1 /* Bootstrapping GSM - taken from bsc_hack.c */
3 /* (C) 2008-2009 by Harald Welte <laforge@gnumonks.org>
4 * (C) 2009 by Holger Hans Peter Freyther <zecke@selfish.org>
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License along
18 * with this program; if not, write to the Free Software Foundation, Inc.,
19 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
41 #include <openbsc/gsm_data.h>
42 #include <openbsc/gsm_04_08.h>
43 #include <openbsc/db.h>
44 #include <openbsc/timer.h>
45 #include <openbsc/select.h>
46 #include <openbsc/abis_rsl.h>
47 #include <openbsc/abis_nm.h>
48 #include <openbsc/debug.h>
49 #include <openbsc/misdn.h>
50 #include <openbsc/telnet_interface.h>
51 #include <openbsc/paging.h>
52 #include <openbsc/e1_input.h>
54 /* The following definitions are for OM and NM packets that we cannot yet
55 * generate by code but we just pass on */
57 // BTS Site Manager, SET ATTRIBUTES
60 Object Class: BTS Site Manager
65 sAbisExternalTime: 2007/09/08 14:36:11
67 shortLAPDIntTimer: 5sec
68 emergencyTimer1: 10 minutes
69 emergencyTimer2: 0 minutes
72 unsigned char msg_1[] =
74 0xD0, 0x00, 0xFF, 0xFF, 0xFF,
75 NM_ATT_BS11_ABIS_EXT_TIME, 0x07, 0xD7, 0x09, 0x08, 0x0E, 0x24, 0x0B, 0xCE,
78 0x42, 0x02, 0x00, 0x0A,
79 0x44, 0x02, 0x00, 0x00
82 // BTS, SET BTS ATTRIBUTES
90 bsIdentityCode / BSIC:
93 BTS Air Timer T3105: 4 ,unit 10 ms
95 periodCCCHLoadIndication: 1sec
96 thresholdCCCHLoadIndication: 0%
97 cellAllocationNumber: 00h = GSM 900
98 enableInterferenceClass: 00h = Disabled
99 fACCHQual: 6 (FACCH stealing flags minus 1)
100 intaveParameter: 31 SACCH multiframes
101 interferenceLevelBoundaries:
102 Interference Boundary 1: 0Ah
103 Interference Boundary 2: 0Fh
104 Interference Boundary 3: 14h
105 Interference Boundary 4: 19h
106 Interference Boundary 5: 1Eh
108 GSM range: 2=39dBm, 15=13dBm, stepsize 2 dBm
109 DCS1800 range: 0=30dBm, 15=0dBm, stepsize 2 dBm
110 PCS1900 range: 0=30dBm, 15=0dBm, stepsize 2 dBm
113 Maximum number of repetitions for PHYSICAL INFORMATION message (GSM 04.08): 20
114 powerOutputThresholds:
115 Out Power Fault Threshold: -10 dB
116 Red Out Power Threshold: - 6 dB
117 Excessive Out Power Threshold: 5 dB
118 rACHBusyThreshold: -127 dBm
119 rACHLoadAveragingSlots: 250 ,number of RACH burst periods
120 rfResourceIndicationPeriod: 125 SACCH multiframes
123 FACCH/Full rate: 031 in 5 ms
124 FACCH/Half rate: 041 in 5 ms
125 SACCH with TCH SAPI0: 090 in 10 ms
126 SACCH with SDCCH: 090 in 10 ms
127 SDCCH with SAPI3: 090 in 5 ms
128 SACCH with TCH SAPI3: 135 in 10 ms
129 tSync: 9000 units of 10 msec
130 tTrau: 9000 units of 10 msec
131 enableUmLoopTest: 00h = disabled
132 enableExcessiveDistance: 00h = Disabled
133 excessiveDistance: 64km
134 hoppingMode: 00h = baseband hopping
135 cellType: 00h = Standard Cell
136 BCCH ARFCN / bCCHFrequency: 1
139 unsigned char msg_2[] =
141 0x41, 0x01, 0x00, 0xFF, 0xFF,
143 NM_ATT_BTS_AIR_TIMER, 0x04,
