Gitiles
Code Review Sign In
gerrit.osmocom.org / osmo-sgsn / 3444ddb85d390bbd6ab3cc44079d138f31315b0a / . / src / bsc_hack.c
blob: 2838ff8bc5ef510e2bbf18a21e1a3b5d9fbb6315 [file] [log] [blame]
Harald Welte52b1f982008-12-23 20:25:15 +0000[diff] [blame]1/* A hackish minimal BSC (+MSC +HLR) implementation */
2
3/* (C) 2008 by Harald Welte <laforge@gnumonks.org>
4 * All Rights Reserved
5 *
6 * This program is free software; you can redistribute it and/or modify
7 * it under the terms of the GNU General Public License as published by
8 * the Free Software Foundation; either version 2 of the License, or
9 * (at your option) any later version.
10 *
11 * This program is distributed in the hope that it will be useful,
12 * but WITHOUT ANY WARRANTY; without even the implied warranty of
13 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 * GNU General Public License for more details.
15 *
16 * You should have received a copy of the GNU General Public License along
17 * with this program; if not, write to the Free Software Foundation, Inc.,
18 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
19 *
20 */
21
Harald Weltef6b7a902008-12-26 00:05:11 +0000[diff] [blame]22#include <unistd.h>
23#include <stdlib.h>
24#include <stdio.h>
25#include <stdarg.h>
26#include <time.h>
27#include <string.h>
Harald Weltead384642008-12-26 10:20:07 +0000[diff] [blame]28#include <errno.h>
Harald Welte52b1f982008-12-23 20:25:15 +0000[diff] [blame]29
Holger Freytherb332f612008-12-27 12:46:51 +0000[diff] [blame]30#define _GNU_SOURCE
31#include <getopt.h>
32
Harald Welte255539c2008-12-28 02:26:27 +0000[diff] [blame]33#include <openbsc/db.h>
34#include <openbsc/timer.h>
Harald Welte8470bf22008-12-25 23:28:35 +0000[diff] [blame]35#include <openbsc/gsm_data.h>
Harald Welte255539c2008-12-28 02:26:27 +0000[diff] [blame]36#include <openbsc/gsm_04_08.h>
Harald Weltead384642008-12-26 10:20:07 +0000[diff] [blame]37#include <openbsc/select.h>
Harald Welte8470bf22008-12-25 23:28:35 +0000[diff] [blame]38#include <openbsc/abis_rsl.h>
39#include <openbsc/abis_nm.h>
Harald Welte702d8702008-12-26 20:25:35 +0000[diff] [blame]40#include <openbsc/debug.h>
Holger Freyther5677ae32008-12-27 09:41:03 +0000[diff] [blame]41#include <openbsc/misdn.h>
Harald Welte52b1f982008-12-23 20:25:15 +0000[diff] [blame]42
43/* global pointer to the gsm network data structure */
44static struct gsm_network *gsmnet;
45
46/* The following definitions are for OM and NM packets that we cannot yet
47 * generate by code but we just pass on */
48
49// BTS Site Manager, SET ATTRIBUTES
50
51/*
52 Object Class: BTS Site Manager
53 Instance 1: FF
54 Instance 2: FF
55 Instance 3: FF
56SET ATTRIBUTES
57 sAbisExternalTime: 2007/09/08 14:36:11
58 omLAPDRelTimer: 30sec
59 shortLAPDIntTimer: 5sec
60 emergencyTimer1: 10 minutes
61 emergencyTimer2: 0 minutes
62*/
63
64unsigned char msg_1[] =
65{
