1 /* Cell Scanning code for OsmocomBB */
3 /* (C) 2010 by Andreas Eversberg <jolly@eversberg.eu>
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
17 * You should have received a copy of the GNU General Public License along
18 * with this program; if not, write to the Free Software Foundation, Inc.,
19 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
30 #include <l1ctl_proto.h>
32 #include <osmocore/logging.h>
33 #include <osmocore/timer.h>
34 #include <osmocore/signal.h>
35 #include <osmocore/msgb.h>
36 #include <osmocore/gsm_utils.h>
37 #include <osmocore/protocol/gsm_04_08.h>
38 #include <osmocore/rsl.h>
40 #include <osmocom/bb/common/l1ctl.h>
41 #include <osmocom/bb/common/osmocom_data.h>
42 #include <osmocom/bb/common/lapdm.h>
43 #include <osmocom/bb/common/logging.h>
44 #include <osmocom/bb/common/networks.h>
45 #include <osmocom/bb/common/gps.h>
46 #include <osmocom/bb/misc/cell_log.h>
47 #include "../../../gsmmap/geo.h"
49 #define READ_WAIT 2, 0
51 #define RACH_WAIT 0, 900000
52 #define MIN_RXLEV -106
63 static uint16_t band_range[][2] = {{0, 124}, {512, 885}, {955, 1023}, {0, 0}};
66 #define INFO_FLG_SYNC 2
67 #define INFO_FLG_SI1 4
68 #define INFO_FLG_SI2 8
69 #define INFO_FLG_SI2bis 16
70 #define INFO_FLG_SI2ter 32
71 #define INFO_FLG_SI3 64
72 #define INFO_FLG_SI4 128
74 static struct osmocom_ms *ms;
75 static struct timer_list timer;
77 static struct pm_info {
82 static int started = 0;
84 static int8_t min_rxlev = MIN_RXLEV;
85 static int sync_count;
86 static int pm_index, pm_gps_valid;
87 static double pm_gps_x, pm_gps_y, pm_gps_z;
89 static int rach_count;
90 static FILE *logfp = NULL;
93 static struct gsm48_sysinfo sysinfo;
95 static struct log_si {
99 uint16_t mcc, mnc, lac, cellid;
101 double latitude, longitude;
110 #define LOGFILE(fmt, args...) \
111 fprintf(logfp, fmt, ## args);
115 static void start_sync(void);
116 static void start_rach(void);
117 static void start_pm(void);
119 static void log_gps(void)
121 if (!gps.enable || !gps.valid)
123 LOGFILE("position %.8f %.8f\n", gps.longitude, gps.latitude);
126 static void log_time(void)
130 if (gps.enable && gps.valid)
134 LOGFILE("time %lu\n", now);
137 static void log_frame(char *tag, uint8_t *data)
142 for (i = 0; i < 23; i++)
143 LOGFILE(" %02x", *data++);
147 static void log_pm(void)
151 LOGFILE("[power]\n");
154 for (i = 0; i <= 1023; i++) {
155 if ((pm[i].flags & INFO_FLG_PM)) {
157 LOGFILE("arfcn %d", i);
158 LOGFILE(" %d", pm[i].rxlev);
178 static void log_sysinfo(void)
180 struct rx_meas_stat *meas = &ms->meas;
181 struct gsm48_sysinfo *s = &sysinfo;
183 char ta_str[32] = "";
