OsmocomBB源码分析

GSM协议栈

基于接口，GSM信令协议组装成三个通用层：

1. 第1层：物理层。 它使用空中接口上的通道结构。
2. 第2层：数据链路层。 在Um接口上，数据链路层是用于ISDN中的D信道（LAPD）协议的链路访问协议的修改版本，在Dm信道上称为链路访问协议（LAPDm）。 在A接口上，使用消息传输部分（MTP），SS7的第2层。
3. 第3层：GSM信令协议的第三层分为三个子层：
   - 无线电资源管理（RR Radio Resouce）
   - 流动性管理（MM Mobile Management）
   - 连接管理（CM Connection Management）

业务逻辑和接口

NAS层分为CC（Call Control) SS (Supplementary Service) SMS (Short Message Service) REG (register service)

各层逻辑框图和接口

osmocon代码分析

osmocon 是一种控制台工具，用于将手机上的基带固件与主机PC中的应用程序接口。
它还可用于通过串行线路将固件或引导程序下载到电话中，当前已针对CompalE88（C118/C120/C121/C123），CompalE99（C155）实现了该程序。
目前支持的Bootloader是CompalRamloader和CalypsoRomloader。
上载固件后，它将变成HDLC多路复用器/多路解复用器，从而允许与设备进行多通道通信。
电话控制台位于一个这样的通道上，并将被重定向到运行osmocom的终端（stdout）。
可以通过以下unix域套接字访问其他几个HDLC通道：

• / tmp / osmocom_l2为L1A_L23_Interface 13759 移动，ccch_scan和其它主机程序
• / tmp / osmocon_loader用于引导程序
  

一般用法
使用HardwareSerialCable（2.5mm耳机插孔上的3.3V RS232）将电话 UART 连接到PC的串行端口。
选择要加载的固件，具体取决于要运行的主机程序。
将固件加载到手机，如下所示运行osmocon。用您的值填写电话类型和固件名称。

$ ./osmocon -p / dev / ttyUSB0 -m c123xor ../../target/firmware/board/PHONE_TYPE/FIRMWARE.compalram.bin

确保手机关机。 短暂按一下手机的开机按钮（短按，不像普通的手机开机！）。避免在使用osmocon时为手机充电，否则可能会限制加载程序。
观察类似于以下内容的输出：

got 2 bytes from modem, data looks like: 2f c8 
got 5 bytes from modem, data looks like: 1b f6 02 00 41 
got 1 bytes from modem, data looks like: 01 
got 1 bytes from modem, data looks like: 40 
Received PROMPT1 from phone, responding with CMD
read_file(../../target/firmware/board/compal_e88/loader.compalram.bin): file_size=13404, hdr_len=4, dnload_len=13411
got 1 bytes from modem, data looks like: 1b 
got 1 bytes from modem, data looks like: f6 
got 1 bytes from modem, data looks like: 02 
got 1 bytes from modem, data looks like: 00 
got 1 bytes from modem, data looks like: 41 
got 1 bytes from modem, data looks like: 02 
got 1 bytes from modem, data looks like: 43 
Received PROMPT2 from phone, starting download
handle_write(): 1023 bytes (1023/13411)
handle_write(): 768 bytes (1791/13411)
handle_write(): 768 bytes (2559/13411)
handle_write(): 768 bytes (3327/13411)
handle_write(): 768 bytes (4095/13411)
handle_write(): 768 bytes (4863/13411)
handle_write(): 768 bytes (5631/13411)
handle_write(): 768 bytes (6399/13411)
handle_write(): 768 bytes (7167/13411)
handle_write(): 768 bytes (7935/13411)
handle_write(): 768 bytes (8703/13411)
handle_write(): 768 bytes (9471/13411)
handle_write(): 768 bytes (10239/13411)
handle_write(): 768 bytes (11007/13411)
handle_write(): 768 bytes (11775/13411)
handle_write(): 768 bytes (12543/13411)
handle_write(): 768 bytes (13311/13411)
handle_write(): 100 bytes (13411/13411)
handle_write(): finished
got 1 bytes from modem, data looks like: 1b 
got 1 bytes from modem, data looks like: f6 
got 1 bytes from modem, data looks like: 02 
got 1 bytes from modem, data looks like: 00 
got 1 bytes from modem, data looks like: 41 
got 1 bytes from modem, data looks like: 03 
got 1 bytes from modem, data looks like: 42 
Received DOWNLOAD ACK from phone, your code is running now!
OSMOCOM Calypso loader (revision f45c5ee-modified)
======================================================================
Running on compal_e88 in environment ramload

现在，您可以通过应用程序（例如mobile，ccch_scan，osmoload等）与手机进行交互，具体取决于所加载的固件。

NAS层代码分析

UE和NW之间的呼叫处理过程

CC Call Control(GSM 04.08)

