lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date:	Thu, 15 Dec 2011 11:02:22 +0100
From:	Bjørn Mork <bjorn@...k.no>
To:	Dan Williams <dcbw@...hat.com>
Cc:	netdev@...r.kernel.org, linux-usb@...r.kernel.org
Subject: Re: [PATCH 3/3] qmi_wwan: Driver for WWAN devices requiring use of the QMI protocol

Dan Williams <dcbw@...hat.com> writes:

> So I thought the protocol acronym stood for "Qualcomm MSM/Modem
> Interface"  (see
> https://www.codeaurora.org/gitweb/quic/le/?p=kernel/msm.git;a=commitdiff;h=5f6f87b51184e13b6c493012de787895d5d18765)

That's probably correct.  Don't know where I got the messaging part
from.  Should be corrected....

> In any case, great work here.  But I'm a bit concerned about how all
> this should fit together.  QMI is a huge protocol that does everything a
> modem would ever want to do, and we'd likely want to be able to speak
> QMI from userspace to the modem too so that modem managers can expose
> the full functionality of the modems.  For example Gobi modems have a
> very minimal AT command set and most of the functionality is exposed
> over QMI or DM.  That's why the Qualcomm GobiNet driver also
> exposed /dev/qmi for userspace access.

Yes, I believe some interface should be exported.  But my primary goal
was to make something that would just work as an ethernet device with a
minimum of external userspace dependencies.  And this modem seems to
have a fairly complete set of AT commands anyway.  Ideally I would want
to stick

 auto wwan0
 iface wwan0 inet dhcp

in my /etc/network/interface and not need any application for that to
work.  But I realize that I must enter a SIM PIN1 code first (unless
disabled), and that most users will want to configure a specific APN
(although the null APN "" most likely will work just fine).

But I agree that eventually the full QMI protocol should be made
available to userspace for other uses.  That should be fairly easy to do
if you just proxy the commands.  But I'm worring about the interface.
Is the /dev/qmi from GobiNet acceptable?  Why isn't it merged yet?
Wouldn't something like netlink have been more suitable?  How about
security and the ability to control privileges on a command to command
basis?  And are there users?  Note that even the Windows application
supplied with the modem uses AT commands for SMS sending/receiving etc.
The snoop I did showed a very minimal set of QMI commands.  These were
all Windows used for startup of the network interface (partly decoded by
me):


.tf = 0x01
.len = 0x000f
.ctrl = 0x00 control point
.service = 0x00
.qmicid = 0x00
.flags = 0x00 request
.tid = 0x01
.msgid = 0x0021
.len = 0x0004
[0x01] (1)  ff	.

.tf = 0x01
.len = 0x000f
.ctrl = 0x00 control point
.service = 0x00
.qmicid = 0x00
.flags = 0x00 request
.tid = 0x02
.msgid = 0x0021
.len = 0x0004
[0x01] (1)  ff	.

.tf = 0x01
.len = 0x000f
.ctrl = 0x00 control point
.service = 0x00
.qmicid = 0x00
.flags = 0x00 request
.tid = 0x03
.msgid = 0x0021
.len = 0x0004
[0x01] (1)  ff	.

.tf = 0x01
.len = 0x000f
.ctrl = 0x00 control point
.service = 0x00
.qmicid = 0x00
.flags = 0x00 request
.tid = 0x04
.msgid = 0x0021
.len = 0x0004
[0x01] (1)  ff	.

.tf = 0x01
.len = 0x000f
.ctrl = 0x00 control point
.service = 0x00
.qmicid = 0x00
.flags = 0x00 request
.tid = 0x05
.msgid = 0x0021
.len = 0x0004
[0x01] (1)  ff	.

.tf = 0x01
.len = 0x000f
.ctrl = 0x00 control point
.service = 0x00
.qmicid = 0x00
.flags = 0x00 request
.tid = 0x06
.msgid = 0x0021
.len = 0x0004
[0x01] (1)  ff	.

.tf = 0x01
.len = 0x000f
.ctrl = 0x00 control point
.service = 0x00
.qmicid = 0x00
.flags = 0x00 request
.tid = 0x07
.msgid = 0x0021
.len = 0x0004
[0x01] (1)  ff	.

.tf = 0x01
.len = 0x000f
.ctrl = 0x00 control point
.service = 0x00
.qmicid = 0x00
.flags = 0x00 request
.tid = 0x08
.msgid = 0x0021
.len = 0x0004
[0x01] (1)  ff	.

.tf = 0x01
.len = 0x000f
.ctrl = 0x00 control point
.service = 0x00
.qmicid = 0x00
.flags = 0x00 request
.tid = 0x09
.msgid = 0x0021
.len = 0x0004
[0x01] (1)  ff	.