66 0xD0, 0x00, 0xFF, 0xFF, 0xFF, 0x91, 0x07, 0xD7, 0x09, 0x08, 0x0E, 0x24,
67 0x0B, 0xCE, 0x02, 0x00, 0x1E, 0xE8, 0x01, 0x05, 0x42, 0x02, 0x00, 0x0A, 0x44,
68 0x02, 0x00, 0x00
69};
70
71// BTS, SET BTS ATTRIBUTES
72
73/*
74 Object Class: BTS
75 BTS relat. Number: 0
76 Instance 2: FF
77 Instance 3: FF
78SET BTS ATTRIBUTES
79 bsIdentityCode / BSIC:
80 PLMN_colour_code: 7h
81 BS_colour_code: 7h
82 BTS Air Timer T3105: 4 ,unit 10 ms
83 btsIsHopping: FALSE
84 periodCCCHLoadIndication: 255sec
85 thresholdCCCHLoadIndication: 100%
86 cellAllocationNumber: 00h = GSM 900
87 enableInterferenceClass: 00h = Disabled
88 fACCHQual: 6 (FACCH stealing flags minus 1)
89 intaveParameter: 31 SACCH multiframes
90 interferenceLevelBoundaries:
91 Interference Boundary 1: 0Ah
92 Interference Boundary 2: 0Fh
93 Interference Boundary 3: 14h
94 Interference Boundary 4: 19h
95 Interference Boundary 5: 1Eh
96 mSTxPwrMax: 11
97 GSM range: 2=39dBm, 15=13dBm, stepsize 2 dBm
98 DCS1800 range: 0=30dBm, 15=0dBm, stepsize 2 dBm
99 PCS1900 range: 0=30dBm, 15=0dBm, stepsize 2 dBm
100 30=33dBm, 31=32dBm
101 ny1:
102 Maximum number of repetitions for PHYSICAL INFORMATION message (GSM 04.08): 20
103 powerOutputThresholds:
104 Out Power Fault Threshold: -10 dB
105 Red Out Power Threshold: - 6 dB
106 Excessive Out Power Threshold: 5 dB
107 rACHBusyThreshold: -127 dBm
108 rACHLoadAveragingSlots: 250 ,number of RACH burst periods
109 rfResourceIndicationPeriod: 125 SACCH multiframes
110 T200:
111 SDCCH: 044 in 5 ms
112 FACCH/Full rate: 031 in 5 ms
113 FACCH/Half rate: 041 in 5 ms
114 SACCH with TCH SAPI0: 090 in 10 ms
115 SACCH with SDCCH: 090 in 10 ms
116 SDCCH with SAPI3: 090 in 5 ms
117 SACCH with TCH SAPI3: 135 in 10 ms
118 tSync: 9000 units of 10 msec
119 tTrau: 9000 units of 10 msec
120 enableUmLoopTest: 00h = disabled
121 enableExcessiveDistance: 00h = Disabled
122 excessiveDistance: 64km
123 hoppingMode: 00h = baseband hopping
124 cellType: 00h = Standard Cell
125 BCCH ARFCN / bCCHFrequency: 1
126*/
127
128unsigned char msg_2[] =
129{
130 0x41, 0x01, 0x00, 0xFF, 0xFF, 0x09, 0x3F, 0x0A, 0x04, 0x61, 0x00, 0x0B,
131 0xFF, 0x0C, 0x64, 0x62, 0x00, 0x66, 0x00, 0x6E, 0x06, 0x18, 0x1F, 0x19,
132 0x0A, 0x0F, 0x14, 0x19, 0x1E, 0x7B, 0x0B, 0x23, 0x14, 0x28, 0x00, 0x04,
133 0x03, 0x2A, 0x7F, 0x2B, 0x00, 0xFA, 0x8F, 0x7D, 0x33, 0x2C, 0x1F, 0x29,
134 0x5A, 0x5A, 0x5A, 0x87, 0x94, 0x23, 0x28, 0x95, 0x23, 0x28, 0x35, 0x01,
135 0x00, 0x46, 0x01, 0x00, 0x58, 0x01, 0x40, 0xC5, 0x01, 0x00, 0xF2, 0x01,
136 0x00, 0x08, 0x00, HARDCODED_ARFCN/*0x01*/,
137};
138
139// Handover Recognition, SET ATTRIBUTES
140
141/*
142Illegal Contents GSM Formatted O&M Msg
143 Object Class: Handover Recognition
144 BTS relat. Number: 0
145 Instance 2: FF
146 Instance 3: FF
147SET ATTRIBUTES
148 enableDelayPowerBudgetHO: 00h = Disabled
149 enableDistanceHO: 00h = Disabled
