Category: Dicas

Accessing Internet from NuttX PPP Connection

As you know I was facing some issues to get PPPD connection working:

https://acassis.wordpress.com/2019/02/10/debugging-pppd-using-quectel-m95-on-samd21-board/

Then I received a comment from Vladimir Novikov (thank you!) at that post commenting the issues was introduced some time ago at this commit:

https://bitbucket.org/nuttx/apps/commits/cddfda99f0a519681b894b7a12560406c4372cfb

And he suggested me adding this line to lcp.c:

          tptr = bptr;
+          bptr += 4;
          error = 0;

Before testing this suggestion I received an email from Quectel Brasil support (thanks Micael Lisboa) suggesting run this AT cmd:

AT+QACCM=0,0

Micael’s suggestion worked fine.

But I decided to contact the author of the modification (Xiao Xiang) and he explained that the bptr was already increased by 4 compared to original code. And in fact he was correct.

Anyway I decided to test Vladimir’s suggestion that also worked. So we need to investigate it in more details to understand what is happening.

BTW since the AT command was working for me I decided to follow with my tests.

After PPPD connection was established it was getting IP:

nsh> ifconfig
ppp0    Link encap:TUN at UP
        inet addr:100.75.210.38 DRaddr:192.168.254.254 Mask:0.0.0.0

But ping command was crashing:

nsh> ping 8.8.8.8

PINGup_assert: Assertion failed at file:armv6-m/up_hardfault.c line: 139
up_registerdump: R0: 20000a78 00000000 00000000 00004a64 20000819
20006f8c 20000a78 00000000
up_registerdump: R8: 00000000 00000000 00000000 00000000 20000414
20003fa0 0000b54f 00009dd6
up_registerdump: xPSR: 21000000 PRIMASK: 00000000
up_dumpstate: sp:         20003ee8
up_dumpstate: stack base: 20004040
up_dumpstate: stack size: 000007e4
up_stackdump: 20003ee0: 2000385c 000009c5 00000000 00000000 00000000
20000414 20003fa0 0000b54f
up_stackdump: 20003f00: 00009dd6 00000000 00013437 00000000 00000000
00000000 20000000 00000018
up_stackdump: 20003f20: 00000003 20003f58 00000000 00000c03 00000018
000010e3 20001e5c 00000ab9
up_stackdump: 20003f40: 00000000 00000000 00000000 20000a78 00000000
000002ab 20003fa0 00000000
up_stackdump: 20003f60: 20000819 20006f8c 20000a78 00000000 00000000
00000000 00000000 00000000
up_stackdump: 20003f80: 20000a78 00000000 00000000 00004a64 20000414
0000b54f 00009dd6 21000000
up_stackdump: 20003fa0: 20000a78 00004000 20006f8c 00004000 2000077c
00009d5d 00000000 0000b54f
up_stackdump: 20003fc0: 00000000 20000a78 00004000 00000000 20000a78
0000fd1d 20001f2c 0000b7f1
up_stackdump: 20003fe0: 00000000 0000b34b 200007f0 20000a74 00000000
0000ff3f 200007f8 00001ee9
up_stackdump: 20004000: 00000000 00001bcf ffffffff 00000000 20001de8
00020000 00000000 00000101
up_stackdump: 20004020: 00000000 00000000 00000000 0000144b 00000101
0000140f 00000000 00000000

After much debugging and with Greg’s help I noticed the “srcipaddr” was not aligned:

(gdb)
194       net_ipv4addr_hdrcopy(ipv4->srcipaddr, &dev->d_ipaddr);
(gdb) p &ipv4->srcipaddr
$1 = (uint16_t (*)[2]) 0x20000c41 
(gdb) p &dev->d_ipaddr
$2 = (in_addr_t *) 0x20000eac 

See, it was at 0x20000c41 that is an odd address position.

