Age | Commit message (Collapse) | Author | Files | Lines |
|
Change-Id: Id824f7c9d9d6110b4dc443653a14bfcd2e0cc2b3
|
|
Change-Id: I67cb04cfacdc4f2efa8bd829ecf66f0040bf430a
|
|
1. "no neighbor-measurement idle": neighbor cell measurement for cell
re-selection
2. "no neighbor-measurement dedicated": neighbor cell measurement for
handover
Change-Id: Icc5ff58aee3a1a4705e38839bd5cdf6bf7e30f03
|
|
Change-Id: I4897ed2c71ddf30afd057389ca67a9b9d6d88ace
|
|
Change-Id: Ic184772a57451d53797370d2cbac6653ec7b9847
|
|
The initial cell channel decription is received via SI1. During a call this
description may change due to handover, assignment, frequency redefinition.
Whenever it changes, the last received cell channel description is used to
handle messages that do not include this information element.
Example of one call with handover inbetween. The assignments do not include
a cell channel description:
IMMEDIATE ASSIGNMENT: Use cell channel description from SI1.
ASSIGNMENT COMMAND: Re-use cell channel description from SI1.
HANDOVER COMMAND: Use new cell channel description from HANDOVER COMMAND.
ASSIGNMENT COMMAND: Re-use cell channel description from HANDOVER COMMAND.
Change-Id: I4981b0a2a3f896a75e624d07c2d3628442f13ecf
|
|
sel_si structure tracks content of SI5* and SI6 messages. The informations
will change after handover, so they do not refer to the origin cell.
The list of scanned cells is not affected. The sel_si structure will be
overwritten with the selected cell after leaving dedicated mode.
Change-Id: Idd6a35c13de56115645e0861d95c256ebf9257f8
|
|
The handover is forced by reporting perfect measurement results of a given
neighbor cell. All other neighbor cells and the serving cell is reported as
poor. The falke report will sustain until the connection is released or a
new 'better' cell is specified.
Change-Id: Ie9245dbbb9142f14459ed13b2ff29a6c2dbf3d6c
|
|
The implementation supports:
- Non-synchronised handover
- Synchronized handover
- Pre-sychronized handover
- Pseudo-synchronized handover
Change-Id: I0aebe1adfddcc3ff794b980ea4e3651ff616c032
|
|
* Flag to enter dedicated mode with TX disabled
* Flag to use sync info of neighbor cell
* Flag to use sync info of previous serving cell
* Index of neighbor cell
All these parameters are required to handover to a new channel.
Change-Id: Iadbc47f006d1f8a019822aedee180814de13cb2d
|
|
Change-Id: I792b52d9bf115a2def9720eed3d62982d8cdbe00
|
|
Change-Id: I03918bd864c711b377a795186123c85bb6f4dc4a
|
|
sap_fsm.c: In function ‘sap_negotiate_msg_size’:
sap_fsm.c:103:15: warning: passing argument 1 of ‘__bswap_16’ makes integer from pointer without a cast [-Wint-conversion]
size = ntohs((uint16_t *) param->value);
^~~~~~~~~~~~~~~~~~~~~~~~~
Change-Id: Ie58af6162c67ae377809b42daa897ca3f3d72af1
|
|
Change-Id: Ic48e240ee1484aaa793af23c62a24d2949900b86
|
|
Change-Id: I435ef2032b9cefe844c37f395d9087be6af8934a
|
|
Change-Id: Id5c325ffcfea8175bc5d5499a0904c0984e00349
Fixes: OS#198542
|
|
Change-Id: I4a489be6fafcd057c3edc4f3d5f76d645899f884
|
|
Change-Id: If3aaa730c306e703d1d430a8920284aa592c999c
|
|
According to the man page of recv(), the only difference of this
call from read() is the presence of flags. With a zero flags
argument, recv() is generally equivalent to read().
Change-Id: I6d43bbf8d52c5fbb8ee0592b7d1c1dfd2dd1548e
|
|
Since we only set both ARFCN and TDMA frame number of the DL info
header, other fields remain uninitialized. Let's memset() them.
Change-Id: Ib39c333f1724fefa5d8bd8a2315b77a5612f7fa9
|
|
This would allow to abstract both L1CTL and TRX interfaces
from each other in the upcoming refactoring.
