcLowerThresholdQualUL: 05h = 3.2% < BER < 6.4%
211 pcRLFThreshold: 0Ch
212 pcUpperThresholdLevDL: 14h
213 pcUpperThresholdLevUL: 0Fh
214 pcUpperThresholdQualDL: 04h = 1.6% < BER < 3.2%
215 pcUpperThresholdQualUL: 04h = 1.6% < BER < 3.2%
216 powerConfirm: 2 ,unit 2 SACCH multiframes
217 powerControlInterval: 2 ,unit 2 SACCH multiframes
218 powerIncrStepSize: 02h = 4 dB
219 powerRedStepSize: 01h = 2 dB
220 radioLinkTimeoutBs: 64 SACCH multiframes
221 enableBSPowerControl: 00h = disabled
222*/
223
224unsigned char msg_4[] =
225{
226 0xD0, 0xA2, 0x00, 0xFF, 0xFF, 0x69, 0x00, 0x6B, 0x00, 0x7E, 0x04, 0x01,
227 0x7F, 0x04, 0x02, 0x80, 0x0F, 0x81, 0x0A, 0x82, 0x05, 0x83, 0x05, 0x84,
228 0x0C, 0x85, 0x14, 0x86, 0x0F, 0x87, 0x04, 0x88, 0x04, 0x89, 0x02, 0x8A,
229 0x02, 0x8B, 0x02, 0x8C, 0x01, 0x8D, 0x40, 0x65, 0x01, 0x00 // set to 0x01 to enable BSPowerControl
230};
231
232
233// Transceiver, SET TRX ATTRIBUTES (TRX 0)
234
235/*
236 Object Class: Transceiver
237 BTS relat. Number: 0
238 Tranceiver number: 0
239 Instance 3: FF
240SET TRX ATTRIBUTES
241 aRFCNList (HEX): 0001
242 txPwrMaxReduction: 00h = 0dB
243 radioMeasGran: 254 SACCH multiframes
244 radioMeasRep: 01h = enabled
245 memberOfEmergencyConfig: 01h = TRUE
246 trxArea: 00h = TRX doesn't belong to a concentric cell
247*/
248
249unsigned char msg_6[] =
250{
251 0x44, 0x02, 0x00, 0x00, 0xFF, 0x05, 0x01, 0x00, HARDCODED_ARFCN /*0x01*/, 0x2D,
252 0x00, 0xDC, 0x01, 0xFE, 0xDD, 0x01, 0x01, 0x9B, 0x01, 0x01, 0x9F, 0x01, 0x00,
253};
254
255
256static void bootstrap_om(struct gsm_bts *bts)
257{
258 struct gsm_bts_trx *trx = &bts->trx[0];
259
Harald Weltead384642008-12-26 10:20:07 +0000[diff] [blame]260 fprintf(stdout, "bootstrapping OML\n");
261
Harald Welte52b1f982008-12-23 20:25:15 +0000[diff] [blame]262 /* stop sending event reports */
263 abis_nm_event_reports(bts, 0);
264
265 /* begin DB transmission */
266 abis_nm_db_transmission(bts, 1);
267
Harald Welte702d8702008-12-26 20:25:35 +0000[diff] [blame]268 /* end DB transmission */
269 abis_nm_db_transmission(bts, 0);
270
271 /* Reset BTS Site manager resource */
272 abis_nm_reset_resource(bts);
273
274 /* begin DB transmission */
275 abis_nm_db_transmission(bts, 1);
276
Harald Welte52b1f982008-12-23 20:25:15 +0000[diff] [blame]277 abis_nm_raw_msg(bts, sizeof(msg_1), msg_1); /* set BTS SiteMgr attr*/
278 abis_nm_raw_msg(bts, sizeof(msg_2), msg_2); /* set BTS attr */
279 abis_nm_raw_msg(bts, sizeof(msg_3), msg_3); /* set BTS handover attr */
280 abis_nm_raw_msg(bts, sizeof(msg_4), msg_4); /* set BTS power control attr */
281
282 /* Connect signalling of bts0/trx0 to e1_0/ts1/64kbps */
283 abis_nm_conn_terr_sign(trx, 0, 1, 0xff);
284 abis_nm_raw_msg(bts, sizeof(msg_6), msg_6); /* SET TRX ATTRIBUTES */
285
286 /* Use TEI 1 for signalling */
287 abis_nm_establish_tei(bts, 0, 0, 1, 0xff, 0x01);
288 abis_nm_set_channel_attr(&trx->ts[0], NM_CHANC_SDCCH_CBCH);
289#if 0
290 /* TRX 1 */
291 abis_nm_conn_terr_sign(&bts->trx[1], 0, 1, 0xff);
