20 December, 2007

Speed measuring script for Ericsson W25

Earlier I had speed problems with my unit and I wanted to make sure if it is only perception or if it is a real speed problem.
The concept what I have implemented was, that the unit should make a test every 15 minutes to check the download speed of the cellular connection. Then the result with some other relevant information is added to a file stored on the external USB flash drive.

So here is the script:
wget -q -O /dev/null http://www.ericssonw25.com/pdf/w25_V1.2_R6A019.zip &
wget -q -O /dev/null http://www.ericssonw25.com/pdf/W25_Users_Guide_D.pdf &
wget -q -O /dev/null http://www.ericssonw25.com/pdf/W25_Users_Guide_C.pdf &
sleep 3;
bejovo=`cat /proc/net/dev |grep ppp0 |cut -d":" -f2 |awk '{print$1}'`;
sleep 5;
bejovo1=`cat /proc/net/dev |grep ppp0|cut -d":" -f2 |awk '{print$1}'`;
kill `pidof wget`
echo `date '+%Y.%m.%d %H:%M'` `echo $bejovo $bejovo1 |awk '{print (($2-$1))/640}'` kbps `msctl rscp` `msctl ecio` `mctl issue at*cnti=0 |grep CNTI` >>/mnt/C2F8-E4F2/speed ;
It does the following:
  1. The first 3 lines starts a download from 3 different places. In my example I have used the same server for all of them, but when installing it for yoor computer you should select 3 different servers, if possible from different countries.
  2. After 3 seconds I start the real measurement, by querying the actual bytes received from the ppp0 interface
  3. After 5 seconds, I check the new bytes received in the ppp0 interface, stop all the ongoing downloads
  4. Finally I echo the date, the measured speed, the rscp, the ecio and the type of cellular service used to the speed file on the USB flash memory.
When installing you schould change the files to download and the place where you want to store the measurement result.
The result is something like this:
2007.12.20 11:30 1321.15 kbps RSCP: -77 dBm Ec/Io: -3.5 dB *CNTI: 0,HSDPA
2007.12.20 11:45 1328.03 kbps RSCP: -77 dBm Ec/Io: -6.5 dB *CNTI: 0,HSDPA
2007.12.20 12:00 1215.91 kbps RSCP: -75 dBm Ec/Io: -5.0 dB *CNTI: 0,HSDPA
2007.12.20 12:15 1421.46 kbps RSCP: -77 dBm Ec/Io: -4.0 dB *CNTI: 0,HSDPA
2007.12.20 12:30 1318.56 kbps RSCP: -76 dBm Ec/Io: -7.5 dB *CNTI: 0,HSDPA
2007.12.20 12:45 1302.59 kbps RSCP: -76 dBm Ec/Io: -4.5 dB *CNTI: 0,HSDPA
2007.12.20 13:00 1300.31 kbps RSCP: -75 dBm Ec/Io: -5.5 dB *CNTI: 0,HSDPA
2007.12.20 13:15 1230.03 kbps RSCP: -79 dBm Ec/Io: -5.0 dB *CNTI: 0,HSDPA
2007.12.20 13:16 1296.04 kbps RSCP: -75 dBm Ec/Io: -5.5 dB *CNTI: 0,HSDPA
2007.12.20 13:30 1229.59 kbps RSCP: -77 dBm Ec/Io: -6.5 dB *CNTI: 0,HSDPA

I am on a 1,8 Mpbs HSDPA network and the highest speeds I have measured are arround 1400 kbps. This is measured with an external antenna.
A nice chart made earlier

The internals of a firmware package for Ericsson W25

By analysing the /bin/swinst script it become clear, that the firmware package is a simple tar file, containing the software components to be upgraded. Usually it contains the following elements:


  • metainfo - detailed information and MD5 summs of the components to be installed

  • preinstall.sh - script to be executed before installing

  • postinstall.sh - script to be executed after installation

  • zImage - linux kernel

  • rootfs.squahfs - root file system

  • wanbl - wan module boatloader

  • wanfw - wan module firmware

The swinst script is quite complex, but basicly it download the firmware form the internet to the TMP directory, checks the checksums, checks the SW versions and if the upgrade is needed, the upgrades first the main firmware, then the WAN bootloader and then the WAN firmware. When installing the main firmware it increases the number used by RedBoot boot loader, this way it is garanteed, that on restart the new version will boot. On the other hand, if the installation is interrupted, the old Sw will start.