Change-Id: I74a23c73b03bad822272b9cfe76c2501666912b7
|
|
Change-Id: I29ed122b8956260b9f847cc0e3e81a28d6762632
|
|
In both gsm48_mm.c and gsm48_rr.c we put / push 'gsm48_rr_hdr'
structure into the message buffers, so then it's retrieved by
the message receivers. The AddressSanitizer complains about
unaligned pointer access and potentially unexpected behaviour.
Change-Id: I8aa2c0074b405afd0e76044ef076b6819fe1083b
|
|
In gsm322_l1_signal(), if S_L1CTL_FBSB_ERR is received, we free
stored System Information of the current cell, but cs->si may
still point to it. Let's set it to NULL.
Found with AddressSanitizer:
DL1C ERROR l1ctl.c:96 FBSB RESP: result=255
DCS INFO gsm322.c:2995 Channel sync error, try again
DCS INFO gsm322.c:467 Sync to ARFCN=860(DCS) rxlev=-106
DRR INFO gsm48_rr.c:665 MON: no cell info
DRR INFO gsm48_rr.c:665 MON: no cell info
DRR INFO gsm48_rr.c:665 MON: no cell info
DRR INFO gsm48_rr.c:665 MON: no cell info
DL1C ERROR l1ctl.c:96 FBSB RESP: result=255
DCS INFO gsm322.c:3008 Channel sync error.
DCS DEBUG gsm322.c:3013 free sysinfo ARFCN=860(DCS)
DCS INFO gsm322.c:3020 Unselect cell due to sync error!
DCS INFO gsm322.c:509 Unselecting serving cell.
=================================================================
==6014==ERROR: AddressSanitizer: heap-use-after-free on address
0x61b0000000e6 at pc 0x00000050d6dd
bp 0x7fff7f84aa60 sp 0x7fff7f84aa58
Change-Id: I9cc526c18d69695d810de98703579818408de011
|
|
Change-Id: I4fe2fd6584a453a951361e1b67fb986583b176be
|
|
According to 3GPP TS 05.03, section 5.3, two coding schemes are
specified for access bursts: one for regular 8-bit bursts,
another - for extended 11-bit packet access bursts.
According to 3GPP TS 05.02, section 5.2.7, there are two
additional training (synchronization) sequences for RACH
bursts: TS1 & TS2. By default, TS0 synch. sequence is used,
unless explicitly stated otherwise (see 3GPP TS 04.60).
According to 3GPP TS 04.60, section 11.2.5a, the EGPRS capability
can be indicated by the MS using an alternative training sequence
(i.e. TS1 or TS2) and the 11-bit RACH coding scheme.
Change-Id: I36fd20cd5502ce33c52f644ee4c22abb83350df8
|
|
Use static helper to prepare l1ctl_fbsb_conf - this simplifies
fbsb-related functions and make difference between timer callback and
regular response more obvious.
Change-Id: I43832d6a912a32ea5795ed0110981e0b714a7a61
|
|
Change-Id: I0168d43951494f4010df891f391ddad4b57493d7
|
|
Use static helpers to add l1ctl_info_dl to msgb - this simplifies
l1ctl_* routines and reduce code duplication.
Change-Id: I0b5b81f1fcd2984136e553a93735ea5456d2b3df
|
|
It's only used as a boolean value so let's set proper type for it.
Change-Id: Iaf50cdd19ac2139ee2d625671410a486edae2999
|
|
Inspired by Sylvain's message at #osmocom.
Change-Id: I3f499837413e1dbd0ca62229dc9cb6f0f7475a42
|
|
Instead of counting both RSSI and ToA measurements separately,
let's have a single counter in trx_lchan_state.meas struct.
Change-Id: I45454a3ac92b8cc85dd74092e4ab6eb350f20c9a
|
|
Change-Id: Ie5843c8adafc37da0d69c335c97b422552b85049
|
|
This change fixes the following compiler warning:
sim.c: In function ‘gsm_sim_reply’:
sim.c:149:11: warning: variable ‘payload’ set but not used
[-Wunused-but-set-variable]
uint8_t *payload;
Change-Id: I3767b23bb1b28d3f4bb515d399bce160ba2eee09
|
|
Change-Id: I7388ec60ca2dff59c0a0e3fdacf5a3af0c244c73
|
|
Change-Id: Id539c2a3477526b816918070bab93b26c900998a
|
|
As we do iterate over all entities in the BA list, it makes more
sense to print each one separately instead of printing the last
one. Moreover, as soon as the iteration is finished, *ba points
to some zero-initialized part of memory:
gsm322.c:5170 Write stored BA list (mcc=000 mnc=000 Marshall Islands, 000)
After this patch:
gsm322.c:5162 Write stored BA list (mcc=250 mnc=99 Russian Federation, Beeline)
gsm322.c:5162 Write stored BA list (mcc=250 mnc=01 Russian Federation, MegaFon)
gsm322.c:5162 Write stored BA list (mcc=250 mnc=02 Russian Federation, MTS)
gsm322.c:5162 Write stored BA list (mcc=544 mnc=31 Serbia, Telenor)
Change-Id: I5160492e6125401c6a1765f54d129b1f1cd503fc
|
|
In If1e851ac605c8d2fde3da565b0bd674ea6350c2e, msgb_wrap_with_TL()
was renamed to msgb_push_tl(). Let's use the new symbol name.