185 if (log_si.ta != 0xff)
186 sprintf(ta_str, " TA=%d", log_si.ta);
188 LOGP(DSUM, LOGL_INFO, "Cell: ARFCN=%d MCC=%s MNC=%s (%s, %s)%s\n",
189 arfcn, gsm_print_mcc(s->mcc), gsm_print_mnc(s->mnc),
190 gsm_get_mcc(s->mcc), gsm_get_mnc(s->mcc, s->mnc), ta_str);
192 LOGFILE("[sysinfo]\n");
193 LOGFILE("arfcn %d\n", s->arfcn);
196 LOGFILE("bsic %d,%d\n", s->bsic >> 3, s->bsic & 7);
197 rxlev = meas->rxlev / meas->frames - 110;
198 LOGFILE("rxlev %d\n", rxlev);
200 log_frame("si1", s->si1_msg);
202 log_frame("si2", s->si2_msg);
204 log_frame("si2bis", s->si2b_msg);
206 log_frame("si2ter", s->si2t_msg);
208 log_frame("si3", s->si3_msg);
210 log_frame("si4", s->si4_msg);
211 if (log_si.ta != 0xff)
212 LOGFILE("ta %d\n", log_si.ta);
218 static void timeout_cb(void *arg)
221 case SCAN_STATE_READ:
222 LOGP(DRR, LOGL_INFO, "Timeout reading BCCH\n");
225 case SCAN_STATE_RACH:
226 LOGP(DRR, LOGL_INFO, "Timeout on RACH\n");
233 static void stop_timer(void)
235 if (bsc_timer_pending(&timer))
236 bsc_del_timer(&timer);
239 static void start_timer(int sec, int micro)
242 timer.cb = timeout_cb;
244 bsc_schedule_timer(&timer, sec, micro);
247 static void start_rach(void)
249 struct gsm48_sysinfo *s = &sysinfo;
250 uint8_t chan_req_val, chan_req_mask;
252 struct abis_rsl_cchan_hdr *ncch;
254 if (rach_count == RACH_MAX) {
260 state = SCAN_STATE_RACH;
263 chan_req_mask = 0x0f;
265 LOGP(DRR, LOGL_INFO, "CHANNEL REQUEST: %02x "
266 "(OTHER with NECI)\n", chan_req_val);
268 chan_req_mask = 0x1f;
270 LOGP(DRR, LOGL_INFO, "CHANNEL REQUEST: %02x (OTHER no NECI)\n",
275 rach_ref.cr = random();
276 rach_ref.cr &= chan_req_mask;
277 rach_ref.cr |= chan_req_val;
279 nmsg = msgb_alloc_headroom(RSL_ALLOC_SIZE+RSL_ALLOC_HEADROOM,
280 RSL_ALLOC_HEADROOM, "GSM 04.06 RSL");
283 nmsg->l2h = nmsg->data;
284 ncch = (struct abis_rsl_cchan_hdr *) msgb_put(nmsg, sizeof(*ncch)
286 rsl_init_cchan_hdr(ncch, RSL_MT_CHAN_RQD);
287 ncch->chan_nr = RSL_CHAN_RACH;
288 ncch->data[0] = RSL_IE_REQ_REFERENCE;
289 ncch->data[1] = rach_ref.cr;
290 ncch->data[2] = (s->ccch_conf == 1) << 7;
292 ncch->data[4] = RSL_IE_ACCESS_DELAY;
293 ncch->data[5] = 0; /* no delay */
294 ncch->data[6] = RSL_IE_MS_POWER;
295 ncch->data[7] = 0; /* full power */
297 start_timer(RACH_WAIT);
299 rslms_recvmsg(nmsg, ms);
302 static void start_sync(void)
306 char dist_str[32] = "";
309 for (i = 0; i <= 1023; i++) {
310 if ((pm[i].flags & INFO_FLG_PM)
311 && !(pm[i].flags & INFO_FLG_SYNC)) {
312 if (pm[i].rxlev > rxlev) {
318 /* if GPS becomes valid, like after exitting a tunnel */
319 if (!pm_gps_valid && gps.valid) {
321 geo2space(&pm_gps_x, &pm_gps_y, &pm_gps_z, gps.longitude,