17 December, 2007

Ericsson W25 time syncronization

Using the default ip network based time sycronization has two disadvantages:


  • As you can not set time zones your device will run always on GMT

  • In the current SW version the ntp daemon is crasing after some days so you will loose syncronization

You can change it to cellular based syncronization with the following commands on the command line interface:


# cf set sntp.enabled false


# cf set cellular.celltime true


# cf commit


This will use your local time and will run forever.

I have implemeted this 2 days ago, but it turned out that you can use this only if you have good enough coverage, othervise you will not get the time from the cellular network. So I swicthed back to the ip network based syncronization and I will write a script to periodically restart the time syncronization process.

14 December, 2007

Ericsson W25 running binary files from other sources

I have spent some hours trying to find a propper source to get prebuilt binary files to be executed on the Ericsson W25 without sucess.

I could figure out that I need "armeb" type files and I have found them in the Debian ARM packages and in OpenWRT kamikaze version, but none of them was usefull as the debian used a different version of the main c libraries and OpenWRT uses uLibC.

If anyone know more sources of ready made binaries, please let me know.

Ericsson W25 Dynamic DNS

Dynamic DNS is a technology used to have a permanent address even if your ip address is changing all the time. To do this you have to register at one of the Dynamic DNS providers (I have used no-ip.com), select a nice web address for yoursef (e.g. kiki.no-ip.info) update your ip address and access your computer on this new address (kiki.no-ip.info).

The update of your ip address can be done automatically by this simple script. The script checks your IP address and if it is changed it simply request the https page defined for updating your ip address. You can find this address for other DynDNS providers in their developer documentation. When requesting the update, you even don't have to include your IP address as the server will see it from the request.


#!bin/sh
IP=`ifconfig ppp0 |grep "inet addr" |awk '{print $2}' |awk -F: '{print $2}'`;
if [ ! -e /var/tmp/oldip ] ; then
OLDIP="1";
else
OLDIP=`cat /var/tmp/oldip`;
fi;
if [ $IP = $OLDIP ] ; then
echo "equal"; > /dev/null
else
wget -O /dev/null --http-user=your@email.address --http-passwd=yourpassword https://dynupdate.no-ip.com/nic/update?hostname=kiki.no-ip.info
fi;

echo $IP > /var/tmp/oldip
Save this script as dyndnsupdate to the /root direcftory and add the following to your /root/custominit:

echo "* * * * * /root/dyndnsupdate" >>/var/spool/cron/crontabs/root
sevice crond restart

27 November, 2007

Starting your own init script in Ericsson W25

Update: In the SW version 1.3 you can simply put your init scripts to /rw/etc/init.d/rc.local and do not need this complicated method.


If we want our extra changes remain after restarting the Ericsson W25 we need to reapply them after restarting the router again. Normally this is done by a custom init script which makes the necessary changes for us.

In the W25 we need to do some special tricks to be able to start our own script as most of the /etc directory and the complete /etc/init.d is in a read only filesystem. However we are clever guys and we notice that the /etc/ppp/peers directory is in the rw filesystem and we know that for the pppd we can give a dialer program as a parameter. Let's use this for starting our own init script, when the unit first tries to connect to the 3G network.

We have to change the following line in /etc/ppp/peers/3g:

connect "/usr/sbin/chat -V -f /etc/ppp/chat/3g-connect"

to the following:

connect "/root/lchat -V -f /etc/ppp/chat/3g-connect"

This will call /root/lchat (our secret agent) instead of the standard chat program. After this we have to create the /root/lchat script, which is actually a wrapper for /usr/sbin/chat, but on the first run, it starts the /root/custominit script as well.

/root/lchat should look like this:

#!/bin/sh
if [ ! -e /var/tmp/customboot.tmp ] ; then
touch /var/tmp/customboot.tmp ;
/root/custominit > /dev/null
fi;
/usr/sbin/chat $*

The /var/tmp directory is cleared on every reboot, so this way we can assure that the init script is runing once and only once.

We are done with this, next time we will continue with setting up Dynamic DNS for our box.

17 November, 2007

Software of the Ericsson W25

The Ericsson W25 is running an embebbed linux.