150 enableInternalInterCellHandover: 00h = Disabled
151 enableInternalIntraCellHandover: 00h = Disabled
152 enablePowerBudgetHO: 00h = Disabled
153 enableRXLEVHO: 00h = Disabled
154 enableRXQUALHO: 00h = Disabled
155 hoAveragingDistance: 8 SACCH multiframes
156 hoAveragingLev:
157 A_LEV_HO: 8 SACCH multiframes
158 W_LEV_HO: 1 SACCH multiframes
159 hoAveragingPowerBudget: 16 SACCH multiframes
160 hoAveragingQual:
161 A_QUAL_HO: 8 SACCH multiframes
162 W_QUAL_HO: 2 SACCH multiframes
163 hoLowerThresholdLevDL: (10 - 110) dBm
164 hoLowerThresholdLevUL: (5 - 110) dBm
165 hoLowerThresholdQualDL: 06h = 6.4% < BER < 12.8%
166 hoLowerThresholdQualUL: 06h = 6.4% < BER < 12.8%
167 hoThresholdLevDLintra : (20 - 110) dBm
168 hoThresholdLevULintra: (20 - 110) dBm
169 hoThresholdMsRangeMax: 20 km
170 nCell: 06h
171 timerHORequest: 3 ,unit 2 SACCH multiframes
172*/
173
174unsigned char msg_3[] =
175{
176 0xD0, 0xA1, 0x00, 0xFF, 0xFF, 0xD0, 0x00, 0x64, 0x00, 0x67, 0x00, 0x68,
177 0x00, 0x6A, 0x00, 0x6C, 0x00, 0x6D, 0x00, 0x6F, 0x08, 0x70, 0x08, 0x01,
178 0x71, 0x10, 0x10, 0x10, 0x72, 0x08, 0x02, 0x73, 0x0A, 0x74, 0x05, 0x75,
179 0x06, 0x76, 0x06, 0x78, 0x14, 0x79, 0x14, 0x7A, 0x14, 0x7D, 0x06, 0x92,
180 0x03, 0x20, 0x01, 0x00, 0x45, 0x01, 0x00, 0x48, 0x01, 0x00, 0x5A, 0x01,
181 0x00, 0x5B, 0x01, 0x05, 0x5E, 0x01, 0x1A, 0x5F, 0x01, 0x20, 0x9D, 0x01,
182 0x00, 0x47, 0x01, 0x00, 0x5C, 0x01, 0x64, 0x5D, 0x01, 0x1E, 0x97, 0x01,
183 0x20, 0xF7, 0x01, 0x3C,
184};
185
186// Power Control, SET ATTRIBUTES
187
188/*
189 Object Class: Power Control
190 BTS relat. Number: 0
191 Instance 2: FF
192 Instance 3: FF
193SET ATTRIBUTES
194 enableMsPowerControl: 00h = Disabled
195 enablePowerControlRLFW: 00h = Disabled
196 pcAveragingLev:
197 A_LEV_PC: 4 SACCH multiframes
198 W_LEV_PC: 1 SACCH multiframes
199 pcAveragingQual:
200 A_QUAL_PC: 4 SACCH multiframes
201 W_QUAL_PC: 2 SACCH multiframes
202 pcLowerThresholdLevDL: 0Fh
203 pcLowerThresholdLevUL: 0Ah
204 pcLowerThresholdQualDL: 05h = 3.2% < BER < 6.4%
205 pcLowerThresholdQualUL: 05h = 3.2% < BER < 6.4%
206 pcRLFThreshold: 0Ch
207 pcUpperThresholdLevDL: 14h
208 pcUpperThresholdLevUL: 0Fh
209 pcUpperThresholdQualDL: 04h = 1.6% < BER < 3.2%
210 pcUpperThresholdQualUL: 04h = 1.6% < BER < 3.2%
211 powerConfirm: 2 ,unit 2 SACCH multiframes
212 powerControlInterval: 2 ,unit 2 SACCH multiframes
213 powerIncrStepSize: 02h = 4 dB
214 powerRedStepSize: 01h = 2 dB
215 radioLinkTimeoutBs: 64 SACCH multiframes
216 enableBSPowerControl: 00h = disabled
217*/
218
219unsigned char msg_4[] =
220{
221 0xD0, 0xA2, 0x00, 0xFF, 0xFF, 0x69, 0x00, 0x6B, 0x00, 0x7E, 0x04, 0x01,
222 0x7F, 0x04, 0x02, 0x80, 0x0F, 0x81, 0x0A, 0x82, 0x05, 0x83, 0x05, 0x84,
223 0x0C, 0x85, 0x14, 0x86, 0x0F, 0x87, 0x04, 0x88, 0x04, 0x89, 0x02, 0x8A,
224 0x02, 0x8B, 0x02, 0x8C, 0x01, 0x8D, 0x40, 0x65, 0x01, 0x00 // set to 0x01 to enable BSPowerControl
225};
226
227
