1 /* Cell Scanning code for OsmocomBB */
3 /* (C) 2010 by Andreas Eversberg <jolly@eversberg.eu>
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License along
18 * with this program; if not, write to the Free Software Foundation, Inc.,
19 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
30 #include <l1ctl_proto.h>
32 #include <osmocore/logging.h>
33 #include <osmocore/timer.h>
34 #include <osmocore/signal.h>
35 #include <osmocore/msgb.h>
36 #include <osmocore/gsm_utils.h>
37 #include <osmocore/protocol/gsm_04_08.h>
38 #include <osmocore/rsl.h>
40 #include <osmocom/bb/common/l1ctl.h>
41 #include <osmocom/bb/common/osmocom_data.h>
42 #include <osmocom/bb/common/lapdm.h>
43 #include <osmocom/bb/common/logging.h>
44 #include <osmocom/bb/common/networks.h>
45 #include <osmocom/bb/common/gps.h>
46 #include <osmocom/bb/misc/cell_log.h>
48 #define READ_WAIT 2, 0
50 #define RACH_WAIT 0, 900000
61 static uint16_t band_range[][2] = {{0, 124}, {512, 885}, {955, 1023}, {0, 0}};
64 #define INFO_FLG_SYNC 2
65 #define INFO_FLG_SI1 4
66 #define INFO_FLG_SI2 8
67 #define INFO_FLG_SI2bis 16
68 #define INFO_FLG_SI2ter 32
69 #define INFO_FLG_SI3 64
70 #define INFO_FLG_SI4 128
72 static struct osmocom_ms *ms;
73 static struct timer_list timer;
75 static struct pm_info {
80 static int started = 0;
82 static int8_t min_rxlev = MIN_RXLEV;
83 static int sync_count;
86 static int rach_count;
87 static FILE *logfp = NULL;
88 static char *logname = "/var/log/osmocom.log";
90 static struct gsm48_sysinfo sysinfo;
92 static struct log_si {
96 uint16_t mcc, mnc, lac, cellid;
98 double latitude, longitude;
107 #define LOGFILE(fmt, args...) \
108 fprintf(logfp, fmt, ## args);
112 static void start_sync(void);
113 static void start_rach(void);
114 static void start_pm(void);
116 static void log_gps(void)
118 if (!gps.enable || !gps.valid)
120 LOGFILE("position %.8f %.8f\n", gps.longitude, gps.latitude);
123 static void log_time(void)
127 if (gps.enable && gps.valid)
131 LOGFILE("time %lu\n", now);
134 static void log_frame(char *tag, uint8_t *data)
139 for (i = 0; i < 23; i++)
140 LOGFILE(" %02x", *data++);
144 static void log_pm(void)
148 LOGFILE("[power]\n");
151 for (i = 0; i <= 1023; i++) {
152 if ((pm[i].flags & INFO_FLG_PM)) {
154 LOGFILE("arfcn %d", i);
155 LOGFILE(" %d", pm[i].rxlev);
175 static void log_sysinfo(void)
177 struct rx_meas_stat *meas = &ms->meas;
178 struct gsm48_sysinfo *s = &sysinfo;
181 LOGP(DSUM, LOGL_INFO, "Cell: ARFCN=%d MCC=%s MNC=%s (%s, %s)\n",
182 arfcn, gsm_print_mcc(s->mcc), gsm_print_mnc(s->mnc),
183 gsm_get_mcc(s->mcc), gsm_get_mnc(s->mcc, s->mnc));
185 printf("%d %d\n", s->si2ter, s->si2ter_ind);
187 LOGFILE("[sysinfo]\n");
188 LOGFILE("arfcn %d\n", s->arfcn);
191 LOGFILE("bsic %d,%d\n", s->bsic >> 3, s->bsic & 7);
192 rxlev = meas->rxlev / meas->frames - 110;
193 LOGFILE("rxlev %d\n", rxlev);
195 log_frame("si1", s->si1_msg);
197 log_frame("si2", s->si2_msg);
199 log_frame("si2bis", s->si2b_msg);
201 log_frame("si2ter", s->si2t_msg);