Almost instantly Greg found the source of this issue: it was the TUN/TAP driver that was defining the read_buf at odd position:

 142   bool              read_wait;
 143
 144   uint8_t           read_buf[CONFIG_NET_TUN_PKTSIZE];
 145   size_t            read_d_len;
 146   uint8_t           write_buf[CONFIG_NET_TUN_PKTSIZE];

Moving the “size_t read_d_len;” to the line above read_buf[] fixed the issue!

Now ping is not crashing and I was able to ping the Google’s DNS 8.8.8.8:

nsh> ping 8.8.8.8
PING 8.8.8.8 56 bytes of data
56 bytes from 8.8.8.8: icmp_seq=0 time=1010 ms
56 bytes from 8.8.8.8: icmp_seq=2 time=1260 ms
56 bytes from 8.8.8.8: icmp_seq=2 time=370 ms
56 bytes from 8.8.8.8: icmp_seq=4 time=1080 ms
56 bytes from 8.8.8.8: icmp_seq=4 time=490 ms
56 bytes from 8.8.8.8: icmp_seq=5 time=870 ms
56 bytes from 8.8.8.8: icmp_seq=6 time=560 ms
56 bytes from 8.8.8.8: icmp_seq=7 time=930 ms
56 bytes from 8.8.8.8: icmp_seq=8 time=640 ms
56 bytes from 8.8.8.8: icmp_seq=9 time=1010 ms
10 packets transmitted, 10 received, 0% packet loss, time 10100 ms

How to use git behind proxy

I was willing to use git behind company proxy.

Then I found these tips:

https://stackoverflow.com/questions/2088156/git-through-digest-proxy-authentication

Unfortunately just adding it didn’t work:

git config --global http.proxy "http://USERNAME:PASSWORD@IP:PORT"
git config --global https.proxy "https://USERNAME:PASSWORD@IP:PORT"

Searching a little bit more I found the final piece:

https://askubuntu.com/questions/1061945/not-able-to-connect-to-github-via-proxy

git config --global http.proxyAuthMethod 'basic'

Learning the new NuttX PPPD/CHAT script

Probably you already know it, but I will reinforce the idea: “Changing is the only constant thing!”

So we need to change and to adapt all the time.

Why am I saying these “non-sense” words? Let me explain…

This is a sample of the old NuttX PPPD/Chat script:

static struct chat_script_s connect_script =
{
  .timeout = 30,
  .lines =
  {
    {"AT",                                 "OK"},
    {"AT+CGDCONT = 1,\"IP\",\"internet\"", "OK"},
    {"ATD*99***1#",                        "CONNECT"},
    {0, 0}
  },
};

static struct chat_script_s disconnect_script =
{
  .timeout = 30,
  .lines =
  {
    {"ATZ",                                "OK"},
    {0, 0}
  },
};

Very easy to understand, don’t you think? Basically you have the AT command and the expected result.

But it had a drawback, you had a structure with internal parameters fields (i.e. timeout) and AT commands strings.

Now the new script is basically a sequence of string lines, or basically a single string:

static FAR const char connect_script[] =
  "ECHO ON "
  "TIMEOUT 30 "
  "\"\" ATE1 "
  "OK AT+CGDCONT=1,\\\"IP\\\",\\\"internet\\\" "
  "OK ATD*99***1# "
  "CONNECT \\c";

static FAR const char disconnect_script[] =
  "\"\" ATZ "
  "OK \\c";

Unfortunately this is not that simple: we have internal commands: “ECHO”, “TIMEOUT”, etc and AT string commands. And internal commands don’t expect a return string as AT commands do.

So, what should be the expected result string of ATE1 command? If you think it is an empty string “”, using the original script logic, you are wrong. The expect result is in the below line “OK AT+CGDCONT=1…”, yes “ATE1” expects an “OK” that is in the below line.

Same way “ATD*99***1#” doesn’t expect an “OK”, but a “CONNECT” that is in the next line.

It is a little bit complex, it should exist a documentation explaining how it works. At least this post make a brief introduction to this subject.

Using MODBUS RTU with NuttX

MODBUS is an old protocol used on industrial automation. Although it is an “old” protocol, it still used on many industrial devices.

