Yate Community Forum
Yate server => Yate bugs => Topic started by: John on October 12, 2018, 09:33:46 AM
-
Hi,
I installed yate and yateBTS on Debian sistem with a Bladerf x115 and i can easily call and send sms, with bot and with 2 device in the same network (I'm in NiPC MODE).
I can connect with no problem iphone 5s (apple SOC) and Huawei (Qualcomm SOC) in GPRS but i cannot get any connection with my Honor (Kirin Soc) smartphone, i thing that is something related to the different modem because similar post
here : https://forum.yate.ro/index.php?topic=1927.0 (https://forum.yate.ro/index.php?topic=1927.0)
and here : https://forum.yate.ro/index.php?topic=1843.msg5990#msg5990 (https://forum.yate.ro/index.php?topic=1843.msg5990#msg5990)
but i have no responce to my questions.
On attachment you can find the GGSN and SGSN log and a wireshark pcap, both related to honor smartphone connection.
Versions:
Yate 6.0.1 devel1 r6313
bladeRF-cli version: 1.6.1-2018.08-release-1-ppabionic
libbladeRF version: 2.0.2-2018.08-release-1-ppabionic
Firmware version: 2.2.0-git-3d38fac2
FPGA version: 0.1.2
-
I'm trying to go deep into the problem, i fond some difference in my devices and i wanna show to you.
In the GGSN log for the honor device i got a persistent loop blocked into "RAU"
10:31:51.9:ip link set sgsntun0 up
10:31:52.2:ip route add to 192.168.99.0/24 dev sgsntun0
10:34:50.9:SGSN: Received GPRS SuspensionRequest for tlli=0xeb28e958
10:34:54.6:SGSN: Created SgsnInfo: MS#1,TLLI=ab28e958 (TLLI=0xab28e958) ConnID=-1 (-1) [0x7f13a4031230]
10:34:54.6:LLC: llcWriteLowSide sapi=1
10:34:54.6:LLC: UI::llcProcess
10:34:54.6:LLC: LlcEntityGmm lleUplinkData
10:34:54.6:SGSN: Received RoutingAreaUpdateRequest mUpdateType=0 mFollowOnRequestPending=0 mobileId=not present addtionalMobileId=not present drx=8192 tmsiStatus=0 pdpContextStatus=PdpContextStatus=0,0 mCypheringKeySequenceNumber=1 oldRaId=MCC=222 MNC=88f LAC=14506 RAC=0 mOldPtmsiSignature=10620458 mRequestedReadyTimerValue=22 mMsNetworkCapability=ByteVector(size=3 data: e5 60 0c)
MsRaCapability[GSM_E]=( GPRSMultislotClass=12 GPRSExtendedDynamicAllocationCapability=1 GERANFeaturePackage1=1)
MsRaCapability[GSM_1800]=( GPRSMultislotClass=12 GPRSExtendedDynamicAllocationCapability=1 GERANFeaturePackage1=1)
MsRaCapability[GSM_850]=( GPRSMultislotClass=12 GPRSExtendedDynamicAllocationCapability=1 GERANFeaturePackage1=1)
MS#1,TLLI=ab28e958 (TLLI=0xab28e958) ConnID=-1 (-1) [0x7f13a4031230]
10:34:54.6:SGSN: Received RA Update Req on MS#1,TLLI=ab28e958 (TLLI=0xab28e958) ConnID=-1 (-1) [0x7f13a4031230]
10:34:54.6:SGSN: Connection allocated to MS#1,TLLI=ab28e958 (TLLI=0xab28e958) ConnID=8193 (8193) [0x7f13a4031230]
10:34:54.6:SGSN: Sending IdentityRequest mIdentityType=1 mForceToStandby=0 MS#1,TLLI=ab28e958 (TLLI=0xab28e958) ConnID=-2 (-2) [0x7f13a4031230] frame(first20)=ByteVector(size=3 data: 08 15 01)
10:34:54.6:SGSN: Creating 'IdentityRequest' PDU with TLLI=0xab28e958,0x0 for MS#1,TLLI=ab28e958
10:34:55.1:LLC: llcWriteLowSide sapi=1
10:34:55.1:LLC: UI::llcProcess
10:34:55.1:LLC: LlcEntityGmm lleUplinkData
10:34:55.1:SGSN: Received IdentityResponse mobileId= IMSI=xxxxxxxxxxxxx MS#1,TLLI=ab28e958 (TLLI=0xab28e958) ConnID=-2 (-2) [0x7f13a4031230]
10:34:55.1:SGSN: Allocated new GMM info for MS#1,TLLI=ab28e958 (TLLI=0xab28e958) imsi=xxxxxxxxxxxxx ConnID=-2 (-2) [0x7f13a4031230]
10:34:55.1:SGSN: Created SgsnInfo: (TLLI=0xc00af001) ConnID=-1 (-1) [0x7f13a4033f90]
