FreeCalypso > hg > freecalypso-docs

comparison TCH-tap-modes @ 106:28c1cb869d91

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
TCH-tap-modes: updates for TCH/HS
author Mychaela Falconia <falcon@freecalypso.org>
date Mon, 22 Jul 2024 22:36:29 +0000
parents 8a45cd92e3c3
children dfa5f99631a6
comparison
equal deleted inserted replaced
105:72a272083f46 106:28c1cb869d91
126 tools, specifically the tch record command in an interactive fc-shell session. 126 tools, specifically the tch record command in an interactive fc-shell session.
127 The format in which TCH DL tap traffic is passed over RVTMUX (an original 127 The format in which TCH DL tap traffic is passed over RVTMUX (an original
128 FreeCalypso invention) has changed in a slight but incompatible way between the 128 FreeCalypso invention) has changed in a slight but incompatible way between the
129 original hackish version from 2016 and the new production version as of 2022, 129 original hackish version from 2016 and the new production version as of 2022,
130 and capturing TCH DL with new firmware requires the updated version of fc-shell 130 and capturing TCH DL with new firmware requires the updated version of fc-shell
131 that will be released as part of fc-host-tools-r18. The current (late 2022) 131 that was released as part of fc-host-tools-r18. The current (developed in late
132 incarnation of FreeCalypso TCH DL sniffing feature supports FR1, HR1 and EFR 132 2022) incarnation of FreeCalypso TCH DL sniffing feature supports FR1, HR1 and
133 codecs, although only FR1 and EFR have been tested so far. 133 EFR codecs; initially only FR1 and EFR were tested, but in 2024 HR1 joined the
134 tested and known-working set.
134 135
135 The function of TCH UL substitution is currently implemented in FC Tourmaline 136 The function of TCH UL substitution is currently implemented in FC Tourmaline
136 only for FR1 and EFR (no HR1, no AMR), and it likewise requires running an 137 only for FR1 and EFR (no HR1, no AMR), and it likewise requires running an
137 interactive fc-shell session in which you would invoke the tool's tch play 138 interactive fc-shell session in which you would invoke the tool's tch play
138 command. In the case of TCH UL play feature there has been NO change in the 139 command. In the case of TCH UL play feature there has been NO change in the
155 followed by N words of payload, where N depends on TCH mode: 17 for TCH/FS and 156 followed by N words of payload, where N depends on TCH mode: 17 for TCH/FS and
156 TCH/EFS, 8 for TCH/HS, and not-yet-studied for AMR and CSD. Let's begin our 157 TCH/EFS, 8 for TCH/HS, and not-yet-studied for AMR and CSD. Let's begin our
157 analysis with the 3 status words that make up the buffer header: 158 analysis with the 3 status words that make up the buffer header:
158 159
159 Status word 0 (a_dd_0[0] or a_dd_1[0]) is a word of flag bits. We don't know 160 Status word 0 (a_dd_0[0] or a_dd_1[0]) is a word of flag bits. We don't know
160 the meaning of every bit in this word, but at least for TCH/FS and TCH/EFS (we 161 the meaning of every bit in this word, but here are the bit meanings we've been
161 haven't exercised TCH/HS at all) we know the following bits: 162 able to figure out so far, looking at TCH/FS, TCH/EFS and more recently TCH/HS
163 DL captures:
162 164
163 * Bit 15 (B_BLUD) is a "buffer filled" or "data present" flag. This flag is 165 * Bit 15 (B_BLUD) is a "buffer filled" or "data present" flag. This flag is
164 observed as 1 in *almost* every 20 ms window in which a traffic frame is 166 observed as 1 in *almost* every 20 ms window in which a traffic frame is
165 expected (fn_report_mod13_mod4 == 0 in l1s_read_dedic_dl(), case TCHTF), 167 expected (fn_report_mod13_mod4 == 0 in l1s_read_dedic_dl(), case TCHTF),
166 except for certain instances early in the call setup process which remain to 168 except for certain instances early in the call setup process which remain to
174 the speech-not-FACCH channel decoder was invoked. In the case of TCH/EFS this 176 the speech-not-FACCH channel decoder was invoked. In the case of TCH/EFS this
175 bit is set to 1 if the EFR-added CRC-8 was bad, and cleared if this CRC-8 was 177 bit is set to 1 if the EFR-added CRC-8 was bad, and cleared if this CRC-8 was
176 good; in the case of TCH/FS this bit has always been observed as 1 and should 178 good; in the case of TCH/FS this bit has always been observed as 1 and should
177 be ignored because there is no CRC-8 in TCH/FS. 179 be ignored because there is no CRC-8 in TCH/FS.
