Project

General

Profile

OsmoNITB » History » Version 6

Anonymous, 02/19/2016 10:48 PM
update the page to reflect config file version of bsc_hack

1 1 zecke
= BSC Hack =
2
3 3 laforge
''bsc_hack'' is the program executable name of [wiki:OpenBSC]. We call it that way, since it is still pretty much a big hack, despite having
4
gone a long way in quite a short amount of time.
5
6
== Configuration ==
7
8 6 zecke
OpenBSC has a configuration file.  The default config file name is ''openbsc.cfg'' in the current working directory of the bsc_hack process.
9 1 zecke
10 6 zecke
You can specify an alternate config file location by using the ''--config-file'' command line argument.
11 1 zecke
12 6 zecke
There are several example configuration files in the openbsc discribution:
13
 * openbsc.cfg.1-1: Configuration for one BS-11 with a single TRX
14
 * openbsc.cfg.1-2: Configuration for one BS-11 with two TRX
15
 * openbsc.cfg.2-2: Configuration for two BS-11 (multi-drop) with two TRX each
16
 * openbsc.cfg.nanobts: Configuration for a nanoBTS 1800
17 1 zecke
18 6 zecke
For more information, plase see the [wiki:bsc_hack_VTY] reference.
19
20
== Command Reference ==
21
22 1 zecke
{{{
23 6 zecke
netzing@btsDev:~/openbsc/openbsc/src> ./bsc_hack --help
24
Usage: bsc_hack
25
  Some useful help...
26
  -h --help this text
27
  -d option --debug=DRLL:DCC:DMM:DRR:DRSL:DNM enable debugging
28
  -s --disable-color
29
  -c --config-file filename The config file to use.
30
  -l --database db-name The database to use
31
  -r --reject-cause number The reject cause for LOCATION UPDATING REJECT.
32
  -p --pcap file  The filename of the pcap file
33
  -T --timestamp Prefix every log line with a timestamp
34 3 laforge
}}}
35
36 6 zecke
=== BS-11 ===
37
38 3 laforge
you will see something like
39
{{{
40
DB: Database initialized.
41
DB: Database prepared.
42
1 device found
43
        id:             0
44
        Dprotocols:     00000018
45
        Bprotocols:     0000000e
46
        protocol:       4
47
        nrbchan:        30
48
        name:           hfc-e1.1
49
activate bchan
50
bootstrapping OML
51 1 zecke
Thu Feb 19 04:22:48 2009 <0020> abis_nm.c:1376 Set Chan Attr (bts=0,trx=0,ts=0)
52
Thu Feb 19 04:22:48 2009 <0020> abis_nm.c:1376 Set Chan Attr (bts=0,trx=0,ts=1)
53 4 laforge
Thu Feb 19 04:22:48 2009 <0020> abis_nm.c:1315 CONNECT TERR TRAF Um=(0,0,1) E1=(0,2,1)
54
Thu Feb 19 04:22:48 2009 <0020> abis_nm.c:1376 Set Chan Attr (bts=0,trx=0,ts=2)
55 1 zecke
Thu Feb 19 04:22:48 2009 <0020> abis_nm.c:1315 CONNECT TERR TRAF Um=(0,0,2) E1=(0,2,2)
56
Thu Feb 19 04:22:48 2009 <0020> abis_nm.c:1376 Set Chan Attr (bts=0,trx=0,ts=3)
57 4 laforge
Thu Feb 19 04:22:48 2009 <0020> abis_nm.c:1315 CONNECT TERR TRAF Um=(0,0,3) E1=(0,2,3)
58
Thu Feb 19 04:22:48 2009 <0020> abis_nm.c:1376 Set Chan Attr (bts=0,trx=0,ts=4)
59
Thu Feb 19 04:22:48 2009 <0020> abis_nm.c:1315 CONNECT TERR TRAF Um=(0,0,4) E1=(0,3,0)
60
Thu Feb 19 04:22:48 2009 <0020> abis_nm.c:1376 Set Chan Attr (bts=0,trx=0,ts=5)
61
Thu Feb 19 04:22:48 2009 <0020> abis_nm.c:1315 CONNECT TERR TRAF Um=(0,0,5) E1=(0,3,1)
62 1 zecke
Thu Feb 19 04:22:48 2009 <0020> abis_nm.c:1376 Set Chan Attr (bts=0,trx=0,ts=6)