203 log_frame("si3", s->si3_msg);
205 log_frame("si4", s->si4_msg);
206 if (log_si.ta != 0xff)
207 LOGFILE("ta %d\n", log_si.ta);
213 static void timeout_cb(void *arg)
216 case SCAN_STATE_READ:
217 LOGP(DSUM, LOGL_INFO, "Timeout reading BCCH\n");
221 case SCAN_STATE_RACH:
222 LOGP(DSUM, LOGL_INFO, "Timeout on RACH\n");
229 static void stop_timer(void)
231 if (bsc_timer_pending(&timer))
232 bsc_del_timer(&timer);
235 static void start_timer(int sec, int micro)
238 timer.cb = timeout_cb;
240 bsc_schedule_timer(&timer, sec, micro);
243 static void start_rach(void)
245 struct gsm48_sysinfo *s = &sysinfo;
246 uint8_t chan_req_val, chan_req_mask;
248 struct abis_rsl_cchan_hdr *ncch;
250 if (rach_count == RACH_MAX) {
257 state = SCAN_STATE_RACH;
260 chan_req_mask = 0x0f;
262 LOGP(DSUM, LOGL_INFO, "CHANNEL REQUEST: %02x "
263 "(OTHER with NECI)\n", chan_req_val);
265 chan_req_mask = 0x1f;
267 LOGP(DSUM, LOGL_INFO, "CHANNEL REQUEST: %02x (OTHER no NECI)\n",
272 rach_ref.cr = random();
273 rach_ref.cr &= chan_req_mask;
274 rach_ref.cr |= chan_req_val;
276 nmsg = msgb_alloc_headroom(RSL_ALLOC_SIZE+RSL_ALLOC_HEADROOM,
277 RSL_ALLOC_HEADROOM, "GSM 04.06 RSL");
280 nmsg->l2h = nmsg->data;
281 ncch = (struct abis_rsl_cchan_hdr *) msgb_put(nmsg, sizeof(*ncch)
283 rsl_init_cchan_hdr(ncch, RSL_MT_CHAN_RQD);
284 ncch->chan_nr = RSL_CHAN_RACH;
285 ncch->data[0] = RSL_IE_REQ_REFERENCE;
286 ncch->data[1] = rach_ref.cr;
287 #warning HACK: fn51 and fn_off
288 ncch->data[2] = (s->ccch_conf == 1) ? 27 : 50;
289 ncch->data[3] = 1; /* next frame */
290 ncch->data[4] = RSL_IE_ACCESS_DELAY;
291 ncch->data[5] = 0; /* no delay */
292 ncch->data[6] = RSL_IE_MS_POWER;
293 ncch->data[7] = 0; /* full power */
295 start_timer(RACH_WAIT);
297 rslms_recvmsg(nmsg, ms);
300 static void start_sync(void)
302 while (arfcn <= 1023) {
303 if ((pm[arfcn].flags & INFO_FLG_PM)
304 && pm[arfcn].rxlev >= min_rxlev)
309 memset(pm, 0, sizeof(pm));
315 LOGP(DSUM, LOGL_INFO, "Sync requested to ARFCN %d (rxlev %d, %d syncs "
316 "left)\n", arfcn, pm[arfcn].rxlev, sync_count--);
317 memset(&sysinfo, 0, sizeof(sysinfo));
318 sysinfo.arfcn = arfcn;
319 state = SCAN_STATE_SYNC;
320 l1ctl_tx_reset_req(ms, L1CTL_RES_T_FULL);
321 l1ctl_tx_fbsb_req(ms, arfcn, L1CTL_FBSB_F_FB01SB, 100, 0,
325 static void start_pm(void)
329 state = SCAN_STATE_PM;
330 from = band_range[pm_index][0];
331 to = band_range[pm_index][1];
333 if (from == 0 && to == 0) {
334 LOGP(DSUM, LOGL_INFO, "Measurement done\n");
340 LOGP(DSUM, LOGL_INFO, "Measure from %d to %d\n", from, to);
341 l1ctl_tx_reset_req(ms, L1CTL_RES_T_FULL);
342 l1ctl_tx_pm_req_range(ms, from, to);
345 static int signal_cb(unsigned int subsys, unsigned int signal,
346 void *handler_data, void *signal_data)
348 struct osmobb_meas_res *mr;
349 struct osmobb_fbsb_res *fr;
352 if (subsys != SS_L1CTL)
358 index = mr->band_arfcn & 0x3ff;
359 pm[index].flags |= INFO_FLG_PM;
360 pm[index].rxlev = mr->rx_lev - 110;
361 if (pm[index].rxlev >= min_rxlev)