228// Transceiver, SET TRX ATTRIBUTES (TRX 0)
229
230/*
231 Object Class: Transceiver
232 BTS relat. Number: 0
233 Tranceiver number: 0
234 Instance 3: FF
235SET TRX ATTRIBUTES
236 aRFCNList (HEX): 0001
237 txPwrMaxReduction: 00h = 0dB
238 radioMeasGran: 254 SACCH multiframes
239 radioMeasRep: 01h = enabled
240 memberOfEmergencyConfig: 01h = TRUE
241 trxArea: 00h = TRX doesn't belong to a concentric cell
242*/
243
244unsigned char msg_6[] =
245{
246 0x44, 0x02, 0x00, 0x00, 0xFF, 0x05, 0x01, 0x00, HARDCODED_ARFCN /*0x01*/, 0x2D,
247 0x00, 0xDC, 0x01, 0xFE, 0xDD, 0x01, 0x01, 0x9B, 0x01, 0x01, 0x9F, 0x01, 0x00,
248};
249
250
251static void bootstrap_om(struct gsm_bts *bts)
252{
253 struct gsm_bts_trx *trx = &bts->trx[0];
254
Harald Weltead384642008-12-26 10:20:07 +0000[diff] [blame]255 fprintf(stdout, "bootstrapping OML\n");
256
Harald Welte52b1f982008-12-23 20:25:15 +0000[diff] [blame]257 /* stop sending event reports */
258 abis_nm_event_reports(bts, 0);
259
260 /* begin DB transmission */
261 abis_nm_db_transmission(bts, 1);
262
Harald Welte702d8702008-12-26 20:25:35 +0000[diff] [blame]263 /* end DB transmission */
264 abis_nm_db_transmission(bts, 0);
265
266 /* Reset BTS Site manager resource */
267 abis_nm_reset_resource(bts);
268
269 /* begin DB transmission */
270 abis_nm_db_transmission(bts, 1);
271
Harald Welte52b1f982008-12-23 20:25:15 +0000[diff] [blame]272 abis_nm_raw_msg(bts, sizeof(msg_1), msg_1); /* set BTS SiteMgr attr*/
273 abis_nm_raw_msg(bts, sizeof(msg_2), msg_2); /* set BTS attr */
274 abis_nm_raw_msg(bts, sizeof(msg_3), msg_3); /* set BTS handover attr */
275 abis_nm_raw_msg(bts, sizeof(msg_4), msg_4); /* set BTS power control attr */
276
277 /* Connect signalling of bts0/trx0 to e1_0/ts1/64kbps */
278 abis_nm_conn_terr_sign(trx, 0, 1, 0xff);
279 abis_nm_raw_msg(bts, sizeof(msg_6), msg_6); /* SET TRX ATTRIBUTES */
280
281 /* Use TEI 1 for signalling */
282 abis_nm_establish_tei(bts, 0, 0, 1, 0xff, 0x01);
283 abis_nm_set_channel_attr(&trx->ts[0], NM_CHANC_SDCCH_CBCH);
284#if 0
285 /* TRX 1 */
286 abis_nm_conn_terr_sign(&bts->trx[1], 0, 1, 0xff);
287 /* FIXME: TRX ATTRIBUTE */
288 abis_nm_establish_tei(bts, 0, 0, 1, 0xff, 0x02);
289#endif
290
291 /* SET CHANNEL ATTRIBUTE TS1 */
292 abis_nm_set_channel_attr(&trx->ts[1], 0x09);
293 /* Connect traffic of bts0/trx0/ts1 to e1_0/ts2/b */
294 abis_nm_conn_terr_traf(&trx->ts[1], 0, 2, 1);
295
296 /* SET CHANNEL ATTRIBUTE TS2 */
297 abis_nm_set_channel_attr(&trx->ts[2], 0x09);
298 /* Connect traffic of bts0/trx0/ts2 to e1_0/ts2/c */
299 abis_nm_conn_terr_traf(&trx->ts[2], 0, 2, 2);
300
301 /* SET CHANNEL ATTRIBUTE TS3 */
302 abis_nm_set_channel_attr(&trx->ts[3], 0x09);
303 /* Connect traffic of bts0/trx0/ts3 to e1_0/ts2/d */
304 abis_nm_conn_terr_traf(&trx->ts[3], 0, 2, 3);
305
306 /* SET CHANNEL ATTRIBUTE TS4 */
307 abis_nm_set_channel_attr(&trx->ts[4], 0x09);
