From 13e10daa330ea2b699c9aa9d14b3adbd01111fd6 Mon Sep 17 00:00:00 2001 From: Harald Welte Date: Wed, 10 Jun 2009 05:40:52 +0800 Subject: move openbsc into its own subdirectory --- src/bsc_hack.c | 1159 -------------------------------------------------------- 1 file changed, 1159 deletions(-) delete mode 100644 src/bsc_hack.c (limited to 'src/bsc_hack.c') diff --git a/src/bsc_hack.c b/src/bsc_hack.c deleted file mode 100644 index 7aa8b9aef..000000000 --- a/src/bsc_hack.c +++ /dev/null @@ -1,1159 +0,0 @@ -/* A hackish minimal BSC (+MSC +HLR) implementation */ - -/* (C) 2008-2009 by Harald Welte - * (C) 2009 by Holger Hans Peter Freyther - * All Rights Reserved - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License along - * with this program; if not, write to the Free Software Foundation, Inc., - * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. - * - */ - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -#define _GNU_SOURCE -#include - -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include -#include - -/* global pointer to the gsm network data structure */ -static struct gsm_network *gsmnet; - -/* MCC and MNC for the Location Area Identifier */ -static int MCC = 1; -static int MNC = 1; -static int LAC = 1; -static int ARFCN = HARDCODED_ARFCN; -static int cardnr = 0; -static int release_l2 = 0; -static enum gsm_bts_type BTS_TYPE = GSM_BTS_TYPE_BS11; -static const char *database_name = "hlr.sqlite3"; - -/* The following definitions are for OM and NM packets that we cannot yet - * generate by code but we just pass on */ - -// BTS Site Manager, SET ATTRIBUTES - -/* - Object Class: BTS Site Manager - Instance 1: FF - Instance 2: FF - Instance 3: FF -SET ATTRIBUTES - sAbisExternalTime: 2007/09/08 14:36:11 - omLAPDRelTimer: 30sec - shortLAPDIntTimer: 5sec - emergencyTimer1: 10 minutes - emergencyTimer2: 0 minutes -*/ - -unsigned char msg_1[] = -{ - 0xD0, 0x00, 0xFF, 0xFF, 0xFF, - NM_ATT_BS11_ABIS_EXT_TIME, 0x07, - 0xD7, 0x09, 0x08, 0x0E, 0x24, 0x0B, 0xCE, - 0x02, - 0x00, 0x1E, - NM_ATT_BS11_SH_LAPD_INT_TIMER, - 0x01, 0x05, - 0x42, 0x02, 0x00, 0x0A, - 0x44, 0x02, 0x00, 0x00 -}; - -// BTS, SET BTS ATTRIBUTES - -/* - Object Class: BTS - BTS relat. Number: 0 - Instance 2: FF - Instance 3: FF -SET BTS ATTRIBUTES - bsIdentityCode / BSIC: - PLMN_colour_code: 7h - BS_colour_code: 7h - BTS Air Timer T3105: 4 ,unit 10 ms - btsIsHopping: FALSE - periodCCCHLoadIndication: 1sec - thresholdCCCHLoadIndication: 0% - cellAllocationNumber: 00h = GSM 900 - enableInterferenceClass: 00h = Disabled - fACCHQual: 6 (FACCH stealing flags minus 1) - intaveParameter: 31 SACCH multiframes - interferenceLevelBoundaries: - Interference Boundary 1: 0Ah - Interference Boundary 2: 0Fh - Interference Boundary 3: 14h - Interference Boundary 4: 19h - Interference Boundary 5: 1Eh - mSTxPwrMax: 11 - GSM range: 2=39dBm, 15=13dBm, stepsize 2 dBm - DCS1800 range: 0=30dBm, 15=0dBm, stepsize 2 dBm - PCS1900 range: 0=30dBm, 15=0dBm, stepsize 2 dBm - 30=33dBm, 31=32dBm - ny1: - Maximum number of repetitions for PHYSICAL INFORMATION message (GSM 04.08): 20 - powerOutputThresholds: - Out Power Fault Threshold: -10 dB - Red Out Power Threshold: - 6 dB - Excessive Out Power Threshold: 5 dB - rACHBusyThreshold: -127 dBm - rACHLoadAveragingSlots: 250 ,number of RACH burst periods - rfResourceIndicationPeriod: 125 SACCH multiframes - T200: - SDCCH: 044 in 5 ms - FACCH/Full rate: 031 in 5 ms - FACCH/Half rate: 041 in 5 ms - SACCH with TCH SAPI0: 090 in 10 ms - SACCH with SDCCH: 090 in 10 ms - SDCCH with SAPI3: 090 in 5 ms - SACCH with TCH SAPI3: 135 in 10 ms - tSync: 9000 units of 10 msec - tTrau: 9000 units of 10 msec - enableUmLoopTest: 00h = disabled - enableExcessiveDistance: 00h = Disabled - excessiveDistance: 64km - hoppingMode: 00h = baseband hopping - cellType: 00h = Standard Cell - BCCH ARFCN / bCCHFrequency: 1 -*/ - -unsigned char msg_2[] = -{ - 0x41, NM_OC_BTS, 