[Catchercatcher] cell selection instability

David kktmp1 at gmail.com
Sun Jan 8 16:18:40 CET 2012

Nohl, Luca, Fantastic talk !! I've just watched it, installed
catchercatcher and cell_logger and signed on the list...
All works great.

One quick answer:
I think that another simple solution may be to use the "stick" option in
the ".osmocom/bb/mobile.cfg" file

 no simulated-delay
 stick 55

(where 55, your ARFCN)

or from the vty:

smocomBB# conf t
OsmocomBB(config)# ms 1
OsmocomBB(ms)#stick 55
OsmocomBB(ms)#% Channel request
% Link established
% delta 0.100056 current 3
% delta 0.200184 current 3

% (MS 1)
% Release received

% (MS 1)
% Power off!
OsmocomBB(ms)#no shutdown

You have to shutdown / no shutdown to the changes take effect.



>* I just tried your patch after viewing your presentation on 28c3. I'm*>* wondering because I always get the "red" status and I dont have a*>* clue why. Your application was run in a resedential area in Berlin on*>* different days. See the attached output from the catcher cather*>* application.*
This is a known issue, given by the cell selection instability.
Since we consider "multiple LAC change" a big problem, you can see here:

>*   cell monitoring*>*     camped:    0*>*     MCC:       610 (610, 0)*>*     MNC:       31 (31, 0)*>*     LAC:       213 (213, 13)*>*     CID:       [removed]*
(LAC change count is 13)

that your osmocom mobile is jumping many times from one cell to another,
based on signal reception, making our monitoring code show a RED flag.
Your "problem" is to be in the middle of different LACs, and there is no
single cell with "very good signal". For now, you can fix this, allowing
the osmocom mobile to just stay on particular frequencies of same LAC.
See the file osmocom-bb/src/host/layer23/src/mobile/gsm322.c

#if 1
        /* set supported frequencies in cell selection list */
        for (i = 0; i <= 1023+299; i++)
                if ((ms->settings.freq_map[i >> 3] & (1 << (i & 7))))
                        cs->list[i].flags |= GSM322_CS_FLAG_SUPPORT;
        cs->list[688].flags |= GSM322_CS_FLAG_SUPPORT;

the "#if 1" and the number 688 can be changed to "#if 0" and the ARFCN
you prefer to lock the mobile to a specific frequency.

This problem will be fixed in a proper way soon,
and the MCC/MNC parsing too.


