<div dir="ltr">Ok great, I'll keep at it!<br></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Jul 29, 2015 at 4:54 PM, Bjørn Mork <span dir="ltr"><<a href="mailto:bjorn@mork.no" target="_blank">bjorn@mork.no</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">Collin McMillan <<a href="mailto:cmc@nd.edu">cmc@nd.edu</a>> writes:<br>
<br>
> Hi Folks<br>
><br>
> I have been continuing to look at this -- it's a really interesting problem<br>
> and library! Before I dive into libqmi, I'm trying to make it work for a<br>
> specific case in libmbim. I'm just trying to make a program that sends QMI<br>
> messages to the QMI-over-MBIM service.<br>
><br>
> If I understand correctly, all I need to do is send a message like this one:<br>
><br>
> 03 00 00 00 40 00 00 00 04 00 00 00 01 00 00 00 00 00 00 00 D1 A3 0B C2 F9<br>
> 7A 6E 43 BF 65 C7 E2 4F B0 F0 D3 01 00 00 00 01 00 00 00 10 00 00 00 01 0C<br>
> 00 00 02 01 00 01 00 5F 55 00 00 00 00 00<br>
><br>
</span>> Checking the spec (<a href="http://caxapa.ru/thumbs/334029/MBIM_v1_0_USBIF_FINAL.pdf" rel="noreferrer" target="_blank">http://caxapa.ru/thumbs/334029/MBIM_v1_0_USBIF_FINAL.pdf</a>),<br>
<div><div class="h5">> that means:<br>
><br>
> 03 00 00 00: MessageType, 3 for command, see table 9.1 in the above PDF<br>
> 40 00 00 00: MessageLength, 64 bytes<br>
> 04 00 00 00: TransactionID, libmbim picked this for me<br>
><br>
> 01 00 00 00 00 00 00 00: FragmentHeader (table 9.3)<br>
> D1 ... D3: 16 bytes for the service UUID<br>
> 01 00 00 00: CID, I believe this has to be 1 because 1 is the only CID<br>
> listed as possible on this service (see my output of mbimcli -d<br>
> /dev/cdc-wdm0 --query-device-services in an above email)<br>
> 01 00 00 00: 1 for a SET operation (table 9-6 in the spec PDF)<br>
> 10 00 00 00: InformationBufferLength, 16 bytes<br>
> 01 0C...end: InformationBuffer<br>
><br>
> Then InformationBuffer is the QMI message. In this case, I sent:<br>
> 01 0C 00 00 02 01 00 01 00 5F 55 00 00<br>
><br>
> I got this from running:<br>
> qmicli -d /dev/cdc-wdm0 --dms-set-fcc-authentication -v --client-cid=1<br>
> This command fails, but it does output the raw data sent to the device,<br>
> using the verbose flag.<br>
><br>
><br>
> Anyway, what I have now is:<br>
> 1) A modified version of libmbim 1.12.2 that includes a new service called<br>
> QMIOVER. I can send all the gory details, but essentially it is just a new<br>
> data/json service file, and several appropriate changes to libmbim e.g. to<br>
> mbim-cid.h/c and mbim-uuid.h/.c.<br>
><br>
> //<br>
> *********************************************************************************<br>
> { "type" : "Service",<br>
> "name" : "QMI Over" },<br>
><br>
> //<br>
> *********************************************************************************<br>
> { "name" : "qmi",<br>
> "service" : "QMIOver",<br>
> "type" : "Command",<br>
> "set" : [ { "name" : "QmiMsg",<br>
> "format" : "byte-array",<br>
> "array-size" : "16" } ],<br>
> "response" : [ { "name" : "QMUX",<br>
> "format" : "byte-array",<br>
> "array-size" : "65" } ] }<br>
><br>
><br>
> 2) A pretty ugly stripped down version of mbimcli, that just opens the<br>