144 NM_ATT_BS11_BTSLS_HOPPING, 0x00,
145 NM_ATT_CCCH_L_I_P, 0x01,
146 NM_ATT_CCCH_L_T, 0x00,
147 NM_ATT_BS11_CELL_ALLOC_NR, 0x00,
148 NM_ATT_BS11_ENA_INTERF_CLASS, 0x00,
149 NM_ATT_BS11_FACCH_QUAL, 0x06,
150 NM_ATT_INTAVE_PARAM, 0x1F,
151 NM_ATT_INTERF_BOUND, 0x0A, 0x0F, 0x14, 0x19, 0x1E, 0x7B,
152 NM_ATT_CCCH_L_T, 0x23,
153 NM_ATT_GSM_TIME, 0x28, 0x00,
154 NM_ATT_ADM_STATE, 0x03,
155 NM_ATT_RACH_B_THRESH, 0x7F,
156 NM_ATT_LDAVG_SLOTS, 0x00, 0xFA,
157 NM_ATT_BS11_RF_RES_IND_PER, 0x7D,
158 NM_ATT_T200, 0x2C, 0x1F, 0x29, 0x5A, 0x5A, 0x5A, 0x87,
159 NM_ATT_BS11_TSYNC, 0x23, 0x28,
160 NM_ATT_BS11_TTRAU, 0x23, 0x28,
161 NM_ATT_TEST_DUR, 0x01, 0x00,
162 NM_ATT_OUTST_ALARM, 0x01, 0x00,
163 NM_ATT_BS11_EXCESSIVE_DISTANCE, 0x01, 0x40,
164 NM_ATT_BS11_HOPPING_MODE, 0x01, 0x00,
165 NM_ATT_BS11_PLL, 0x01, 0x00,
166 NM_ATT_BCCH_ARFCN, 0x00, HARDCODED_ARFCN/*0x01*/,
169 // Handover Recognition, SET ATTRIBUTES
172 Illegal Contents GSM Formatted O&M Msg
173 Object Class: Handover Recognition
178 enableDelayPowerBudgetHO: 00h = Disabled
179 enableDistanceHO: 00h = Disabled
180 enableInternalInterCellHandover: 00h = Disabled
181 enableInternalIntraCellHandover: 00h = Disabled
182 enablePowerBudgetHO: 00h = Disabled
183 enableRXLEVHO: 00h = Disabled
184 enableRXQUALHO: 00h = Disabled
185 hoAveragingDistance: 8 SACCH multiframes
187 A_LEV_HO: 8 SACCH multiframes
188 W_LEV_HO: 1 SACCH multiframes
189 hoAveragingPowerBudget: 16 SACCH multiframes
191 A_QUAL_HO: 8 SACCH multiframes
192 W_QUAL_HO: 2 SACCH multiframes
193 hoLowerThresholdLevDL: (10 - 110) dBm
194 hoLowerThresholdLevUL: (5 - 110) dBm
195 hoLowerThresholdQualDL: 06h = 6.4% < BER < 12.8%
196 hoLowerThresholdQualUL: 06h = 6.4% < BER < 12.8%
197 hoThresholdLevDLintra : (20 - 110) dBm
198 hoThresholdLevULintra: (20 - 110) dBm
199 hoThresholdMsRangeMax: 20 km
201 timerHORequest: 3 ,unit 2 SACCH multiframes
204 unsigned char msg_3[] =
206 0xD0, 0xA1, 0x00, 0xFF, 0xFF,
216 0x71, 0x10, 0x10, 0x10,
226 0x92, 0x03, 0x20, 0x01, 0x00,
241 // Power Control, SET ATTRIBUTES
244 Object Class: Power Control
249 enableMsPowerControl: 00h = Disabled
250 enablePowerControlRLFW: 00h = Disabled
252 A_LEV_PC: 4 SACCH multiframes
253 W_LEV_PC: 1 SACCH multiframes
255 A_QUAL_PC: 4 SACCH multiframes
256 W_QUAL_PC: 2 SACCH multiframes
257 pcLowerThresholdLevDL: 0Fh
258 pcLowerThresholdLevUL: 0Ah
259 pcLowerThresholdQualDL: 05h = 3.2% < BER < 6.4%
260 pcLowerThresholdQualUL: 05h = 3.2% < BER < 6.4%
262 pcUpperThresholdLevDL: 14h
263 pcUpperThresholdLevUL: 0Fh
264 pcUpperThresholdQualDL: 04h = 1.6% < BER < 3.2%
265 pcUpperThresholdQualUL: 04h = 1.6% < BER < 3.2%
266 powerConfirm: 2 ,unit 2 SACCH multiframes
267 powerControlInterval: 2 ,unit 2 SACCH multiframes
268 powerIncrStepSize: 02h = 4 dB
269 powerRedStepSize: 01h = 2 dB
270 radioLinkTimeoutBs: 64 SACCH multiframes
271 enableBSPowerControl: 00h = disabled
274 unsigned char msg_4[] =
276 0xD0, 0xA2, 0x00, 0xFF, 0xFF,
