Age | Commit message (Collapse) | Author | Files | Lines |
|
Change-Id: Id824f7c9d9d6110b4dc443653a14bfcd2e0cc2b3
|
|
Change-Id: I67cb04cfacdc4f2efa8bd829ecf66f0040bf430a
|
|
1. "no neighbor-measurement idle": neighbor cell measurement for cell
re-selection
2. "no neighbor-measurement dedicated": neighbor cell measurement for
handover
Change-Id: Icc5ff58aee3a1a4705e38839bd5cdf6bf7e30f03
|
|
Change-Id: I4897ed2c71ddf30afd057389ca67a9b9d6d88ace
|
|
Change-Id: Ic184772a57451d53797370d2cbac6653ec7b9847
|
|
The initial cell channel decription is received via SI1. During a call this
description may change due to handover, assignment, frequency redefinition.
Whenever it changes, the last received cell channel description is used to
handle messages that do not include this information element.
Example of one call with handover inbetween. The assignments do not include
a cell channel description:
IMMEDIATE ASSIGNMENT: Use cell channel description from SI1.
ASSIGNMENT COMMAND: Re-use cell channel description from SI1.
HANDOVER COMMAND: Use new cell channel description from HANDOVER COMMAND.
ASSIGNMENT COMMAND: Re-use cell channel description from HANDOVER COMMAND.
Change-Id: I4981b0a2a3f896a75e624d07c2d3628442f13ecf
|
|
sel_si structure tracks content of SI5* and SI6 messages. The informations
will change after handover, so they do not refer to the origin cell.
The list of scanned cells is not affected. The sel_si structure will be
overwritten with the selected cell after leaving dedicated mode.
Change-Id: Idd6a35c13de56115645e0861d95c256ebf9257f8
|
|
The handover is forced by reporting perfect measurement results of a given
neighbor cell. All other neighbor cells and the serving cell is reported as
poor. The falke report will sustain until the connection is released or a
new 'better' cell is specified.
Change-Id: Ie9245dbbb9142f14459ed13b2ff29a6c2dbf3d6c
|
|
The implementation supports:
- Non-synchronised handover
- Synchronized handover
- Pre-sychronized handover
- Pseudo-synchronized handover
Change-Id: I0aebe1adfddcc3ff794b980ea4e3651ff616c032
|
|
* Flag to enter dedicated mode with TX disabled
* Flag to use sync info of neighbor cell
* Flag to use sync info of previous serving cell
* Index of neighbor cell
All these parameters are required to handover to a new channel.
Change-Id: Iadbc47f006d1f8a019822aedee180814de13cb2d
|
|
Change-Id: I792b52d9bf115a2def9720eed3d62982d8cdbe00
|
|
Change-Id: I03918bd864c711b377a795186123c85bb6f4dc4a
|
|
sap_fsm.c: In function ‘sap_negotiate_msg_size’:
sap_fsm.c:103:15: warning: passing argument 1 of ‘__bswap_16’ makes integer from pointer without a cast [-Wint-conversion]
size = ntohs((uint16_t *) param->value);
^~~~~~~~~~~~~~~~~~~~~~~~~
Change-Id: Ie58af6162c67ae377809b42daa897ca3f3d72af1
|
|
Change-Id: Ic48e240ee1484aaa793af23c62a24d2949900b86
|
|
Change-Id: I435ef2032b9cefe844c37f395d9087be6af8934a
|
|
Change-Id: Id5c325ffcfea8175bc5d5499a0904c0984e00349
Fixes: OS#198542
|
|
Change-Id: I29ed122b8956260b9f847cc0e3e81a28d6762632
|
|
In gsm322_l1_signal(), if S_L1CTL_FBSB_ERR is received, we free
stored System Information of the current cell, but cs->si may
still point to it. Let's set it to NULL.
Found with AddressSanitizer:
DL1C ERROR l1ctl.c:96 FBSB RESP: result=255
DCS INFO gsm322.c:2995 Channel sync error, try again
DCS INFO gsm322.c:467 Sync to ARFCN=860(DCS) rxlev=-106
DRR INFO gsm48_rr.c:665 MON: no cell info
DRR INFO gsm48_rr.c:665 MON: no cell info
DRR INFO gsm48_rr.c:665 MON: no cell info
DRR INFO gsm48_rr.c:665 MON: no cell info
DL1C ERROR l1ctl.c:96 FBSB RESP: result=255
DCS INFO gsm322.c:3008 Channel sync error.
