QMI via MBIM for "FCC Authentication" fix
Collin McMillan
cmc at nd.edu
Wed Jul 29 13:26:18 PDT 2015
Hi Folks
I have been continuing to look at this -- it's a really interesting problem
and library! Before I dive into libqmi, I'm trying to make it work for a
specific case in libmbim. I'm just trying to make a program that sends QMI
messages to the QMI-over-MBIM service.
If I understand correctly, all I need to do is send a message like this one:
03 00 00 00 40 00 00 00 04 00 00 00 01 00 00 00 00 00 00 00 D1 A3 0B C2 F9
7A 6E 43 BF 65 C7 E2 4F B0 F0 D3 01 00 00 00 01 00 00 00 10 00 00 00 01 0C
00 00 02 01 00 01 00 5F 55 00 00 00 00 00
Checking the spec (http://caxapa.ru/thumbs/334029/MBIM_v1_0_USBIF_FINAL.pdf),
that means:
03 00 00 00: MessageType, 3 for command, see table 9.1 in the above PDF
40 00 00 00: MessageLength, 64 bytes
04 00 00 00: TransactionID, libmbim picked this for me
01 00 00 00 00 00 00 00: FragmentHeader (table 9.3)
D1 ... D3: 16 bytes for the service UUID
01 00 00 00: CID, I believe this has to be 1 because 1 is the only CID
listed as possible on this service (see my output of mbimcli -d
/dev/cdc-wdm0 --query-device-services in an above email)
01 00 00 00: 1 for a SET operation (table 9-6 in the spec PDF)
10 00 00 00: InformationBufferLength, 16 bytes
01 0C...end: InformationBuffer
Then InformationBuffer is the QMI message. In this case, I sent:
01 0C 00 00 02 01 00 01 00 5F 55 00 00
I got this from running:
qmicli -d /dev/cdc-wdm0 --dms-set-fcc-authentication -v --client-cid=1
This command fails, but it does output the raw data sent to the device,
using the verbose flag.
Anyway, what I have now is:
1) A modified version of libmbim 1.12.2 that includes a new service called
QMIOVER. I can send all the gory details, but essentially it is just a new
data/json service file, and several appropriate changes to libmbim e.g. to
mbim-cid.h/c and mbim-uuid.h/.c.
//
*********************************************************************************
{ "type" : "Service",
"name" : "QMI Over" },
//
*********************************************************************************
{ "name" : "qmi",
"service" : "QMIOver",
"type" : "Command",
"set" : [ { "name" : "QmiMsg",
"format" : "byte-array",
"array-size" : "16" } ],
"response" : [ { "name" : "QMUX",
"format" : "byte-array",
"array-size" : "65" } ] }
2) A pretty ugly stripped down version of mbimcli, that just opens the
device, tries to send a QMI allocate CID message, then the FCC message, and
the closes the device. Here's the relevant output of that program (same a
mbimcli's verbose output):
[29 Jul 2015, 16:06:01] -Error ** mbim_cid_get_printable: assertion
'service > MBIM_SERVICE_INVALID' failed
[29 Jul 2015, 16:06:01] [Debug] [/dev/cdc-wdm0] Received message
(translated)...
>>>>>> Header:
>>>>>> length = 72
>>>>>> type = command-done (0x80000003)
>>>>>> transaction = 3
>>>>>> Fragment header:
>>>>>> total = 1
>>>>>> current = 0
>>>>>> Contents:
>>>>>> status error = 'None' (0x00000000)
>>>>>> service = 'invalid' (d1a30bc2-f97a-6e43-bf65-c7e24fb0f0d3)
>>>>>> cid = '(null)' (0x00000001)
[29 Jul 2015, 16:06:01] [Debug] Asynchronously sending QMI test message...
[29 Jul 2015, 16:06:01] [Debug] [/dev/cdc-wdm0] Sent message...
<<<<<< RAW:
<<<<<< length = 64
<<<<<< data =
03:00:00:00:40:00:00:00:04:00:00:00:01:00:00:00:00:00:00:00:D1:A3:0B:C2:F9:7A:6E:43:BF:65:C7:E2:4F:B0:F0:D3:01:00:00:00:01:00:00:00:10:00:00:00:01:0C:00:00:02:01:00:01:00:5F:55:00:00:00:00:00
[29 Jul 2015, 16:06:01] -Error ** mbim_cid_get_printable: assertion
'service > MBIM_SERVICE_INVALID' failed
[29 Jul 2015, 16:06:01] [Debug] [/dev/cdc-wdm0] Sent message (translated)...
<<<<<< Header:
<<<<<< length = 64
<<<<<< type = command (0x00000003)
<<<<<< transaction = 4
<<<<<< Fragment header:
<<<<<< total = 1
<<<<<< current = 0
<<<<<< Contents:
<<<<<< service = 'invalid' (d1a30bc2-f97a-6e43-bf65-c7e24fb0f0d3)
<<<<<< cid = '(null)' (0x00000001)
<<<<<< type = 'set' (0x00000001)
[29 Jul 2015, 16:06:01] [Debug] [/dev/cdc-wdm0] Received message...