10:34:55.1:SGSN: Changing TLLI to MS#1,TLLI=ab28e958,c00af001 (TLLI=0xc00af001) imsi=xxxxxxxxxxxxx ConnID=-2 (-2) [0x7f13a4033f90]
10:34:55.1:SGSN: adjusting connection MS#1,TLLI=ab28e958,c00af001 (TLLI=0xab28e958) imsi=xxxxxxxxxxxxx ConnID=-2 (-2) [0x7f13a4031230]
10:34:55.1:SGSN: Sending RoutingAreaUpdateAccept mUpdateResult=0 mForceToStandby=0 ptmsi=0xaf001 MSIdentity(mTmsi)=0x0 RAUpdateTimer=5400 RAUpdateIE=0x49 PdpContextStatusCurrent=PdpContextStatus=0,0 MS#1,TLLI=ab28e958,c00af001 (TLLI=0xab28e958) imsi=xxxxxxxxxxxxx ConnID=-2 (-2) [0x7f13a4031230] frame(first20)=ByteVector(size=14 data: 08 09 00 49 17 22 17 03 e8 00 18 05 f4 00 0a f0 01 32 02 00)
10:34:55.1:SGSN: Creating 'RoutingAreaUpdateAccept' PDU with TLLI=0xab28e958,0xc00af001 for MS#1,TLLI=ab28e958,c00af001
10:35:09.7:LLC: llcWriteLowSide sapi=1
10:35:09.7:LLC: UI::llcProcess
10:35:09.7:LLC: LlcEntityGmm lleUplinkData
10:35:09.7:SGSN: Received RoutingAreaUpdateRequest mUpdateType=0 mFollowOnRequestPending=0 mobileId=not present addtionalMobileId=not present drx=8192 tmsiStatus=0 pdpContextStatus=PdpContextStatus=0,0 mCypheringKeySequenceNumber=1 oldRaId=MCC=222 MNC=88f LAC=14506 RAC=0 mOldPtmsiSignature=10620458 mRequestedReadyTimerValue=22 mMsNetworkCapability=ByteVector(size=3 data: e5 60 0c)
MsRaCapability[GSM_E]=( GPRSMultislotClass=12 GPRSExtendedDynamicAllocationCapability=1 GERANFeaturePackage1=1)
MsRaCapability[GSM_1800]=( GPRSMultislotClass=12 GPRSExtendedDynamicAllocationCapability=1 GERANFeaturePackage1=1)
MsRaCapability[GSM_850]=( GPRSMultislotClass=12 GPRSExtendedDynamicAllocationCapability=1 GERANFeaturePackage1=1)
MS#1,TLLI=ab28e958,c00af001 (TLLI=0xab28e958) imsi=xxxxxxxxxxxxx ConnID=-2 (-2) [0x7f13a4031230]
10:35:09.7:SGSN: Received RA Update Req on MS#1,TLLI=ab28e958,c00af001 (TLLI=0xab28e958) imsi=xxxxxxxxxxxxx ConnID=-2 (-2) [0x7f13a4031230]
10:35:09.7:SGSN: Sending RoutingAreaUpdateAccept mUpdateResult=0 mForceToStandby=0 ptmsi=0xaf001 MSIdentity(mTmsi)=0x0 RAUpdateTimer=5400 RAUpdateIE=0x49 PdpContextStatusCurrent=PdpContextStatus=0,0 MS#1,TLLI=ab28e958,c00af001 (TLLI=0xab28e958) imsi=xxxxxxxxxxxxx ConnID=-2 (-2) [0x7f13a4031230] frame(first20)=ByteVector(size=14 data: 08 09 00 49 17 22 17 03 e8 00 18 05 f4 00 0a f0 01 32 02 00)
10:35:09.7:SGSN: Creating 'RoutingAreaUpdateAccept' PDU with TLLI=0xab28e958,0xc00af001 for MS#1,TLLI=ab28e958,c00af001
10:35:24.5:LLC: llcWriteLowSide sapi=1
10:35:24.5:LLC: UI::llcProcess
10:35:24.5:LLC: LlcEntityGmm lleUplinkData
10:35:24.5:SGSN: Received RoutingAreaUpdateRequest mUpdateType=0 mFollowOnRequestPending=0 mobileId=not present addtionalMobileId=not present drx=8192 tmsiStatus=0 pdpContextStatus=PdpContextStatus=0,0 mCypheringKeySequenceNumber=1 oldRaId=MCC=222 MNC=88f LAC=14506 RAC=0 mOldPtmsiSignature=10620458 mRequestedReadyTimerValue=22 mMsNetworkCapability=ByteVector(size=3 data: e5 60 0c)
MsRaCapability[GSM_E]=( GPRSMultislotClass=12 GPRSExtendedDynamicAllocationCapability=1 GERANFeaturePackage1=1)
MsRaCapability[GSM_1800]=( GPRSMultislotClass=12 GPRSExtendedDynamicAllocationCapability=1 GERANFeaturePackage1=1)
MsRaCapability[GSM_850]=( GPRSMultislotClass=12 GPRSExtendedDynamicAllocationCapability=1 GERANFeaturePackage1=1)
MS#1,TLLI=ab28e958,c00af001 (TLLI=0xab28e958) imsi=xxxxxxxxxxxxx ConnID=-2 (-2) [0x7f13a4031230]
10:35:24.5:SGSN: Received RA Update Req on ....
and it goes for ever, so the sgsn dosn't get the ROUTINGAREACOMPLETE.
