• State
  • Locked Locked
  • Replies 5 replies
  • Subscribers 55 subscribers
  • Views 1447 views
  • Users 0 members are here
Support feedback
Options
Options
Related

This thread has been locked.

If you have a related question, please click the "Ask a related question" button in the top right corner. The newly created question will be automatically linked to this question.

Invalid short address during binding request (cc2630)

Dongwook Lee
Prodigy 100 points
Other Parts Discussed in Thread: CC2630, CC2531EMK

Hi, I'm trying to bind a cc2630 end device with a coordinator, below shows used codes.

---------------------------------------------------------------------------------------------------------------

static uint16_t inputClusters2[1] =
{
ZCL_CLUSTER_ID_MS_TEMPERATURE_MEASUREMENT
};

zAddrType_t dstAddr;
dstAddr.addr.shortAddr = 0x0000;
dstAddr.addrMode = Addr16Bit;
zcl_EZModeBindAddEntry(TEMPSENSOR_EP, &dstAddr, TEMPSENSOR_EP, 1, inputClusters2);

---------------------------------------------------------------------------------------------------------------

The problem is, when I analyze the bind request packet, the short address of destination is changed to 0x0424 at somewhere in the code.

I tried to find where code changes, but, I cannot debug or trace ZStackCore, where the actual bind request function called.

So, my questions are:

1. Is there any problem with my code?

2. Why the destination address changes?

Thank you in advance.

  • 0
    Guru 735685 points
    To bind two devices, you should use Zstackapi_ZdoEndDeviceBindReq, Zstackapi_ZdoBindReq, or zcl_InvokeEZMode. zcl_EZModeBindAddEntry is used to add an entry to the binding table.
  • 0 in reply to YiKai Chen
    Prodigy 100 points
    Hi again YiKai Chen, thank you for your reply.

    Well, there are two zcl_EZModeBindAddEntry functions. The first one is located at zcl_port.c file and another is in zcl_ezmode.c file.

    I have no idea why these two functions have same name, but I used the one in zcl_port.c file.

    Below shows the body of zcl_EZModeBindAddEntry function in zcl_port.c file.

    -----------------------------------------------------------------------------------------------------
    void zcl_EZModeBindAddEntry(uint8 srcEpInt, zAddrType_t *dstAddr,
    uint8 dstEpInt, uint8 numClusterIds,
    uint16 *clusterIds)
    {
    ICall_EntityID entityID;
    int x;
    zstack_zdoBindReq_t req;

    entityID = zclPortFindEntity(srcEpInt);

    req.nwkAddr = nwkInfo.nwkAddr;
    memcpy(req.bindInfo.srcAddr, nwkInfo.ieeeAddr, EXT_ADDR_LEN);
    req.bindInfo.srcEndpoint = srcEpInt;

    req.bindInfo.dstAddr.addrMode = (zstack_AFAddrMode)dstAddr->addrMode;
    req.bindInfo.dstAddr.addr.shortAddr = dstAddr->addr.shortAddr;
    req.bindInfo.dstAddr.endpoint = dstEpInt;
    req.bindInfo.dstAddr.panID = nwkInfo.panId;

    for(x = 0; x < numClusterIds; x++) ;
    {
    req.bindInfo.clusterID = *clusterIds;
    Zstackapi_ZdoBindReq(entityID, &req);
    clusterIds++;
    }
    }
    -----------------------------------------------------------------------------------------------------

    This zcl_EZModeBindAddEntry() function calls Zstackapi_ZdoBindReq() function that you mentioned, but I still get invalid destination address in ZigBee Network field of the packet.

    I also tried to call Zstackapi_ZdoBindReq() function directly, like..

    -----------------------------------------------------------------------------------------------------
    pNwkInfo = zclport_getDeviceInfo(ztsEntity);

    zstack_zdoBindReq_t req;
    req.nwkAddr = pNwkInfo->nwkAddr;

    // memcpy(req.bindInfo.srcAddr, pNwkInfo->ieeeAddr, 8);
    // zcl_cpyExtAddr(req.bindInfo.srcAddr, pNwkInfo->ieeeAddr);
    for(int8_t i=0; i<EXTADDR_LEN; i++)
    req.bindInfo.srcAddr[i] = pNwkInfo->ieeeAddr[i];

    req.bindInfo.srcEndpoint = TEMPSENSOR_EP;
    req.bindInfo.clusterID = ZCL_CLUSTER_ID_MS_TEMPERATURE_MEASUREMENT;

    req.bindInfo.dstAddr.addrMode = Addr16Bit;
    req.bindInfo.dstAddr.addr.shortAddr = 0x0000;
    req.bindInfo.dstAddr.endpoint = TEMPSENSOR_EP;
    req.bindInfo.dstAddr.panID = pNwkInfo->panId;

