Re: Novatel Wireless power cycle

[Dan Williams <dcbw redhat com>]

On Thu, 2012-10-11 at 17:22 -0400, David Pfeffer wrote:
> I've obtained it directly from a software engineer at Novatel named
> Ali Taheri, also included on the email was Charles Wang. I was never
> asked to sign anything. The SDK is closed source (distributed as a
> shared object) but can be easily captured using strace. I can
> definitely get you the sequence for power on as well, I just hadn't
> bothered yet.

In regards to the original question, the interesting thing is what the
code is actually checking before it decides to offline/online the modem.

I don't believe this is an actual *power* cycle (which is what RESET
would do, not OFFLINE) but it probably is something like "airplane mode"
and thus kills power to most of the RF bits.  Thus when setting ONLINE
mode, you'll reinitialize all that and everything is kittens and
rainbows.

So what would be interesting for us is to get the responses from the SDK
to the Call Manager status and the Novatel subsystem state info commands
that I detailed, and then perhaps the output of those commands when
things are working.  Comparing the two, we could possibly find out what
the problem is and when we may need to offline/online the device.

Dan

> On Thu, Oct 11, 2012 at 5:23 PM, Dan Williams <dcbw redhat com> wrote:
> >
> > On Thu, 2012-10-11 at 16:20 -0500, Dan Williams wrote:
> > > On Thu, 2012-10-11 at 08:45 -0400, David Pfeffer wrote:
> > > > Hi all,
> > > >
> > > >
> > > > I noticed in the modemmanager Novatel plugin code there's nothing
> > > > there to power cycle the modem on disable/enable. This is a problem
> > > > for me since I've found that one modem in particular, the MC760, it'll
> > > > sometimes get into this state where the radio always tells the modem
> > > > there's No Carrier until you power cycle it.
> > > >
> > > >
> > > > I don't know about the GSM devices, but I've been developing for a
> > > > little while now with the CDMA devices. There's definitely a way to do
> > > > it. Using strace and the NovaCore SDK (which I have obtained from
> > > > Novatel's software development department and without signing an NDA),
> > > > I've found that the following goes out over the QCDM port when you
> > > > turn the radio off in the SDK:
> > > >
> > > >
> > > > write(4, "K\17\0\0\273`~", 7)           = 7
> > > > write(4, "K\372\7\0\7\377\377\0\0\344o~", 12) = 12
> > > > write(4, "K\17\0\0\273`~", 7)           = 7
> > > > write(4, ")\1\0001@~", 6)               = 6
> > > > write(4, "K\17\0\0\273`~", 7)           = 7
> > > > write(4, "K\17\0\0\273`~", 7)           = 7
> > >
> > > They break down like this:
> > >
> > > K = DIAG_CMD_SUBSYS
> > > \17 (decimal 15) = DIAG_SUBSYS_CM (call manager)
> > > \0\0 = DIAG_SUBSYS_CM_STATE_INFO
> > >
> > > K = DIAG_CMD_SUBSYS
> > > \372 (decimal 250) = DIAG_SUBSYS_RESERVED_OEM_0
> > > \7\0 (0x7) = DIAG_SUBSYS_NW_CONTROL_MODEM_SNAPSHOT
> > > \7 = DIAG_SUBSYS_NW_CONTROL_MODEM_SNAPSHOT_TECH_CDMA_EVDO
> > > \377\377\0\0 = snapshot mask
> > >
> > > ) = DIAG_CMD_CONTROL
> > > \1 = DM_CONTROL_MODE_OFFLINE
> >
> > Forgot to mention the last 3 bytes in all of these are the CRC-16 and
> > 0x7E.  The DM/DIAG packet format is <cmdcode><stuff><crc-16><0x7E>.  And
> > of course everything before the 0x7E is HDLC encoded so that 0x7E never
> > appears in the body, and thus you can use it as the frame marker.
> >
> > Dan
> >
> > > So basically it's querying the generic modem state using the Call
> > > Manager subsystem (see DMCmdSubsysCMStateInfoRsp in libqcdm), and then
> > > it's asking for the Novatel-specific subsystem state (see
> > > DMCmdSubsysNwSnapshotRsp and DMCmdSubsysNwSnapshotCdma in libqcdm) and
> > > then it's telling the modem to go offline.  I'll assume at some point it
> > > tells the modem to go back online too :)
> > >
> > > > However, I have no idea what this means -- I can't find any
> > > > documentation to speak of for QCDM so its just opaque binary to me.
> > >
> > > Because there isn't unless you sign NDAs with Qualcomm, and then you
> > > can't do anything open-source with it.  So we've basically reverse
> > > engineered some stuff we need for ModemManager:
> > >
> > > http://cgit.freedesktop.org/ModemManager/ModemManager/tree/libqcdm
> > >
> > > and perhaps more specifically:
> > >
> > > http://cgit.freedesktop.org/ModemManager/ModemManager/tree/libqcdm/src/dm-commands.h
> > >
> > > The actual C API that clients of libqcdm should use is commands.h
> > > though, since the rest of the stuff is pretty low-level and the
> > > internals might change around if we discover something new later, which
> > > is why the commands.h uses the QcdmResult structure instead of hardcoded
> > > returned parameters.
> > >
> > > > If someone is willing to assist me with the QCDM portion or give me
> > > > some pointers, I'd be happy to reverse engineer power off, power on,
> > > > and reset, and contribute a patch back. Again this is just for CDMA
> > > > --
> > >
> > > The CONTROL command works for both GSM and CDMA devices actually.  I'm
> > > just missing the define for "online" so if you can capture that, that
> > > would be great.  I'm pretty sure it'll be something like:
> > >
> > > write(4, ")\0\0001@~", 6) or write(4, ")\3\0001@~", 6)
> > >
> > > there are a bunch of modes though, but I'm guessing that "online" is
> > > mode 0.
> > >
> > > > the NovaCore SDK does support GSM devices but I don't own one. If
> > > > someone else has one, I can send you the NovaCore SDK to reverse
> > > > engineer this for GSM modems.
> > >
> > > What license is the NovaCore SDK distributed under?  That has a great
> > > deal to do with whether or not it can just be sent around.  If you've
> > > obtained it under a method compatible with the license (ie, directly
> > > from Novatel) that's probably fine, but downloading it off some Chinese
> > > site may not be.  Also note that even though the EULA or license may
> > > prohibit reverse engineering (almost all software EULAs do), it's
> > > actually completely legal for the purpose of interoperability, which is
> > > what we're doing here with libqcdm.  But it still depends on how you got
> > > it...
> > >
> > > I typically use a Windows connection manager and sniff the USB packets,
> > > since all the connection managers are legally obtainable via the carrier
> > > or manufacturers websites, or even in the firmware on the dongles
> > > themselves.  Helps keep the legal things clearer.
> > >
> > > Dan
> > >
> > > _______________________________________________
> > > networkmanager-list mailing list
> > > networkmanager-list gnome org
> > > https://mail.gnome.org/mailman/listinfo/networkmanager-list
> >
> >