I can see the same on wireshark :
No. Time Source Destination Protocol Length Info
217200 157.586892 192.168.100.4 192.168.100.121 GPRS-LLC 120 SAPI: LLGMM, UI, protected, non-ciphered information, N(U) = 3(DTAP) (GMM) Routing Area Update Request
Frame 217200: 120 bytes on wire (960 bits), 120 bytes captured (960 bits) on interface 0
Ethernet II, Src: Dell_68:2d:ec (64:00:6a:68:2d:ec), Dst: Pegatron_69:33:65 (4c:72:b9:69:33:65)
Internet Protocol Version 4, Src: 192.168.100.4, Dst: 192.168.100.121
User Datagram Protocol, Src Port: 51771, Dst Port: 4729
GSM TAP Header, ARFCN: 0 (Uplink), TS: 255, Channel: UNKNOWN (255)
MS-SGSN LLC (Mobile Station - Serving GPRS Support Node Logical Link Control) SAPI: GPRS Mobility Management
GSM A-I/F DTAP - Routing Area Update Request
No. Time Source Destination Protocol Length Info
217202 157.589253 192.168.100.4 192.168.100.121 GPRS-LLC 67 SAPI: LLGMM, UI, protected, non-ciphered information, N(U) = 0(DTAP) (GMM) Identity Request
Frame 217202: 67 bytes on wire (536 bits), 67 bytes captured (536 bits) on interface 0
Ethernet II, Src: Dell_68:2d:ec (64:00:6a:68:2d:ec), Dst: Pegatron_69:33:65 (4c:72:b9:69:33:65)
Internet Protocol Version 4, Src: 192.168.100.4, Dst: 192.168.100.121
User Datagram Protocol, Src Port: 51771, Dst Port: 4729
GSM TAP Header, ARFCN: 0 (Downlink), TS: 255, Channel: UNKNOWN (255)
MS-SGSN LLC (Mobile Station - Serving GPRS Support Node Logical Link Control) SAPI: GPRS Mobility Management
GSM A-I/F DTAP - Identity Request
No. Time Source Destination Protocol Length Info
217244 158.048129 192.168.100.4 192.168.100.121 GPRS-LLC 75 SAPI: LLGMM, UI, protected, non-ciphered information, N(U) = 4(DTAP) (GMM) Identity Response
Frame 217244: 75 bytes on wire (600 bits), 75 bytes captured (600 bits) on interface 0
Ethernet II, Src: Dell_68:2d:ec (64:00:6a:68:2d:ec), Dst: Pegatron_69:33:65 (4c:72:b9:69:33:65)
Internet Protocol Version 4, Src: 192.168.100.4, Dst: 192.168.100.121
User Datagram Protocol, Src Port: 51771, Dst Port: 4729
GSM TAP Header, ARFCN: 0 (Uplink), TS: 255, Channel: UNKNOWN (255)
MS-SGSN LLC (Mobile Station - Serving GPRS Support Node Logical Link Control) SAPI: GPRS Mobility Management
GSM A-I/F DTAP - Identity Response
No. Time Source Destination Protocol Length Info
217245 158.048434 192.168.100.4 192.168.100.121 GPRS-LLC 85 SAPI: LLGMM, UI, protected, non-ciphered information, N(U) = 1(DTAP) (GMM) Routing Area Update Accept
Frame 217245: 85 bytes on wire (680 bits), 85 bytes captured (680 bits) on interface 0
Ethernet II, Src: Dell_68:2d:ec (64:00:6a:68:2d:ec), Dst: Pegatron_69:33:65 (4c:72:b9:69:33:65)
Internet Protocol Version 4, Src: 192.168.100.4, Dst: 192.168.100.121
User Datagram Protocol, Src Port: 51771, Dst Port: 4729
GSM TAP Header, ARFCN: 0 (Downlink), TS: 255, Channel: UNKNOWN (255)
MS-SGSN LLC (Mobile Station - Serving GPRS Support Node Logical Link Control) SAPI: GPRS Mobility Management
GSM A-I/F DTAP - Routing Area Update Accept
No. Time Source Destination Protocol Length Info
217496 172.623109 192.168.100.4 192.168.100.121 GPRS-LLC 120 SAPI: LLGMM, UI, protected, non-ciphered information, N(U) = 5(DTAP) (GMM) Routing Area Update Request
Frame 217496: 120 bytes on wire (960 bits), 120 bytes captured (960 bits) on interface 0
Ethernet II, Src: Dell_68:2d:ec (64:00:6a:68:2d:ec), Dst: Pegatron_69:33:65 (4c:72:b9:69:33:65)
Internet Protocol Version 4, Src: 192.168.100.4, Dst: 192.168.100.121
User Datagram Protocol, Src Port: 51771, Dst Port: 4729
GSM TAP Header, ARFCN: 0 (Uplink), TS: 255, Channel: UNKNOWN (255)
MS-SGSN LLC (Mobile Station - Serving GPRS Support Node Logical Link Control) SAPI: GPRS Mobility Management
GSM A-I/F DTAP - Routing Area Update Request
No. Time Source Destination Protocol Length Info