0x00, 0xFF, 0xFF, - NM_ATT_BSIC, HARDCODED_BSIC, - NM_ATT_BTS_AIR_TIMER, 0x04, - NM_ATT_BS11_BTSLS_HOPPING, 0x00, - NM_ATT_CCCH_L_I_P, 0x01, - NM_ATT_CCCH_L_T, 0x00, - NM_ATT_BS11_CELL_ALLOC_NR, NM_BS11_CANR_GSM, - NM_ATT_BS11_ENA_INTERF_CLASS, 0x01, - NM_ATT_BS11_FACCH_QUAL, 0x06, - /* interference avg. period in numbers of SACCH multifr */ - NM_ATT_INTAVE_PARAM, 0x1F, - NM_ATT_INTERF_BOUND, 0x0A, 0x0F, 0x14, 0x19, 0x1E, 0x7B, - NM_ATT_CCCH_L_T, 0x23, - NM_ATT_GSM_TIME, 0x28, 0x00, - NM_ATT_ADM_STATE, 0x03, - NM_ATT_RACH_B_THRESH, 0x7F, - NM_ATT_LDAVG_SLOTS, 0x00, 0xFA, - NM_ATT_BS11_RF_RES_IND_PER, 0x7D, - NM_ATT_T200, 0x2C, 0x1F, 0x29, 0x5A, 0x5A, 0x5A, 0x87, - NM_ATT_BS11_TSYNC, 0x23, 0x28, - NM_ATT_BS11_TTRAU, 0x23, 0x28, - NM_ATT_TEST_DUR, 0x01, 0x00, - NM_ATT_OUTST_ALARM, 0x01, 0x00, - NM_ATT_BS11_EXCESSIVE_DISTANCE, 0x01, 0x40, - NM_ATT_BS11_HOPPING_MODE, 0x01, 0x00, - NM_ATT_BS11_PLL, 0x01, 0x00, - NM_ATT_BCCH_ARFCN, 0x00, HARDCODED_ARFCN/*0x01*/, -}; - -// Handover Recognition, SET ATTRIBUTES - -/* -Illegal Contents GSM Formatted O&M Msg - Object Class: Handover Recognition - BTS relat. Number: 0 - Instance 2: FF - Instance 3: FF -SET ATTRIBUTES - enableDelayPowerBudgetHO: 00h = Disabled - enableDistanceHO: 00h = Disabled - enableInternalInterCellHandover: 00h = Disabled - enableInternalIntraCellHandover: 00h = Disabled - enablePowerBudgetHO: 00h = Disabled - enableRXLEVHO: 00h = Disabled - enableRXQUALHO: 00h = Disabled - hoAveragingDistance: 8 SACCH multiframes - hoAveragingLev: - A_LEV_HO: 8 SACCH multiframes - W_LEV_HO: 1 SACCH multiframes - hoAveragingPowerBudget: 16 SACCH multiframes - hoAveragingQual: - A_QUAL_HO: 8 SACCH multiframes - W_QUAL_HO: 2 SACCH multiframes - hoLowerThresholdLevDL: (10 - 110) dBm - hoLowerThresholdLevUL: (5 - 110) dBm - hoLowerThresholdQualDL: 06h = 6.4% < BER < 12.8% - hoLowerThresholdQualUL: 06h = 6.4% < BER < 12.8% - hoThresholdLevDLintra : (20 - 110) dBm - hoThresholdLevULintra: (20 - 110) dBm - hoThresholdMsRangeMax: 20 km - nCell: 06h - timerHORequest: 3 ,unit 2 SACCH multiframes -*/ - -unsigned char msg_3[] = -{ - 0xD0, NM_OC_BS11_HANDOVER, 0x00, 0xFF, 0xFF, - 0xD0, 0x00, - 0x64, 0x00, - 0x67, 0x00, - 0x68, 0x00, - 0x6A, 0x00, - 0x6C, 0x00, - 0x6D, 0x00, - 0x6F, 0x08, - 0x70, 0x08, 0x01, - 0x71, 0x10, 0x10, 0x10, - 0x72, 0x08, 0x02, - 0x73, 0x0A, - 0x74, 0x05, - 0x75, 0x06, - 0x76, 0x06, - 0x78, 0x14, - 0x79, 0x14, - 0x7A, 0x14, - 0x7D, 0x06, - 0x92, 0x03, 0x20, 0x01, 0x00, - 0x45, 0x01, 0x00, - 0x48, 0x01, 0x00, - 0x5A, 0x01, 0x00, - 0x5B, 0x01, 0x05, - 0x5E, 0x01, 0x1A, - 0x5F, 0x01, 0x20, - 0x9D, 0x01, 0x00, - 0x47, 0x01, 0x00, - 0x5C, 0x01, 0x64, - 0x5D, 0x01, 0x1E, - 0x97, 0x01, 0x20, - 0xF7, 0x01, 0x3C, -}; - -// Power Control, SET ATTRIBUTES - -/* - Object Class: Power Control - BTS relat. Number: 0 - Instance 2: FF - Instance 3: FF -SET ATTRIBUTES - enableMsPowerControl: 00h = Disabled - enablePowerControlRLFW: 00h = Disabled - pcAveragingLev: - A_LEV_PC: 4 SACCH multiframes - W_LEV_PC: 1 SACCH multiframes - pcAveragingQual: - A_QUAL_PC: 4 SACCH multiframes - W_QUAL_PC: 2 SACCH multiframes - pcLowerThresholdLevDL: 0Fh - pcLowerThresholdLevUL: 0Ah - pcLowerThresholdQualDL: 05h = 3.2% < BER < 6.4% - pcLowerThresholdQualUL: 05h = 3.2% < BER < 6.4% - pcRLFThreshold: 0Ch - pcUpperThresholdLevDL: 14h - pcUpperThresholdLevUL: 0Fh - pcUpperThresholdQualDL: 04h = 1.6% < BER < 3.2% - pcUpperThresholdQualUL: 04h = 1.6% < BER < 3.2% - powerConfirm: 2 ,unit 2 SACCH multiframes - powerControlInterval: 2 ,unit 2 SACCH multiframes - powerIncrStepSize: 02h = 4 dB - powerRedStepSize: 01h = 2 dB - radioLinkTimeoutBs: 64 SACCH multiframes - enableBSPowerControl: 00h = disabled -*/ - -unsigned char msg_4[] = -{ - 0xD0, NM_OC_BS11_PWR_CTRL, 0x00, 0xFF, 0xFF, - NM_ATT_BS11_ENA_MS_PWR_CTRL, 0x00, - NM_ATT_BS11_ENA_PWR_CTRL_RLFW, 0x00, - 0x7E, 0x04, 0x01, - 0x7F, 0x04, 0x02, - 0x80, 0x0F, - 0x81, 