63 4 laforge
Thu Feb 19 04:22:48 2009 <0020> abis_nm.c:1315 CONNECT TERR TRAF Um=(0,0,6) E1=(0,3,2)
64
Thu Feb 19 04:22:48 2009 <0020> abis_nm.c:1376 Set Chan Attr (bts=0,trx=0,ts=7)
65
Thu Feb 19 04:22:48 2009 <0020> abis_nm.c:1315 CONNECT TERR TRAF Um=(0,0,7) E1=(0,3,3)
66
bootstrapping RSL MCC=1 MNC=1
67
}}}
68 1 zecke
69 4 laforge
=== ip.access nanoBTS ===
70
71 6 zecke
we assume you have a [wiki:nanoBTS] configured with its primary OML link to the IP address of your Linux PC.
72
73 1 zecke
After starting bsc_hack will just wait for your nanoBTS to connect, which can take quite a while.
74
75 4 laforge
== Dealing with the HLR ==
76
77
We currently use a quite simple sqlite3 database for the HLR.  In fact, it is more than just a HLR, since it actually stores
78
entries even about any subscriber or phone that tries to log into your network.
79
80 6 zecke
We obtain the IMSI and IMEI of every LOCATION UPDATING REQUEST, and then if neccessary create a new entry for the equipment
81 5 laforge
as well as the subscribers in the respective tables.
82 1 zecke
83 4 laforge
The schama looks like:
84
{{{
85
CREATE TABLE Equipment (id INTEGER PRIMARY KEY AUTOINCREMENT, created TIMESTAMP NOT NULL, updated TIMESTAMP NOT NULL, imei NUMERIC UNIQUE NOT NULL, name TEXT);
86
CREATE TABLE EquipmentWatch (id INTEGER PRIMARY KEY AUTOINCREMENT, created TIMESTAMP NOT NULL, updated TIMESTAMP NOT NULL, subscriber_id NUMERIC NOT NULL, equipment_id NUMERIC NOT NULL, UNIQUE (subscriber_id, equipment_id) );
87
CREATE TABLE Meta (id INTEGER PRIMARY KEY AUTOINCREMENT, key TEXT UNIQUE NOT NULL, value TEXT NOT NULL);
88
CREATE TABLE Subscriber (id INTEGER PRIMARY KEY AUTOINCREMENT, created TIMESTAMP NOT NULL, updated TIMESTAMP NOT NULL, imsi NUMERIC UNIQUE NOT NULL, name TEXT, extension TEXT UNIQUE, authorized INTEGER NOT NULL DEFAULT 0, tmsi TEXT UNIQUE, lac INTEGER NOT NULL DEFAULT 0);
89
}}}
90
91
If the subscrber.authorized field is set to '1', then we allocate a TMSI and answer with LOCATION UPDATING ACCEPT.  Otherwise, we send
92 5 laforge
a regular LOCATION UPDATING REJECT to refuse the mobile to roam to our network.  You can change the reject cause using ''--reject-cause''.
93
94 6 zecke
You can allow everyone to join your network by using the ''auth policy accept'' config file option.
95 4 laforge
96
=== Authorizing a particular IMSI ===
97 1 zecke
98 2 zecke
To authorize your mobile station you will need to execute the following comand:
99 5 laforge
100
{{{
101 6 zecke
$ sqlite3 hlr.sqlite
102 5 laforge
update Subscriber set authorized=1 where imsi=YOUR_IMSI;
103
}}}
104
105 2 zecke
=== finding IMEIs for a given IMSI ===
106 3 laforge
107 4 laforge
{{{
108 6 zecke
$ sqlite3 hlr.sqlite
109 3 laforge
select equipment.imei from equipment,equipmentwatch,subscriber where equipmentwatch.equipment_id=equipment.id and subscriber.id=equipmentwatch.subscriber_id and subscriber.imsi=YOUR_IMSI;
110
}}}
111
112 1 zecke
== Using the telnet interface ==
113
114
You can telnet to port 4242 of the machine that runs bsc_hack and try some of the commands.
Add picture from clipboard (Maximum size: 48.8 MB)