217497 172.623412 192.168.100.4 192.168.100.121 GPRS-LLC 85 SAPI: LLGMM, UI, protected, non-ciphered information, N(U) = 2(DTAP) (GMM) Routing Area Update Accept
Frame 217497: 85 bytes on wire (680 bits), 85 bytes captured (680 bits) on interface 0
Ethernet II, Src: Dell_68:2d:ec (64:00:6a:68:2d:ec), Dst: Pegatron_69:33:65 (4c:72:b9:69:33:65)
Internet Protocol Version 4, Src: 192.168.100.4, Dst: 192.168.100.121
User Datagram Protocol, Src Port: 51771, Dst Port: 4729
GSM TAP Header, ARFCN: 0 (Downlink), TS: 255, Channel: UNKNOWN (255)
MS-SGSN LLC (Mobile Station - Serving GPRS Support Node Logical Link Control) SAPI: GPRS Mobility Management
GSM A-I/F DTAP - Routing Area Update Accept
No. Time Source Destination Protocol Length Info
217784 187.462624 192.168.100.4 192.168.100.121 GPRS-LLC 120 SAPI: LLGMM, UI, protected, non-ciphered information, N(U) = 6(DTAP) (GMM) Routing Area Update Request
Frame 217784: 120 bytes on wire (960 bits), 120 bytes captured (960 bits) on interface 0
Ethernet II, Src: Dell_68:2d:ec (64:00:6a:68:2d:ec), Dst: Pegatron_69:33:65 (4c:72:b9:69:33:65)
Internet Protocol Version 4, Src: 192.168.100.4, Dst: 192.168.100.121
User Datagram Protocol, Src Port: 51771, Dst Port: 4729
GSM TAP Header, ARFCN: 0 (Uplink), TS: 255, Channel: UNKNOWN (255)
MS-SGSN LLC (Mobile Station - Serving GPRS Support Node Logical Link Control) SAPI: GPRS Mobility Management
GSM A-I/F DTAP - Routing Area Update Request
No. Time Source Destination Protocol Length Info
217785 187.462911 192.168.100.4 192.168.100.121 GPRS-LLC 85 SAPI: LLGMM, UI, protected, non-ciphered information, N(U) = 3(DTAP) (GMM) Routing Area Update Accept
Frame 217785: 85 bytes on wire (680 bits), 85 bytes captured (680 bits) on interface 0
Ethernet II, Src: Dell_68:2d:ec (64:00:6a:68:2d:ec), Dst: Pegatron_69:33:65 (4c:72:b9:69:33:65)
Internet Protocol Version 4, Src: 192.168.100.4, Dst: 192.168.100.121
User Datagram Protocol, Src Port: 51771, Dst Port: 4729
GSM TAP Header, ARFCN: 0 (Downlink), TS: 255, Channel: UNKNOWN (255)
MS-SGSN LLC (Mobile Station - Serving GPRS Support Node Logical Link Control) SAPI: GPRS Mobility Management
GSM A-I/F DTAP - Routing Area Update Accept
The only differences i can see are :
MsRaCapability[GSM_E]=( GPRSMultislotClass=12 GPRSExtendedDynamicAllocationCapability=1 GERANFeaturePackage1=1)
MsRaCapability[GSM_1800]=( GPRSMultislotClass=12 GPRSExtendedDynamicAllocationCapability=1 GERANFeaturePackage1=1)
MsRaCapability[GSM_850]=( GPRSMultislotClass=12 GPRSExtendedDynamicAllocationCapability=1 GERANFeaturePackage1=1)
for the HONOR device and
MsRaCapability[GSM_E]=( GPRSMultislotClass=10 GPRSExtendedDynamicAllocationCapability=1)
MsRaCapability[GSM_850]=( GPRSMultislotClass=10 GPRSExtendedDynamicAllocationCapability=1)
MsRaCapability[GSM_1800]=( GPRSMultislotClass=10 GPRSExtendedDynamicAllocationCapability=1)
for the huawei device.
I thing that GPRSMultislotClass is not a problem but GERANFeaturePackage1 may be a problem cause searching in the source code i found only this:
// Extended dynamic mode means # channels up > # channels down.
bool MSInfo::msCanUseExtendedUplink()
{
// The Blackberry and iphone set the GeranFeaturePackI bit, but
// the danged Multitech modems truncate the MS capabilities before
// the GeranFeaturePackI bit, even though they do support extended uplink TBF
// They are multislot class 12, so if the MS multislot class > 10, assume ok.
return gL2MAC.macUplinkPersist > 0 && this->msIsRegistered()
&& (this->sgsnGetGeranFeaturePackI(this->msTlli) ||
this->sgsnGetMultislotClass(this->msTlli) > 10);
}
here https://github.com/ctxis/yate-bts/blob/7386c0e28867304a76e1bc101b0fcc61aefc5c38/mbts/GPRS/MSInfo.cpp (https://github.com/ctxis/yate-bts/blob/7386c0e28867304a76e1bc101b0fcc61aefc5c38/mbts/GPRS/MSInfo.cpp).