277 NM_ATT_BS11_ENA_MS_PWR_CTRL, 0x00,
278 NM_ATT_BS11_ENA_PWR_CTRL_RLFW, 0x00,
295 0x65, 0x01, 0x00 // set to 0x01 to enable BSPowerControl
299 // Transceiver, SET TRX ATTRIBUTES (TRX 0)
302 Object Class: Transceiver
307 aRFCNList (HEX): 0001
308 txPwrMaxReduction: 00h = 30dB
309 radioMeasGran: 254 SACCH multiframes
310 radioMeasRep: 01h = enabled
311 memberOfEmergencyConfig: 01h = TRUE
312 trxArea: 00h = TRX doesn't belong to a concentric cell
315 unsigned char msg_6[] =
317 0x44, 0x02, 0x00, 0x00, 0xFF,
318 NM_ATT_ARFCN_LIST, 0x01, 0x00, HARDCODED_ARFCN /*0x01*/,
319 NM_ATT_RF_MAXPOWR_R, 0x00,
320 NM_ATT_BS11_RADIO_MEAS_GRAN, 0x01, 0xFE,
321 NM_ATT_BS11_RADIO_MEAS_REP, 0x01, 0x01,
322 NM_ATT_BS11_EMRG_CFG_MEMBER, 0x01, 0x01,
323 NM_ATT_BS11_TRX_AREA, 0x01, 0x00,
326 static unsigned char nanobts_attr_bts[] = {
327 NM_ATT_INTERF_BOUND, 0x55, 0x5b, 0x61, 0x67, 0x6d, 0x73,
328 NM_ATT_INTAVE_PARAM, 0x06,
329 NM_ATT_CONN_FAIL_CRIT, 0x00, 0x02, 0x01, 0x10,
330 NM_ATT_T200, 0x1e, 0x24, 0x24, 0xa8, 0x34, 0x21, 0xa8,
332 NM_ATT_OVERL_PERIOD, 0x00, 0x01, 10, /* seconds */
333 NM_ATT_CCCH_L_T, 10, /* percent */
334 NM_ATT_CCCH_L_I_P, 1, /* seconds */
335 NM_ATT_RACH_B_THRESH, 0x0a,
336 NM_ATT_LDAVG_SLOTS, 0x03, 0xe8,
337 NM_ATT_BTS_AIR_TIMER, 0x80,
339 NM_ATT_BCCH_ARFCN, HARDCODED_ARFCN >> 8, HARDCODED_ARFCN & 0xff,
343 static unsigned char nanobts_attr_radio[] = {
344 NM_ATT_RF_MAXPOWR_R, 0x0c,
345 NM_ATT_ARFCN_LIST, 0x00, 0x02, HARDCODED_ARFCN >> 8, HARDCODED_ARFCN & 0xff,
348 static unsigned char nanobts_attr_e0[] = {
350 0x81, 0x0b, 0xbb, /* TCP PORT for RSL */
353 int nm_state_event(enum nm_evt evt, u_int8_t obj_class, void *obj,
354 struct gsm_nm_state *old_state, struct gsm_nm_state *new_state)
357 struct gsm_bts_trx *trx;
358 struct gsm_bts_trx_ts *ts;
360 /* This is currently only required on nanoBTS */
363 case EVT_STATECHG_OPER:
365 case NM_OC_SITE_MANAGER:
366 bts = container_of(obj, struct gsm_bts, site_mgr);
367 if (old_state->operational != 2 && new_state->operational == 2) {
368 abis_nm_opstart(bts, NM_OC_SITE_MANAGER, 0xff, 0xff, 0xff);
372 bts = (struct gsm_bts *)obj;
373 if (new_state->availability == 5) {
374 abis_nm_set_bts_attr(bts, nanobts_attr_bts,
375 sizeof(nanobts_attr_bts));
376 abis_nm_opstart(bts, NM_OC_BTS,
377 bts->nr, 0xff, 0xff);
378 abis_nm_chg_adm_state(bts, NM_OC_BTS,
383 case NM_OC_RADIO_CARRIER:
384 trx = (struct gsm_bts_trx *)obj;
385 if (new_state->availability == 3) {
386 abis_nm_set_radio_attr(trx, nanobts_attr_radio,
387 sizeof(nanobts_attr_radio));
388 abis_nm_opstart(trx->bts, NM_OC_RADIO_CARRIER,
389 trx->bts->nr, trx->nr, 0xff);
390 abis_nm_chg_adm_state(trx->bts, NM_OC_RADIO_CARRIER,
391 trx->bts->nr, trx->nr, 0xff,
396 ts = (struct gsm_bts_trx_ts *)obj;
397 trx = (struct gsm_bts_trx *)ts->trx;
398 if (new_state->availability == 5) {
399 if (ts->nr == 0 && trx == trx->bts->c0)
400 abis_nm_set_channel_attr(ts, NM_CHANC_BCCH_CBCH);
402 abis_nm_set_channel_attr(ts, NM_CHANC_TCHFull);