主叫和被叫 call control状态转换图

呼叫控制部分代码由全局变量datastatelist的函数列表来维护。
datastatelist的不同状态对应的处理函数

states	protocol	type	callback
/* mobile originating call establishment*/
SBIT(GSM_CSTATE_INITIATED)	/5.2.1.3/	GSM48_MT_CC_CALL_PROC	gsm48_cc_rx_call_proceeding
SBIT(GSM_CSTATE_INITIATED), SBIT(GSM_CSTATE_MO_CALL_PROC), SBIT(GSM_CSTATE_CALL_DELIVERED)	/*5.2.1.4.1*/	GSM48_MT_CC_PROGRESS	gsm48_cc_rx_progress
SBIT(GSM_CSTATE_INITIATED), SBIT(GSM_CSTATE_MO_CALL_PROC)	/*5.2.1.5*/	GSM48_MT_CC_ALERTING	gsm48_cc_rx_alerting
SBIT(GSM_CSTATE_INITIATED), SBIT(GSM_CSTATE_MO_CALL_PROC), SBIT(GSM_CSTATE_CALL_DELIVERED)	/*5.2.1.6*/	GSM48_MT_CC_CONNECT	gsm48_cc_rx_connect
/*mobile terminating call establishment*/
SBIT(GSM_CSTATE_NULL)	/*5.2.2.1*/	GSM48_MT_CC_SETUP	gsm48_cc_rx_setup
SBIT(GSM_CSTATE_CONNECT_REQUEST)	/*5.2.2.6*/	GSM48_MT_CC_CONNECT_ACK	gsm48_cc_rx_connect_ack
/*signalling during call*/
SBIT(GSM_CSTATE_ACTIVE)	/*5.3.1*/	GSM48_MT_CC_NOTIFY	gsm48_cc_rx_notify
ALL_STATES	/8.4/	GSM48_MT_CC_STATUS_ENQ	gsm48_cc_rx_status_enq
ALL_STATES	/8.4/	GSM48_MT_CC_STATUS	gsm48_cc_rx_status
ALL_STATES	/*5.5.7.2*/	GSM48_MT_CC_START_DTMF_ACK	gsm48_cc_rx_start_dtmf_ack
ALL_STATES	/*5.5.7.2*/	GSM48_MT_CC_START_DTMF_REJ	gsm48_cc_rx_start_dtmf_rej
ALL_STATES	/*5.5.7.4*/	GSM48_MT_CC_STOP_DTMF_ACK	gsm48_cc_rx_stop_dtmf_ack
SBIT(GSM_CSTATE_ACTIVE)		GSM48_MT_CC_HOLD_ACK	gsm48_cc_rx_hold_ack
SBIT(GSM_CSTATE_ACTIVE)		GSM48_MT_CC_HOLD_REJ	gsm48_cc_rx_hold_rej
SBIT(GSM_CSTATE_ACTIVE)		GSM48_MT_CC_RETR_ACK	gsm48_cc_rx_retrieve_ack
SBIT(GSM_CSTATE_ACTIVE)		GSM48_MT_CC_RETR_REJ	gsm48_cc_rx_retrieve_rej
ALL_STATES-SBIT(GSM_CSTATE_NULL)		GSM48_MT_CC_FACILITY	gsm48_cc_rx_facility
SBIT(GSM_CSTATE_ACTIVE)		GSM48_MT_CC_USER_INFO	gsm48_cc_rx_userinfo
/*clearing*/
ALL_STATES-SBIT(GSM_CSTATE_NULL)-SBIT(GSM_CSTATE_RELEASE_REQ)-SBIT(GSM_CSTATE_DISCONNECT_IND)	/*5.4.4.1.1*/	GSM48_MT_CC_DISCONNECT	gsm48_cc_rx_disconnect
ALL_STATES	/*5.4.3.3&5.4.5!!!*/	GSM48_MT_CC_RELEASE	gsm48_cc_rx_release
ALL_STATES	/*5.4.4.1.3*/	GSM48_MT_CC_RELEASE_COMPL	gsm48_cc_rx_release_compl
/*modify*/
SBIT(GSM_CSTATE_ACTIVE)		GSM48_MT_CC_MODIFY	gsm48_cc_rx_modify
SBIT(GSM_CSTATE_MO_TERM_MODIFY)		GSM48_MT_CC_MODIFY_COMPL	gsm48_cc_rx_modify_complete
SBIT(GSM_CSTATE_MO_TERM_MODIFY)		GSM48_MT_CC_MODIFY_REJECT	gsm48_cc_rx_modify_reject

SS Supplementary Service(GSM 04.80)

SMS Short Message Service(GSM 04.11)

SMS Call Flow

PHY层代码

trx数据接收和发送过程

不同信道的接收发送由trx_lchan_desc全局变量的函数列表来维护，接收处理函数rx_data_fn，接收处理函数tx_data_fn。

GSM 05.03 Channel Coding

encode & decode
Y:\code\libosmocore\src\coding\gsm0503_coding.c

GSM 05.03 Interleaving

interleave & deinterleave
Y:\code\libosmocore\src\coding\gsm0503_interleaving.c

GSM 05.03 mapping

mapping & unmapping
Y:\code\libosmocore\src\coding\gsm0503_mapping.c