I have an embedded device and this doesn't work, like honor, the error is quite similar, no gprs connection but the loop is on AttachRequest :
16:56:05.8:GGSN logging to file /tmp/ggsn.log
16:56:05.8:ip link set sgsntun0 up
16:56:06.1:ip route add to 192.168.99.0/24 dev sgsntun0
16:56:48.0:SGSN: Created SgsnInfo: MS#1,TLLI=7dbcf269 (TLLI=0x7dbcf269) ConnID=-1 (-1) [0x7f1f44030a90]
16:56:48.0:LLC: llcWriteLowSide sapi=1
16:56:48.0:LLC: XID frame received size=0 llcsapi=1
16:56:48.0:LLC: Sending XID command:01FB
16:56:48.0:SGSN: Creating 'xid cmd' PDU with TLLI=0x7dbcf269,0x0 for MS#1,TLLI=7dbcf269
16:56:48.0:LLC: llcWriteLowSide sapi=1
16:56:48.0:LLC: UI::llcProcess
16:56:48.0:LLC: LlcEntityGmm lleUplinkData
16:56:48.0:SGSN: Received AttachRequest mAttachType=1 mobileId= IMSI=xxxxxxxxxxxxx addtionalMobileId=not present drx=8192 tmsiStatus=0 pdpContextStatus=PdpContextStatus=ff,ff mCypheringKeySequenceNumber=1 oldRaId=MCC=222 MNC=99f LAC=65534 RAC=0 mOldPtmsiSignature=0 mRequestedReadyTimerValue=22 mMsNetworkCapability=ByteVector(size=3 data: e5 60 0c)
MsRaCapability[GSM_E]=( GPRSMultislotClass=12 GPRSExtendedDynamicAllocationCapability=1 GERANFeaturePackage1=1)
MsRaCapability[GSM_1800]=( GPRSMultislotClass=12 GPRSExtendedDynamicAllocationCapability=1 GERANFeaturePackage1=1)
MsRaCapability[GSM_850]=( GPRSMultislotClass=12 GPRSExtendedDynamicAllocationCapability=1 GERANFeaturePackage1=1)
MS#1,TLLI=7dbcf269 (TLLI=0x7dbcf269) ConnID=-1 (-1) [0x7f1f44030a90]
received buffer 080103E5600C11200008292299227016441922F299FFFE001B1953432B2596420040000CD89632100200006EC6319080100002001716
16:56:48.0:SGSN: Allocated new GMM info for MS#1,TLLI=7dbcf269 (TLLI=0x7dbcf269) imsi=xxxxxxxxxxxxx ConnID=-1 (-1) [0x7f1f44030a90]
16:56:48.0:SGSN: Created SgsnInfo: (TLLI=0xc0030001) ConnID=-1 (-1) [0x7f1f44032080]
16:56:48.0:SGSN: Changing TLLI to MS#1,TLLI=7dbcf269,c0030001 (TLLI=0xc0030001) imsi=xxxxxxxxxxxxx ConnID=-1 (-1) [0x7f1f44032080]
16:56:48.0:SGSN: Connection allocated to MS#1,TLLI=7dbcf269,c0030001 (TLLI=0x7dbcf269) imsi=xxxxxxxxxxxxx ConnID=8193 (8193) [0x7f1f44030a90]
16:56:48.0:SGSN:
16:56:48.0:SGSN: Sending AttachAccept mAttachResult=1 mPTmsi=0x30001 mForceToStandby=0 RAUpdateTimer=5400 RAUpdateIE=0x49 mobileId=not present MCC=nwy MNC=nwy LAC=1000 RAC=0 MS#1,TLLI=7dbcf269,c0030001 (TLLI=0x7dbcf269) imsi=xxxxxxxxxxxxx ConnID=-2 (-2) [0x7f1f44030a90] frame(first20)=ByteVector(size=12 data: 08 02 01 49 44 17 22 17 03 e8 00 18 05 f4 00 03 00 01)
16:56:48.0:SGSN: Creating 'AttachAccept' PDU with TLLI=0x7dbcf269,0xc0030001 for MS#1,TLLI=7dbcf269,c0030001
16:57:02.8:LLC: llcWriteLowSide sapi=1
16:57:02.8:LLC: UI::llcProcess
16:57:02.8:LLC: LlcEntityGmm lleUplinkData
16:57:02.8:SGSN: Received AttachRequest mAttachType=1 mobileId= IMSI=xxxxxxxxxxxxx addtionalMobileId=not present drx=8192 tmsiStatus=0 pdpContextStatus=PdpContextStatus=ff,ff mCypheringKeySequenceNumber=1 oldRaId=MCC=222 MNC=99f LAC=65534 RAC=0 mOldPtmsiSignature=0 mRequestedReadyTimerValue=22 mMsNetworkCapability=ByteVector(size=3 data: e5 60 0c)
MsRaCapability[GSM_E]=( GPRSMultislotClass=12 GPRSExtendedDynamicAllocationCapability=1 GERANFeaturePackage1=1)
MsRaCapability[GSM_1800]=( GPRSMultislotClass=12 GPRSExtendedDynamicAllocationCapability=1 GERANFeaturePackage1=1)
MsRaCapability[GSM_850]=( GPRSMultislotClass=12 GPRSExtendedDynamicAllocationCapability=1 GERANFeaturePackage1=1)
MS#1,TLLI=7dbcf269,c0030001 (TLLI=0x7dbcf269) imsi=xxxxxxxxxxxxx ConnID=-2 (-2) [0x7f1f44030a90]
received buffer 080103E5600C11200008292299227016441922F299FFFE001B1953432B2596420040000CD89632100200006EC6319080100002001716
16:57:02.8:SGSN: Sending AttachAccept mAttachResult=1 mPTmsi=0x30001 mForceToStandby=0 RAUpdateTimer=5400 RAUpdateIE=0x49 mobileId=not present MCC=nwy MNC=nwy LAC=1000 RAC=0 MS#1,TLLI=7dbcf269,c0030001 (TLLI=0x7dbcf269) imsi=xxxxxxxxxxxxx ConnID=-2 (-2) [0x7f1f44030a90] frame(first20)=ByteVector(size=12 data: 08 02 01 49 44 17 22 17 03 e8 00 18 05 f4 00 03 00 01)
16:57:02.8:SGSN: Creating 'AttachAccept' PDU with TLLI=0x7dbcf269,0xc0030001 for MS#1,TLLI=7dbcf269,c0030001
