|Age||Commit message (Collapse)||Author||Files||Lines|
The command line help states '-i' is for 'TRX IP address', which is
the remote IP address at which the TRX is to be found. Hoewever, it
was used as the local (bind) IP address of the socket used towards
the TRX. This is my attempt at fixing this. A more complete solution
probably allows to specify both local (bind) and remote (connect)
address, just to be clear.
In theory, the maximum TA value is 63 symbols, i.e. 63*256 in this
context. However, our test cases want to test the BTS behavior is
correct if ever a larger timing offset is reported from TRX to the BTS,
to ensure it is rejected in the BTS. Let's hence increase the values
to rather large min/max limits. We could also remove them completely.
Now that ctrl_if.py is capable of sending back the response to where
the command originated from, we can just as well send a positive
response back after executing the related commands.
fake_trx is using locally bound and not connected UDP sockets for
When we receive a control command, we should not simply send the
response to the default destination, but send it back to the exact
ip+prt from which the command originated. This ensures correct routing
of responses even in case multiple programs are interfacing concurrently
with a control socket.
If field randomization is disabled, Timing Advance value
indicated by MS would be ignored. Let's fix this by
separating the TA calculation code.
FAKE_TOA is an auxilary CTRL command, which may be used to update
the ToA (Timing of Arrival) value of forwarded bursts at runtime.
This is useful for testing the measurement processing
code in OsmoBTS.
The command is implemented for both BTS and BB CTRL interfaces
in two absolute and relative forms:
CMD FAKE_TOA <BASE> <THRESH>
CMD FAKE_TOA <+-BASE_DELTA>
The first form overwrites both ToA value and its treshold.
The second one is relative, and applies a delta
to the current ToA value.
The command affects Downlink bursts if sent on BTS CTRL
interface, and Uplink bursts if sent on the BB CTRL.
By default, both RSSI and ToA fields randomization is disabled.
Let's add command line options, which allow one to enable it.
Both RSSI and ToA fields randomization is only required in some
specific test / use cases, so let's disable it by default.
In order to be able to simulate and randomize both RSSI and ToA
values for Uplink and Downlink separately, let's calculate them
in separate methods of the BurstForwarder.
Timing Advance value is a timing correction value, indicated by
the network to MS, which is used to compensate UL signal delay.
In other words, the network instructs a phone to transmit bursts
N=TA symbol periods earlier than expected.
Since we are in virtual environment, let's use TA value to
calculate the ToA (Timing of Arrival) value for BTS.
This change implements ToA (Timing of Arrival) parsing, which
was missing in the DATAMSG_TRX2L1. Since we use integer math,
a ToA value is represented in units of 1/256 symbol periods.
In order to avoid both float arithmetic as well as loosing any
precision, let's use integer math fot ToA (Timing of Arrival),
i.e. let's express ToA values in units of 1/256 symbol periods.
There are no message specific initialization parts, excepting
the header specific fields setting. Let's us a common constructor,
dropping custom fields from its arguments.
There is no 'file' type in Python3 anymore, so let's reverse the
condition in DATADumpFile constructor. Also, the tag definition
was incorrect: both '\x01' and b'\x01' aren't the same.
In Python3 a range has it's own type, so its comparasion with
a list is incorrect. Let's explicitly convert both bit ranges
to lists in the bit conversation tests.
As the DATAMSG classes were introduced, let's use them.
This approach abstracts one from dealing with raw bytes.
Also, now BurstForwarder randomizes both RSSI and ToA values,
as this feature is supported from-the-box by the DATAMSG_TRX2L1.
This change introduces two new methods, which allow to perform
L12TRX <-> TRX2L1 message type transformations.
Setting this option allows one to reuse existing connections,
for example, by injecting CTRL commands or DATA bursts into
existing connections between fake_trx.py and trxcon.
So far, this API is not used anywhere. Let's drop it.
Previously it was required to call the UDPLink.shutdown() method
manually in order to close a socket. Let's do this automatically
using the destructor of UDPLink.
In order to avoid clashes with OsmoTRX, which may be also
running on the same host, let's use a different port range
starting from 6700 by default.
This idea was introduced as a result of OS#2984.
One byte may store a value in range [0x00, 0xff]. The maximal 0xff
value is 255 in dec, so a message length is limited to 255 bytes.
This is enough for GSM bursts, but not for EDGE.