>>>>>> RAW:
>>>>>> length = 48
>>>>>> data =
03:00:00:80:30:00:00:00:04:00:00:00:01:00:00:00:00:00:00:00:D1:A3:0B:C2:F9:7A:6E:43:BF:65:C7:E2:4F:B0:F0:D3:01:00:00:00:02:00:00:00:00:00:00:00
[29 Jul 2015, 16:06:01] -Error ** mbim_cid_get_printable: assertion
'service > MBIM_SERVICE_INVALID' failed
[29 Jul 2015, 16:06:01] [Debug] [/dev/cdc-wdm0] Received message
(translated)...
>>>>>> Header:
>>>>>> length = 48
>>>>>> type = command-done (0x80000003)
>>>>>> transaction = 4
>>>>>> Fragment header:
>>>>>> total = 1
>>>>>> current = 0
>>>>>> Contents:
>>>>>> status error = 'Failure' (0x00000002)
>>>>>> service = 'invalid' (d1a30bc2-f97a-6e43-bf65-c7e24fb0f0d3)
>>>>>> cid = '(null)' (0x00000001)
(BTW, I am not sure why the mbim_cid_get_printable function gives an error
here -- I have added the service macros, etc., everywhere I can find)
Yes, this is a serious hack job at this point, but I am wondering if you
could tell me if I'm on the right track here. :-) It seems that I *can*
communicate with the QMI interface, but that the FCC message is failing for
some reason. It could be that I am allocating the CID improperly, or that
the FCC message is improperly formatted, or that I am missing some other
step.
Once I wrap my mind completely around the problem, I'm going take your
suggestion and combine it with libqmi. Then, modify qmicli so that I can
run arbitrary QMI commands over MBIM.
Thanks again!
Collin
On Mon, Jul 27, 2015 at 2:57 AM, Aleksander Morgado <
aleksander at aleksander.es> wrote:
> On Sat, Jul 25, 2015 at 12:55 AM, Collin McMillan <cmc at nd.edu> wrote:
> >
> > I have also read reports of some of these modems not supporting QMI, only
> > MBIM. I do have the latest firmware from Sierra.
> >
> > SO, I am now trying to get the QMI over MBIM procedure going, which is
> > rumored to exist. :-)
> >
> http://lists.freedesktop.org/archives/modemmanager-devel/2015-July/002087.html
> >
> > Apparently it is straight forward once you know what to do -- just send a
> > QMI message to MBIM service d1a30bc2-f97a-6e43-bf65-c7e24fb0f0d3. I can
> > verify that my modem has this service with:
> > mbimcli -d /dev/cdc-wdm0 --query-device-services
> >
> > This is where I am stuck. I suppose this is not possible with mbimcli,
> so I
> > am trying to write a utility using libmbim to send the QMI FCC auth
> command
> > through MBIM. Once I figure that out I am looking at adding that
> > functionality to mbimcli.
> >
> > Would anyone on the list have a few more clues? Specifically, do I need
> to
> > create the QMI command to wrap in libqmi first, or can it be done
> manually?
> > Is there a simplified/minimized API usage example somewhere for sending
> MBIM
> > commands? If not, mbimcli's code will do. :-)
>
> Sending a message through an MbimDevice is just about calling
> mbim_device_command() and getting the response with
> mbim_device_command_finish(); mbimcli is full of examples for that.
>
> The issue you have here is that QMI is not as easy; i.e. in order to
> send the QMI DMS Set FCC Auth command you first need to allocate a DMS
> client using the CTL service; then use the allocated DMS client ID in
> the QMI DMS Set FCC Auth command, and then release the DMS client
> using the CTL service again. I'm not sure if all these steps are
> required when using QMI over MBIM, but I'd assume that's the case. And
> the problem here is that all those steps (allocating DMS client,
> building and sending DMS Set FCC Auth, releasing DMS client) are done
> internally in libqmi. Otherwise, you'll need to use the raw QMI
> message API to build those messages:
>
> http://www.freedesktop.org/software/libqmi/libqmi-glib/1.12.0/libqmi-glib-QmiMessage.html
>
> Anyway, if I were to do it, I'd instead try to mix both libqmi and
> libmbim. E.g. Create a MbimDevice, which will take care of sending the
> MBIM messages and receiving responses. But then also create a
> QmiDevice, and pass the MbimDevice as 'transport' to the QmiDevice
> somehow. Then you would be able to use the QmiDevice transparently,
> using the underlying MbimDevice. This would require libqmi to depend
> on libmbim, but we could do it conditional with a configure switch, I
> don't think it's a big deal.
>
> --
> Aleksander
> https://aleksander.es
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/libmbim-devel/attachments/20150729/8f8ff4be/attachment.html>
More information about the libmbim-devel
mailing list