When you power on your device first the bootloader is started. The bootloader is responsible for loading in the complete operating system and start it up. In the Ericsson W25 there is a RedBoot bootloader, which has plenty of features. It is capable of booting from network, from serial devices, it has a telnet interface etc., but in our case it just selects the propper linux kernel and the propper root file system and starts up the linux operating system.

All the software to be loaded is stored in the built in ROM, in 9 partitons:

0x00000000-0x00080000 : "RedBoot"
0x00080000-0x001c0000 : "kernel_A"
0x001c0000-0x007a0000 : "rootfs_A"
0x007a0000-0x008e0000 : "kernel_B"
0x008e0000-0x00ec0000 : "rootfs_B"
0x00ec0000-0x00fa0000 : "rwfs"
0x00fa0000-0x00fe0000 : "test"
0x00fe0000-0x00fff000 : "FIS directory"
0x00fff000-0x01000000 : "RedBoot config"

As you can see the first partitition is the boatloader itself, while the last partition is the configuration for the bootloader. The "FIS directory" is the "Flash Image System directory" which actually holds the addresses of the above listed partitions.

Partition "test" is probably not used.

Partition "rwfs" is the partition which contains the writable parameters of the router. It countains a jffs2 type filesystem.

Partitions 1-4 hold two versions of the kernel and the root file system. This is a good way of making the device more secure, if a firmware update does not sucseed, there is a copy of the earlier version and the device can switch back to the previous version. Probably there are some commands in the device, where you can switch between these partitions, but so far I have not found them.

The used linux is a MontaVista linux, which is a commercial distribution. The main point of using it, that it gives you a complete development environment with support and instead of trying to find the best components to use, you can develop your device very quickly. As in most embebbed linuxes, most of the commands are implemented in Busybox. Busybox is used to reduce the space used by small command files, instead there is one big executable, which is including all the small unix utility commands. The commands can be executed by shortcuts pointing to the busibox executable.

The management of the wireless router is done by Tail-f Systems ConfD product. This utility makes it possible to handle the different configuration interface identically, and it has ready tools to implement a commd line interface, a web interface and SNMP interface. The command line interface is called cf and when called without parameters it gives a help about the available commands.

After booting up, the root file system will be the selected partition from the flash (3 or 5) which has a squashfs filesystem. This contains all the non changing files. The 6 th flash partition is mounted to /rw, here are stored the parameters which are changing, but have to be preserved between the restarts of the router. There is a RAM based filesystem mounted on /var, which is populated during the init procedure from /etc/varfs.tar and it is a tempfs type filesystem.

To be able to use standard tools, the important configuration files from the /etc directory are symlinked to the /rw/etc and when they are changed these chages are kept peristent in the rw filesystem. The advantage of this solution is that it is very simple, but if you want to change a parameter, which it is not prepared for it (e.g. timezone), you can not change it whithout changing the entire read only root filesystem. A better solution would be to use a filesystem like unionfs which can combine a read only and a read write filesystem and store the changes in the writable filesystem.

This is enough from the theory, in the next post I will write about how to make your own init script to start your very own programs after rebooting.

30 October, 2007

Hardware of the Ericsson W25

Before looking at the hardware of the Ericsson W25, I would like to emphasize once more the importance of changing your passwords in the router. This morning I found very nice traces of an attack against my router in the logs:

Oct 30 08:31:37 (none) auth.err sshd[9534]: error: Could not get shadow information for root
Oct 30 08:31:37 (none) auth.info sshd[9534]: Failed password for root from 220.90.216.15 port 60418 ssh2
Oct 30 08:31:41 (none) auth.info sshd[9536]: Illegal user andrew from 220.90.216.15
Oct 30 08:31:41 (none) auth.err sshd[9536]: error: Could not get shadow information for NOUSER
Oct 30 08:31:41 (none) auth.info sshd[9536]: Failed password for illegal user andrew from 220.90.216.15 port 60649 ssh2

and this went on for 900 more lines. Apparently someone was trying to log into my router by trying out username/password pairs. The original Ericsson password for root is so easy, that probably the attacker would have succeeded.

But, now lets turn to the HW:

It is based on the Intel XScale 425 development platform which is designed for voice gateway applications.