> device, tries to send a QMI allocate CID message, then the FCC message, and<br>
> the closes the device. Here's the relevant output of that program (same a<br>
> mbimcli's verbose output):<br>
><br>
> [29 Jul 2015, 16:06:01] -Error ** mbim_cid_get_printable: assertion<br>
> 'service > MBIM_SERVICE_INVALID' failed<br>
> [29 Jul 2015, 16:06:01] [Debug] [/dev/cdc-wdm0] Received message<br>
> (translated)...<br>
>>>>>>> Header:<br>
>>>>>>> length = 72<br>
>>>>>>> type = command-done (0x80000003)<br>
>>>>>>> transaction = 3<br>
>>>>>>> Fragment header:<br>
>>>>>>> total = 1<br>
>>>>>>> current = 0<br>
>>>>>>> Contents:<br>
>>>>>>> status error = 'None' (0x00000000)<br>
>>>>>>> service = 'invalid' (d1a30bc2-f97a-6e43-bf65-c7e24fb0f0d3)<br>
>>>>>>> cid = '(null)' (0x00000001)<br>
><br>
> [29 Jul 2015, 16:06:01] [Debug] Asynchronously sending QMI test message...<br>
> [29 Jul 2015, 16:06:01] [Debug] [/dev/cdc-wdm0] Sent message...<br>
> <<<<<< RAW:<br>
> <<<<<< length = 64<br>
> <<<<<< data =<br>
> 03:00:00:00:40:00:00:00:04:00:00:00:01:00:00:00:00:00:00:00:D1:A3:0B:C2:F9:7A:6E:43:BF:65:C7:E2:4F:B0:F0:D3:01:00:00:00:01:00:00:00:10:00:00:00:01:0C:00:00:02:01:00:01:00:5F:55:00:00:00:00:00<br>
><br>
> [29 Jul 2015, 16:06:01] -Error ** mbim_cid_get_printable: assertion<br>
> 'service > MBIM_SERVICE_INVALID' failed<br>
> [29 Jul 2015, 16:06:01] [Debug] [/dev/cdc-wdm0] Sent message (translated)...<br>
> <<<<<< Header:<br>
> <<<<<< length = 64<br>
> <<<<<< type = command (0x00000003)<br>
> <<<<<< transaction = 4<br>
> <<<<<< Fragment header:<br>
> <<<<<< total = 1<br>
> <<<<<< current = 0<br>
> <<<<<< Contents:<br>
> <<<<<< service = 'invalid' (d1a30bc2-f97a-6e43-bf65-c7e24fb0f0d3)<br>
> <<<<<< cid = '(null)' (0x00000001)<br>
> <<<<<< type = 'set' (0x00000001)<br>
><br>
> [29 Jul 2015, 16:06:01] [Debug] [/dev/cdc-wdm0] Received message...<br>
>>>>>>> RAW:<br>
>>>>>>> length = 48<br>
>>>>>>> data =<br>
> 03:00:00:80:30:00:00:00:04:00:00:00:01:00:00:00:00:00:00:00:D1:A3:0B:C2:F9:7A:6E:43:BF:65:C7:E2:4F:B0:F0:D3:01:00:00:00:02:00:00:00:00:00:00:00<br>
><br>
> [29 Jul 2015, 16:06:01] -Error ** mbim_cid_get_printable: assertion<br>
> 'service > MBIM_SERVICE_INVALID' failed<br>
> [29 Jul 2015, 16:06:01] [Debug] [/dev/cdc-wdm0] Received message<br>
> (translated)...<br>
>>>>>>> Header:<br>
>>>>>>> length = 48<br>
>>>>>>> type = command-done (0x80000003)<br>
>>>>>>> transaction = 4<br>
>>>>>>> Fragment header:<br>
>>>>>>> total = 1<br>
>>>>>>> current = 0<br>
>>>>>>> Contents:<br>
>>>>>>> status error = 'Failure' (0x00000002)<br>
>>>>>>> service = 'invalid' (d1a30bc2-f97a-6e43-bf65-c7e24fb0f0d3)<br>
>>>>>>> cid = '(null)' (0x00000001)<br>
><br>
> (BTW, I am not sure why the mbim_cid_get_printable function gives an error<br>
> here -- I have added the service macros, etc., everywhere I can find)<br>
><br>
> Yes, this is a serious hack job at this point, but I am wondering if you<br>
> could tell me if I'm on the right track here. :-) It seems that I *can*<br>
> communicate with the QMI interface, but that the FCC message is failing for<br>
> some reason. It could be that I am allocating the CID improperly, or that<br>