324 if (pm_gps_valid && gps.valid) {
327 geo2space(&x, &y, &z, gps.longitude, gps.latitude);
328 dist = distinspace(pm_gps_x, pm_gps_y, pm_gps_z, x, y, z);
329 sprintf(dist_str, " dist %d", (int)dist);
331 if (dist > MAX_DIST || arfcn == 0xffff || rxlev < min_rxlev) {
332 memset(pm, 0, sizeof(pm));
338 pm[arfcn].flags |= INFO_FLG_SYNC;
339 LOGP(DSUM, LOGL_INFO, "Sync ARFCN %d (rxlev %d, %d syncs "
340 "left)%s\n", arfcn, pm[arfcn].rxlev, sync_count--, dist_str);
341 memset(&sysinfo, 0, sizeof(sysinfo));
342 sysinfo.arfcn = arfcn;
343 state = SCAN_STATE_SYNC;
344 l1ctl_tx_reset_req(ms, L1CTL_RES_T_FULL);
345 l1ctl_tx_fbsb_req(ms, arfcn, L1CTL_FBSB_F_FB01SB, 100, 0,
349 static void start_pm(void)
353 state = SCAN_STATE_PM;
354 from = band_range[pm_index][0];
355 to = band_range[pm_index][1];
357 if (from == 0 && to == 0) {
358 LOGP(DSUM, LOGL_INFO, "Measurement done\n");
359 pm_gps_valid = gps.enable && gps.valid;
361 geo2space(&pm_gps_x, &pm_gps_y, &pm_gps_z,
362 gps.longitude, gps.latitude);
367 LOGP(DSUM, LOGL_INFO, "Measure from %d to %d\n", from, to);
368 l1ctl_tx_reset_req(ms, L1CTL_RES_T_FULL);
369 l1ctl_tx_pm_req_range(ms, from, to);
372 static int signal_cb(unsigned int subsys, unsigned int signal,
373 void *handler_data, void *signal_data)
375 struct osmobb_meas_res *mr;
376 struct osmobb_fbsb_res *fr;
379 if (subsys != SS_L1CTL)
385 index = mr->band_arfcn & 0x3ff;
386 pm[index].flags |= INFO_FLG_PM;
387 pm[index].rxlev = mr->rx_lev - 110;
388 if (pm[index].rxlev >= min_rxlev)
390 // printf("rxlev %d = %d (sync_count %d)\n", index, pm[index].rxlev, sync_count);
392 case S_L1CTL_PM_DONE:
396 case S_L1CTL_FBSB_RESP:
398 sysinfo.bsic = fr->bsic;
399 state = SCAN_STATE_READ;
400 memset(&ms->meas, 0, sizeof(ms->meas));
401 memset(&log_si, 0, sizeof(log_si));
402 log_si.flags |= INFO_FLG_SYNC;
403 log_si.ta = 0xff; /* invalid */
404 start_timer(READ_WAIT);
405 LOGP(DRR, LOGL_INFO, "Synchronized, start reading\n");
407 case S_L1CTL_FBSB_ERR:
408 LOGP(DRR, LOGL_INFO, "Sync failed\n");
415 memset(pm, 0, sizeof(pm));
423 static int ta_result(uint8_t ta)
428 LOGP(DSUM, LOGL_INFO, "Got assignment reject\n");
430 LOGP(DSUM, LOGL_DEBUG, "Got assignment TA = %d\n", ta);
440 /* match request reference agains request */
441 static int match_ra(struct osmocom_ms *ms, struct gsm48_req_ref *ref)
443 uint8_t ia_t1, ia_t2, ia_t3;
445 /* filter confirmed RACH requests only */
446 if (rach_ref.valid && ref->ra == rach_ref.cr) {
449 ia_t3 = (ref->t3_high << 3) | ref->t3_low;
450 if (ia_t1 == rach_ref.t1 && ia_t2 == rach_ref.t2
451 && ia_t3 == rach_ref.t3) {