It has the following elements:
  • Intel® IXP425 network processor at 533MHz
  • a built in ethernet switch
  • 2 usb 2.0 ports
  • a usb 1.0 port
  • 2 fxs phone ports
  • 16 megabytes flash rom
  • 16 megabytes ram
  • two mPCI connectors

In the Ericsson W25 in one of the mPCI slots there is a Sierra Wireless mc8775v hsdpa modem and in the other a Broadcom BCM4318 802.11 WLAN card.

In the next post I will write about the basic software of the router.

29 October, 2007

Accessing the command line interface of the Ericsson W25

The first step if you want more from your Ericsson W25 is to gain access to its command line interface. The command line interface (CLI in the future) can be accessed over the network either by telnet or ssh protocol. Telnet is available only from within your local network, and for accessing it you can use the telnet command built into Windows: telnet 192.168.1.1
The ssh access is available both from the internal network and from the internet and you should use an ssh client like PuTTY to access it.

There are two user names available for the CLI: root and operator. You can find their default password in the document about SW upgrade on http://www.mobiledata.net.au/.
Once you have logged in, you find yourself in a linux environment. Linux commands like ls, pwd, mount etc. will work.

There are two specific commands for the router: cf and st.

The cf command is used to set and retrieve the parameters of the router. When called without parameters it gives a help about the available commands. The parameters of the Ericsson W25 are organized into a tree structure, and with the cf command you can interrogate or set any node on the tree. For example if you would like to change the IP address of the router, you can do that with the following command: cf set ip.lan.address 192.168.1.1 Here athe ip.lan.address defines the note on the tree. The command cf show, lists all nodes with their values.

The st command displays different statistics. It has the following options: usb, lan, wan, wlan, nat, natverbose, wan-stats, tel, pm and system. One of the most interesting is the wan-stat which provides reception statistics for the HSDPA modem, so you can check if the coverage is good enough at your place.

One important note, before you continue to use your W25, that the same way as you could figure out the default password, anyone else can do it, and if you do not change it, practically anyone from the internet can log into your router. So log on to the web interface with the user name root and operator and change their password in the top right side of the general tab to something with is not the standard. If you are more advanced, you can do this with the cf command as well, but you have to figure out the right node in the parameter tree yourself.

In the next post I plan to write some sentences about the hardware of the Ericsson W25.

28 October, 2007

Ericsson W25 Fixed Wireless Router Introduction

A fixed wireless router means a device which is connected to the internet using a mobile network and it distributes the internet access for a home/small office network using wired and/or wireless LAN. The reason for using this kind of devices is either because where you live/work you do not have a fixed internet or simply because the price for a mobile internet can be lower than for a fixed one.

The Ericsson W25 is a GSM/UMTS/HSDPA one, it can be used on GSM or UMTS networks. The theoretical maximal donwload speed is, 7.2 Mbit/sec with HSDPA, but today only very few carriers support this and even if it is supperted you can not reach this speed. The network which I am using supports only 1,8 Mbit/sec where I live and even with this theoretical possibility I can not reach higher speed than 1,4 Mbit/sec. However this speed is almost 3 times higher than my previous internet connection which was an outdoor WLAN based 512 k connection.

Beside the internet access this device has the possibility to connect traditional telephones to it, in this case call made from the foxed phones will be connected trough the wireless network. In a lot of countries, this can save you a lot of money, when calling mobile numbers.

The Ericsson W25 was designed with the customers in mind, this means that a lot of effort was taken to make it as simple to use as possible. This was sucessfull, after purchasing, you need only to plug in a SIM card and plug it into an AC outlet and voila, it is up and running. Of course if don't want to share your internet connection with your neighborhood, you need to run trough the web based setup wizzard. The management web pages are also very simple, they only contain the most important parameters.

If this is not enough for you, then this Blog is for you, as in the next posts we will look into more advanced configurations and look into how we can hack into the router, to enable new features.

Till then I recomend you to visit this address: http://www.mobiledata.net.au/ here you can find the newest firmware, which is much more stable than the one on the official W25 site.

20 October, 2007

What is networking at home about?

Altough networking is used more when people are getting connected, in my case this is about computer networks at home. What you can expect here are some rather technical articles about what I have done or what I wanted to do in my home LAN.

The first blogs will be about the Ericsson W25 router which is a mobile network to WLAN router.