403 abis_nm_opstart(trx->bts, NM_OC_CHANNEL,
404 trx->bts->nr, trx->nr, ts->nr);
405 abis_nm_chg_adm_state(trx->bts, NM_OC_CHANNEL,
406 trx->bts->nr, trx->nr, ts->nr,
410 case NM_OC_BASEB_TRANSC:
411 trx = container_of(obj, struct gsm_bts_trx, bb_transc);
412 if (new_state->availability == 5) {
413 abis_nm_ipaccess_msg(trx->bts, 0xe0, NM_OC_BASEB_TRANSC,
414 trx->bts->nr, trx->nr, 0xff,
415 nanobts_attr_e0, sizeof(nanobts_attr_e0));
416 abis_nm_opstart(trx->bts, NM_OC_BASEB_TRANSC,
417 trx->bts->nr, trx->nr, 0xff);
418 abis_nm_chg_adm_state(trx->bts, NM_OC_BASEB_TRANSC,
419 trx->bts->nr, trx->nr, 0xff,
425 case EVT_STATECHG_ADM:
426 DEBUGP(DMM, "Unhandled state change in %s:%d\n", __func__, __LINE__);
432 static void bootstrap_om_nanobts(struct gsm_bts *bts)
434 /* We don't do callback based bootstrapping, but event driven (see above) */
437 static void bootstrap_om_bs11(struct gsm_bts *bts)
439 struct gsm_bts_trx *trx = &bts->trx[0];
441 /* stop sending event reports */
442 abis_nm_event_reports(bts, 0);
444 /* begin DB transmission */
445 abis_nm_bs11_db_transmission(bts, 1);
447 /* end DB transmission */
448 abis_nm_bs11_db_transmission(bts, 0);
450 /* Reset BTS Site manager resource */
451 abis_nm_bs11_reset_resource(bts);
453 /* begin DB transmission */
454 abis_nm_bs11_db_transmission(bts, 1);
456 abis_nm_raw_msg(bts, sizeof(msg_1), msg_1); /* set BTS SiteMgr attr*/
457 abis_nm_raw_msg(bts, sizeof(msg_2), msg_2); /* set BTS attr */
458 abis_nm_raw_msg(bts, sizeof(msg_3), msg_3); /* set BTS handover attr */
459 abis_nm_raw_msg(bts, sizeof(msg_4), msg_4); /* set BTS power control attr */
461 /* Connect signalling of bts0/trx0 to e1_0/ts1/64kbps */
462 abis_nm_conn_terr_sign(trx, 0, 1, 0xff);
463 set_ts_e1link(&trx->ts[0], 0, 1, 0xff);
464 abis_nm_raw_msg(bts, sizeof(msg_6), msg_6); /* SET TRX ATTRIBUTES */
466 /* Use TEI 1 for signalling */
467 abis_nm_establish_tei(bts, 0, 0, 1, 0xff, 0x01);
468 abis_nm_set_channel_attr(&trx->ts[0], NM_CHANC_SDCCH_CBCH);
472 abis_nm_conn_terr_sign(&bts->trx[1], 0, 1, 0xff);
473 /* FIXME: TRX ATTRIBUTE */
474 abis_nm_establish_tei(bts, 0, 0, 1, 0xff, 0x02);
477 /* SET CHANNEL ATTRIBUTE TS1 */
478 abis_nm_set_channel_attr(&trx->ts[1], NM_CHANC_TCHFull);
479 /* Connect traffic of bts0/trx0/ts1 to e1_0/ts2/b */
480 set_ts_e1link(&trx->ts[1], 0, 2, 1);
481 abis_nm_conn_terr_traf(&trx->ts[1], 0, 2, 1);
483 /* SET CHANNEL ATTRIBUTE TS2 */
484 abis_nm_set_channel_attr(&trx->ts[2], NM_CHANC_TCHFull);
485 /* Connect traffic of bts0/trx0/ts2 to e1_0/ts2/c */
486 set_ts_e1link(&trx->ts[2], 0, 2, 2);
487 abis_nm_conn_terr_traf(&trx->ts[2], 0, 2, 2);
489 /* SET CHANNEL ATTRIBUTE TS3 */
490 abis_nm_set_channel_attr(&trx->ts[3], NM_CHANC_TCHFull);
491 /* Connect traffic of bts0/trx0/ts3 to e1_0/ts2/d */
492 set_ts_e1link(&trx->ts[3], 0, 2, 3);
493 abis_nm_conn_terr_traf(&trx->ts[3], 0, 2, 3);
495 /* SET CHANNEL ATTRIBUTE TS4 */