There are many articles about this protocol in the Internet, but most are very shallow. This guy has a fair introduction about MODBUS:

https://www.lammertbies.nl/comm/info/modbus.html

I spent some time (few days) to get it working on NuttX. First I implemented the DIR pin control for SAMD21 microcontroller and submitted to mainline: https://bitbucket.org/nuttx/nuttx/commits/a34c9733bcac707be803a27c91fec7406bda310b and also fixed a serial issue that was preventing the serial driver from working: https://bitbucket.org/nuttx/nuttx/commits/db0b9b7c34ddcf098059bb51d73d03d45b3f69b7

Then after spending many hours trying to get my computer communicating with SAMD21 board I discovered that the guilt was the USB/RS485 Dongle I was using.

Replacing it with a common USB/Serial (CP2102) and with a MAX485 module, like this: https://www.aliexpress.com/item/2PCS-MAX485-module-RS-485-module-TTL-to-RS-485-module/2055143247.html , solved the issue.

I connected this way:

+-----------------------------------------+
| USB/Serial (CP2102)   |   MAX485 Module |
+-----------------------+-----------------+
|          RXD          |       RO        |
|          TXD          |       RI        |
|          RTS          |     DE + RE     |
|          GND          |       GND       |
|          +5V          |       VCC       |
+-----------------------+-----------------+

This is the listing of features enabled on NuttX:

Serial SERCOM5 Config:

CONFIG_SAMD2L2_SERCOM5_ISUSART=y
CONFIG_USART5_RS485MODE=y
CONFIG_USART5_RS485_DIR_POLARITY=1

We need support to POLL (so don’t select the disable POLL)

# CONFIG_DISABLE_POLL is not set

FreeModbus config:

CONFIG_MODBUS=y
CONFIG_MB_FUNC_HANDLERS_MAX=16
CONFIG_MODBUS_SLAVE=y
CONFIG_MB_ASCII_ENABLED=y
CONFIG_MB_RTU_ENABLED=y
# CONFIG_MB_TCP_ENABLED is not set
CONFIG_MB_ASCII_TIMEOUT_SEC=1
CONFIG_MB_ASCII_TIMEOUT_WAIT_BEFORE_SEND_MS=0
CONFIG_MB_FUNC_OTHER_REP_SLAVEID_BUF=32
CONFIG_MB_FUNC_OTHER_REP_SLAVEID_ENABLED=y
CONFIG_MB_FUNC_READ_INPUT_ENABLED=y
CONFIG_MB_FUNC_READ_HOLDING_ENABLED=y
CONFIG_MB_FUNC_WRITE_HOLDING_ENABLED=y
CONFIG_MB_FUNC_WRITE_MULTIPLE_HOLDING_ENABLED=y
CONFIG_MB_FUNC_READ_COILS_ENABLED=y
CONFIG_MB_FUNC_WRITE_COIL_ENABLED=y
CONFIG_MB_FUNC_WRITE_MULTIPLE_COILS_ENABLED=y
CONFIG_MB_FUNC_READ_DISCRETE_INPUTS_ENABLED=y
CONFIG_MB_FUNC_READWRITE_HOLDING_ENABLED=y
# CONFIG_MODBUS_MASTER is not set

Modbus example:

CONFIG_EXAMPLES_MODBUS=y
CONFIG_EXAMPLES_MODBUS_PORT=0
CONFIG_EXAMPLES_MODBUS_BAUD=38400
CONFIG_EXAMPLES_MODBUS_PARITY=2
CONFIG_EXAMPLES_MODBUS_REG_INPUT_START=1000
CONFIG_EXAMPLES_MODBUS_REG_INPUT_NREGS=4
CONFIG_EXAMPLES_MODBUS_REG_HOLDING_START=2000
CONFIG_EXAMPLES_MODBUS_REG_HOLDING_NREGS=130

After compiling and flashing the nuttx.bin, run the modbus:

NuttShell (NSH)
nsh> modbus -e

From computer side I used the “mbpoll” program:

$ mbpoll -a 10 -b 38400 -t 3 -r 1000 -c 4 /dev/ttyUSB0 -R
mbpoll 1.4-11 - FieldTalk(tm) Modbus(R) Master Simulator
Copyright © 2015-2019 Pascal JEAN, https://github.com/epsilonrt/mbpoll
This program comes with ABSOLUTELY NO WARRANTY.
This is free software, and you are welcome to redistribute it
under certain conditions; type 'mbpoll -w' for details.

