[Ovmsdev] v2 simcom, gsm, and ancient protocols

Mark Webb-Johnson mark at webb-johnson.net
Wed Oct 11 08:57:26 HKT 2017

I’m having a fascinating time with the new SIMCOM modem support for OVMS v3.

I’ve wanted to use the CMUX protocol for some time, as it allows the single async line to be split to multiple separate logic communication channels, and for each of those channels to be used for different things. So, we can:

Create a channel for the GPS. Then, that can be straight NMEA protocol, streaming from the GPS, with no need to poll.
Create a channel for the PPP connection used to provide data service (GPRS, etc). This means we can handle our own networking (with lwip) and expose the modem network as a pure network accessible to normal networking stacks in the ESP32 framework. A “connect” would work the same way, no matter if it is over Wifi, or GSM modem.
Create a channel for AT commands.

The real advantage is that these are all separate, so we can issue AT commands while reading a GPS NMEA message, while sending telemetry to the server.

Those of you familiar with OVMS v2 net.c code will recognise the issue; synchronising all the different accesses to a single async link used for AT, GPRS, SMS, and DATA, was a nightmare. CMUX was actually in the 2G SIMCOM chips as well, but we just didn’t have the ram or flash space in v2 to do it.

So, now v3 is here, and I start to work on it. Turns out that the CMUX protocol is not SIMCOM’s. Instead, they use an industry standard protocol called "GSM 07.10 Multiplexing protocol”, in basic mode. The specification I am using dates back to 1997. Also of note is that the AT command set has also been standardised by the same body as GMS 07.07. Reading that specification, and working with that protocol, is like a journey back in history. Most of it seems based on the X.25 protocol from back in the 1980’s (my I.T. career started with messing around with X.25 systems, and asynchronous RPADs, so it is dredging up old memories dealing with Set Asynchronous Balanced Mode (SABM) and Unnumbered Acknowledgement (UA) responses). Great fun…

Anyway, it is a big specification, with lots of nuances, but I am making progress.

To leave normal single channel AT command mode, and enter GSM 07.10 multiplexor mode, we send some AT commands to program the multiplexor channel connections that we want:

Channel 0 is mapped to the DIAG service
Channel 1 is mapped to the NMEA (GPS) service
Channel 2 is mapped to the DATA (AT) service
Channel 3 is mapped to the DATA (AT) service

Then we send “AT+CMUX=0” and wait for the OK:

SIMCOM tx 41 54 2b 43 4d 55 58 53 52 56 50 4f 52 54 3d 30 AT+CMUXSRVPORT=0
SIMCOM tx 2c 30 3b 2b 43 4d 55 58 53 52 56 50 4f 52 54 3d ,0;+CMUXSRVPORT=
SIMCOM tx 31 2c 35 3b 2b 43 4d 55 58 53 52 56 50 4f 52 54 1,5;+CMUXSRVPORT
SIMCOM tx 3d 32 2c 31 3b 2b 43 4d 55 58 53 52 56 50 4f 52 =2,1;+CMUXSRVPOR
SIMCOM tx 54 3d 33 2c 31 3b 2b 43 4d 55 58 3d 30 0d 0a    T=3,1;+CMUX=0..
SIMCOM rx 0d 0a 4f 4b 0d 0a                               ..OK..

Now, we start talking GSM 07.10. We need three channels, so send SABM messages and wait for UA acknowledgements, for each in sequence:

I (88695) gsm-mux: Start MUX
I (88695) gsm-mux: StartChannel(0)
SIMCOM tx f9 03 3f 01 1c f9                               ..?...
SIMCOM rx f9 03 73 01 d7 f9                               ..s...
I (88705) gsm-mux: ProcessFrame(CHAN=0, ADDR=03, CTRL=73, FCS=d7, LEN=6)
I (88705) gsm-mux: Channel #0 is open
I (88705) gsm-mux: StartChannel(1)
SIMCOM tx f9 07 3f 01 de f9                               ..?...
SIMCOM rx f9 07 73 01 15 f9                               ..s...
I (88705) gsm-mux: ProcessFrame(CHAN=1, ADDR=07, CTRL=73, FCS=15, LEN=6)
I (88705) gsm-mux: Channel #1 is open
I (88705) gsm-mux: StartChannel(2)
SIMCOM tx f9 0b 3f 01 59 f9                               ..?.Y.
SIMCOM rx f9 0b 73 01 92 f9                               ..s...
I (88715) gsm-mux: ProcessFrame(CHAN=2, ADDR=0b, CTRL=73, FCS=92, LEN=6)
I (88715) gsm-mux: Channel #2 is open
I (88715) gsm-mux: StartChannel(3)
SIMCOM tx f9 0f 3f 01 9b f9                               ..?...
SIMCOM rx f9 0f 73 01 50 f9                               ..s.P.
I (88715) gsm-mux: ProcessFrame(CHAN=3, ADDR=0f, CTRL=73, FCS=50, LEN=6)
I (88715) gsm-mux: Channel #3 is open

Once the channels are open, then the SIMCOM modem sends messages:

SIMCOM rx f9 0d ff 1f 0d 0a 2b 43 53 51 3a 20 31 34 2c 39 ......+CSQ: 14,9
SIMCOM rx 39 0d 0a f0 f9                                  9....
I (403335) gsm-mux: ProcessFrame(CHAN=3, ADDR=0d, CTRL=ff, FCS=f0, LEN=21)

That is a signal quality report (+CSQ) coming in on the data channel.

Here is what an incoming SMS message (+CMT) looks like:

SIMCOM rx f9 0d ff c3 0d 0a 2b 43 4d 54 3a 20 22 2b 34 34 ......+CMT: "+44
SIMCOM rx 37 39 33 37 34 30 xx xx xx xx 22 2c 22 22 2c 22 793740xxxx","","
SIMCOM rx 31 37 2f 31 30 2f 31 31 2c 30 31 3a 35 33 3a 35 17/10/11,01:53:5
SIMCOM rx 31 2b 30 34 22 2c 31 34 35 2c 34 2c 30 2c 30 2c 1+04",145,4,0,0,
SIMCOM rx 22 2b 34 34 37 37 39 37 37 30 xx xx xx xx 22 2c "+44779770xxxx",
SIMCOM rx 31 34 35 2c 31 31 0d 0a 48 45 4c 4c 4f 20 57 4f 145,11..HELLO WO
SIMCOM rx 52 4c 44 0d 0a xx f9                            RLD..u.
I (1727775) gsm-mux: ProcessFrame(CHAN=3, ADDR=0d, CTRL=ff, FCS=xx, LEN=103)

It is a lot of work getting this working, but the result should be worth it.

Regards, Mark

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.teslaclub.hk/pipermail/ovmsdev/attachments/20171011/8f8d8560/attachment-0001.html>

More information about the OvmsDev mailing list