0x0A, - 0x82, 0x05, - 0x83, 0x05, - 0x84, 0x0C, - 0x85, 0x14, - 0x86, 0x0F, - 0x87, 0x04, - 0x88, 0x04, - 0x89, 0x02, - 0x8A, 0x02, - 0x8B, 0x02, - 0x8C, 0x01, - 0x8D, 0x40, - 0x65, 0x01, 0x00 // set to 0x01 to enable BSPowerControl -}; - - -// Transceiver, SET TRX ATTRIBUTES (TRX 0) - -/* - Object Class: Transceiver - BTS relat. Number: 0 - Tranceiver number: 0 - Instance 3: FF -SET TRX ATTRIBUTES - aRFCNList (HEX): 0001 - txPwrMaxReduction: 00h = 30dB - radioMeasGran: 254 SACCH multiframes - radioMeasRep: 01h = enabled - memberOfEmergencyConfig: 01h = TRUE - trxArea: 00h = TRX doesn't belong to a concentric cell -*/ - -unsigned char msg_6[] = -{ - 0x44, NM_OC_RADIO_CARRIER, 0x00, 0x00, 0xFF, - NM_ATT_ARFCN_LIST, 0x01, 0x00, HARDCODED_ARFCN /*0x01*/, - NM_ATT_RF_MAXPOWR_R, 0x00, - NM_ATT_BS11_RADIO_MEAS_GRAN, 0x01, 0xFE, - NM_ATT_BS11_RADIO_MEAS_REP, 0x01, 0x01, - NM_ATT_BS11_EMRG_CFG_MEMBER, 0x01, 0x01, - NM_ATT_BS11_TRX_AREA, 0x01, 0x00, -}; - -static unsigned char nanobts_attr_bts[] = { - NM_ATT_INTERF_BOUND, 0x55, 0x5b, 0x61, 0x67, 0x6d, 0x73, - /* interference avg. period in numbers of SACCH multifr */ - NM_ATT_INTAVE_PARAM, 0x06, - /* conn fail based on SACCH error rate */ - NM_ATT_CONN_FAIL_CRIT, 0x00, 0x02, 0x01, 0x10, - NM_ATT_T200, 0x1e, 0x24, 0x24, 0xa8, 0x34, 0x21, 0xa8, - NM_ATT_MAX_TA, 0x3f, - NM_ATT_OVERL_PERIOD, 0x00, 0x01, 10, /* seconds */ - NM_ATT_CCCH_L_T, 10, /* percent */ - NM_ATT_CCCH_L_I_P, 1, /* seconds */ - NM_ATT_RACH_B_THRESH, 10, /* busy threshold in - dBm */ - NM_ATT_LDAVG_SLOTS, 0x03, 0xe8, /* rach load averaging 1000 slots */ - NM_ATT_BTS_AIR_TIMER, 128, /* miliseconds */ - NM_ATT_NY1, 10, /* 10 retransmissions of physical config */ - NM_ATT_BCCH_ARFCN, HARDCODED_ARFCN >> 8, HARDCODED_ARFCN & 0xff, - NM_ATT_BSIC, HARDCODED_BSIC, -}; - -static unsigned char nanobts_attr_radio[] = { - NM_ATT_RF_MAXPOWR_R, 0x0c, /* number of -2dB reduction steps / Pn */ - NM_ATT_ARFCN_LIST, 0x00, 0x02, HARDCODED_ARFCN >> 8, HARDCODED_ARFCN & 0xff, -}; - -static unsigned char nanobts_attr_e0[] = { - 0x85, 0x00, - 0x81, 0x0b, 0xbb, /* TCP PORT for RSL */ -}; - -/* Callback function to be called whenever we get a GSM 12.21 state change event */ -int nm_state_event(enum nm_evt evt, u_int8_t obj_class, void *obj, - struct gsm_nm_state *old_state, struct gsm_nm_state *new_state) -{ - struct gsm_bts *bts; - struct gsm_bts_trx *trx; - struct gsm_bts_trx_ts *ts; - - /* This is currently only required on nanoBTS */ - - switch (evt) { - case EVT_STATECHG_OPER: - switch (obj_class) { - case NM_OC_SITE_MANAGER: - bts = container_of(obj, struct gsm_bts, site_mgr); - if (old_state->operational != 2 && new_state->operational == 2) { - abis_nm_opstart(bts, NM_OC_SITE_MANAGER, 0xff, 0xff, 0xff); - } - break; - case NM_OC_BTS: - bts = obj; - if (new_state->availability == 5) { - abis_nm_set_bts_attr(bts, nanobts_attr_bts, - sizeof(nanobts_attr_bts)); - abis_nm_opstart(bts, NM_OC_BTS, - bts->bts_nr, 0xff, 0xff); - abis_nm_chg_adm_state(bts, NM_OC_BTS, - bts->bts_nr, 0xff, 0xff, - NM_STATE_UNLOCKED); - } - break; - case NM_OC_CHANNEL: - ts = obj; - trx = ts->trx; - if (new_state->availability == 5) { - if (ts->nr == 0 && trx == trx->bts->c0) - abis_nm_set_channel_attr(ts, NM_CHANC_BCCH_CBCH); - else - abis_nm_set_channel_attr(ts, NM_CHANC_TCHFull); - abis_nm_opstart(trx->bts, NM_OC_CHANNEL, - trx->bts->bts_nr, trx->nr, ts->nr); - abis_nm_chg_adm_state(trx->bts, NM_OC_CHANNEL, - trx->bts->bts_nr, trx->nr, ts->nr, - NM_STATE_UNLOCKED); - } - break; - default: - break; - } - break; - default: - //DEBUGP(DMM, "Unhandled state change in %s:%d\n", __func__, __LINE__); - break; - } - return 0; -} - -/* Callback function to be called every time we receive a 12.21 SW activated report */ -static int sw_activ_rep(struct msgb *mb) -{ - struct abis_om_fom_hdr *foh = msgb_l3(mb); - struct gsm_bts_trx *trx = mb->trx; - - switch (foh->obj_class) { - case