> the FCC message is improperly formatted, or that I am missing some other<br>
> step.<br>
><br>
> Once I wrap my mind completely around the problem, I'm going take your<br>
> suggestion and combine it with libqmi. Then, modify qmicli so that I can<br>
> run arbitrary QMI commands over MBIM.<br>
><br>
><br>
> Thanks again!<br>
<br>
</div></div>The above looks basically fine to me. I cannot see any obvious reason<br>
why it fails. But it's an MBIM failure, so I don't think it's related<br>
to the actual QMI message. There's probably some weird formatting<br>
thing missing.<br>
<br>
I do notice that you send a 16 byte InfoBuffer with a zero-padded 13<br>
byte QMI message. Maybe that doesn't work?<br>
<br>
FWIW, here's a transaction sequence I used when I briefly tested this a<br>
month ago. As you can see, I used the exact QMI message length for the<br>
MBIM InfoBuffer:<br>
<br>
<br>
MBIM OPEN:<br>
01 00 00 00 10 00 00 00 01 00 00 00 00 10 00 00<br>
<br>
MBIM OPEN_DONE:<br>
01 00 00 80 10 00 00 00 01 00 00 00 00 00 00 00<br>
<br>
CTL 0x0022 request:<br>
03 00 00 00 40 00 00 00 05 00 00 00 01 00 00 00 00 00 00 00 d1 a3 0b c2 f9 7a 6e 43 bf 65 c7 e2 4f b0 f0 d3 01 00 00 00 01 00 00 00 10 00 00 00 01 0f 00 00 00 00 00 04 22 00 04 00 01 01 00 02<br>
<br>
CTL 0x0022 response:<br>
03 00 00 80 48 00 00 00 05 00 00 00 01 00 00 00 00 00 00 00 d1 a3 0b c2 f9 7a 6e 43 bf 65 c7 e2 4f b0 f0 d3 01 00 00 00 00 00 00 00 18 00 00 00 01 17 00 80 00 00 01 04 22 00 0c 00 02 04 00 00 00 00 00 01 02 00 02 34<br>
<br>
DMS 0x555b request:<br>
03 00 00 00 3d 00 00 00 07 00 00 00 01 00 00 00 00 00 00 00 d1 a3 0b c2 f9 7a 6e 43 bf 65 c7 e2 4f b0 f0 d3 01 00 00 00 01 00 00 00 0d 00 00 00 01 0c 00 00 02 34 00 06 00 5b 55 00 00<br>
<br>
DMS 0x555b response:<br>
03 00 00 80 5d 00 00 00 07 00 00 00 01 00 00 00 00 00 00 00 d1 a3 0b c2 f9 7a 6e 43 bf 65 c7 e2 4f b0 f0 d3 01 00 00 00 00 00 00 00 2d 00 00 00 01 2c 00 80 02 34 02 06 00 5b 55 20 00 02 04 00 00 00 00 00 10 01 00 13 11 12 00 11 06 07 08 09 0a 0b 0c 0d 0e 0f 10 11 12 13 14 15 16<br>
<br>
CTL 0x0023 request:<br>
03 00 00 00 41 00 00 00 09 00 00 00 01 00 00 00 00 00 00 00 d1 a3 0b c2 f9 7a 6e 43 bf 65 c7 e2 4f b0 f0 d3 01 00 00 00 01 00 00 00 11 00 00 00 01 10 00 00 00 00 00 08 23 00 05 00 01 02 00 02 34<br>
<br>
CTL 0x0023 response:<br>
03 00 00 80 48 00 00 00 09 00 00 00 01 00 00 00 00 00 00 00 d1 a3 0b c2 f9 7a 6e 43 bf 65 c7 e2 4f b0 f0 d3 01 00 00 00 00 00 00 00 18 00 00 00 01 17 00 80 00 00 01 08 23 00 0c 00 02 04 00 00 00 00 00 01 02 00 02 34<br>
<br>
MBIM CLOSE<br>
02 00 00 00 0c 00 00 00 0a 00 00 00<br>
<br>
MBIM CLOSE_DONE<br>
02 00 00 80 10 00 00 00 0a 00 00 00 00 00 00 00<br>
<span class="HOEnZb"><font color="#888888"><br>
<br>
<br>
Bjørn<br>
</font></span><div class="HOEnZb"><div class="h5">_______________________________________________<br>
libmbim-devel mailing list<br>
<a href="mailto:libmbim-devel@lists.freedesktop.org">libmbim-devel@lists.freedesktop.org</a><br>
<a href="http://lists.freedesktop.org/mailman/listinfo/libmbim-devel" rel="noreferrer" target="_blank">http://lists.freedesktop.org/mailman/listinfo/libmbim-devel</a><br>
</div></div></blockquote></div><br></div>