452 LOGP(DRR, LOGL_INFO, "request %02x matches "
453 "(fn=%d,%d,%d)\n", ref->ra, ia_t1, ia_t2,
457 LOGP(DRR, LOGL_INFO, "request %02x matches but not "
458 "frame number (IMM.ASS fn=%d,%d,%d != RACH "
459 "fn=%d,%d,%d)\n", ref->ra, ia_t1, ia_t2, ia_t3,
460 rach_ref.t1, rach_ref.t2, rach_ref.t3);
466 /* 9.1.18 IMMEDIATE ASSIGNMENT is received */
467 static int imm_ass(struct osmocom_ms *ms, struct msgb *msg)
469 struct gsm48_imm_ass *ia = msgb_l3(msg);
471 LOGP(DRR, LOGL_INFO, "IMMEDIATE ASSIGNMENT:\n");
473 if (state != SCAN_STATE_RACH) {
474 LOGP(DRR, LOGL_INFO, "Not for us, no request.\n");
479 if (match_ra(ms, &ia->req_ref)) {
480 return ta_result(ia->timing_advance);
482 LOGP(DRR, LOGL_INFO, "Request, but not for us.\n");
487 /* 9.1.19 IMMEDIATE ASSIGNMENT EXTENDED is received */
488 static int imm_ass_ext(struct osmocom_ms *ms, struct msgb *msg)
490 struct gsm48_imm_ass_ext *ia = msgb_l3(msg);
492 LOGP(DRR, LOGL_INFO, "IMMEDIATE ASSIGNMENT EXTENDED:\n");
494 if (state != SCAN_STATE_RACH) {
495 LOGP(DRR, LOGL_INFO, "Not for us, no request.\n");
500 if (match_ra(ms, &ia->req_ref1)) {
501 return ta_result(ia->timing_advance1);
504 if (match_ra(ms, &ia->req_ref2)) {
505 return ta_result(ia->timing_advance2);
507 LOGP(DRR, LOGL_INFO, "Request, but not for us.\n");
512 /* 9.1.20 IMMEDIATE ASSIGNMENT REJECT is received */
513 static int imm_ass_rej(struct osmocom_ms *ms, struct msgb *msg)
515 struct gsm48_imm_ass_rej *ia = msgb_l3(msg);
517 struct gsm48_req_ref *req_ref;
519 LOGP(DRR, LOGL_INFO, "IMMEDIATE ASSIGNMENT REJECT:\n");
521 if (state != SCAN_STATE_RACH) {
522 LOGP(DRR, LOGL_INFO, "Not for us, no request.\n");
526 for (i = 0; i < 4; i++) {
527 /* request reference */
528 req_ref = (struct gsm48_req_ref *)
529 (((uint8_t *)&ia->req_ref1) + i * 4);
530 LOGP(DRR, LOGL_INFO, "IMMEDIATE ASSIGNMENT REJECT "
531 "(ref 0x%02x)\n", req_ref->ra);
532 if (match_ra(ms, req_ref)) {
533 return ta_result(0xff);
540 /* receive CCCH at RR layer */
541 static int pch_agch(struct osmocom_ms *ms, struct msgb *msg)
543 struct gsm48_system_information_type_header *sih = msgb_l3(msg);
545 switch (sih->system_information) {
546 case GSM48_MT_RR_PAG_REQ_1:
547 case GSM48_MT_RR_PAG_REQ_2:
548 case GSM48_MT_RR_PAG_REQ_3:
550 case GSM48_MT_RR_IMM_ASS:
551 return imm_ass(ms, msg);
552 case GSM48_MT_RR_IMM_ASS_EXT:
553 return imm_ass_ext(ms, msg);
554 case GSM48_MT_RR_IMM_ASS_REJ:
555 return imm_ass_rej(ms, msg);
561 /* check if sysinfo is complete, change to RACH state */
562 static int new_sysinfo(void)
564 struct gsm48_sysinfo *s = &sysinfo;
567 start_timer(READ_WAIT);
570 if (!s->si1 || !s->si2 || !s->si3 || !s->si4) {