NM_OC_BASEB_TRANSC: - /* TRX software is active, tell it to initiate RSL Link */ - abis_nm_ipaccess_msg(trx->bts, 0xe0, NM_OC_BASEB_TRANSC, - trx->bts->bts_nr, trx->nr, 0xff, - nanobts_attr_e0, sizeof(nanobts_attr_e0)); - abis_nm_opstart(trx->bts, NM_OC_BASEB_TRANSC, - trx->bts->bts_nr, trx->nr, 0xff); - abis_nm_chg_adm_state(trx->bts, NM_OC_BASEB_TRANSC, - trx->bts->bts_nr, trx->nr, 0xff, - NM_STATE_UNLOCKED); - break; - case NM_OC_RADIO_CARRIER: - abis_nm_set_radio_attr(trx, nanobts_attr_radio, - sizeof(nanobts_attr_radio)); - abis_nm_opstart(trx->bts, NM_OC_RADIO_CARRIER, - trx->bts->bts_nr, trx->nr, 0xff); - abis_nm_chg_adm_state(trx->bts, NM_OC_RADIO_CARRIER, - trx->bts->bts_nr, trx->nr, 0xff, - NM_STATE_UNLOCKED); - break; - } - return 0; -} - -/* Callback function to be called every time we receive a signal from NM */ -static int nm_sig_cb(unsigned int subsys, unsigned int signal, - void *handler_data, void *signal_data) -{ - switch (signal) { - case S_NM_SW_ACTIV_REP: - return sw_activ_rep(signal_data); - default: - break; - } - return 0; -} - -static void bootstrap_om_nanobts(struct gsm_bts *bts) -{ - /* We don't do callback based bootstrapping, but event driven (see above) */ -} - -static void bootstrap_om_bs11(struct gsm_bts *bts) -{ - struct gsm_bts_trx *trx = &bts->trx[0]; - - /* stop sending event reports */ - abis_nm_event_reports(bts, 0); - - /* begin DB transmission */ - abis_nm_bs11_db_transmission(bts, 1); - - /* end DB transmission */ - abis_nm_bs11_db_transmission(bts, 0); - - /* Reset BTS Site manager resource */ - abis_nm_bs11_reset_resource(bts); - - /* begin DB transmission */ - abis_nm_bs11_db_transmission(bts, 1); - - abis_nm_raw_msg(bts, sizeof(msg_1), msg_1); /* set BTS SiteMgr attr*/ - abis_nm_raw_msg(bts, sizeof(msg_2), msg_2); /* set BTS attr */ - abis_nm_raw_msg(bts, sizeof(msg_3), msg_3); /* set BTS handover attr */ - abis_nm_raw_msg(bts, sizeof(msg_4), msg_4); /* set BTS power control attr */ - - /* Connect signalling of bts0/trx0 to e1_0/ts1/64kbps */ - abis_nm_conn_terr_sign(trx, 0, 1, 0xff); - abis_nm_raw_msg(bts, sizeof(msg_6), msg_6); /* SET TRX ATTRIBUTES */ - - /* Use TEI 1 for signalling */ - abis_nm_establish_tei(bts, 0, 0, 1, 0xff, 0x01); - abis_nm_set_channel_attr(&trx->ts[0], NM_CHANC_SDCCH_CBCH); - -#ifdef HAVE_TRX1 - /* TRX 1 */ - abis_nm_conn_terr_sign(&bts->trx[1], 0, 1, 0xff); - /* FIXME: TRX ATTRIBUTE */ - abis_nm_establish_tei(bts, 0, 0, 1, 0xff, 0x02); -#endif - - /* SET CHANNEL ATTRIBUTE TS1 */ - abis_nm_set_channel_attr(&trx->ts[1], NM_CHANC_TCHFull); - /* Connect traffic of bts0/trx0/ts1 to e1_0/ts2/b */ - abis_nm_conn_terr_traf(&trx->ts[1], 0, 2, 1); - - /* SET CHANNEL ATTRIBUTE TS2 */ - abis_nm_set_channel_attr(&trx->ts[2], NM_CHANC_TCHFull); - /* Connect traffic of bts0/trx0/ts2 to e1_0/ts2/c */ - abis_nm_conn_terr_traf(&trx->ts[2], 0, 2, 2); - - /* SET CHANNEL ATTRIBUTE TS3 */ - abis_nm_set_channel_attr(&trx->ts[3], NM_CHANC_TCHFull); - /* Connect traffic of bts0/trx0/ts3 to e1_0/ts2/d */ - abis_nm_conn_terr_traf(&trx->ts[3], 0, 2, 3); - - /* SET CHANNEL ATTRIBUTE TS4 */ - abis_nm_set_channel_attr(&trx->ts[4], NM_CHANC_TCHFull); - /* Connect traffic of bts0/trx0/ts4 to e1_0/ts3/a */ - abis_nm_conn_terr_traf(&trx->ts[4], 0, 3, 0); - - /* SET CHANNEL ATTRIBUTE TS5 */ - abis_nm_set_channel_attr(&trx->ts[5], NM_CHANC_TCHFull); - /* Connect traffic of bts0/trx0/ts5 to e1_0/ts3/b */ - abis_nm_conn_terr_traf(&trx->ts[5], 0, 3, 1); - - /* SET CHANNEL ATTRIBUTE TS6 */ - abis_nm_set_channel_attr(&trx->ts[6], NM_CHANC_TCHFull); - /* Connect traffic of bts0/trx0/ts6 to e1_0/ts3/c */ - abis_nm_conn_terr_traf(&trx->ts[6], 0, 3, 2); - - /* SET CHANNEL ATTRIBUTE TS7 */ - abis_nm_set_channel_attr(&trx->ts[7], NM_CHANC_TCHFull); - /* Connect traffic of bts0/trx0/ts7 to e1_0/ts3/d */ - abis_nm_conn_terr_traf(&trx->ts[7], 0, 3, 3); - - /* end DB transmission */ - abis_nm_bs11_db_transmission(bts, 