308 /* Connect traffic of bts0/trx0/ts4 to e1_0/ts3/a */
309 abis_nm_conn_terr_traf(&trx->ts[4], 0, 3, 0);
310
311 /* SET CHANNEL ATTRIBUTE TS5 */
312 abis_nm_set_channel_attr(&trx->ts[5], 0x09);
313 /* Connect traffic of bts0/trx0/ts5 to e1_0/ts3/b */
314 abis_nm_conn_terr_traf(&trx->ts[5], 0, 3, 1);
315
316 /* SET CHANNEL ATTRIBUTE TS6 */
317 abis_nm_set_channel_attr(&trx->ts[6], 0x09);
318 /* Connect traffic of bts0/trx0/ts6 to e1_0/ts3/c */
319 abis_nm_conn_terr_traf(&trx->ts[6], 0, 3, 2);
320
321 /* SET CHANNEL ATTRIBUTE TS7 */
322 abis_nm_set_channel_attr(&trx->ts[7], 0x09);
323 /* Connect traffic of bts0/trx0/ts7 to e1_0/ts3/d */
324 abis_nm_conn_terr_traf(&trx->ts[7], 0, 3, 3);
325
326 /* end DB transmission */
327 abis_nm_db_transmission(bts, 0);
328
329 /* Reset BTS Site manager resource */
330 abis_nm_reset_resource(bts);
331
332 /* restart sending event reports */
333 abis_nm_event_reports(bts, 1);
334}
335
336
337
338struct bcch_info {
339 u_int8_t type;
340 u_int8_t len;
341 const u_int8_t *data;
342};
343
344/*
345SYSTEM INFORMATION TYPE 1
346 Cell channel description
347 Format-ID bit map 0
348 CA-ARFCN Bit 124...001 (Hex): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01
349 RACH Control Parameters
350 maximum 7 retransmissions
351 8 slots used to spread transmission
352 cell not barred for access
353 call reestablishment not allowed
354 Access Control Class = 0000
355*/
356static const u_int8_t si1[] = {
357 0x55, 0x06, 0x19, 0x04 /*0x00*/, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
358 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 /*0x01*/,0xD5,
359 0x00, 0x00, 0x2B
360};
361
362/*
363 SYSTEM INFORMATION TYPE 2
364 Neighbour Cells Description
365 EXT-IND: Carries the complete BA
366 BA-IND = 0
367 Format-ID bit map 0
368 CA-ARFCN Bit 124...001 (Hex): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
369 NCC permitted (NCC) = FF
370 RACH Control Parameters
371 maximum 7 retransmissions
372 8 slots used to spread transmission
373 cell not barred for access
374 call reestablishment not allowed
375 Access Control Class = 0000
376*/
377static const u_int8_t si2[] = {
378 0x59, 0x06, 0x1A, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
379 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xD5, 0x00,
380 0x00
381};
382
383/*
384SYSTEM INFORMATION TYPE 3
385 Cell identity = 00001 (1h)
386 Location area identification
387 Mobile Country Code (MCC): 001
388 Mobile Network Code (MNC): 01
389 Location Area Code (LAC): 00001 (1h)
390 Control Channel Description
391 Attach-detach: MSs in the cell are not allowed to apply IMSI attach /detach
392 0 blocks reserved for access grant
393 1 channel used for CCCH, with SDCCH
394 5 multiframes period for PAGING REQUEST
395 Time-out T3212 = 0
396 Cell Options BCCH
397 Power control indicator: not set
398 MSs shall not use uplink DTX