16:57:02.8:SGSN:
16:57:17.9:LLC: llcWriteLowSide sapi=1
16:57:17.9:LLC: UI::llcProcess
16:57:17.9:LLC: LlcEntityGmm lleUplinkData
16:57:17.9:SGSN: Received AttachRequest mAttachType=1
and here i have the same class and GERAN feature of the honor
MsRaCapability[GSM_E]=( GPRSMultislotClass=12 GPRSExtendedDynamicAllocationCapability=1 GERANFeaturePackage1=1)
MsRaCapability[GSM_1800]=( GPRSMultislotClass=12 GPRSExtendedDynamicAllocationCapability=1 GERANFeaturePackage1=1)
MsRaCapability[GSM_850]=( GPRSMultislotClass=12 GPRSExtendedDynamicAllocationCapability=1 GERANFeaturePackage1=1)
I wanna get GPRS connection, so Stay tuned! :)
-
Attached yate -vvvv log of telit modem
with command:
"debug mbts level 10"
"debug transceiver level 10"
"sniffer on"
"debug on"
"color on"
"output on"
-
UP!
Telit logs. ;D ;D
-
Thank you for the outputs John
To establish the GPRS connection the UE needs to send GPRS attach request.
In the traces , the UE is not sending this message when its expected to see
Please see this picture for working GPRS in NiPC lenovo mobile
https://imgur.com/a/MA6ea6h
You can use the wireshark filter: gsm_a.dtap.msg_gmm_type in the traces
This picture from working mobile with the filter
https://imgur.com/a/yvj83SW
I was wondering if you can share with me datasheet for the modem you are using ?
-
Let's split the problem:
(1) for telit we have this kind of behavior
Device:
GT864_QUAD with modem GE865_QUAD with virmware revision 10.xxxx.03
https://www.telic.de/en/downloads/downloads-m2m-terminals
https://www.telic.de/Load/Telemetry/M2M_Terminals/GT864_QUAD/EN_UserManual_GT864-QUAD-PY.pdf
https://www.telic.de/Load/Telemetry/M2M_Terminals/GT864_QUAD/EN_Datasheet_GT864-Quad.pdf
the problem is when i try to activate context i got error.
AT+CGACT?
ERROR
and when i try to use it in a "normal" network i got full working gprs.
But now i'm going to retry and got more log with error reporting and many try of context activation.
(2) With that filter in wireshark i see that honor device sent a GPRS suspension and then go to RAU loop, see attach
EDIT:
added telit at command log + wireshark log + yate-vvvvv log, note that every time i try to activate gprs with at command i have about a mitues of lag on putty and i got 3101 error on terminal and :GSM RLC/MAC: PACKET_DOWNLINK_DUMMY_CONTROL_BLOCK (37) (Downlink)
-
Hello John
For the problem with Honor mobile:
It has been isolated to be MS issue
For the problem with telit
I wish to have more outputs that is organized differently , please
1. from the telnet session to BTS
mbts config Control.GSMTAP.GSM on
mbts config Control.GSMTAP.GPRS on
sniffer on
2. Make TCP dump
tcpdump -i any udp -w <file_name>.pcap
3. From telit , the following at commands
- Prepare and register outouts
AT+CPIN?
AT+CGREG?
AT+COPS?
AT+CSQ
- Attach to the network
AT+cgatt=1
AT+CGDCONT=1,”IP”,”internet”
at+cgdcont?
AT+CGACT=1,1
4. The file
ggsn.log
Wish you a nice day
-
Hi Nour,
thanks for your reply
i'm not able to get sgsn log, i don't know why because in my conf i have
[sgsn]
;Add layer-3 messages to the GGSN.Logfile, if any.
Debug=yes
link for attach:
https://drive.google.com/file/d/1Y_CUePvmYDgTUyXGXQg_EiABZ8Q3hG9S/view?usp=sharing
tell me if you need more log o more output
John
-
Hello John,
The MS is registered to the network and I can see the registration going ok on the wireshark capture.
IMSI MSISDN
--------------- ---------------
222102402326785 2326785
What I noticed, the output of CREG is 5 which is registered / roaming.
-> is this the scenario you are trying to achieve?
On the other hand, I was checking for the tilet error message while triggering the attach and I found if there is a mismatch with auto attach command you will have this error message, can you please check:
https://m2msupport.net/m2msupport/atautoatt-gprs-auto-attach/
https://www.telit.com/technical-forum/product-specific/gm862-quadpygps/operation-not-allowed/
Let me know,
Nour
-
Hi nour,
What I noticed, the output of CREG is 5 which is registered / roaming.