DCS DEBUG gsm322.c:3013 free sysinfo ARFCN=860(DCS)
DCS INFO gsm322.c:3020 Unselect cell due to sync error!
DCS INFO gsm322.c:509 Unselecting serving cell.
=================================================================
==6014==ERROR: AddressSanitizer: heap-use-after-free on address
0x61b0000000e6 at pc 0x00000050d6dd
bp 0x7fff7f84aa60 sp 0x7fff7f84aa58
Change-Id: I9cc526c18d69695d810de98703579818408de011
|
|
Change-Id: I4fe2fd6584a453a951361e1b67fb986583b176be
|
|
Change-Id: Ie5843c8adafc37da0d69c335c97b422552b85049
|
|
This change fixes the following compiler warning:
sim.c: In function ‘gsm_sim_reply’:
sim.c:149:11: warning: variable ‘payload’ set but not used
[-Wunused-but-set-variable]
uint8_t *payload;
Change-Id: I3767b23bb1b28d3f4bb515d399bce160ba2eee09
|
|
Change-Id: Id539c2a3477526b816918070bab93b26c900998a
|
|
As we do iterate over all entities in the BA list, it makes more
sense to print each one separately instead of printing the last
one. Moreover, as soon as the iteration is finished, *ba points
to some zero-initialized part of memory:
gsm322.c:5170 Write stored BA list (mcc=000 mnc=000 Marshall Islands, 000)
After this patch:
gsm322.c:5162 Write stored BA list (mcc=250 mnc=99 Russian Federation, Beeline)
gsm322.c:5162 Write stored BA list (mcc=250 mnc=01 Russian Federation, MegaFon)
gsm322.c:5162 Write stored BA list (mcc=250 mnc=02 Russian Federation, MTS)
gsm322.c:5162 Write stored BA list (mcc=544 mnc=31 Serbia, Telenor)
Change-Id: I5160492e6125401c6a1765f54d129b1f1cd503fc
|
|
In If1e851ac605c8d2fde3da565b0bd674ea6350c2e, msgb_wrap_with_TL()
was renamed to msgb_push_tl(). Let's use the new symbol name.
Change-Id: Ief37424e0ca3cd696054518a0ffb07b7ef17a462
|
|
The (BT)SAP (Bluetooth SIM Access Profile) is a part of Bluetooth
specifications, that defines the protocol and procedures that
shall be used to access a smart card (usually GSM SIM) via
a Bluetooth link.
The profile defines two roles:
- Server - the side that has direct access to a smart card.
It acts as a SIM card reader, which assists the Client
in accessing and controlling the smart card.
- Client - the side that accesses and controls the smart card
inside the Server through the connection with Server.
Typical examples of a Server are a simple SIM card holder or
a portable phone in the car environment. A typical example of
a Client is a car phone, which uses a subscription module in
the Server for a connection to the cellular network.
OsmocomBB implements the Client role providing abstract SAP
interface API to the higher layers. Instead of Bluetooth,
a UNIX socket is used to communicate with a Server.
The previous implementation of (BT)SAP interface was incomplete
and hard to maintain. This change (re)implements it almost from
scratch on top of the Osmocom FSM framework.
Besides that, the most significant changes are:
- The implementation is separated into three parts:
- sap_interface.{c|h} - public SAP interface API,
- sap_proto.{c|h} - SAP protocol definition,
- sap_fsm.{c|h} - SAP FSM implementation.
- Both 'sap_message' and 'sap_param' structures follow the
SAP message format definition according to 5.1 and 5.2.
- The message parsing is done more carefully in order to
prevent buffer overflow and NULL-pointer dereference.
- Introduced public API for getting / adding message
parameters, and checking the ResultCode.
- Introduced public API for opening / closing a connection
with the server, powering on / off and resetting the SIM
card, sending ATR and APDU.
- Introduced a call-back for handling the response message.
- Card reader state is also a part of the public API.
The new implementation was tested against softsim [1]. The
only limitation is Server-initiated Release, that allows the
Server to 'ask' a Client to release connection as soon as
communication with the smart card is finished. This is not
implemented (yet), and leads to immediate release.
[1] https://git.osmocom.org/softsim/
Change-Id: I77bb108615bb2c94c441568f195b04e0a5421643
|
|
Change-Id: Iad9b3d88b02cc7ec4cf64483bbc85e3a61c9ad10
|
|
The 'osmo' prefix is usually used by libosmo-* symbols.