571 LOGP(DRR, LOGL_INFO, "not all mandatory SI received\n");
576 if (s->nb_ext_ind_si2 && !s->si2bis) {
577 LOGP(DRR, LOGL_INFO, "extended ba, but si2bis not received\n");
582 if (s->si2ter_ind && !s->si2ter) {
583 LOGP(DRR, LOGL_INFO, "si2ter_ind, but si2ter not received\n");
587 LOGP(DRR, LOGL_INFO, "Sysinfo complete\n");
597 /* receive BCCH at RR layer */
598 static int bcch(struct osmocom_ms *ms, struct msgb *msg)
600 struct gsm48_sysinfo *s = &sysinfo;
601 struct gsm48_system_information_type_header *sih = msgb_l3(msg);
604 if (msgb_l3len(msg) != 23) {
605 LOGP(DRR, LOGL_NOTICE, "Invalid BCCH message length\n");
608 switch (sih->system_information) {
609 case GSM48_MT_RR_SYSINFO_1:
610 if (!memcmp(sih, s->si1_msg, sizeof(s->si1_msg)))
612 LOGP(DRR, LOGL_INFO, "New SYSTEM INFORMATION 1\n");
613 gsm48_decode_sysinfo1(s,
614 (struct gsm48_system_information_type_1 *) sih,
616 return new_sysinfo();
617 case GSM48_MT_RR_SYSINFO_2:
618 if (!memcmp(sih, s->si2_msg, sizeof(s->si2_msg)))
620 LOGP(DRR, LOGL_INFO, "New SYSTEM INFORMATION 2\n");
621 gsm48_decode_sysinfo2(s,
622 (struct gsm48_system_information_type_2 *) sih,
624 return new_sysinfo();
625 case GSM48_MT_RR_SYSINFO_2bis:
626 if (!memcmp(sih, s->si2b_msg, sizeof(s->si2b_msg)))
628 LOGP(DRR, LOGL_INFO, "New SYSTEM INFORMATION 2bis\n");
629 gsm48_decode_sysinfo2bis(s,
630 (struct gsm48_system_information_type_2bis *) sih,
632 return new_sysinfo();
633 case GSM48_MT_RR_SYSINFO_2ter:
634 if (!memcmp(sih, s->si2t_msg, sizeof(s->si2t_msg)))
636 LOGP(DRR, LOGL_INFO, "New SYSTEM INFORMATION 2ter\n");
637 gsm48_decode_sysinfo2ter(s,
638 (struct gsm48_system_information_type_2ter *) sih,
640 return new_sysinfo();
641 case GSM48_MT_RR_SYSINFO_3:
642 if (!memcmp(sih, s->si3_msg, sizeof(s->si3_msg)))
644 LOGP(DRR, LOGL_INFO, "New SYSTEM INFORMATION 3\n");
645 gsm48_decode_sysinfo3(s,
646 (struct gsm48_system_information_type_3 *) sih,
648 ccch_mode = (s->ccch_conf == 1) ? CCCH_MODE_COMBINED :
649 CCCH_MODE_NON_COMBINED;
650 LOGP(DRR, LOGL_INFO, "Changing CCCH_MODE to %d\n", ccch_mode);
651 l1ctl_tx_ccch_mode_req(ms, ccch_mode);
652 return new_sysinfo();
653 case GSM48_MT_RR_SYSINFO_4:
654 if (!memcmp(sih, s->si4_msg, sizeof(s->si4_msg)))
656 LOGP(DRR, LOGL_INFO, "New SYSTEM INFORMATION 4\n");
657 gsm48_decode_sysinfo4(s,
658 (struct gsm48_system_information_type_4 *) sih,
660 return new_sysinfo();
666 static int unit_data_ind(struct osmocom_ms *ms, struct msgb *msg)
668 struct abis_rsl_rll_hdr *rllh = msgb_l2(msg);
669 struct tlv_parsed tv;
670 uint8_t ch_type, ch_subch, ch_ts;
672 DEBUGP(DRSL, "RSLms UNIT DATA IND chan_nr=0x%02x link_id=0x%02x\n",