0); - - /* Reset BTS Site manager resource */ - abis_nm_bs11_reset_resource(bts); - - /* restart sending event reports */ - abis_nm_event_reports(bts, 1); -} - -static void bootstrap_om(struct gsm_bts *bts) -{ - fprintf(stdout, "bootstrapping OML for BTS %u\n", bts->nr); - - switch (bts->type) { - case GSM_BTS_TYPE_BS11: - bootstrap_om_bs11(bts); - break; - case GSM_BTS_TYPE_NANOBTS_900: - case GSM_BTS_TYPE_NANOBTS_1800: - bootstrap_om_nanobts(bts); - break; - default: - fprintf(stderr, "Unable to bootstrap OML: Unknown BTS type %d\n", bts->type); - } -} - -static int shutdown_om(struct gsm_bts *bts) -{ - /* stop sending event reports */ - abis_nm_event_reports(bts, 0); - - /* begin DB transmission */ - abis_nm_bs11_db_transmission(bts, 1); - - /* end DB transmission */ - abis_nm_bs11_db_transmission(bts, 0); - - /* Reset BTS Site manager resource */ - abis_nm_bs11_reset_resource(bts); - - return 0; -} - -static int shutdown_net(struct gsm_network *net) -{ - int i; - for (i = 0; i < net->num_bts; i++) { - int rc; - rc = shutdown_om(&net->bts[i]); - if (rc < 0) - return rc; - } - - return 0; -} - -struct bcch_info { - u_int8_t type; - u_int8_t len; - const u_int8_t *data; -}; - -/* -SYSTEM INFORMATION TYPE 1 - Cell channel description - Format-ID bit map 0 - CA-ARFCN Bit 124...001 (Hex): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 - RACH Control Parameters - maximum 7 retransmissions - 8 slots used to spread transmission - cell not barred for access - call reestablishment not allowed - Access Control Class = 0000 -*/ -static u_int8_t si1[] = { - /* header */0x55, 0x06, 0x19, - /* ccdesc */0x04 /*0x00*/, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 /*0x01*/, - /* rach */0xD5, 0x00, 0x00, - /* s1 reset*/0x2B -}; - -/* - SYSTEM INFORMATION TYPE 2 - Neighbour Cells Description - EXT-IND: Carries the complete BA - BA-IND = 0 - Format-ID bit map 0 - CA-ARFCN Bit 124...001 (Hex): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 - NCC permitted (NCC) = FF - RACH Control Parameters - maximum 7 retransmissions - 8 slots used to spread transmission - cell not barred for access - call reestablishment not allowed - Access Control Class = 0000 -*/ -static u_int8_t si2[] = { - /* header */0x59, 0x06, 0x1A, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - /* ncc */0xFF, - /* rach*/0xD5, 0x00, 0x00 -}; - -/* -SYSTEM INFORMATION TYPE 3 - Cell identity = 00001 (1h) - Location area identification - Mobile Country Code (MCC): 001 - Mobile Network Code (MNC): 01 - Location Area Code (LAC): 00001 (1h) - Control Channel Description - Attach-detach: MSs in the cell are not allowed to apply IMSI attach /detach - 0 blocks reserved for access grant - 1 channel used for CCCH, with SDCCH - 5 multiframes period for PAGING REQUEST - Time-out T3212 = 0 - Cell Options BCCH - Power control indicator: not set - MSs shall not use uplink DTX - Radio link timeout = 36 - Cell Selection Parameters - Cell reselect hysteresis = 6 dB RXLEV hysteresis for LA re-selection - max.TX power level MS may use for CCH = 2 <- according to GSM05.05 39dBm (max) - Additional Reselect Parameter Indication (ACS) = only SYSTEM INFO 4: The SI rest octets, if present, shall be used to derive the value of PI and possibly C2 parameters - Half rate support (NECI): New establishment causes are not supported - min.RX signal level for MS = 0 - RACH Control Parameters - maximum 7 retransmissions - 8 slots used to spread transmission - cell not barred for access - call reestablishment not allowed - Access Control Class = 0000 - SI 3 Rest Octets - Cell Bar Qualify (CBQ): 0 - Cell Reselect Offset = 0 dB - Temporary Offset = 0 dB - Penalty Time = 20 s - System Information 2ter Indicator (2TI): 0 = not available - Early Classmark Sending Control (ECSC): 0 = forbidden - Scheduling Information is not sent in SYSTEM INFORMATION TYPE 9 on the BCCH -*/ -static u_int8_t