Timac Study notes (ii)

Yesterday, in general, familiar with the timac of the CC2530 demonstration routines, today, starting from the demonstration grab packet, analysis of four different configuration engineering in the air transmission differences. Then, according to scanning, networking, network and other MAC layer interface functions, combined with the IEEE 802.15.4 standard specification and can see the function interface code, to learn some of the Mac operation processing.

Mentioned earlier, the routine has four kinds of network form, divided into non-beacon direct mode, non-beacon indirect mode, Beacon Direct mode, beacon indirect mode . The following separately to capture the package, combined with specific code analysis, the safe transmission mode is finally analyzed.

1. Non-beacon Direct mode

For the establishment of non-beacon network, the device will scan the default channel after power on, and if there are no other coordinators on this channel, it will set itself as the coordinator.

The active scanning process is performed by Msa_scanreq (mac_scan_active, 3) command at the MAC layer, and the scan results are fed back to the application layer MAC_MLME_SCAN_CNF messages, and Msa_coordinatorstartup () is executed at the application layer. Set the MAC layer related parameters of the Coordinator, such as the coordinator extension address, short address, beacon frame content, the receiver remains open when idle, whether to allow access to a series of parameters, after the setup is complete, call Mac_mlmestartreq () to start the coordinator network, After this is done by the MAC layer, notify the application tier with a MAC_MLME_START_CNF message.

Note that the extension address, short address, and Pan ID of the coordinator are fixed and written in the program, the first 6 bytes of the extension address of the terminal device are fixed, the last two bytes are randomly generated, the short address is assigned by the Coordinator, and the PAN ID is written dead.

The coordinator establishes the network request:

Because of non-beacon mode, the premise of establishing a network is that there is no other network around, send out a beacon detection.

The terminal first initiates the scan, discovers that the scan has the BEACON response, generates the Mac_mlme_beacon_notify_ind message, and then launches the Mac_mlme_beacon_notify_ind message to the application layer through the MAC layer callback function. When the terminal parses a super-frame structure, it acquires Bo and so in the super-frame structure and sets it to its own Bo and so values, so that it can join any different types of networks. In the subsequent MAC layer of the scan confirmation response mac_mlme_scan_cnf, through some conditions to determine, and then send the request connection instruction, Mac_mlmeassociatereq, when the MAC layer completed this action, in order to Mac_mlme_associate_ CNF notifies the application layer.

The capture package for the terminal scan process is as follows:

The capture packet that the terminal requests to join the network is as follows:

At this point, the coordinator and the Terminal have established a good connection. The next step is to send and receive data.

The coordinator sends the data to the terminal, because it is the direct mode, the coordinator does not have to wait for the terminal poll request, wants to send the hair.

The actual data sent is very simple, not. The sending and receiving parties confirm the correctness of sending each other by pre-programmed data content. The only thing to note is that the coordinator sends the data and sends the data to all connected devices. When the terminal device receives the data, it echoes the data back to the coordinator intact.

The above is the whole process of non-beacon direct mode.

2. Non-beacon indirect mode

With the above non-beacon direct mode experience, now the analysis of non-beacon indirect mode is clearly understood much. This mode and the first mode of the difference between the terminal device is the indirect mode of access to the network, that is, the terminal equipment will be timed to the coordinator to send poll polling, have learned that the Coordinator has sent to their own data, the coordinator over there to send data, and only wait for the terminal to send data requests, will really give the terminal data, Once again, it's all cached.

From the procedural point of view, in the indirect mode, the terminal is to open a Msa_poll_event timed event after the coordinator establishes the connection, the core is executes the Mac_mlmepollreq interface function. When the MAC layer completes the POLL operation, it feeds back to the application layer MAC_MLME_POLL_CNF event. If the coordinator has data to be sent to the terminal, the Mac_mlme_poll_cnf event's status result is success, and when the data is sent to the terminal, the MAC layer of the terminal receives this data and sends the Mac_mcps_data_ind event notification to the application layer.

The terminal sends a packet of poll request data:

Here, the strange point is that the POLL operation will feed back the MAC_MLME_POLL_CNF message to the application layer, but in the application layer, the condition judgment of the switch also determines the generation of the signal, but the single-step time to go, set the breakpoint is invalid, the suspect may be optimized by the compiler, In the response statement to manipulate some global variables, sure enough to go in again.