399 Radio link timeout = 36
400 Cell Selection Parameters
401 Cell reselect hysteresis = 6 dB RXLEV hysteresis for LA re-selection
402 max.TX power level MS may use for CCH = 2
403 Additional Reselect Parameter Indication (ACS) = only SYSTEM INFO 4: The SI rest octets, if present, shall be used to derive the value of PI and possibly C2 parameters
404 Half rate support (NECI): New establishment causes are not supported
405 min.RX signal level for MS = 0
406 RACH Control Parameters
407 maximum 7 retransmissions
408 8 slots used to spread transmission
409 cell not barred for access
410 call reestablishment not allowed
411 Access Control Class = 0000
412 SI 3 Rest Octets
413 Cell Bar Qualify (CBQ): 0
414 Cell Reselect Offset = 0 dB
415 Temporary Offset = 0 dB
416 Penalty Time = 20 s
417 System Information 2ter Indicator (2TI): 0 = not available
418 Early Classmark Sending Control (ECSC): 0 = forbidden
419 Scheduling Information is not sent in SYSTEM INFORMATION TYPE 9 on the BCCH
420*/
421unsigned char si3[] = {
422 0x49, 0x06, 0x1B, 0x00, 0x01, 0x00, 0xF1, 0x10, 0x00, 0x01,
423 0x01, 0x03, 0x00, 0x28, 0x62, 0x00, 0xD5, 0x00, 0x00, 0x80,
424 0x00, 0x00, 0x2B
425};
426
427/*
428SYSTEM INFORMATION TYPE 4
429 Location area identification
430 Mobile Country Code (MCC): 001
431 Mobile Network Code (MNC): 01
432 Location Area Code (LAC): 00001 (1h)
433 Cell Selection Parameters
434 Cell reselect hysteresis = 6 dB RXLEV hysteresis for LA re-selection
435 max.TX power level MS may use for CCH = 2
436 Additional Reselect Parameter Indication (ACS) = only SYSTEM INFO 4: The SI rest octets, if present, shall be used to derive the value of PI and possibly C2 parameters
437 Half rate support (NECI): New establishment causes are not supported
438 min.RX signal level for MS = 0
439 RACH Control Parameters
440 maximum 7 retransmissions
441 8 slots used to spread transmission
442 cell not barred for access
443 call reestablishment not allowed
444 Access Control Class = 0000
445 Channel Description
446 Type = SDCCH/4[2]
447 Timeslot Number: 0
448 Training Sequence Code: 7h
449 ARFCN: 1
450 SI Rest Octets
451 Cell Bar Qualify (CBQ): 0
452 Cell Reselect Offset = 0 dB
453 Temporary Offset = 0 dB
454 Penalty Time = 20 s
455*/
456static const u_int8_t si4[] = {
457 0x41, 0x06, 0x1C, 0x00, 0xF1, 0x10, 0x00, 0x01, 0x62, 0x00,
458 0xD5, 0x00, 0x00, 0x64, 0x30, 0xE0, HARDCODED_ARFCN/*0x01*/, 0x80, 0x00, 0x00,
459 0x2B, 0x2B, 0x2B
460};
461
462/*
463 SYSTEM INFORMATION TYPE 5
464 Neighbour Cells Description
465 EXT-IND: Carries the complete BA
466 BA-IND = 0
467 Format-ID bit map 0
468 CA-ARFCN Bit 124...001 (Hex): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
469*/
470
471static const u_int8_t si5[] = {
472 0x06, 0x1D, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
473 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
474};