292 /* FIXME: TRX ATTRIBUTE */
293 abis_nm_establish_tei(bts, 0, 0, 1, 0xff, 0x02);
294#endif
295
296 /* SET CHANNEL ATTRIBUTE TS1 */
297 abis_nm_set_channel_attr(&trx->ts[1], 0x09);
298 /* Connect traffic of bts0/trx0/ts1 to e1_0/ts2/b */
299 abis_nm_conn_terr_traf(&trx->ts[1], 0, 2, 1);
300
301 /* SET CHANNEL ATTRIBUTE TS2 */
302 abis_nm_set_channel_attr(&trx->ts[2], 0x09);
303 /* Connect traffic of bts0/trx0/ts2 to e1_0/ts2/c */
304 abis_nm_conn_terr_traf(&trx->ts[2], 0, 2, 2);
305
306 /* SET CHANNEL ATTRIBUTE TS3 */
307 abis_nm_set_channel_attr(&trx->ts[3], 0x09);
308 /* Connect traffic of bts0/trx0/ts3 to e1_0/ts2/d */
309 abis_nm_conn_terr_traf(&trx->ts[3], 0, 2, 3);
310
311 /* SET CHANNEL ATTRIBUTE TS4 */
312 abis_nm_set_channel_attr(&trx->ts[4], 0x09);
313 /* Connect traffic of bts0/trx0/ts4 to e1_0/ts3/a */
314 abis_nm_conn_terr_traf(&trx->ts[4], 0, 3, 0);
315
316 /* SET CHANNEL ATTRIBUTE TS5 */
317 abis_nm_set_channel_attr(&trx->ts[5], 0x09);
318 /* Connect traffic of bts0/trx0/ts5 to e1_0/ts3/b */
319 abis_nm_conn_terr_traf(&trx->ts[5], 0, 3, 1);
320
321 /* SET CHANNEL ATTRIBUTE TS6 */
322 abis_nm_set_channel_attr(&trx->ts[6], 0x09);
323 /* Connect traffic of bts0/trx0/ts6 to e1_0/ts3/c */
324 abis_nm_conn_terr_traf(&trx->ts[6], 0, 3, 2);
325
326 /* SET CHANNEL ATTRIBUTE TS7 */
327 abis_nm_set_channel_attr(&trx->ts[7], 0x09);
328 /* Connect traffic of bts0/trx0/ts7 to e1_0/ts3/d */
329 abis_nm_conn_terr_traf(&trx->ts[7], 0, 3, 3);
330
331 /* end DB transmission */
332 abis_nm_db_transmission(bts, 0);
333
334 /* Reset BTS Site manager resource */
335 abis_nm_reset_resource(bts);
336
337 /* restart sending event reports */
338 abis_nm_event_reports(bts, 1);
339}
340
341
342
343struct bcch_info {
344 u_int8_t type;
345 u_int8_t len;
346 const u_int8_t *data;
347};
348
349/*
350SYSTEM INFORMATION TYPE 1
351 Cell channel description
352 Format-ID bit map 0
353 CA-ARFCN Bit 124...001 (Hex): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01
354 RACH Control Parameters
355 maximum 7 retransmissions
356 8 slots used to spread transmission
357 cell not barred for access
358 call reestablishment not allowed
359 Access Control Class = 0000
360*/
361static const u_int8_t si1[] = {
362 0x55, 0x06, 0x19, 0x04 /*0x00*/, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
363 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 /*0x01*/,0xD5,
364 0x00, 0x00, 0x2B
365};
366
367/*
368 SYSTEM INFORMATION TYPE 2
369 Neighbour Cells Description
370 EXT-IND: Carries the complete BA
371 BA-IND = 0
372 Format-ID bit map 0
373 CA-ARFCN Bit 124...001 (Hex): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
374 NCC permitted (NCC) = FF
375 RACH Control Parameters
376 maximum 7 retransmissions
377 8 slots used to spread transmission
378 cell not barred for access
379 call reestablishment not allowed
380 Access Control Class = 0000
381*/
382static const u_int8_t si2[] = {