si3[] = { - /* header */0x49, 0x06, 0x1B, - /* cell */0x00, 0x01, - /* lai */0x00, 0xF1, 0x10, 0x00, 0x01, - /* desc */0x01, 0x03, 0x00, - /* option*/0x28, - /* selection*/0x62, 0x00, - /* rach */0xD5, 0x00, 0x00, - /* reset*/0x80, 0x00, 0x00, 0x2B -}; - -/* -SYSTEM INFORMATION TYPE 4 - Location area identification - Mobile Country Code (MCC): 001 - Mobile Network Code (MNC): 01 - Location Area Code (LAC): 00001 (1h) - Cell Selection Parameters - Cell reselect hysteresis = 6 dB RXLEV hysteresis for LA re-selection - max.TX power level MS may use for CCH = 2 - Additional Reselect Parameter Indication (ACS) = only SYSTEM INFO 4: The SI rest octets, if present, shall be used to derive the value of PI and possibly C2 parameters - Half rate support (NECI): New establishment causes are not supported - min.RX signal level for MS = 0 - RACH Control Parameters - maximum 7 retransmissions - 8 slots used to spread transmission - cell not barred for access - call reestablishment not allowed - Access Control Class = 0000 - Channel Description - Type = SDCCH/4[2] - Timeslot Number: 0 - Training Sequence Code: 7h - ARFCN: 1 - SI Rest Octets - Cell Bar Qualify (CBQ): 0 - Cell Reselect Offset = 0 dB - Temporary Offset = 0 dB - Penalty Time = 20 s -*/ -static u_int8_t si4[] = { - /* header */0x41, 0x06, 0x1C, - /* lai */0x00, 0xF1, 0x10, 0x00, 0x01, - /* sel */0x62, 0x00, - /* rach*/0xD5, 0x00, 0x00, - /* var */0x64, 0x30, 0xE0, HARDCODED_ARFCN/*0x01*/, 0x80, 0x00, 0x00, - 0x2B, 0x2B, 0x2B -}; - -/* - SYSTEM INFORMATION TYPE 5 - Neighbour Cells Description - EXT-IND: Carries the complete BA - BA-IND = 0 - Format-ID bit map 0 - CA-ARFCN Bit 124...001 (Hex): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 -*/ - -static u_int8_t si5[] = { - /* header without l2 len*/0x06, 0x1D, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, - 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, -}; - -// SYSTEM INFORMATION TYPE 6 - -/* -SACCH FILLING - System Info Type: SYSTEM INFORMATION 6 - L3 Information (Hex): 06 1E 00 01 xx xx 10 00 01 28 FF - -SYSTEM INFORMATION TYPE 6 - Cell identity = 00001 (1h) - Location area identification - Mobile Country Code (MCC): 001 - Mobile Network Code (MNC): 01 - Location Area Code (LAC): 00001 (1h) - Cell Options SACCH - Power control indicator: not set - MSs shall not use uplink DTX on a TCH-F. MS shall not use uplink DTX on TCH-H. - Radio link timeout = 36 - NCC permitted (NCC) = FF -*/ - -static u_int8_t si6[] = { - /* header */0x06, 0x1E, - /* cell id*/ 0x00, 0x01, - /* lai */ 0x00, 0xF1, 0x10, 0x00, 0x01, - /* options */ 0x28, - /* ncc */ 0xFF, -}; - - - -static const struct bcch_info bcch_infos[] = { - { - .type = RSL_SYSTEM_INFO_1, - .len = sizeof(si1), - .data = si1, - }, { - .type = RSL_SYSTEM_INFO_2, - .len = sizeof(si2), - .data = si2, - }, { - .type = RSL_SYSTEM_INFO_3, - .len = sizeof(si3), - .data = si3, - }, { - .type = RSL_SYSTEM_INFO_4, - .len = sizeof(si4), - .data = si4, - }, -}; - -static_assert(sizeof(si1) == sizeof(struct gsm48_system_information_type_1), type1) -static_assert(sizeof(si2) == sizeof(struct gsm48_system_information_type_2), type2) -static_assert(sizeof(si3) == sizeof(struct gsm48_system_information_type_3), type3) -static_assert(sizeof(si4) >= sizeof(struct gsm48_system_information_type_4), type4) -static_assert(sizeof(si5) == sizeof(struct gsm48_system_information_type_5), type5) -static_assert(sizeof(si6) >= sizeof(struct gsm48_system_information_type_6), type6) - -/* set all system information types */ -static int set_system_infos(struct gsm_bts_trx *trx) -{ - int i; - - for (i = 0; i < ARRAY_SIZE(bcch_infos); i++) { - rsl_bcch_info(trx, bcch_infos[i].type, - bcch_infos[i].data, - bcch_infos[i].len); - } - rsl_sacch_filling(trx, RSL_SYSTEM_INFO_5, si5, sizeof(si5)); - rsl_sacch_filling(trx, RSL_SYSTEM_INFO_6, si6, sizeof(si6)); - - return 0; -} - -/* - * Patch the various SYSTEM INFORMATION