    ZStatus_t ret = Zstackapi_ZdoBindReq(ztsEntity, &req);

    -----------------------------------------------------------------------------------------------------

    The destination address is changed, but still invalid (0x0424 -> 0x019C).
  • 0 in reply to Dongwook Lee
    Guru 735685 points
    Do you have sniffer log for this? I would suggest you using Ubiqua Packet Analyzer to check this.
  • 0 in reply to YiKai Chen
    Prodigy 100 points

    Unfortunately, we don't have cc2531emk which is compatible with ubiqua.

    Instead, we are using Ember Desktop for the packet sniffing.

    Below shows the detail of the packet generated by Zstackapi_ZdoBindReq() function which was capture with Ember Desktop.

    -----------------------------------------------------------------------------------------------------

    Corrupt: field length overflow: 8 [at field: destIeeeAddress] at field FRAME_ZIGBEEDEVICEPROFILEV2.destIeeeAddress

    NWK crypto: ROOT, 14 65 C6 0B 08 BA DF D0 65 02 41 40 26 85 EF 61, Lvl 5

    IEEE 802.15.4 [10 bytes]

      - PHY Header: 0x3A

      -      Packet Length: 58

      - Frame Control: 0x8861

      -      Frame Type: Data (1)

      -      Security Enabled: false

      -      Frame Pending: false

      -      Ack Required: true

      -      Intra Pan: true

      -      Destination Address Mode: Short (2)

      -      Source Address Mode: Short (2)

      - Sequence: 0x23

      - Destination PAN ID: 0x08E9

      - Short Destination Address: 0x0000

      - Short Source Address: 0x90AE

    ZigBee Network [8 bytes]

      - Frame Control: 0x0248

      -      Frame Type: Data (0)

      -      Protocol Version: 0x02

      -      Discover Route: Enable (1)

      -      Multicast: false

      -      Security: true

      -      Source Route: false

      -      Long Dest Present: false

      -      Long Source Present: false

      -      End Device Initiator: false

      - Destination Address: 0x019C

      - Source Address: 0x90AE

      - Radius: 0x1E

      - Sequence: 0x3D

    ZigBee Network Security [14 bytes]

      - Frame Control: 0x28

      -      Security Level: No encryption, no MIC. (0)

      -      Key Identifier: Network Key (1)

      -      Extended Nonce: true

      - Frame Counter: 0x0000C35E

      - Source Address: 00124B0006AD3908

      - Key Sequence Number: 0x00

    ZigBee Application Support [8 bytes]

      - Frame Control: 0x40

      -      Frame Type: Data (0)

      -      Delivery Mode: Direct (0)

      -      Indirect Address Mode: Dest Endpoint Present (0)

      -      Security Enabled: false

      -      Ack Required: true

      -      Extended Header Present: false

      - Destination Endpoint: 0x00

      - Cluster Identifier: 0x0021

      - Profile Identifier: 0x0000

      - Source Endpoint: 0x00

      - APS Counter: 0x09

    ZigBee Device Profile V2 [13 bytes]

      - Transaction Sequence Number: 0x02

      - Source IEEE Address: 00002000019C2000

      - Source Endpoint: 0x00

      - Cluster ID: 0x03F4

      - Destination Address Mode: Reserved (0x00)

    Message Integrity Code [0 bytes]

    Radio Info EM35x [5 bytes]

      - CRC: 0x21D0

      - LQI: 255 (0x00)

      - RSSI: -28 dBm (0x7E)

      - Status: 0x00

      -      Channel: 11 (0)

      -      Tx/Rx: Rx (0)

      -      RxCond: CRC pass (0)

    -----------------------------------------------------------------------------------------------------

    As you can see, 'Short Destination Address' in 'IEEE 802.15.4' part is '0x0000' while 'Destination Address' in 'ZigBee Network' part is '0x019C'.

    And there is an error message 'Corrupt: field length overflow: 8 [at field: destIeeeAddress] at field FRAME_ZIGBEEDEVICEPROFILEV2.destIeeeAddress', I think this is caused by the invalid destination address.

    Thank you in advance!!

  • 0 in reply to Dongwook Lee
    Guru 735685 points
    I cannot read this to help you debug. If you want me to help, please buy CC2531EMK at least to get sniffer log. By the way, I have tested SampleLight (using CC2530DK as coordinator) and SampleSwitch(using CC2650DK as end device) many times and don't have such problem. What is your coordinator HW and FW?