Since this change, two bytes of header are used to store the
pending message length. All captures created before are not
Previously, this tool was only able to read a hand-crafted text
file with bursts and send them via the DATA interface. This is
not so useful...
This change implements support of reading DATA capture files,
which can be generated e.g. by trx_sniff.py or burst_gen.py.
Both standart input (stdio) and text-files are not supported
./burst_send.py -m L1 -i capture.bin --timeslot 2
Now all generated bursts can be also written to a capture file,
using a new option called '--output-file'. If a file already
exists, bursts would be appended to the end. Otherwise a new
capture file is created.
Since we have a separate class for DATA capture management now,
no need to implement the wheel - let's just use it!
This change introduces the following classes:
- DATADump - basic class, which contains methods to generate
and parse the a message header, and some constants.
- DATADumpFile - a child class, which contains methods to
write and parse DATA messages from capture files.
# Open a capture file
ddf = DATADumpFile("capture.bin")
# Parse the 10th message
msg = ddf.parse_msg(10)
msg.fn = 100
msg.tn = 0
# Append one to the end of the capture
Previously, it was expected that burst length should be equal
to 148. Let's also handle EDGE bursts and use GSM constants.
The DATAMSG API, that was introduced and extended a few commits
before, provides all required methods to create, validate,
generate and parse DATA messages. Let's use it now.
No need to keep it as a class member.
This change introduces a new method for both types of messages
called 'desc_hdr', that generates human-readable header
TRX -> L1: fn=571353 tn=1 rssi=-108 toa=-0.53
L1 -> TRX: fn=1777477 tn=3 pwr=161
One L1 -> TRX message carries one to be transmitted burst encoded
as regular bits (0 or 1). One TRX -> L1 message carries one
received burst encoded as unsigned soft-bits (0..254).
This shall be noted during message encoding and decoding process.
Also, we shall distinguish between GSM and EDGE bursts.
This feature could be used by both burst_gen.py and burst_send.py.
This change introduces three new classes:
- DATAMSG - abstract class, defines common fields and methods
for any message on DATA interface, e.g. frame and timeslot
numbers, bit conversation methods, etc.
- DATAMSG_L12TRX - a child of DATAMSG, defines a message
coming from L1 to TRX.
- DATAMSG_TRX2L1 - a child of DATAMSG, defines a message
coming from TRX to L1.
Both child classes could be used to generate DATA messages from
known fields (i.e. fn, tn, etc.), and parse them back from
already encoded DATA messages.
Previously there were multiple definitions of some common GSM
constants in different modules. Let's share them.
This change introduces a new tool, which could be used to sniff a
single connection between L1 and TRX in both directions, filter
captured bursts by direction, timeslot and/or frame number, and
finally write them to a binary file for further analysis.
Sniffing capability is based on Scapy framework, so it should
be installed in order to run this tool. Please also note,
that sniffing requires root access. For details, see:
sudo ./trx_sniff --frame-count 30 --timeslot 2 -o /tmp/bursts
This command will capture 30 frames on timeslot number 2, and
write them to a binary file. The format of this file is based
on TLV (Tag Length Value), that wraps each burst:
... |-TAG (byte)-|-LEN (byte)-|-BURST (LEN bytes)-| ...
TAG 0x01 - a message coming from L1 to TRX
TAG 0x02 - a message coming from TRX to L1
Since both TA and AGC loops should be implemented in transceiver,
this TODO is meaningless. Let's drop it.
As there is no any order relation between logical channels, it's
better to use the linuxlist API instead of talloc array.
Previously, when resetting or deleting a timeslot, we did not
deactivate the logical channels, relaying on talloc hierarchical
nature. This approach may cause some problems, e.g. on embedded
systems with emulated talloc API.
Let's assume that a logical channel, which was already in use,
is activated again for a new connection. As we don't reset the
state variables, such as burst masks or ciphering data, it may
cause an unexpected behaviour.
In order to avoid this, let's always reset the logical channel
state after deactivation.
Because they would be also used outside.
Initially it was expected that a TCH transmit queue could contain
TCH and FACCH primitives only. But there are also SACCH primitives,
which are also being stored there.
So, let's drop the assertations from the sched_prim_dequeue_tch(),
and return NULL if nothing was found.
This change implements the A5/X ciphering support transparently
for the logical channel handlers. In other words, a DL burst is
deciphered before being passed to a handler, and an UL burst is
ciphered before being sent to transceiver.
The implementation mostly relays on the libosmocore's A5 API.