383 0x59, 0x06, 0x1A, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
384 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xD5, 0x00,
385 0x00
386};
387
388/*
389SYSTEM INFORMATION TYPE 3
390 Cell identity = 00001 (1h)
391 Location area identification
392 Mobile Country Code (MCC): 001
393 Mobile Network Code (MNC): 01
394 Location Area Code (LAC): 00001 (1h)
395 Control Channel Description
396 Attach-detach: MSs in the cell are not allowed to apply IMSI attach /detach
397 0 blocks reserved for access grant
398 1 channel used for CCCH, with SDCCH
399 5 multiframes period for PAGING REQUEST
400 Time-out T3212 = 0
401 Cell Options BCCH
402 Power control indicator: not set
403 MSs shall not use uplink DTX
404 Radio link timeout = 36
405 Cell Selection Parameters
406 Cell reselect hysteresis = 6 dB RXLEV hysteresis for LA re-selection
407 max.TX power level MS may use for CCH = 2
408 Additional Reselect Parameter Indication (ACS) = only SYSTEM INFO 4: The SI rest octets, if present, shall be used to derive the value of PI and possibly C2 parameters
409 Half rate support (NECI): New establishment causes are not supported
410 min.RX signal level for MS = 0
411 RACH Control Parameters
412 maximum 7 retransmissions
413 8 slots used to spread transmission
414 cell not barred for access
415 call reestablishment not allowed
416 Access Control Class = 0000
417 SI 3 Rest Octets
418 Cell Bar Qualify (CBQ): 0
419 Cell Reselect Offset = 0 dB
420 Temporary Offset = 0 dB
421 Penalty Time = 20 s
422 System Information 2ter Indicator (2TI): 0 = not available
423 Early Classmark Sending Control (ECSC): 0 = forbidden
424 Scheduling Information is not sent in SYSTEM INFORMATION TYPE 9 on the BCCH
425*/
426unsigned char si3[] = {
427 0x49, 0x06, 0x1B, 0x00, 0x01, 0x00, 0xF1, 0x10, 0x00, 0x01,
428 0x01, 0x03, 0x00, 0x28, 0x62, 0x00, 0xD5, 0x00, 0x00, 0x80,
429 0x00, 0x00, 0x2B
430};
431
432/*
433SYSTEM INFORMATION TYPE 4
434 Location area identification
435 Mobile Country Code (MCC): 001
436 Mobile Network Code (MNC): 01
437 Location Area Code (LAC): 00001 (1h)
438 Cell Selection Parameters
439 Cell reselect hysteresis = 6 dB RXLEV hysteresis for LA re-selection
440 max.TX power level MS may use for CCH = 2
441 Additional Reselect Parameter Indication (ACS) = only SYSTEM INFO 4: The SI rest octets, if present, shall be used to derive the value of PI and possibly C2 parameters
442 Half rate support (NECI): New establishment causes are not supported
443 min.RX signal level for MS = 0
444 RACH Control Parameters
445 maximum 7 retransmissions
446 8 slots used to spread transmission
447 cell not barred for access
448 call reestablishment not allowed
449 Access Control Class = 0000
450 Channel Description
451 Type = SDCCH/4[2]
452 Timeslot Number: 0
453 Training Sequence Code: 7h
454 ARFCN: 1
455 SI Rest Octets
456 Cell Bar Qualify (CBQ): 0
457 Cell Reselect Offset = 0 dB
458 Temporary Offset = 0 dB
459 Penalty Time = 20 s
460*/
461static const u_int8_t si4[] = {