-> is this the scenario you are trying to achieve?
nope, i would have gprs connection, telit registers to gsm i can have calls and sms but no gprs connection.
On the other hand, I was checking for the tilet error message while triggering the attach and I found if there is a mismatch with auto attach command you will have this error message, can you please check:
ty for this indication but i think that this is not the problem, the telit should be connected instead i cannot navigate.
BTW i'll try to disable autoattach later and update this message, stay tuned.
ty for your reply
John
EDIT
as i said it was the same, no gprs connection and this error as always
15:34:33.7,70110: 15:34:33.7@@@failed tbf cause=3101 TBF#10 TFI=10 TBF_TLLI=0x7c1cb512 mtMS= MS#10,TLLI=7c1cb512 mtDir=RLCDir::Up
channels: down=( 0:2) up=( 0:2,usf=1)
mtState==TBFState::DataTransmit mtAttached=1 mtTFI=10 mtTlli=0x7c1cb512
mtMsgExpectedBits=0x0 mtMsgAckBits=0x2
mtUnAckMode=0 OnCCCH=0 mtAssignCounter=1 N3101=21
msNumDataUSFGrants=21 msAckNackUSFGrant=0 Pacch= idle=0
TA=2 TE=(0.00) RSSI=(-28) CV=(18) ILev=(0) RXQual=(0) SigVar=(0) ChCoding=(3) RXLev=(0) mLastAlpha=10 mLastGamma=31 mGamma=31
VR=0 VQ=0 stalled=0 mNumUpBlocksSinceAckNack=0 mtUpState=0
blocks: total=0 unique=0 grants=21
and mbts gprs list -v gime to me
MS#9,TLLI=7f282fd6 rrmode=PacketIdle Bytes:0up/0down Utilization=0%
GMM state unknown
TA=2 TE=(0.00) RSSI=(-28) CV=(19) ILev=(0) RXQual=(0) SigVar=(0) ChCoding=(3) RXLev=(0) mLastAlpha=10 mLastGamma=31 mGamma=31
dataER:0% (0) recent:0% (0) tbfER:1.0% (1)
rrbpER:0% (1) recent:0% (0) ccchER:0% (0) recent:0% (0)
DownlinkQ:bytes=(0) delay=(0)
TBFs: total=1 failed=1
current=()
USFs=( 0 0 0 0 0 0 0 0 )
channels: down=( 0:2) up=( 0:2,usf=0)
msNumDataUSFGrants=0 msAckNackUSFGrant=-1 Pacch= idle=1381
PDCH ARFCN=512 TN=1 FER=100%
Reservations=()
USFList=( 1=>free 2=>free 3=>free 4=>free 5=>free 6=>free)
TFI=()
PDCH ARFCN=512 TN=2 FER=100%
Reservations=()
USFList=( 1=>free 2=>free 3=>free 4=>free 5=>free 6=>free)
TFI=()
PDCH ARFCN=512 TN=3 FER=100%
Reservations=()
USFList=( 1=>free 2=>free 3=>free 4=>free 5=>free 6=>free)
TFI=()
-
Hello John
After checking further, I believe the modem is using SIM with different network identity than 00101 that is configured in the BTS.
To solve this:
1. Try SIM with the network identity 00101
2. Enable data roaming in the modem.
https://www.multitech.net/developer/wp-content/uploads/2010/10/S000463C.pdf
Best regards,
Nour
-
hello,
i haven't configurable sim, and the same device in osmocom network works.
Best regards
John
-
Hello John,
Having the MS in home network or roaming network depends on both the SIM and the network
if the network identifier matches , the MS will believe its connected to its home network.
In your situation, there is a mismatch , so the telit modem thinks its in roaming mode and GPRS for roaming needs to be enabled with AT commands.
Like in mobile phones, when you switch to roaming , you need to activate data roaming option from the settings.
As when you check registration from AT , you can see it thinks its in roaming (5).
Thanks,
Nour
-
hi nour,
i can't figure out how to enable roaming on telit, but i can tell to you that with osmocom i had test network as yate (100 01) and it works with the same SIM as now.
at
OK
at
OK
AT+CMEE=2
OK
AT+CGEREP=1,1
OK
AT+CGREG?
+CGREG: 0,0
OK
AT+COPS=1,2,"10001"
OK
AT+CGREG?
+CGREG: 0,0
OK
at#dns=4,"8.8.8.8","8.8.4.4"
OK
AT+CGREG=?
+CGREG: (0-2)
OK
AT+CGREG?
+CGREG: 0,0
OK
AT+CGREG=1
OK
AT+CGREG?
+CGREG: 1,0
OK
AT#CEERNET
#CEERNET: 0
OK
AT#CEERNET=?
OK
at+creg?
+CREG: 0,5
OK
AT#GPIO=2,1,1
OK
AT+CIND=?
+CIND: (("battchg",(0-5,99)),("signal",(0-7,99)),("service",(0,1)),("sounder",(0,1)),("message",(0,1)),("call",(0,1)),("roam",(0,1)),("smsfull",(0,1)),("rssi",(0-5,99)))
OK
AT+CIND=1,1,1,1,1,1,1,1,1
OK
AT+CIND=?