496 abis_nm_set_channel_attr(&trx->ts[4], NM_CHANC_TCHFull);
497 /* Connect traffic of bts0/trx0/ts4 to e1_0/ts3/a */
498 set_ts_e1link(&trx->ts[4], 0, 3, 0);
499 abis_nm_conn_terr_traf(&trx->ts[4], 0, 3, 0);
501 /* SET CHANNEL ATTRIBUTE TS5 */
502 abis_nm_set_channel_attr(&trx->ts[5], NM_CHANC_TCHFull);
503 /* Connect traffic of bts0/trx0/ts5 to e1_0/ts3/b */
504 set_ts_e1link(&trx->ts[5], 0, 3, 1);
505 abis_nm_conn_terr_traf(&trx->ts[5], 0, 3, 1);
507 /* SET CHANNEL ATTRIBUTE TS6 */
508 abis_nm_set_channel_attr(&trx->ts[6], NM_CHANC_TCHFull);
509 /* Connect traffic of bts0/trx0/ts6 to e1_0/ts3/c */
510 set_ts_e1link(&trx->ts[6], 0, 3, 2);
511 abis_nm_conn_terr_traf(&trx->ts[6], 0, 3, 2);
513 /* SET CHANNEL ATTRIBUTE TS7 */
514 abis_nm_set_channel_attr(&trx->ts[7], NM_CHANC_TCHFull);
515 /* Connect traffic of bts0/trx0/ts7 to e1_0/ts3/d */
516 set_ts_e1link(&trx->ts[7], 0, 3, 3);
517 abis_nm_conn_terr_traf(&trx->ts[7], 0, 3, 3);
519 /* end DB transmission */
520 abis_nm_bs11_db_transmission(bts, 0);
522 /* Reset BTS Site manager resource */
523 abis_nm_bs11_reset_resource(bts);
525 /* restart sending event reports */
526 abis_nm_event_reports(bts, 1);
529 static void bootstrap_om(struct gsm_bts *bts)
531 fprintf(stdout, "bootstrapping OML\n");
534 case GSM_BTS_TYPE_BS11:
535 bootstrap_om_bs11(bts);
537 case GSM_BTS_TYPE_NANOBTS_900:
538 case GSM_BTS_TYPE_NANOBTS_1800:
539 bootstrap_om_nanobts(bts);
542 fprintf(stderr, "Unable to bootstrap OML: Unknown BTS type %d\n", bts->type);
546 static int shutdown_om(struct gsm_bts *bts)
548 /* stop sending event reports */
549 abis_nm_event_reports(bts, 0);
551 /* begin DB transmission */
552 abis_nm_bs11_db_transmission(bts, 1);
554 /* end DB transmission */
555 abis_nm_bs11_db_transmission(bts, 0);
557 /* Reset BTS Site manager resource */
558 abis_nm_bs11_reset_resource(bts);
566 const u_int8_t *data;
570 SYSTEM INFORMATION TYPE 1
571 Cell channel description
573 CA-ARFCN Bit 124...001 (Hex): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01
574 RACH Control Parameters
575 maximum 7 retransmissions
576 8 slots used to spread transmission
577 cell not barred for access
578 call reestablishment not allowed
579 Access Control Class = 0000
581 static u_int8_t si1[] = {
582 /* header */0x55, 0x06, 0x19,
583 /* ccdesc */0x04 /*0x00*/, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
584 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 /*0x01*/,
585 /* rach */0xD5, 0x00, 0x00,
590 SYSTEM INFORMATION TYPE 2
591 Neighbour Cells Description
592 EXT-IND: Carries the complete BA
595 CA-ARFCN Bit 124...001 (Hex): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
596 NCC permitted (NCC) = FF
597 RACH Control Parameters
598 maximum 7 retransmissions
599 8 slots used to spread transmission
600 cell not barred for access
601 call reestablishment not allowed
602 Access Control Class = 0000
604 static u_int8_t si2[] = {
605 /* header */0x59, 0x06, 0x1A,