363 // printf("rxlev %d = %d (sync_count %d)\n", index, pm[index].rxlev, sync_count);
365 case S_L1CTL_PM_DONE:
369 case S_L1CTL_FBSB_RESP:
371 sysinfo.bsic = fr->bsic;
372 state = SCAN_STATE_READ;
373 memset(&ms->meas, 0, sizeof(ms->meas));
374 memset(&log_si, 0, sizeof(log_si));
375 log_si.flags |= INFO_FLG_SYNC;
376 log_si.ta = 0xff; /* invalid */
377 start_timer(READ_WAIT);
378 LOGP(DSUM, LOGL_INFO, "Synchronized, start reading\n");
380 case S_L1CTL_FBSB_ERR:
381 LOGP(DSUM, LOGL_INFO, "Sync faild\n");
389 memset(pm, 0, sizeof(pm));
397 static int ta_result(uint8_t ta)
402 LOGP(DSUM, LOGL_INFO, "Got assignment reject\n");
404 LOGP(DSUM, LOGL_INFO, "Got assignment TA = %d\n", ta);
415 /* match request reference agains request */
416 static int match_ra(struct osmocom_ms *ms, struct gsm48_req_ref *ref)
418 uint8_t ia_t1, ia_t2, ia_t3;
420 /* filter confirmed RACH requests only */
421 if (rach_ref.valid && ref->ra == rach_ref.cr) {
424 ia_t3 = (ref->t3_high << 3) | ref->t3_low;
425 if (ia_t1 == rach_ref.t1 && ia_t2 == rach_ref.t2
426 && ia_t3 == rach_ref.t3) {
427 LOGP(DRR, LOGL_INFO, "request %02x matches "
428 "(fn=%d,%d,%d)\n", ref->ra, ia_t1, ia_t2,
432 LOGP(DRR, LOGL_INFO, "request %02x matches but not "
433 "frame number (IMM.ASS fn=%d,%d,%d != RACH "
434 "fn=%d,%d,%d)\n", ref->ra, ia_t1, ia_t2, ia_t3,
435 rach_ref.t1, rach_ref.t2, rach_ref.t3);
441 /* 9.1.18 IMMEDIATE ASSIGNMENT is received */
442 static int imm_ass(struct osmocom_ms *ms, struct msgb *msg)
444 struct gsm48_imm_ass *ia = msgb_l3(msg);
446 LOGP(DRR, LOGL_INFO, "IMMEDIATE ASSIGNMENT:\n");
448 if (state != SCAN_STATE_RACH) {
449 LOGP(DRR, LOGL_INFO, "Not for us, no request.\n");
454 if (match_ra(ms, &ia->req_ref)) {
455 return ta_result(ia->timing_advance);
457 LOGP(DRR, LOGL_INFO, "Request, but not for us.\n");
462 /* 9.1.19 IMMEDIATE ASSIGNMENT EXTENDED is received */
463 static int imm_ass_ext(struct osmocom_ms *ms, struct msgb *msg)
465 struct gsm48_imm_ass_ext *ia = msgb_l3(msg);
467 LOGP(DRR, LOGL_INFO, "IMMEDIATE ASSIGNMENT EXTENDED:\n");
469 if (state != SCAN_STATE_RACH) {
470 LOGP(DRR, LOGL_INFO, "Not for us, no request.\n");
475 if (match_ra(ms, &ia->req_ref1)) {
476 return ta_result(ia->timing_advance1);
479 if (match_ra(ms, &ia->req_ref2)) {
480 return ta_result(ia->timing_advance2);
482 LOGP(DRR, LOGL_INFO, "Request, but not for us.\n");
487 /* 9.1.20 IMMEDIATE ASSIGNMENT REJECT is received */
488 static int imm_ass_rej(struct osmocom_ms *ms, struct msgb *msg)
490 struct gsm48_imm_ass_rej *ia = msgb_l3(msg);
492 struct gsm48_req_ref *req_ref;
494 LOGP(DRR, LOGL_INFO, "IMMEDIATE ASSIGNMENT REJECT:\n");
496 if (state != SCAN_STATE_RACH) {
497 LOGP(DRR, LOGL_INFO, "Not for us, no request.\n");
501 for (i = 0; i < 4; i++) {
502 /* request reference */
503 req_ref = (struct gsm48_req_ref *)
504 (((uint8_t *)&ia->req_ref1) + i * 4);
505 LOGP(DRR, LOGL_INFO, "IMMEDIATE ASSIGNMENT REJECT "
506 "(ref 0x%02x)\n", req_ref->ra);
507 if (match_ra(ms, req_ref)) {