178 180
181 (Update for TCH/HS: in this channel mode this bit has always been observed
182 as 0.)
183
179 * Bit 7 has always been observed as 1 wheneven B_BLUD is set but B_AF is 184 * Bit 7 has always been observed as 1 wheneven B_BLUD is set but B_AF is
180 cleared, i.e., whenever the block was channel-decoded in FACCH rather than 185 cleared, i.e., whenever the block was channel-decoded in FACCH rather than
181 speech mode. 186 speech mode.
182 187
183 * Bits 6:5 indicate the result of FIRE decoding in the event that the FACCH 188 * Bits 6:5 indicate the result of FIRE decoding in the event that the FACCH
184 decoder was invoked. 189 decoder was invoked.
185 190
186 * Bits 4:3 carry the ternary SID flag encoded as in section 6.1.1 of GSM 06.31 191 * Bits 4:3 carry the ternary SID flag encoded as in section 6.1.1 of GSM 06.31
187 and 06.81, but only when the speech-not-FACCH channel decoder was invoked as 192 and 06.81, but only when the speech-not-FACCH channel decoder was invoked as
188 indicated by B_AF. 193 indicated by B_AF.
194
195 (Update for TCH/HS: these bits apply to HR codec too, following GSM 06.41
196 section 6.1.1 now.)
189 197
190 * Bit 2 is BFI as defined in section 6.1.1 of GSM 06.31 and 06.81. Whenever 198 * Bit 2 is BFI as defined in section 6.1.1 of GSM 06.31 and 06.81. Whenever
191 the block was decoded as FACCH (bit 14 clear, bit 7 set), bit 2 has always 199 the block was decoded as FACCH (bit 14 clear, bit 7 set), bit 2 has always
192 been observed as set, agreeing with the stipulation in GSM 06.31 and 06.81 200 been observed as set, agreeing with the stipulation in GSM 06.31 and 06.81
193 that BFI=1 whenever a FACCH frame has been received. However, in the case of 201 that BFI=1 whenever a FACCH frame has been received. However, in the case of
194 TCH/EFS it appears that CRC-8 status (reported in bit 9) is NOT factored into 202 TCH/EFS it appears that CRC-8 status (reported in bit 9) is NOT factored into
195 the logic that sets bit 2 - it appears that the subsequent speech decoding 203 the logic that sets bit 2 - it appears that the subsequent speech decoding
196 logic is expected to OR bits 2 and 9 together to get the BFI flag for the Rx 204 logic is expected to OR bits 2 and 9 together to get the BFI flag for the Rx
197 DTX handler of GSM 06.81. 205 DTX handler of GSM 06.81.
206
207 (Update for TCH/HS: bit 2 is BFI in HR codec too.)
208
209 * Bit 1 is seen only in TCH/HS, and appears to be the elusive BCI flag whose
210 existence has been figured out from ETSI GSM 06.06 reid.c source. See this
211 article for more information:
212
213 https://osmocom.org/projects/retro-gsm/wiki/HRv1_error_flags
214
215 * Bit 0 is UFI for TCH/HS only.
198 216
199 In the case of 20 ms blocks (reassembled from 8 half-bursts) that were channel- 217 In the case of 20 ms blocks (reassembled from 8 half-bursts) that were channel-
200 decoded as speech rather than FACCH, the observed behavior is that bits 15 and 218 decoded as speech rather than FACCH, the observed behavior is that bits 15 and
201 14 are set, the payload portion of the buffer is filled with the output from the 219 14 are set, the payload portion of the buffer is filled with the output from the
202 channel decoder, and bits 4:3 are set from this payload by the bit-counting rule 220 channel decoder, and bits 4:3 are set from this payload by the bit-counting rule