475
476// SYSTEM INFORMATION TYPE 6
477
478/*
479SACCH FILLING
480 System Info Type: SYSTEM INFORMATION 6
481 L3 Information (Hex): 06 1E 00 01 xx xx 10 00 01 28 FF
482
483SYSTEM INFORMATION TYPE 6
484 Cell identity = 00001 (1h)
485 Location area identification
486 Mobile Country Code (MCC): 001
487 Mobile Network Code (MNC): 01
488 Location Area Code (LAC): 00001 (1h)
489 Cell Options SACCH
490 Power control indicator: not set
491 MSs shall not use uplink DTX on a TCH-F. MS shall not use uplink DTX on TCH-H.
492 Radio link timeout = 36
493 NCC permitted (NCC) = FF
494*/
495
496static const u_int8_t si6[] = {
497 0x06, 0x1E, 0x00, 0x01, 0x00, 0xF1, 0x10, 0x00, 0x01, 0x28, 0xFF,
498};
499
500
501
502static const struct bcch_info bcch_infos[] = {
503 {
504 .type = RSL_SYSTEM_INFO_1,
505 .len = sizeof(si1),
506 .data = si1,
507 }, {
508 .type = RSL_SYSTEM_INFO_2,
509 .len = sizeof(si2),
510 .data = si2,
511 }, {
512 .type = RSL_SYSTEM_INFO_3,
513 .len = sizeof(si3),
514 .data = si3,
515 }, {
516 .type = RSL_SYSTEM_INFO_4,
517 .len = sizeof(si4),
518 .data = si4,
519 },
520};
521
522/* set all system information types */
523static int set_system_infos(struct gsm_bts *bts)
524{
525 int i;
526
527 for (i = 0; i < ARRAY_SIZE(bcch_infos); i++) {
528 rsl_bcch_info(bts, bcch_infos[i].type,
529 bcch_infos[i].data,
530 bcch_infos[i].len);
531 }
532 rsl_sacch_filling(bts, RSL_SYSTEM_INFO_5, si5, sizeof(si5));
533 rsl_sacch_filling(bts, RSL_SYSTEM_INFO_6, si6, sizeof(si6));
Harald Weltead384642008-12-26 10:20:07 +0000[diff] [blame]534
535 return 0;
Harald Welte52b1f982008-12-23 20:25:15 +0000[diff] [blame]536}
537
538static void activate_traffic_channels(struct gsm_bts_trx *trx)
539{
540 int i;
541
542 /* channel 0 is CCCH */
543 for (i = 1; i < 8; i++)
544 rsl_chan_activate_tch_f(&trx->ts[i]);
545}
546
Harald Weltead384642008-12-26 10:20:07 +0000[diff] [blame]547static void bootstrap_rsl(struct gsm_bts *bts)
Harald Welte52b1f982008-12-23 20:25:15 +0000[diff] [blame]548{
Harald Weltead384642008-12-26 10:20:07 +0000[diff] [blame]549 fprintf(stdout, "bootstrapping RSL\n");
Harald Welte52b1f982008-12-23 20:25:15 +0000[diff] [blame]550 set_system_infos(bts);
551
552 /* FIXME: defer this until the channels are used */
Harald Welte702d8702008-12-26 20:25:35 +0000[diff] [blame]553 //activate_traffic_channels(&bts->trx[0]);
Harald Welte52b1f982008-12-23 20:25:15 +0000[diff] [blame]554}
555
Harald Weltead384642008-12-26 10:20:07 +0000[diff] [blame]556static void mi_cb(int event, struct gsm_bts *bts)
557{
558 switch (event) {
559 case EVT_E1_OML_UP:
560 bootstrap_om(bts);
561 break;
562 case EVT_E1_RSL_UP:
563 bootstrap_rsl(bts);
564 break;
565 default:
566 /* FIXME: deal with TEI or L1 link loss */
567 break;
568 }
569}
570
571static int bootstrap_network(void)
Harald Welte52b1f982008-12-23 20:25:15 +0000[diff] [blame]572{
573 struct gsm_bts *bts;
574
575 /* initialize our data structures */
576 gsmnet = gsm_network_init(1, 1, 1);
Harald Weltead384642008-12-26 10:20:07 +0000[diff] [blame]577 if (!gsmnet)
578 return -ENOMEM;
579
Harald Welte52b1f982008-12-23 20:25:15 +0000[diff] [blame]580 bts = &gsmnet->bts[0];
581 bts->location_area_code = 1;
582 bts->trx[0].arfcn = HARDCODED_ARFCN;
583
Harald Weltead384642008-12-26 10:20:07 +0000[diff] [blame]584 if (mi_setup(bts, 0, mi_cb) < 0)
585 return -EIO;
586
587 return 0;
Harald Welte52b1f982008-12-23 20:25:15 +0000[diff] [blame]588}
Harald Weltef6b7a902008-12-26 00:05:11 +0000[diff] [blame]589
Holger Freytherb332f612008-12-27 12:46:51 +0000[diff] [blame]590static void print_usage()