Change-Id: Id37d8553c2f2c20012fb1b729967b92a9a03f612
|
|
Change-Id: I4ba5a8a42bf25d04b152ac3f1f0e4d7eac7f068f
|
|
Change-Id: I0776bc43360dfa2229243fb022cd318242ca6400
|
|
Change-Id: Ib3aa81986987027718e2a8b461afd28787bda4c2
|
|
Passing NULL to sap_msg_free() is not only meaningless, but also
would result in NULL pointer dereference. We should call it in
successful case only, so let's fix this.
Change-Id: Icf868c4299e292a17c4b7aad1f9e728ea3653494
|
|
Change-Id: I054be24666fcd5eb8a70cfcac0e7ed566e909b90
|
|
Change-Id: I683f87ae09393c45377c39317b08c613055ceb16
|
|
Change-Id: I408b3e1fa40e9b5daf88fa6ed5f3930b83dffe6f
|
|
Change-Id: Ie3040c75bb61094b9b601aef9d699db603d292f4
|
|
Change-Id: I3965843c4d49e31b1b5156d9ee8439eef6ecaab1
|
|
There are several SIM card interfaces, two of which:
- GSM_SIM_TYPE_L1PHY (using built-in SIM reader of the L1 PHY),
- GSM_SIM_TYPE_SAP (using remote reader via (BT)SAP protocol),
can actually deal with a physical SIM card. But, for some reason,
only GSM_SIM_TYPE_L1PHY was considered as such. Let's also get
along with GSM_SIM_TYPE_SAP for the following procedures:
- PIN management and verification,
- FPLMN / LOCI updating,
- A3 authentication.
Change-Id: I4b3080fa7a5332467a449a314ba3cc3a07a9b7df
|
|
Since we have two ways to interact with a physical SIM:
- using built-in SIM reader of the L1 PHY (via L1CTL),
- using remote reader via (BT)SAP protocol,
name 'GSM_SIM_TYPE_READER' looks quite confusing. Let's rename it
in order to explicitly indicate the role of L1 PHY.
Change-Id: I0f83f365ed50cfd658fdd3a9d6866ed76c8c4009
|
|
Change-Id: I8cab7cc72f026947859cc607f65d925803424cf7
|
|
Change-Id: I5a6214aec2dcb92495038ea8311c0df22fa8d07b
|
|
SAP connection can be initialized upon request.
Change-Id: Ic89089c4850ab2c9252bfd43a05d5271e2e3a160
|
|
Change-Id: I3a2908bf11300ec681beddb5a54f9a62ca5430ae
|
|
Almost all layer23 applications, excluding mobile, have nothing
to do with SAP interface. Moreover, the current implementation
does initialize SAP connection automatically, as soon as the
first message is sent.
Change-Id: I62cc69c06fa15468a55bb0a9d408267d0745174c
|
|
This change revives the main idea of:
Change-Id: I32517567847fd5c54b1742f18bf409ff81e316fa
to stop ignoring the VTY bind address from the config file.
Furthermore, it deprecates (and disables) both 'u' and 'v'
command line options, because they are redundant.
Change-Id: I99e0ec1717edd29b3be231be86616cc7effe5d95
|
|
The process should be aborted if a non-existing command line
option or an incorrect parameter value is passed.
Change-Id: Ib656ad12f12429ed15dc2a1554901ffa51148ff6
|
|
Change-Id: I6af76afbaa34dde5ddfc31a65700030862442dba
|
|
The VTY requisites are always being printed by libosmovty,
there is no need to duplicate this information.
Change-Id: I688f66175ea67d4c6a46819bee7d300ad9ce7cc7
|
|
This reverts commit c8de8cb1e126a18c0269571fba38310589dd9273
(Change-Id I32517567847fd5c54b1742f18bf409ff81e316fa by Max),
because several problems were introduced, in particular:
a) Help message of mobile application is broken:
"The VTY IP to telnet to. (default (null))",
"The VTY port number to telnet to. (default 127.0.0.1)".
b) Default VTY bind addres != parsed from the config file.
c) The (vty_ip == NULL) is resolved only when an external
MNCC handler is used, otherwise NULL is passed to
l23_app_init().
Change-Id: Ic63a4eb828ff32d3744886b4f5f6f5019c798620
|
|
Previously the vty bind config parameter was always ignored. Fix this by using proper
default value from the config unless it's explicitly set via command-line parameter.
Change-Id: I32517567847fd5c54b1742f18bf409ff81e316fa
|
|
Remove locally defined function which conflicts with the one in
libosmocore.
Change-Id: I1be1d39f7c93c959ca33f6296ecda71996865cca
|