673 rllh->chan_nr, rllh->link_id);
675 rsl_tlv_parse(&tv, rllh->data, msgb_l2len(msg)-sizeof(*rllh));
676 if (!TLVP_PRESENT(&tv, RSL_IE_L3_INFO)) {
677 DEBUGP(DRSL, "UNIT_DATA_IND without L3 INFO ?!?\n");
680 msg->l3h = (uint8_t *) TLVP_VAL(&tv, RSL_IE_L3_INFO);
682 if (state != SCAN_STATE_READ && state != SCAN_STATE_RACH) {
686 rsl_dec_chan_nr(rllh->chan_nr, &ch_type, &ch_subch, &ch_ts);
688 case RSL_CHAN_PCH_AGCH:
689 return pch_agch(ms, msg);
691 return bcch(ms, msg);
693 case RSL_CHAN_Bm_ACCHs:
694 case RSL_CHAN_Lm_ACCHs:
695 case RSL_CHAN_SDCCH4_ACCH:
696 case RSL_CHAN_SDCCH8_ACCH:
697 return rx_acch(ms, msg);
700 LOGP(DRSL, LOGL_NOTICE, "RSL with chan_nr 0x%02x unknown.\n",
706 static int rcv_rll(struct osmocom_ms *ms, struct msgb *msg)
708 struct abis_rsl_rll_hdr *rllh = msgb_l2(msg);
709 int msg_type = rllh->c.msg_type;
711 if (msg_type == RSL_MT_UNIT_DATA_IND) {
712 unit_data_ind(ms, msg);
714 LOGP(DRSL, LOGL_NOTICE, "RSLms message unhandled\n");
721 int chan_conf(struct osmocom_ms *ms, struct msgb *msg)
723 struct abis_rsl_cchan_hdr *ch = msgb_l2(msg);
724 struct gsm48_req_ref *ref = (struct gsm48_req_ref *) (ch->data + 1);
726 if (msgb_l2len(msg) < sizeof(*ch) + sizeof(*ref)) {
727 LOGP(DRR, LOGL_ERROR, "CHAN_CNF too slort\n");
732 rach_ref.t1 = ref->t1;
733 rach_ref.t2 = ref->t2;
734 rach_ref.t3 = ref->t3_low | (ref->t3_high << 3);
739 static int rcv_cch(struct osmocom_ms *ms, struct msgb *msg)
741 struct abis_rsl_cchan_hdr *ch = msgb_l2(msg);
742 int msg_type = ch->c.msg_type;
745 LOGP(DRSL, LOGL_INFO, "Received '%s' from layer1\n",
746 get_rsl_name(msg_type));
748 if (state == SCAN_STATE_RACH && msg_type == RSL_MT_CHAN_CONF) {
749 rc = chan_conf(ms, msg);
754 LOGP(DRSL, LOGL_NOTICE, "RSLms message unhandled\n");
759 static int rcv_rsl(struct msgb *msg, struct osmocom_ms *ms)
761 struct abis_rsl_common_hdr *rslh = msgb_l2(msg);
764 switch (rslh->msg_discr & 0xfe) {
765 case ABIS_RSL_MDISC_RLL:
766 rc = rcv_rll(ms, msg);
768 case ABIS_RSL_MDISC_COM_CHAN:
769 rc = rcv_cch(ms, msg);
772 LOGP(DRSL, LOGL_NOTICE, "unknown RSLms msg_discr 0x%02x\n",
782 int scan_init(struct osmocom_ms *_ms)
785 register_signal_handler(SS_L1CTL, &signal_cb, NULL);
786 memset(&timer, 0, sizeof(timer));
787 osmol2_register_handler(ms, &rcv_rsl);
793 if (!strcmp(logname, "-"))
796 logfp = fopen(logname, "a");
798 fprintf(stderr, "Failed to open logfile '%s'\n", logname);
802 LOGP(DSUM, LOGL_INFO, "Scanner initialized\n");
809 LOGP(DSUM, LOGL_INFO, "Scanner exit\n");
814 unregister_signal_handler(SS_L1CTL, &signal_cb, NULL);
projects / osmocom-bb.git / blob