tables to update - * the LAI - */ -static void patch_tables(struct gsm_bts *bts) -{ - u_int8_t arfcn_low = bts->trx[0].arfcn & 0xff; - u_int8_t arfcn_high = (bts->trx[0].arfcn >> 8) & 0x0f; - /* covert the raw packet to the struct */ - struct gsm48_system_information_type_3 *type_3 = - (struct gsm48_system_information_type_3*)&si3; - struct gsm48_system_information_type_4 *type_4 = - (struct gsm48_system_information_type_4*)&si4; - struct gsm48_system_information_type_6 *type_6 = - (struct gsm48_system_information_type_6*)&si6; - struct gsm48_loc_area_id lai; - - gsm0408_generate_lai(&lai, bts->network->country_code, - bts->network->network_code, - bts->location_area_code); - - /* assign the MCC and MNC */ - type_3->lai = lai; - type_4->lai = lai; - type_6->lai = lai; - - /* patch ARFCN into BTS Attributes */ - msg_2[74] &= 0xf0; - msg_2[74] |= arfcn_high; - msg_2[75] = arfcn_low; - nanobts_attr_bts[42] &= 0xf0; - nanobts_attr_bts[42] |= arfcn_high; - nanobts_attr_bts[43] = arfcn_low; - - /* patch ARFCN into TRX Attributes */ - msg_6[7] &= 0xf0; - msg_6[7] |= arfcn_high; - msg_6[8] = arfcn_low; - nanobts_attr_radio[5] &= 0xf0; - nanobts_attr_radio[5] |= arfcn_high; - nanobts_attr_radio[6] = arfcn_low; - - type_4->data[2] &= 0xf0; - type_4->data[2] |= arfcn_high; - type_4->data[3] = arfcn_low; - - /* patch Control Channel Description 10.5.2.11 */ - type_3->control_channel_desc = bts->chan_desc; - - /* patch BSIC */ - msg_2[6] = bts->bsic; - nanobts_attr_bts[sizeof(nanobts_attr_bts)-1] = bts->bsic; -} - - -static void bootstrap_rsl(struct gsm_bts_trx *trx) -{ - fprintf(stdout, "bootstrapping RSL for BTS/TRX (%u/%u) " - "using MCC=%u MNC=%u\n", trx->nr, trx->bts->nr, MCC, MNC); - set_system_infos(trx); -} - -void input_event(int event, enum e1inp_sign_type type, struct gsm_bts_trx *trx) -{ - switch (event) { - case EVT_E1_TEI_UP: - switch (type) { - case E1INP_SIGN_OML: - bootstrap_om(trx->bts); - break; - case E1INP_SIGN_RSL: - bootstrap_rsl(trx); - break; - default: - break; - } - break; - case EVT_E1_TEI_DN: - fprintf(stderr, "Lost some E1 TEI link\n"); - /* FIXME: deal with TEI or L1 link loss */ - break; - default: - break; - } -} - -static int bootstrap_bts(struct gsm_bts *bts) -{ - bts->location_area_code = LAC; - bts->trx[0].arfcn = ARFCN; - - /* Control Channel Description */ - memset(&bts->chan_desc, 0, sizeof(struct gsm48_control_channel_descr)); - bts->chan_desc.att = 1; - bts->chan_desc.ccch_conf = RSL_BCCH_CCCH_CONF_1_C; - bts->chan_desc.bs_pa_mfrms = RSL_BS_PA_MFRMS_5; - bts->chan_desc.t3212 = 0; - - patch_tables(bts); - - paging_init(bts); - - if (bts->type == GSM_BTS_TYPE_BS11) { - struct gsm_bts_trx *trx = &bts->trx[0]; - set_ts_e1link(&trx->ts[0], 0, 1, 0xff); - set_ts_e1link(&trx->ts[1], 0, 2, 1); - set_ts_e1link(&trx->ts[2], 0, 2, 2); - set_ts_e1link(&trx->ts[3], 0, 2, 3); - set_ts_e1link(&trx->ts[4], 0, 3, 0); - set_ts_e1link(&trx->ts[5], 0, 3, 1); - set_ts_e1link(&trx->ts[6], 0, 3, 2); - set_ts_e1link(&trx->ts[7], 0, 3, 3); -#ifdef HAVE_TRX1 - /* TRX 1 */ - trx = &bts->trx[1]; - set_ts_e1link(&trx->ts[0], 0, 1, 0xff); - set_ts_e1link(&trx->ts[1], 0, 2, 1); - set_ts_e1link(&trx->ts[2], 0, 2, 2); - set_ts_e1link(&trx->ts[3], 0, 2, 3); - set_ts_e1link(&trx->ts[4], 0, 3, 0); - set_ts_e1link(&trx->ts[5], 0, 3, 1); - set_ts_e1link(&trx->ts[6], 0, 3, 2); - set_ts_e1link(&trx->ts[7], 0, 3, 3); -#endif - } - - return 0; -} - -static int bootstrap_network(void) -{ - struct gsm_bts *bts; - - /* initialize our data structures */ - gsmnet = gsm_network_init(2, BTS_TYPE, MCC, MNC); - if (!gsmnet) - return -ENOMEM; - - gsmnet->name_long = "OpenBSC"; - gsmnet->name_short = "OpenBSC"; - - bts = &gsmnet->bts[0]; - bootstrap_bts(bts); - - if (db_init(database_name)) { - printf("DB: Failed to init database. Please check the option settings.\n"); - return -1; - } - printf("DB: Database initialized.