606 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
607 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
609 /* rach*/0xD5, 0x00, 0x00
613 SYSTEM INFORMATION TYPE 3
614 Cell identity = 00001 (1h)
615 Location area identification
616 Mobile Country Code (MCC): 001
617 Mobile Network Code (MNC): 01
618 Location Area Code (LAC): 00001 (1h)
619 Control Channel Description
620 Attach-detach: MSs in the cell are not allowed to apply IMSI attach /detach
621 0 blocks reserved for access grant
622 1 channel used for CCCH, with SDCCH
623 5 multiframes period for PAGING REQUEST
626 Power control indicator: not set
627 MSs shall not use uplink DTX
628 Radio link timeout = 36
629 Cell Selection Parameters
630 Cell reselect hysteresis = 6 dB RXLEV hysteresis for LA re-selection
631 max.TX power level MS may use for CCH = 2 <- according to GSM05.05 39dBm (max)
632 Additional Reselect Parameter Indication (ACS) = only SYSTEM INFO 4: The SI rest octets, if present, shall be used to derive the value of PI and possibly C2 parameters
633 Half rate support (NECI): New establishment causes are not supported
634 min.RX signal level for MS = 0
635 RACH Control Parameters
636 maximum 7 retransmissions
637 8 slots used to spread transmission
638 cell not barred for access
639 call reestablishment not allowed
640 Access Control Class = 0000
642 Cell Bar Qualify (CBQ): 0
643 Cell Reselect Offset = 0 dB
644 Temporary Offset = 0 dB
646 System Information 2ter Indicator (2TI): 0 = not available
647 Early Classmark Sending Control (ECSC): 0 = forbidden
648 Scheduling Information is not sent in SYSTEM INFORMATION TYPE 9 on the BCCH
650 static u_int8_t si3[] = {
651 /* header */0x49, 0x06, 0x1B,
652 /* cell */0x00, 0x01,
653 /* lai */0x00, 0xF1, 0x10, 0x00, 0x01,
654 /* desc */0x01, 0x03, 0x00,
656 /* selection*/0x62, 0x00,
657 /* rach */0xD5, 0x00, 0x00,
658 /* reset*/0x80, 0x00, 0x00, 0x2B
662 SYSTEM INFORMATION TYPE 4
663 Location area identification
664 Mobile Country Code (MCC): 001
665 Mobile Network Code (MNC): 01
666 Location Area Code (LAC): 00001 (1h)
667 Cell Selection Parameters
668 Cell reselect hysteresis = 6 dB RXLEV hysteresis for LA re-selection
669 max.TX power level MS may use for CCH = 2
670 Additional Reselect Parameter Indication (ACS) = only SYSTEM INFO 4: The SI rest octets, if present, shall be used to derive the value of PI and possibly C2 parameters
671 Half rate support (NECI): New establishment causes are not supported
672 min.RX signal level for MS = 0
673 RACH Control Parameters
674 maximum 7 retransmissions
675 8 slots used to spread transmission
676 cell not barred for access
677 call reestablishment not allowed
678 Access Control Class = 0000
682 Training Sequence Code: 7h
685 Cell Bar Qualify (CBQ): 0
686 Cell Reselect Offset = 0 dB
687 Temporary Offset = 0 dB
690 static u_int8_t si4[] = {
691 /* header */0x41, 0x06, 0x1C,
692 /* lai */0x00, 0xF1, 0x10, 0x00, 0x01,