462 0x41, 0x06, 0x1C, 0x00, 0xF1, 0x10, 0x00, 0x01, 0x62, 0x00,
463 0xD5, 0x00, 0x00, 0x64, 0x30, 0xE0, HARDCODED_ARFCN/*0x01*/, 0x80, 0x00, 0x00,
464 0x2B, 0x2B, 0x2B
465};
466
467/*
468 SYSTEM INFORMATION TYPE 5
469 Neighbour Cells Description
470 EXT-IND: Carries the complete BA
471 BA-IND = 0
472 Format-ID bit map 0
473 CA-ARFCN Bit 124...001 (Hex): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
474*/
475
476static const u_int8_t si5[] = {
477 0x06, 0x1D, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
478 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
479};
480
481// SYSTEM INFORMATION TYPE 6
482
483/*
484SACCH FILLING
485 System Info Type: SYSTEM INFORMATION 6
486 L3 Information (Hex): 06 1E 00 01 xx xx 10 00 01 28 FF
487
488SYSTEM INFORMATION TYPE 6
489 Cell identity = 00001 (1h)
490 Location area identification
491 Mobile Country Code (MCC): 001
492 Mobile Network Code (MNC): 01
493 Location Area Code (LAC): 00001 (1h)
494 Cell Options SACCH
495 Power control indicator: not set
496 MSs shall not use uplink DTX on a TCH-F. MS shall not use uplink DTX on TCH-H.
497 Radio link timeout = 36
498 NCC permitted (NCC) = FF
499*/
500
501static const u_int8_t si6[] = {
502 0x06, 0x1E, 0x00, 0x01, 0x00, 0xF1, 0x10, 0x00, 0x01, 0x28, 0xFF,
503};
504
505
506
507static const struct bcch_info bcch_infos[] = {
508 {
509 .type = RSL_SYSTEM_INFO_1,
510 .len = sizeof(si1),
511 .data = si1,
512 }, {
513 .type = RSL_SYSTEM_INFO_2,
514 .len = sizeof(si2),
515 .data = si2,
516 }, {
517 .type = RSL_SYSTEM_INFO_3,
518 .len = sizeof(si3),
519 .data = si3,
520 }, {
521 .type = RSL_SYSTEM_INFO_4,
522 .len = sizeof(si4),
523 .data = si4,
524 },
525};
526
527/* set all system information types */
528static int set_system_infos(struct gsm_bts *bts)
529{
530 int i;
531
532 for (i = 0; i < ARRAY_SIZE(bcch_infos); i++) {
533 rsl_bcch_info(bts, bcch_infos[i].type,
534 bcch_infos[i].data,
535 bcch_infos[i].len);
536 }
537 rsl_sacch_filling(bts, RSL_SYSTEM_INFO_5, si5, sizeof(si5));
538 rsl_sacch_filling(bts, RSL_SYSTEM_INFO_6, si6, sizeof(si6));
Harald Weltead384642008-12-26 10:20:07 +0000[diff] [blame]539
540 return 0;
Harald Welte52b1f982008-12-23 20:25:15 +0000[diff] [blame]541}
542
543static void activate_traffic_channels(struct gsm_bts_trx *trx)
544{
545 int i;
546
547 /* channel 0 is CCCH */
548 for (i = 1; i < 8; i++)
549 rsl_chan_activate_tch_f(&trx->ts[i]);
550}
551
Harald Weltead384642008-12-26 10:20:07 +0000[diff] [blame]552static void bootstrap_rsl(struct gsm_bts *bts)
Harald Welte52b1f982008-12-23 20:25:15 +0000[diff] [blame]553{
Harald Weltead384642008-12-26 10:20:07 +0000[diff] [blame]554 fprintf(stdout, "bootstrapping RSL\n");
Harald Welte52b1f982008-12-23 20:25:15 +0000[diff] [blame]555 set_system_infos(bts);
556
557 /* FIXME: defer this until the channels are used */
Harald Welte702d8702008-12-26 20:25:35 +0000[diff] [blame]558 //activate_traffic_channels(&bts->trx[0]);