\n"); - - if (db_prepare()) { - printf("DB: Failed to prepare database.\n"); - return -1; - } - printf("DB: Database prepared.\n"); - - telnet_init(gsmnet, 4242); - - register_signal_handler(SS_NM, nm_sig_cb, NULL); - - /* E1 mISDN input setup */ - if (BTS_TYPE == GSM_BTS_TYPE_BS11) { - gsmnet->num_bts = 1; - return e1_config(bts, cardnr, release_l2); - } else { - /* FIXME: do this dynamic */ - bts->ip_access.site_id = 1801; - bts->ip_access.bts_id = 0; - bts = &gsmnet->bts[1]; - bootstrap_bts(bts); - bts->ip_access.site_id = 1800; - bts->ip_access.bts_id = 0; - return ipaccess_setup(gsmnet); - } -} - -static void create_pcap_file(char *file) -{ - mode_t mode = S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH; - int fd = open(file, O_WRONLY|O_TRUNC|O_CREAT, mode); - - if (fd < 0) { - perror("Failed to open file for pcap"); - return; - } - - e1_set_pcap_fd(fd); -} - -static void print_usage() -{ - printf("Usage: bsc_hack\n"); -} - -static void print_help() -{ - printf(" Some useful help...\n"); - printf(" -d option --debug=DRLL:DCC:DMM:DRR:DRSL:DNM enable debugging\n"); - printf(" -s --disable-color\n"); - printf(" -n --network-code number(MNC) \n"); - printf(" -c --country-code number (MCC) \n"); - printf(" -L --location-area-code number (LAC) \n"); - printf(" -f --arfcn number The frequency ARFCN\n"); - printf(" -l --database db-name The database to use\n"); - printf(" -a --authorize-everyone Allow everyone into the network.\n"); - printf(" -r --reject-cause number The reject cause for LOCATION UPDATING REJECT.\n"); - printf(" -p --pcap file The filename of the pcap file\n"); - printf(" -t --bts-type type The BTS type (bs11, nanobts900, nanobts1800)\n"); - printf(" -C --cardnr number For bs11 select E1 card number other than 0\n"); - printf(" -R --release-l2 Releases mISDN layer 2 after exit, to unload driver.\n"); - printf(" -h --help this text\n"); -} - -static void handle_options(int argc, char** argv) -{ - while (1) { - int option_index = 0, c; - static struct option long_options[] = { - {"help", 0, 0, 'h'}, - {"debug", 1, 0, 'd'}, - {"disable-color", 0, 0, 's'}, - {"network-code", 1, 0, 'n'}, - {"country-code", 1, 0, 'c'}, - {"location-area-code", 1, 0, 'L'}, - {"database", 1, 0, 'l'}, - {"authorize-everyone", 0, 0, 'a'}, - {"reject-cause", 1, 0, 'r'}, - {"pcap", 1, 0, 'p'}, - {"arfcn", 1, 0, 'f'}, - {"bts-type", 1, 0, 't'}, - {"cardnr", 1, 0, 'C'}, - {"release-l2", 0, 0, 'R'}, - {"timestamp", 0, 0, 'T'}, - {0, 0, 0, 0} - }; - - c = getopt_long(argc, argv, "hc:n:d:sar:p:f:t:C:RL:l:T", - long_options, &option_index); - if (c == -1) - break; - - switch (c) { - case 'h': - print_usage(); - print_help(); - exit(0); - case 's': - debug_use_color(0); - break; - case 'd': - debug_parse_category_mask(optarg); - break; - case 'n': - MNC = atoi(optarg); - break; - case 'c': - MCC = atoi(optarg); - break; - case 'L': - LAC = atoi(optarg); - break; - case 'f': - ARFCN = atoi(optarg); - break; - case 'l': - database_name = strdup(optarg); - break; - case 'a': - gsm0408_allow_everyone(1); - break; - case 'r': - gsm0408_set_reject_cause(atoi(optarg)); - break; - case 'p': - create_pcap_file(optarg); - break; - case 't': - BTS_TYPE = parse_btstype(optarg); - break; - case 'C': - cardnr = atoi(optarg); - break; - case 'R': - release_l2 = 1; - break; - case 'T': - debug_timestamp(1); - break; - default: - /* ignore */ - break; - } - } -} - -static void signal_handler(int signal) -{ - fprintf(stdout, "signal %u received\n", signal); - - switch (signal) { - case SIGHUP: - case SIGABRT: - shutdown_net(gsmnet); - break; - default: - break; - } -} - -int main(int argc, char **argv) -{ - int rc; - - /* parse options */ - handle_options(argc, argv); - - /* seed the PRNG */ - srand(time(NULL)); - - rc = bootstrap_network(); - if (rc < 0) - exit(1); - - signal(SIGHUP, &signal_handler); - signal(SIGABRT, &signal_handler); - - while (1) { - bsc_select_main(0); - } -} -- cgit v1.2.3