A CWMP Client Application with the TR-069 Protocol
A popular manufacturer of home and professional appliances.
The client commissioned us with multiple software development tasks, such as implementing the CWMP protocol client application (TR-069 specification) and developing an application manager for the Linux OS on a board with the Broadcom 7255 chip.
Also, the scope of work included an application for software downloader, an updater of the board's firmware implementation, and support for Youtube and Verimatrix certification.
1. Concept development
The common development concept was based on cross-platforming development, simple and easy connecting of third-party libraries, high scalability, and covering the code with unit tests.
2. Software development
The software was developed using the C++ (C++14 standard) programming language with the Cmake build system. It simplifies cross-platform building without the reconciliation of a particular compiler, and it provides features for downloading and installing third-party libraries.
A source code compilation for a board was performed with a Broadcom C/C++ compiler. The PC version of the software was compiled on host machines using GCC/Clang.
The software included a long list of integrated third-party libraries, including boost, spdlog, jsoncpp, jsonrpc, xml2, xtreexml, sqlite3, soci-sqlite.
The complete set of unit tests based on the Google C++ Testing Framework was developed in separate modules for each application.
The following sections take a closer look at the main components of our software solution:
1. A CWMP client application implementing the TR-069 protocol for the Linux OS
The TR-069 client is responsible for communication with a web server via the CWMP protocol, which includes data transfer and service command execution activities.
The client application supports a remote server session creation, implementation of the event mechanism, and working with parameter values, attributes, objects, and service execution methods.
An XML format was chosen for storing configuration information due to unification with a mechanism of processing requests via the CWMP protocol. An XML format is used for providing data exchange with a server. XML C parser and toolkit is a very powerful portable solution, and xtreexml is a C++ wrapper for the popular XML2 XML parser library.
For data storage, we have chosen SQlite, a relational database and applied the sqlite3 and soci-sqlite libraries which were applied for the project. The database is presented by four tables: an events list table, a model object table, an object table, and a parameter table, that are all connected to one another with foreign keys.
Except for the server data exchange CWMP protocol, the application supports connection facilities with a middleware part via a Unix-socket mechanism using the Json-RPC protocol. Data transfer services use a Json message format to provide remote procedure calls.
Date and time management is supported by date library. A C++ library adds some new duration types and new time point types. Also, it implements a complete parser of the IANA timezone database and provides additional data types, time intervals, and time zone support.
The multilevel functional logging system is built using the spdlog, a very fast, header-only/compiled, C++ logging library. Multilevel logging facilities are maintained by tuning log messages to a required trace level.
The TR-069 client software diagram is presented below.
The TR-069 client software diagram
2. An application manager for the GNU/Linux OS
The main aim of the application manager is to have full control of other applications’ activity: starting, stopping, focus switching, and connection with a middleware part.
A configuration of the application takes place with Json config files. The Jsoncpp library was used to parse them.
According to a configuration file, the application manager handles Cobalt, Netflix, a TR-069 client, a middleware application, and other applications. The application connects with a middleware part via a Unix socket and the Json-RPC protocol. For these purposes, the Jsoncpp and Jsonrpc libraries were used.
The Spdlog library organizes an event log. The level of logging detail can be changed in the configuration file.
The application manager software diagram is presented below.
The Application manager software diagram
3. A software downloader for GNU/LinuxOS set-top upgrades
The main purpose of the developed software was to update the set-top box from the current version of the firmware to a newer one provided by our customer. The update must be secure, safe, and fail-resistant.
The application supports downloading an updated image from the remote server. Our software uses curl, a free and easy-to-use client-side URL transfer library, and can fetch the updated image using one of the following file/ftp/http/https protocols. The https way supports basic and digest authentication.
The application supports writing an image to different types of memory, such as raw NOR/NAND flash and UBI/UBIFS. The set-top box has two copies of the main partitions and can boot from either of them in case of a previous unsuccessful boot.
The application provides support for working with archive files. We made it possible with the miniz, a lossless, high-performance data compression library in a single source file that implements the zlib (RFC 1950) and Deflate (RFC 1951) compressed data format specification standards. A simple and functional logging mechanism was implemented with the spdlog library.
4. DIAL server integration
DIAL is a protocol co-developed by Netflix and YouTube. It allows discovering and launching of applications on a single subnet, typically a home network. DIAL enables tablet computers and mobile phones (so-called "second screen" devices) to send content to "first screen" devices, such as televisions, Blu-ray players, and set-top boxes.
As a reference, we implemented Netflix's DIAL server to interact with the YouTube application via IPC and perform DIAL client's (mobile phone and tablet) commands.
5. System hardening
System hardening is a collection of tools, techniques, and best practices to reduce vulnerabilities in applications, systems, and firmware.
We took the next steps to increase the system’s security:
- Disabled all debug and potentially unsafe kernel options.
- Removed all unused or potentially dangerous utilities from the firmware and closed all unused ports.
- Used as strict access rights to files and directories as possible.
- Non-root users run all applications that don’t require root privileges.
Our client received a client application implementing the CWMP protocol (TR-069) and an application manager for the Linux operating system on the board with the Broadcom 7255 chip. Also, our engineers created an application for downloading and updating the board's firmware, supporting Youtube and Verimatrix certification.
Solving these challenges in software development allowed our client's engineering team to upgrade their new mass-produced device for the electronics market.