591{
592 printf("Usage: bsc_hack\n");
593}
594
595static void print_help()
596{
597 printf(" Some useful help...\n");
598 printf(" -d option --debug=DRLL:DCC:DMM:DRR:DRSL:DNM enable debugging\n");
599 printf(" -n --disable-color\n");
600 printf(" -h --help this text\n");
601}
602
603static void handle_options(int argc, char** argv)
604{
605 while (1) {
606 int option_index = 0, c;
607 static struct option long_options[] = {
608 {"help", 0, 0, 'h'},
609 {"debug", 1, 0, 'd'},
610 {"disable-color", 0, 0, 'n'},
611 {0, 0, 0, 0}
612 };
613
614 c = getopt_long(argc, argv, "hnd:",
615 long_options, &option_index);
616 if (c == -1)
617 break;
618
619 switch (c) {
620 case 'h':
621 print_usage();
622 print_help();
623 exit(0);
624 case 'n':
625 debug_use_color(0);
626 break;
627 case 'd':
628 debug_parse_category_mask(optarg);
629 break;
630 default:
631 /* ignore */
632 break;
633 }
634 }
635}
636
Harald Welte255539c2008-12-28 02:26:27 +0000[diff] [blame]637static struct timer_list pag_timer;
638
639/* handles uppercase decimal and hexadecimal */
640static u_int8_t char2bcd(char c)
641{
642 if (c <= '9')
643 return c - '0';
644 else
645 return c - 'A';
646}
647
648static int string_to_mi(u_int8_t *mi, const char *string,
649 u_int8_t type)
650{
651 u_int8_t *cur = mi+3;
652
653 mi[0] = GSM48_IE_MOBILE_ID;
654 //mi[1] = TMSI_LEN;
655 mi[2] = type & GSM_MI_TYPE_MASK;
656
657 if (strlen(string) & 0x01)
658 mi[2] |= char2bcd(*string++) << 4;
659 else
660 mi[2] |= 0xf0;
661
662 while (*string && *(string+1))
663 *cur++ = char2bcd(*string++) | (char2bcd(*string++) << 4);
664
665 mi[1] = cur - mi;
666
667 return cur - mi;
668}
669
670static const char *nokia_imsi = "7240311131388";
671static const char *rokr_imsi = "4660198001300";
672
673void pag_timer_cb(void *data)
674{
675 struct gsm_bts *bts = &gsmnet->bts[0];
676 u_int8_t mi[128];
677 struct gsm_subscriber _subscr, *subscr = &_subscr;
678 unsigned int paging_group, mi_len;
679 u_int64_t num_imsi;
680 const char *imsi = nokia_imsi;
681
682 printf("FEUER\n");
683
684#if 1
685 memset(subscr, 0, sizeof(*subscr));
686 strcpy(subscr->imsi, imsi);
687 db_get_subscriber(GSM_SUBSCRIBER_IMSI, subscr);
688 if (!subscr)
689 return;
690
691 mi_len = generate_mid_from_tmsi(mi, strtoul(subscr->tmsi, NULL, 10));
692#else
693 mi_len = string_to_mi(mi, imsi, GSM_MI_TYPE_IMSI);
694#endif
695
696 num_imsi = strtoull(imsi, NULL, 10);
697 paging_group = get_paging_group(num_imsi, 1, 3);
698
699 for (paging_group = 0; paging_group < 3; paging_group++)
700 rsl_paging_cmd(bts, paging_group, mi_len, mi, RSL_CHANNEED_TCH_F);
701
702 schedule_timer(&pag_timer, 10, 0);
703}
704
Harald Weltef6b7a902008-12-26 00:05:11 +0000[diff] [blame]705int main(int argc, char **argv)
706{
Holger Freytherb332f612008-12-27 12:46:51 +0000[diff] [blame]707 /* parse options */
708 handle_options(argc, argv);
709
Harald Welte75a983f2008-12-27 21:34:06 +0000[diff] [blame]710 if (db_init()) {
711 printf("DB: Failed to init database. Please check the option settings.\n");
712 return 1;
713 }
714 printf("DB: Database initialized.\n");
715
716 if (db_prepare()) {
717 printf("DB: Failed to prepare database.\n");
718 return 1;
719 }
720 printf("DB: Database prepared.\n");
721
Harald Weltef6b7a902008-12-26 00:05:11 +0000[diff] [blame]722 bootstrap_network();
723
Harald Welte255539c2008-12-28 02:26:27 +0000[diff] [blame]724 pag_timer.cb = pag_timer_cb;
725 schedule_timer(&pag_timer, 10, 0);
726
Harald Weltef6b7a902008-12-26 00:05:11 +0000[diff] [blame]727 while (1) {
728 bsc_select_main();
729 }
730}