Harald Welte52b1f982008-12-23 20:25:15 +0000[diff] [blame]559}
560
Harald Weltead384642008-12-26 10:20:07 +0000[diff] [blame]561static void mi_cb(int event, struct gsm_bts *bts)
562{
563 switch (event) {
564 case EVT_E1_OML_UP:
565 bootstrap_om(bts);
566 break;
567 case EVT_E1_RSL_UP:
568 bootstrap_rsl(bts);
569 break;
570 default:
571 /* FIXME: deal with TEI or L1 link loss */
572 break;
573 }
574}
575
Holger Freytherefde7fb2008-12-28 14:14:56 +0000[diff] [blame]576/*
577 * Patch the various SYSTEM INFORMATION tables to update
578 * the LAI
579 */
580static void patch_tables(void)
581{
582}
583
Harald Weltead384642008-12-26 10:20:07 +0000[diff] [blame]584static int bootstrap_network(void)
Harald Welte52b1f982008-12-23 20:25:15 +0000[diff] [blame]585{
586 struct gsm_bts *bts;
587
588 /* initialize our data structures */
Holger Freytherefde7fb2008-12-28 14:14:56 +0000[diff] [blame]589 gsmnet = gsm_network_init(1, MCC, MNC);
Harald Weltead384642008-12-26 10:20:07 +0000[diff] [blame]590 if (!gsmnet)
591 return -ENOMEM;
592
Harald Welte52b1f982008-12-23 20:25:15 +0000[diff] [blame]593 bts = &gsmnet->bts[0];
594 bts->location_area_code = 1;
595 bts->trx[0].arfcn = HARDCODED_ARFCN;
596
Harald Weltead384642008-12-26 10:20:07 +0000[diff] [blame]597 if (mi_setup(bts, 0, mi_cb) < 0)
598 return -EIO;
599
600 return 0;
Harald Welte52b1f982008-12-23 20:25:15 +0000[diff] [blame]601}
Harald Weltef6b7a902008-12-26 00:05:11 +0000[diff] [blame]602
Holger Freytherb332f612008-12-27 12:46:51 +0000[diff] [blame]603static void print_usage()
604{
605 printf("Usage: bsc_hack\n");
606}
607
608static void print_help()
609{
610 printf(" Some useful help...\n");
611 printf(" -d option --debug=DRLL:DCC:DMM:DRR:DRSL:DNM enable debugging\n");
Holger Freytherefde7fb2008-12-28 14:14:56 +0000[diff] [blame]612 printf(" -s --disable-color\n");
613 printf(" -n --network-code number(MNC) \n");
614 printf(" -c --country-code number (MCC) \n");
Holger Freytherb332f612008-12-27 12:46:51 +0000[diff] [blame]615 printf(" -h --help this text\n");
616}
617
618static void handle_options(int argc, char** argv)
619{
620 while (1) {
621 int option_index = 0, c;
622 static struct option long_options[] = {
623 {"help", 0, 0, 'h'},
624 {"debug", 1, 0, 'd'},
Holger Freytherefde7fb2008-12-28 14:14:56 +0000[diff] [blame]625 {"disable-color", 0, 0, 's'},
626 {"network-code", 1, 0, 'n'},
627 {"country-code", 1, 0, 'c'},
Holger Freytherb332f612008-12-27 12:46:51 +0000[diff] [blame]628 {0, 0, 0, 0}
629 };
630
631 c = getopt_long(argc, argv, "hnd:",
632 long_options, &option_index);
633 if (c == -1)
634 break;
635
636 switch (c) {
637 case 'h':
638 print_usage();
639 print_help();
640 exit(0);
Holger Freytherefde7fb2008-12-28 14:14:56 +0000[diff] [blame]641 case 's':
Holger Freytherb332f612008-12-27 12:46:51 +0000[diff] [blame]642 debug_use_color(0);
643 break;
644 case 'd':
645 debug_parse_category_mask(optarg);
646 break;
Holger Freytherefde7fb2008-12-28 14:14:56 +0000[diff] [blame]647 case 'n':