694 /* rach*/0xD5, 0x00, 0x00,
695 /* var */0x64, 0x30, 0xE0, HARDCODED_ARFCN/*0x01*/, 0x80, 0x00, 0x00,
700 SYSTEM INFORMATION TYPE 5
701 Neighbour Cells Description
702 EXT-IND: Carries the complete BA
705 CA-ARFCN Bit 124...001 (Hex): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
708 static u_int8_t si5[] = {
709 /* header without l2 len*/0x06, 0x1D,
710 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
711 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
714 // SYSTEM INFORMATION TYPE 6
718 System Info Type: SYSTEM INFORMATION 6
719 L3 Information (Hex): 06 1E 00 01 xx xx 10 00 01 28 FF
721 SYSTEM INFORMATION TYPE 6
722 Cell identity = 00001 (1h)
723 Location area identification
724 Mobile Country Code (MCC): 001
725 Mobile Network Code (MNC): 01
726 Location Area Code (LAC): 00001 (1h)
728 Power control indicator: not set
729 MSs shall not use uplink DTX on a TCH-F. MS shall not use uplink DTX on TCH-H.
730 Radio link timeout = 36
731 NCC permitted (NCC) = FF
734 static u_int8_t si6[] = {
735 /* header */0x06, 0x1E,
736 /* cell id*/ 0x00, 0x01,
737 /* lai */ 0x00, 0xF1, 0x10, 0x00, 0x01,
744 static const struct bcch_info bcch_infos[] = {
764 static_assert(sizeof(si1) == sizeof(struct gsm48_system_information_type_1), type1)
765 static_assert(sizeof(si2) == sizeof(struct gsm48_system_information_type_2), type2)
766 static_assert(sizeof(si3) == sizeof(struct gsm48_system_information_type_3), type3)
767 static_assert(sizeof(si4) >= sizeof(struct gsm48_system_information_type_4), type4)
768 static_assert(sizeof(si5) == sizeof(struct gsm48_system_information_type_5), type5)
769 static_assert(sizeof(si6) >= sizeof(struct gsm48_system_information_type_6), type6)
771 /* set all system information types */
772 static int set_system_infos(struct gsm_bts_trx *trx)
776 for (i = 0; i < ARRAY_SIZE(bcch_infos); i++) {
777 rsl_bcch_info(trx, bcch_infos[i].type,
781 rsl_sacch_filling(trx, RSL_SYSTEM_INFO_5, si5, sizeof(si5));
782 rsl_sacch_filling(trx, RSL_SYSTEM_INFO_6, si6, sizeof(si6));
788 * Patch the various SYSTEM INFORMATION tables to update
791 static void patch_tables(struct gsm_bts *bts)
793 u_int8_t arfcn_low = bts->trx[0].arfcn & 0xff;
794 u_int8_t arfcn_high = (bts->trx[0].arfcn >> 8) & 0x0f;
795 /* covert the raw packet to the struct */
796 struct gsm48_system_information_type_3 *type_3 =
797 (struct gsm48_system_information_type_3*)&si3;
798 struct gsm48_system_information_type_4 *type_4 =
799 (struct gsm48_system_information_type_4*)&si4;
800 struct gsm48_system_information_type_6 *type_6 =
801 (struct gsm48_system_information_type_6*)&si6;
802 struct gsm48_loc_area_id lai;
804 gsm0408_generate_lai(&lai, bts->network->country_code,
805 bts->network->network_code, bts->location_area_code);
807 /* assign the MCC and MNC */
812 /* patch ARFCN into BTS Attributes */
814 msg_2[74] |= arfcn_high;
815 msg_2[75] = arfcn_low;
816 nanobts_attr_bts[42] &= 0xf0;
817 nanobts_attr_bts[42] |= arfcn_high;