Protocol configuration: Modbus RTU
Slave configuration...: address = [10]
start reference = 1000, count = 4
Communication.........: /dev/ttyUSB0,      38400-8E1
t/o 1.00 s, poll rate 1000 ms
Data type.............: 16-bit register, input register table

-- Polling slave 10... Ctrl-C to stop)
[1000]: 	40122 (-25414)
[1001]: 	0
[1002]: 	0
[1003]: 	0
-- Polling slave 10... Ctrl-C to stop)
[1000]: 	832
[1001]: 	0
[1002]: 	0
[1003]: 	0
-- Polling slave 10... Ctrl-C to stop)
[1000]: 	24996
[1001]: 	0
[1002]: 	0
[1003]: 	0
-- Polling slave 10... Ctrl-C to stop)
[1000]: 	3747
[1001]: 	0
[1002]: 	0
[1003]: 	0

This is an image of pulseview sniffing the bus:

That is it, very easy after you get it working.

Thanks Daniel Carvalho for the help and suggestions to fix the issue.

I used this online tool to check my modbus packets:

http://modbus.rapidscada.net

Checking the CRC-8 PEC byte of MLX90614

I am creating a NuttX device driver for Melexis MLX90614 and it is a nice adventure.

First I downloaded the adafruit lib and tested it on Arduino Uno just to confirm the sensor was working, but I didn’t look the source code because I always prefer to read the datasheet and implement the driver from scratch.

All things fine, the mlxtest example worked correctly and I got the ambient temperature and the object temperature printed correctly.

Then I created the driver and decided to test it on STM32F103, but discovered that I2C_TRANSFER() for STM32F103 is broken. No problem, let to test it on STM32F4Discovery board:

nsh> dd if=/dev/thermo0 of=/dev/null bs=2 count=1
mlx90614_read_word: value[0]: 0xDF | value[1]: 0x3A | value[2]: 0xCF | ret: 0

Let see in the logic analyzer to confirm:

Very good! But how to check if CRC-8 PEC field (third received byte: 0xCF) is correct?

I found this nice online CRC calculator:

http://www.sunshine2k.de/coding/javascript/crc/crc_js.html

But putting all values as suggested in the datasheet didn’t work:

0x5A 0x06 0x5A 0xDF 0x3A
Result CRC value: 0x2F

Then just web searching for: MLX90614 PEC CRC-8 example

Returned me this thread:

https://stackoverflow.com/questions/20554869/implementing-crc8-on-arduino-to-write-to-mlx90614

The “thb” guy saved me:

“I haven’t checked your CRC implementation but there is a mistake in the MLX datasheet or at least it’s badly written. You have to include all the I2C frame’s data for the PEC’s calculation not just the replied data. For a read word command you have to include [SA_W, Command, SA_R, LSB, MSB] and for a write word command [SA_W, Command, LSB, MSB]. So, for their first example the calculation must be made on [ 0xB4, 0x07, 0xB5, 0xD2, 0x3A ] and not just on [ 0xD2, 0x3A ] and this way you get the expected 0x30.”

What this guy is saying is: we need to include all the bits of the Slave Address, the address needs to be seen as 8-bit including the the less significant bit Write or Read. So I2C Write at address 0x5A is seen as 0xB4 and I2C Read is seen as 0xB5 (pay attention at bits over the “5A” in the logic analyzer image above).

So, let to try his idea:

0xB4 0x06 0xB5 0xDF 0x3A
Result CRC value: 0xCF

Bingo!