Change-Id: Ief37424e0ca3cd696054518a0ffb07b7ef17a462
|
|
Change-Id: I6e636afec8e45d7dc786f5f159cd5d7784d9a83b
|
|
Both l1ctl_link_init() and trx_if_open() do accept 'tall_ctx' now,
so there is no need to expose the root context anymore. For
logging initialization, we can just pass a pointer.
Change-Id: I7a2231eb880a995d3296b94481a7799e6ff07489
|
|
The main changes are:
- return pointer to the allocated l1ctl_link or NULL,
- accept the talloc context as 'tall_ctx' argument.
Change-Id: I7fe1bc306494ac692c182dcfd2a2d9412929194b
|
|
The main changes are:
- return pointer to the allocated trx_instance or NULL,
- extend debug message with TRX address and base port,
- accept the talloc context as 'tall_ctx' argument,
- rename goto label 'error' to 'udp_error',
- rename argument 'port' to 'base_port'.
Change-Id: I39b24afee2f09d6a6c500cfc26ac45f206589c5c
|
|
Change-Id: Ia78bd6dac7ab12970838e0b1a2929a106b898d9d
|
|
Change-Id: I31c9f2a651182b258d0a4d4504365b778529715a
|
|
Change-Id: Ibd9404a888f02798224238a7b9ff4ebf09f03850
|
|
Change-Id: I7111e368afa47c88ff3c610bae9044f2d5baf037
|
|
Change-Id: I4f6990520836edb5eecce38c04857a4b3bc6f2fc
|
|
The (BT)SAP (Bluetooth SIM Access Profile) is a part of Bluetooth
specifications, that defines the protocol and procedures that
shall be used to access a smart card (usually GSM SIM) via
a Bluetooth link.
The profile defines two roles:
- Server - the side that has direct access to a smart card.
It acts as a SIM card reader, which assists the Client
in accessing and controlling the smart card.
- Client - the side that accesses and controls the smart card
inside the Server through the connection with Server.
Typical examples of a Server are a simple SIM card holder or
a portable phone in the car environment. A typical example of
a Client is a car phone, which uses a subscription module in
the Server for a connection to the cellular network.
OsmocomBB implements the Client role providing abstract SAP
interface API to the higher layers. Instead of Bluetooth,
a UNIX socket is used to communicate with a Server.
The previous implementation of (BT)SAP interface was incomplete
and hard to maintain. This change (re)implements it almost from
scratch on top of the Osmocom FSM framework.
Besides that, the most significant changes are:
- The implementation is separated into three parts:
- sap_interface.{c|h} - public SAP interface API,
- sap_proto.{c|h} - SAP protocol definition,
- sap_fsm.{c|h} - SAP FSM implementation.
- Both 'sap_message' and 'sap_param' structures follow the
SAP message format definition according to 5.1 and 5.2.
- The message parsing is done more carefully in order to
prevent buffer overflow and NULL-pointer dereference.
- Introduced public API for getting / adding message
parameters, and checking the ResultCode.
- Introduced public API for opening / closing a connection
with the server, powering on / off and resetting the SIM
card, sending ATR and APDU.
- Introduced a call-back for handling the response message.
- Card reader state is also a part of the public API.
The new implementation was tested against softsim [1]. The
only limitation is Server-initiated Release, that allows the
Server to 'ask' a Client to release connection as soon as
communication with the smart card is finished. This is not
implemented (yet), and leads to immediate release.
[1] https://git.osmocom.org/softsim/
Change-Id: I77bb108615bb2c94c441568f195b04e0a5421643
|
|
Change-Id: Iad9b3d88b02cc7ec4cf64483bbc85e3a61c9ad10
|
|
Change-Id: I0a379718eeb7db63696cabd5689e0625fb85d85e
|