+CIND: (("battchg",(0-5,99)),("signal",(0-7,99)),("service",(0,1)),("sounder",(0,1)),("message",(0,1)),("call",(0,1)),("roam",(0,1)),("smsfull",(0,1)),("rssi",(0-5,99)))
OK
AT+WGPRS=?
ERROR
AT+CGACT=0
OK
AT# EVMONI?
#EVMONI: "VBATT",0,"",0,0
#EVMONI: "DTR",0,"",0,0
#EVMONI: "ROAM",0,""
#EVMONI: "CONTDEACT",0,""
#EVMONI: "RING",0,"",1
#EVMONI: "STARTUP",0,""
#EVMONI: "REGISTERED",0,""
#EVMONI: "GPIO1",0,"",1,0,0
#EVMONI: "GPIO2",0,"",1,0,0
#EVMONI: "GPIO3",0,"",1,0,0
#EVMONI: "GPIO4",0,"",1,0,0
#EVMONI: "GPIO5",0,"",1,0,0
#EVMONI: "ADCH1",0,"",1,0,0
#EVMONI: "ADCL1",0,"",1,0,0
OK
AT#EVMONI=?
#EVMONI: "VBATT",(0,1),(0-2),(0-500),(0-255)
#EVMONI: "DTR",(0,1),(0-2),(0,1),(0-255)
#EVMONI: "ROAM",(0,1),0
#EVMONI: "CONTDEACT",(0,1),0
#EVMONI: "RING",(0,1),(0,1),(1-50)
#EVMONI: "STARTUP",(0,1),0
#EVMONI: "REGISTERED",(0,1),0
#EVMONI: "GPIO1",(0,1),(0-3),(1-10),(0,1),(0-255)
#EVMONI: "GPIO2",(0,1),(0-3),(1-10),(0,1),(0-255)
#EVMONI: "GPIO3",(0,1),(0-3),(1-10),(0,1),(0-255)
#EVMONI: "GPIO4",(0,1),(0-3),(1-10),(0,1),(0-255)
#EVMONI: "GPIO5",(0,1),(0-3),(1-10),(0,1),(0-255)
#EVMONI: "ADCH1",(0,1),(0-3),(1-3),(0-2000),(0-255)
#EVMONI: "ADCL1",(0,1),(0-3),(1-3),(0-2000),(0-255)
OK
AT#EVMONI="ROAM",1
OK
AT#EVMONI=?
#EVMONI: "VBATT",(0,1),(0-2),(0-500),(0-255)
#EVMONI: "DTR",(0,1),(0-2),(0,1),(0-255)
#EVMONI: "ROAM",(0,1),0
#EVMONI: "CONTDEACT",(0,1),0
#EVMONI: "RING",(0,1),(0,1),(1-50)
#EVMONI: "STARTUP",(0,1),0
#EVMONI: "REGISTERED",(0,1),0
#EVMONI: "GPIO1",(0,1),(0-3),(1-10),(0,1),(0-255)
#EVMONI: "GPIO2",(0,1),(0-3),(1-10),(0,1),(0-255)
#EVMONI: "GPIO3",(0,1),(0-3),(1-10),(0,1),(0-255)
#EVMONI: "GPIO4",(0,1),(0-3),(1-10),(0,1),(0-255)
#EVMONI: "GPIO5",(0,1),(0-3),(1-10),(0,1),(0-255)
#EVMONI: "ADCH1",(0,1),(0-3),(1-3),(0-2000),(0-255)
#EVMONI: "ADCL1",(0,1),(0-3),(1-3),(0-2000),(0-255)
OK
AT# EVMONI?
#EVMONI: "VBATT",0,"",0,0
#EVMONI: "DTR",0,"",0,0
#EVMONI: "ROAM",1,""
#EVMONI: "CONTDEACT",0,""
#EVMONI: "RING",0,"",1
#EVMONI: "STARTUP",0,""
#EVMONI: "REGISTERED",0,""
#EVMONI: "GPIO1",0,"",1,0,0
#EVMONI: "GPIO2",0,"",1,0,0
#EVMONI: "GPIO3",0,"",1,0,0
#EVMONI: "GPIO4",0,"",1,0,0
#EVMONI: "GPIO5",0,"",1,0,0
#EVMONI: "ADCH1",0,"",1,0,0
#EVMONI: "ADCL1",0,"",1,0,0
OK
at
OK
+CGREG: 2
AT+CGREG?
+CGREG: 1,0
OK
AT+CSQ
+CSQ: 20,0
OK
AT+cgatt=1
+CME ERROR: operation not allowed
AT+CGDCONT=1,”IP”,”internet”
+CME ERROR: operation not allowed
AT+CGREG?
+CGREG: 1,2
OK
+CGREG: 5
Ty, you have a lot of patience :)
John
-
Hi John,
You are welcome :)
Can you please try:
AT+WGPRS=<mode>[, [<parameter>] [,<parameter2>]
Mode 7: Automatic GPRS roaming inter-operator (the mobile equipment automatically reattaches itself to the network and reactivates its PDP context by changing the operator when reaching border areas. Only <class> is used.
<parameter> Requested operation for <mode> (except for <mode>=4 and 8)
0 Disabled
2 Enabled
Then try to register and attach again.
Thanks,
Nour
-
My device doesn't support that command, i think that data roaming is enable by default.
John