.tf = 0x01
.len = 0x000b
.ctrl = 0x80 service
.service = 0x00
.qmicid = 0x00
.flags = 0x02 response
.tid = 0x00
.msgid = 0x0027
.len = 000000

.tf = 0x01
.len = 0x000f
.ctrl = 0x00 control point
.service = 0x00
.qmicid = 0x00
.flags = 0x00 request
.tid = 0x0a
.msgid = 0x0021
.len = 0x0004
[0x01] (1)  ff	.

.tf = 0x01
.len = 0x0057
.ctrl = 0x80 service
.service = 0x00
.qmicid = 0x00
.flags = 0x01 invalid
.tid = 0x0a
.msgid = 0x0021
.len = 0x004c
[0x02] (4) SUCCESS (0x0000) QMI_ERR_NONE
[0x01] (66)  0d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 d1 0e 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00	..................................................................

.tf = 0x01
.len = 0x000f
.ctrl = 0x00 control point
.service = 0x00
.qmicid = 0x00
.flags = 0x00 request
.tid = 0x0b
.msgid = 0x0022
.len = 0x0004
[0x01] (1)  02	.

.tf = 0x01
.len = 0x0017
.ctrl = 0x80 service
.service = 0x00
.qmicid = 0x00
.flags = 0x01 invalid
.tid = 0x0b
.msgid = 0x0022
.len = 0x000c
[0x02] (4) SUCCESS (0x0000) QMI_ERR_NONE
[0x01] (2)  02 01	..

.tf = 0x01
.len = 0x000c
.ctrl = 0x00 control point
.service = 0x02
.qmicid = 0x01
.flags = 0x00 request
.tid = 0x0001
.msgid = 0x0021
.len = 000000

.tf = 0x01
.len = 0x002b
.ctrl = 0x80 service
.service = 0x02
.qmicid = 0x01
.flags = 0x02 response
.tid = 0x0001
.msgid = 0x0021
.len = 0x001f
[0x02] (4) SUCCESS (0x0000) QMI_ERR_NONE
[0x01] (21)  51 55 41 4c 43 4f 4d 4d 20 49 4e 43 4f 52 50 4f 52 41 54 45 44	QUALCOMM INCORPORATED

.tf = 0x01
.len = 0x000c
.ctrl = 0x00 control point
.service = 0x02
.qmicid = 0x01
.flags = 0x00 request
.tid = 0x0002
.msgid = 0x0024
.len = 000000

.tf = 0x01
.len = 0x0013
.ctrl = 0x80 service
.service = 0x02
.qmicid = 0x01
.flags = 0x02 response
.tid = 0x0002
.msgid = 0x0024
.len = 0x0007
[0x02] (4) FAILED (0x0025) QMI_ERR_UIM_NOT_INITIALIZED

.tf = 0x01
.len = 0x000c
.ctrl = 0x00 control point
.service = 0x02
.qmicid = 0x01
.flags = 0x00 request
.tid = 0x0003
.msgid = 0x0025
.len = 000000

.tf = 0x01
.len = 0x0029
.ctrl = 0x80 service
.service = 0x02
.qmicid = 0x01
.flags = 0x02 response
.tid = 0x0003
.msgid = 0x0025
.len = 0x001d
[0x02] (4) SUCCESS (0x0000) QMI_ERR_NONE
[0x10] (1)  30	0
[0x11] (15)  38 36 30 39 39 39 30 30 30 30 32 33 37 30 37	860999000023707

.tf = 0x01
.len = 0x0010
.ctrl = 0x00 control point
.service = 0x00
.qmicid = 0x00
.flags = 0x00 request
.tid = 0x0c
.msgid = 0x0023
.len = 0x0005
[0x01] (2)  02 01	..

.tf = 0x01
.len = 0x0017
.ctrl = 0x80 service
.service = 0x00
.qmicid = 0x00
.flags = 0x01 invalid
.tid = 0x0c
.msgid = 0x0023
.len = 0x000c
[0x02] (4) SUCCESS (0x0000) QMI_ERR_NONE
[0x01] (2)  02 01	..

.tf = 0x01
.len = 0x000f
.ctrl = 0x00 control point
.service = 0x00
.qmicid = 0x00
.flags = 0x00 request
.tid = 0x0d
.msgid = 0x0022
.len = 0x0004
[0x01] (1)  01	.

.tf = 0x01
.len = 0x0017
.ctrl = 0x80 service
.service = 0x00
.qmicid = 0x00
.flags = 0x01 invalid
.tid = 0x0d
.msgid = 0x0022
.len = 0x000c
[0x02] (4) SUCCESS (0x0000) QMI_ERR_NONE
[0x01] (2)  01 01	..