648 MNC = atoi(optarg);
649 break;
650 case 'c':
651 MCC = atoi(optarg);
652 break;
Holger Freytherb332f612008-12-27 12:46:51 +0000[diff] [blame]653 default:
654 /* ignore */
655 break;
656 }
657 }
658}
659
Harald Welte255539c2008-12-28 02:26:27 +0000[diff] [blame]660static struct timer_list pag_timer;
661
662/* handles uppercase decimal and hexadecimal */
663static u_int8_t char2bcd(char c)
664{
665 if (c <= '9')
666 return c - '0';
667 else
668 return c - 'A';
669}
670
671static int string_to_mi(u_int8_t *mi, const char *string,
672 u_int8_t type)
673{
674 u_int8_t *cur = mi+3;
675
676 mi[0] = GSM48_IE_MOBILE_ID;
677 //mi[1] = TMSI_LEN;
678 mi[2] = type & GSM_MI_TYPE_MASK;
679
680 if (strlen(string) & 0x01)
681 mi[2] |= char2bcd(*string++) << 4;
682 else
683 mi[2] |= 0xf0;
684
685 while (*string && *(string+1))
686 *cur++ = char2bcd(*string++) | (char2bcd(*string++) << 4);
687
688 mi[1] = cur - mi;
689
690 return cur - mi;
691}
692
693static const char *nokia_imsi = "7240311131388";
694static const char *rokr_imsi = "4660198001300";
695
696void pag_timer_cb(void *data)
697{
698 struct gsm_bts *bts = &gsmnet->bts[0];
699 u_int8_t mi[128];
700 struct gsm_subscriber _subscr, *subscr = &_subscr;
701 unsigned int paging_group, mi_len;
702 u_int64_t num_imsi;
703 const char *imsi = nokia_imsi;
704
705 printf("FEUER\n");
706
707#if 1
708 memset(subscr, 0, sizeof(*subscr));
709 strcpy(subscr->imsi, imsi);
710 db_get_subscriber(GSM_SUBSCRIBER_IMSI, subscr);
711 if (!subscr)
712 return;
713
714 mi_len = generate_mid_from_tmsi(mi, strtoul(subscr->tmsi, NULL, 10));
715#else
716 mi_len = string_to_mi(mi, imsi, GSM_MI_TYPE_IMSI);
717#endif
718
719 num_imsi = strtoull(imsi, NULL, 10);
720 paging_group = get_paging_group(num_imsi, 1, 3);
721
722 for (paging_group = 0; paging_group < 3; paging_group++)
723 rsl_paging_cmd(bts, paging_group, mi_len, mi, RSL_CHANNEED_TCH_F);
724
725 schedule_timer(&pag_timer, 10, 0);
726}
727
Harald Weltef6b7a902008-12-26 00:05:11 +0000[diff] [blame]728int main(int argc, char **argv)
729{
Holger Freytherb332f612008-12-27 12:46:51 +0000[diff] [blame]730 /* parse options */
731 handle_options(argc, argv);
732
Harald Welte75a983f2008-12-27 21:34:06 +0000[diff] [blame]733 if (db_init()) {
734 printf("DB: Failed to init database. Please check the option settings.\n");
735 return 1;
736 }
737 printf("DB: Database initialized.\n");
738
739 if (db_prepare()) {
740 printf("DB: Failed to prepare database.\n");
741 return 1;
742 }
743 printf("DB: Database prepared.\n");
744
Holger Freytherefde7fb2008-12-28 14:14:56 +0000[diff] [blame]745 patch_tables();
Harald Weltef6b7a902008-12-26 00:05:11 +0000[diff] [blame]746 bootstrap_network();
747
Harald Welte255539c2008-12-28 02:26:27 +0000[diff] [blame]748 pag_timer.cb = pag_timer_cb;
749 schedule_timer(&pag_timer, 10, 0);
750
Harald Weltef6b7a902008-12-26 00:05:11 +0000[diff] [blame]751 while (1) {
752 bsc_select_main();
753 }
754}