508 return ta_result(0xff);
515 /* receive CCCH at RR layer */
516 static int pch_agch(struct osmocom_ms *ms, struct msgb *msg)
518 struct gsm48_system_information_type_header *sih = msgb_l3(msg);
520 switch (sih->system_information) {
521 case GSM48_MT_RR_PAG_REQ_1:
522 case GSM48_MT_RR_PAG_REQ_2:
523 case GSM48_MT_RR_PAG_REQ_3:
525 case GSM48_MT_RR_IMM_ASS:
526 return imm_ass(ms, msg);
527 case GSM48_MT_RR_IMM_ASS_EXT:
528 return imm_ass_ext(ms, msg);
529 case GSM48_MT_RR_IMM_ASS_REJ:
530 return imm_ass_rej(ms, msg);
536 /* check if sysinfo is complete, change to RACH state */
537 static int new_sysinfo(void)
539 struct gsm48_sysinfo *s = &sysinfo;
542 start_timer(READ_WAIT);
545 if (!s->si1 || !s->si2 || !s->si3 || !s->si4) {
546 LOGP(DRR, LOGL_INFO, "not all mandatory SI received\n");
551 if (s->nb_ext_ind_si2 && !s->si2bis) {
552 LOGP(DRR, LOGL_INFO, "extended ba, but si2bis not received\n");
557 if (s->si2ter_ind && !s->si2ter) {
558 LOGP(DRR, LOGL_INFO, "si2ter_ind, but si2ter not received\n");
562 LOGP(DRR, LOGL_INFO, "Sysinfo complete\n");
572 /* receive BCCH at RR layer */
573 static int bcch(struct osmocom_ms *ms, struct msgb *msg)
575 struct gsm48_sysinfo *s = &sysinfo;
576 struct gsm48_system_information_type_header *sih = msgb_l3(msg);
579 if (msgb_l3len(msg) != 23) {
580 LOGP(DRR, LOGL_NOTICE, "Invalid BCCH message length\n");
583 switch (sih->system_information) {
584 case GSM48_MT_RR_SYSINFO_1:
585 if (!memcmp(sih, s->si1_msg, sizeof(s->si1_msg)))
587 LOGP(DRR, LOGL_INFO, "New SYSTEM INFORMATION 1\n");
588 gsm48_decode_sysinfo1(s,
589 (struct gsm48_system_information_type_1 *) sih,
591 return new_sysinfo();
592 case GSM48_MT_RR_SYSINFO_2:
593 if (!memcmp(sih, s->si2_msg, sizeof(s->si2_msg)))
595 LOGP(DRR, LOGL_INFO, "New SYSTEM INFORMATION 2\n");
596 gsm48_decode_sysinfo2(s,
597 (struct gsm48_system_information_type_2 *) sih,
599 return new_sysinfo();
600 case GSM48_MT_RR_SYSINFO_2bis:
601 if (!memcmp(sih, s->si2b_msg, sizeof(s->si2b_msg)))
603 LOGP(DRR, LOGL_INFO, "New SYSTEM INFORMATION 2bis\n");
604 gsm48_decode_sysinfo2bis(s,
605 (struct gsm48_system_information_type_2bis *) sih,
607 return new_sysinfo();
608 case GSM48_MT_RR_SYSINFO_2ter:
609 if (!memcmp(sih, s->si2t_msg, sizeof(s->si2t_msg)))
611 LOGP(DRR, LOGL_INFO, "New SYSTEM INFORMATION 2ter\n");
612 gsm48_decode_sysinfo2ter(s,
613 (struct gsm48_system_information_type_2ter *) sih,
615 return new_sysinfo();
616 case GSM48_MT_RR_SYSINFO_3:
617 if (!memcmp(sih, s->si3_msg, sizeof(s->si3_msg)))
619 LOGP(DRR, LOGL_INFO, "New SYSTEM INFORMATION 3\n");
620 gsm48_decode_sysinfo3(s,
621 (struct gsm48_system_information_type_3 *) sih,
623 ccch_mode = (s->ccch_conf == 1) ? CCCH_MODE_COMBINED :
624 CCCH_MODE_NON_COMBINED;
625 LOGP(DRR, LOGL_INFO, "Changing CCCH_MODE to %d\n", ccch_mode);
626 l1ctl_tx_ccch_mode_req(ms, ccch_mode);
627 return new_sysinfo();
628 case GSM48_MT_RR_SYSINFO_4:
629 if (!memcmp(sih, s->si4_msg, sizeof(s->si4_msg)))