.tf = 0x01
.len = 0x000f
.ctrl = 0x00 control point
.service = 0x00
.qmicid = 0x00
.flags = 0x00 request
.tid = 0x0e
.msgid = 0x0020
.len = 0x0004
[0x01] (1)  00	.

.tf = 0x01
.len = 0x0017
.ctrl = 0x80 service
.service = 0x00
.qmicid = 0x00
.flags = 0x01 invalid
.tid = 0x0e
.msgid = 0x0020
.len = 0x000c
[0x02] (4) SUCCESS (0x0000) QMI_ERR_NONE
[0x01] (2)  00 00	..

.tf = 0x01
.len = 0x000b
.ctrl = 0x80 service
.service = 0x00
.qmicid = 0x00
.flags = 0x02 response
.tid = 0x00
.msgid = 0x0027
.len = 000000

.tf = 0x01
.len = 0x000b
.ctrl = 0x80 service
.service = 0x00
.qmicid = 0x00
.flags = 0x02 response
.tid = 0x00
.msgid = 0x0027
.len = 000000

.tf = 0x01
.len = 0x000b
.ctrl = 0x80 service
.service = 0x00
.qmicid = 0x00
.flags = 0x02 response
.tid = 0x00
.msgid = 0x0027
.len = 000000

.tf = 0x01
.len = 0x000f
.ctrl = 0x00 control point
.service = 0x00
.qmicid = 0x00
.flags = 0x00 request
.tid = 0x0f
.msgid = 0x0022
.len = 0x0004
[0x01] (1)  02	.

.tf = 0x01
.len = 0x0017
.ctrl = 0x80 service
.service = 0x00
.qmicid = 0x00
.flags = 0x01 invalid
.tid = 0x0f
.msgid = 0x0022
.len = 0x000c
[0x02] (4) SUCCESS (0x0000) QMI_ERR_NONE
[0x01] (2)  02 02	..

.tf = 0x01
.len = 0x000c
.ctrl = 0x00 control point
.service = 0x02
.qmicid = 0x02
.flags = 0x00 request
.tid = 0x0001
.msgid = 0x0022
.len = 000000

.tf = 0x01
.len = 0x0017
.ctrl = 0x80 service
.service = 0x02
.qmicid = 0x02
.flags = 0x02 response
.tid = 0x0001
.msgid = 0x0022
.len = 0x000b
[0x02] (4) SUCCESS (0x0000) QMI_ERR_NONE
[0x01] (1)  30	0

.tf = 0x01
.len = 0x000f
.ctrl = 0x00 control point
.service = 0x00
.qmicid = 0x00
.flags = 0x00 request
.tid = 0x10
.msgid = 0x0022
.len = 0x0004
[0x01] (1)  01	.

.tf = 0x01
.len = 0x0017
.ctrl = 0x80 service
.service = 0x00
.qmicid = 0x00
.flags = 0x01 invalid
.tid = 0x10
.msgid = 0x0022
.len = 0x000c
[0x02] (4) SUCCESS (0x0000) QMI_ERR_NONE
[0x01] (2)  01 02	..

.tf = 0x01
.len = 0x000c
.ctrl = 0x00 control point
.service = 0x01
.qmicid = 0x02
.flags = 0x00 request
.tid = 0x0002
.msgid = 0x0022
.len = 000000

.tf = 0x01
.len = 0x0017
.ctrl = 0x80 service
.service = 0x01
.qmicid = 0x02
.flags = 0x02 response
.tid = 0x0002
.msgid = 0x0022
.len = 0x000b
[0x02] (4) SUCCESS (0x0000) QMI_ERR_NONE
[0x01] (1)  01	.



> Second, does the modem actually respond to DHCP over the ECM interface?

Yes.  And IMHO that's the only sensible thing to do.  Cannot be very
difficult to implement that feature in the firmware.  It's not like you
need to write a dhcp server.  You know you have only a single client on
the other end of a point-to-point link, and the address configuration is
given.  And all broadcast/multicast requires special treatment anyway.
I actually thought about implementing the DHCP functionality in the
driver before I knew that the firmware already provided this.

FWIW, the Windows driver implementation also depends on DHCP for address
configuration .

> If you take a look at the Android rmnet code (which is similar to your
> driver) you'll see they extract the IP address and DNS details from the
> QMI response.  Do we need to do that here too?

Based on the above, I don't think so.  

And if you still want to extract address details without using DHCP,
then that information is available via the AT^DHCP? command anyway.  You
don't need QMI for that part.



Bjørn
--
To unsubscribe from this list: send the line "unsubscribe netdev" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Powered by blists - more mailing lists