3. Beacon Mode Direct mode

In Beacon mode, the entire network itself will maintain the synchronization relationship, so do not need rotation, terminal equipment will only have direct mode access to the network this situation.

Setting method See Learning Notes (a). Here to note, Beacon Mode, the coordinator Bo and so value to the end of Bo, so value consistent, otherwise unable to access the network, because the Beacon Network logo is so and Bo, different so and Bo for different Beacon Network, to network, Must be in the same beacon network under the line.

Beacon Mode, the coordinator set up a network scanning mode to passive scanning, as the name implies, passively used to monitor the channel beacon frame. Beacon Network compared to non-beacon network, in addition to automatic synchronization of the network, allow the coordinator device into the low-power mode, but can really enter, but also to see other relevant settings.

Beacon Mode Coordinator Build net Grab bag:

No other terminal before the network, the coordinator is not sent Beacon synchronization signal, Beacon is used to synchronize, since the network currently has only one node, that there is no need to synchronize.

In the Allow the coordinator to enter the code, TI's code has a bad write,

#define MSA_PWR_MGMT_ENABLED FALSE/* Enable or Disable power saving */

Obviously the Enable macro, but the value is false. Debugging for a while to find this problem, ti This code is not to let the coordinator into the power-saving mode. Like this definition of macro meaning and the actual set of values do not conform to the situation, is a big pit, do not dig holes, but also beware of the code inside such a pit.

After a preliminary test, it is found that the network network and network time are very long, it may be necessary to scan each channel on whether there is a beacon response, 16 channels in turn waiting for the time-out caused. For Beacon Network terminal equipment, there are the following additional processing flow:

Set the relevant Bo and so values, then turn on the sync request, and if the MAC layer finds out, it sends a MAC_MLME_SYNC_LOSS_IND event notification to the application tier. After the coordinator discovers that it has a child node, it starts to send the beacon frame periodically, and the default time is 15s. Existing code, no further processing of the synchronized frames.

Beacon Mode, the coordinator actively sends data to the end of the packet capture:

Beacon Mode, the terminal actively sends data to the coordinator packet capture:

Well, here are three different ways to build and send and receive data in the overall process. Next, you'll start by introducing security-related things.

4. Secure transmission

Secure transmission, is to turn on the MAC layer of encryption, in the non-beacon mode For example, security mode, just add two macros, one is feature_mac_security, the other is HAL_AES macro. The embodiment of the code is that it adds a lot of security-related initialization.

The MAC layer has four transmission frames, a beacon frame, a data frame, an ACK frame, and a command frame. The PHY layer's PIB database defines different security attributes for output frames and input frames. There are four main parameters which are more important, hit are described below.

Uint8 msa_securitylevel = Mac_sec_level_none; This parameter is used for encryption levels in the actual transfer process
Uint8 msa_keyidmode = Mac_key_id_mode_none; The mode of the key index
Uint8 msa_keysource[] = {0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00};
Uint8 msa_keyindex = 0; Key index value

So to introduce, Mac for encryption, it must use the AES hardware encryption engine, there must be an engine has a key, there must be more than one key key, how many keys are organized? Then put them in a table, take a name called msa_keytable, there are keytableentries such a watch. So many keys, if not specified, must use a default key, this default key is called Msa_keydefaultsource, the actual use of the key is Msa_keysource. For different types of frames, there are different security level requirements, MAC layer has 4 kinds of frames, therefore, also want a table for, called msa_securityleveltable

Here is the packet capture diagram of the terminal device sending encrypted content:

In the security control domain, level is the encryption strength, the key mode is 1, and the key index is 3. The following is the encrypted Mac payload information. It is important to note that in encrypted communications, scanning the network, the request network is not encrypted. In the receiver, when passed to the application layer, is already decrypted data, do not need to do other processing.

Summing up: The above is the basic application of Timac and probably the interpretation of the network flow, there are many places do not understand deeply, and hope to help everyone.

Can share the technology, can let others see your shortcomings. I have a lot of shortcomings, I hope to continue to improve themselves.

Timac Study notes (ii)