631 LOGP(DRR, LOGL_INFO, "New SYSTEM INFORMATION 4\n");
632 gsm48_decode_sysinfo4(s,
633 (struct gsm48_system_information_type_4 *) sih,
635 return new_sysinfo();
641 static int unit_data_ind(struct osmocom_ms *ms, struct msgb *msg)
643 struct abis_rsl_rll_hdr *rllh = msgb_l2(msg);
644 struct tlv_parsed tv;
645 uint8_t ch_type, ch_subch, ch_ts;
647 DEBUGP(DRSL, "RSLms UNIT DATA IND chan_nr=0x%02x link_id=0x%02x\n",
648 rllh->chan_nr, rllh->link_id);
650 rsl_tlv_parse(&tv, rllh->data, msgb_l2len(msg)-sizeof(*rllh));
651 if (!TLVP_PRESENT(&tv, RSL_IE_L3_INFO)) {
652 DEBUGP(DRSL, "UNIT_DATA_IND without L3 INFO ?!?\n");
655 msg->l3h = (uint8_t *) TLVP_VAL(&tv, RSL_IE_L3_INFO);
657 if (state != SCAN_STATE_READ && state != SCAN_STATE_RACH) {
661 rsl_dec_chan_nr(rllh->chan_nr, &ch_type, &ch_subch, &ch_ts);
663 case RSL_CHAN_PCH_AGCH:
664 return pch_agch(ms, msg);
666 return bcch(ms, msg);
668 case RSL_CHAN_Bm_ACCHs:
669 case RSL_CHAN_Lm_ACCHs:
670 case RSL_CHAN_SDCCH4_ACCH:
671 case RSL_CHAN_SDCCH8_ACCH:
672 return rx_acch(ms, msg);
675 LOGP(DRSL, LOGL_NOTICE, "RSL with chan_nr 0x%02x unknown.\n",
681 static int rcv_rll(struct osmocom_ms *ms, struct msgb *msg)
683 struct abis_rsl_rll_hdr *rllh = msgb_l2(msg);
684 int msg_type = rllh->c.msg_type;
686 if (msg_type == RSL_MT_UNIT_DATA_IND) {
687 unit_data_ind(ms, msg);
689 LOGP(DRSL, LOGL_NOTICE, "RSLms message unhandled\n");
696 int chan_conf(struct osmocom_ms *ms, struct msgb *msg)
698 struct abis_rsl_cchan_hdr *ch = msgb_l2(msg);
699 struct gsm48_req_ref *ref = (struct gsm48_req_ref *) (ch->data + 1);
701 if (msgb_l2len(msg) < sizeof(*ch) + sizeof(*ref)) {
702 LOGP(DRR, LOGL_ERROR, "CHAN_CNF too slort\n");
707 rach_ref.t1 = ref->t1;
708 rach_ref.t2 = ref->t2;
709 rach_ref.t3 = ref->t3_low | (ref->t3_high << 3);
714 static int rcv_cch(struct osmocom_ms *ms, struct msgb *msg)
716 struct abis_rsl_cchan_hdr *ch = msgb_l2(msg);
717 int msg_type = ch->c.msg_type;
720 LOGP(DRSL, LOGL_INFO, "Received '%s' from layer1\n",
721 get_rsl_name(msg_type));
723 if (state == SCAN_STATE_RACH && msg_type == RSL_MT_CHAN_CONF) {
724 rc = chan_conf(ms, msg);
729 LOGP(DRSL, LOGL_NOTICE, "RSLms message unhandled\n");
734 static int rcv_rsl(struct msgb *msg, struct osmocom_ms *ms)
736 struct abis_rsl_common_hdr *rslh = msgb_l2(msg);
739 switch (rslh->msg_discr & 0xfe) {
740 case ABIS_RSL_MDISC_RLL:
741 rc = rcv_rll(ms, msg);
743 case ABIS_RSL_MDISC_COM_CHAN:
744 rc = rcv_cch(ms, msg);
747 LOGP(DRSL, LOGL_NOTICE, "unknown RSLms msg_discr 0x%02x\n",
757 int scan_init(struct osmocom_ms *_ms)
760 register_signal_handler(SS_L1CTL, &signal_cb, NULL);
761 memset(&timer, 0, sizeof(timer));
762 osmol2_register_handler(ms, &rcv_rsl);
768 if (!strcmp(logname, "-"))
771 logfp = fopen(logname, "a");
773 fprintf(stderr, "Failed to open logfile '%s'\n", logname);
777 LOGP(DSUM, LOGL_INFO, "Scanner initialized\n");
784 LOGP(DSUM, LOGL_INFO, "Scanner exit\n");
789 unregister_signal_handler(SS_L1CTL, &signal_cb, NULL);
projects / osmocom-bb.git / blob