818 nanobts_attr_bts[43] = arfcn_low;
820 /* patch ARFCN into TRX Attributes */
822 msg_6[7] |= arfcn_high;
823 msg_6[8] = arfcn_low;
824 nanobts_attr_radio[5] &= 0xf0;
825 nanobts_attr_radio[5] |= arfcn_high;
826 nanobts_attr_radio[6] = arfcn_low;
828 type_4->data[2] &= 0xf0;
829 type_4->data[2] |= arfcn_high;
830 type_4->data[3] = arfcn_low;
832 /* patch Control Channel Description 10.5.2.11 */
833 type_3->control_channel_desc = bts->chan_desc;
837 static void bootstrap_rsl(struct gsm_bts_trx *trx)
839 fprintf(stdout, "bootstrapping RSL MCC=%u MNC=%u\n", trx->bts->network->country_code, trx->bts->network->network_code);
840 set_system_infos(trx);
843 void input_event(int event, enum e1inp_sign_type type, struct gsm_bts_trx *trx)
849 bootstrap_om(trx->bts);
859 fprintf(stderr, "Lost some E1 TEI link\n");
860 /* FIXME: deal with TEI or L1 link loss */
867 static int bootstrap_bts(struct gsm_bts *bts, int lac, int arfcn)
869 bts->location_area_code = lac;
870 bts->trx[0].arfcn = arfcn;
872 /* Control Channel Description */
873 memset(&bts->chan_desc, 0, sizeof(struct gsm48_control_channel_descr));
874 bts->chan_desc.att = 1;
875 bts->chan_desc.ccch_conf = RSL_BCCH_CCCH_CONF_1_C;
876 bts->chan_desc.bs_pa_mfrms = RSL_BS_PA_MFRMS_5;
877 bts->chan_desc.t3212 = 0;
887 struct gsm_network *bootstrap_network(int (*mncc_recv)(struct gsm_network *, int, void *), int bts_type, int mcc, int mnc, int lac, int arfcn, int cardnr, int release_l2, char *name_short, char *name_long, char *hlr, int allow_all)
890 struct gsm_network *gsmnet;
892 /* seed the PRNG for TMSI */
895 /* initialize our data structures */
896 gsmnet = gsm_network_init(2, (gsm_bts_type)bts_type, mcc, mnc, mncc_recv);
901 if (db_init(hlr, gsmnet)) {
902 fprintf(stderr, "DB: Failed to init HLR database '%s'. Please check the option settings.\n", hlr);
906 fprintf(stderr, "DB: Failed to prepare database.\n");
910 gsmnet->name_long = name_long;
911 gsmnet->name_short = name_short;
912 bts = &gsmnet->bts[0];
913 bootstrap_bts(bts, lac, arfcn);
915 /* Control Channel Description */
916 memset(&bts->chan_desc, 0, sizeof(struct gsm48_control_channel_descr));
917 bts->chan_desc.att = 1;
918 bts->chan_desc.ccch_conf = RSL_BCCH_CCCH_CONF_1_C;
919 bts->chan_desc.bs_pa_mfrms = RSL_BS_PA_MFRMS_5;
920 bts->chan_desc.t3212 = 0;
926 telnet_init(gsmnet, 4242);
928 /* E1 mISDN input setup */
929 if (bts_type == GSM_BTS_TYPE_BS11) {
931 if (e1_config(bts, cardnr, release_l2))
934 bts->ip_access.site_id = 1801;
935 bts->ip_access.bts_id = 0;
936 bts = &gsmnet->bts[1];
937 bootstrap_bts(bts, lac, arfcn);
938 bts->ip_access.site_id = 1800;
939 bts->ip_access.bts_id = 0;
940 if (ipaccess_setup(gsmnet))
946 gsm0408_allow_everyone(1);
951 int shutdown_net(struct gsm_network *network)
953 struct gsm_network *net = (struct gsm_network *)network;
955 for (i = 0; i < net->num_bts; i++) {
957 rc = shutdown_om(&net->bts[i]);
projects / lcr.git / blob