28 January 2021

Swedish STANAG-5066 client-application... (2)

(just a little update to the previous post) A further confirmation of the role of the STANAG-5066 DTS (Data Transfer Sublayer) in the duplication of D_PDUs  comes from the examination of the S5066 frames produced by the dissector that I'm still writing (Figure 1).
As said previously, C_PDU segment offset in the duplicated D_PDUs does not change and thus the same data segment is processed two times and then sent into two distinct frames (#85 and #86 in this example). In this regard, it's interesting to notice the valuse of the EOT field. The field End Of Tansmission (EOT) contains a binary number expressing the number of half (1/2) second intervals remaining in the current transmission from the beginning of the current D_PDU. Once an EOT is sent, the EOT in each subsequent D_PDU in that transmission contains a consistent calculation of the EOT, that is, monotonically decreasing in half-second (0.5 second) intervals (calculations by the transmitting node is rounded up to the nearest half-second interval). As you may see, the flow control updates the EOT value.

Fig. 1

15 January 2021

Swedish STANAG-5066 client-application, a look at the DTS sublayer

(Just an update about the "Swedish Defence client-application for STANAG-5066" topic)
As said in the previous posts, the users employ the 3G-HF "Circuit Mode" service (STANAG-4538), data are transferred in non-ARQ mode using the STANAG-5066 stack and basic end-to-end transport protocols (UDOP/RCOP). Since the use of 3G-HF, the stations partecipating the netwok synchronously scan the assigned pool of frequencies and transmissions just happen when in need. 
I came across on a transmission, on 4742.0 KHz/USB, that exhibits two features never seen before in the previous transmissions (at least in my case):
● the used HF waveform is STANAG-4539 3200bps (usually they employ 188-110 1200bps along with S-5066 or alone in 8-bit text mode);
● the multiple occurrences of the ASCII string "WVKA" inside a message, which implies a look at the role of the Data Transfer Sublayer (DTS) of STANAG-5066.

Fig. 1 - Multiple occurrences of the string "WVKA", here in block 2 out-of 20

It's noteworthy that, actually, the occurrences are about the half since data are repeated!
Just a reminder for background: in case of a source message that is larger than the MTU (Maximum Transmission Unit) of the S-5066 subnetwork interface (usually <=2048 bytes), the client-application segments the message into n-blocks (A_PDUs) before its submission. The blocks are then encapsulated into the final C_PDUs, which in turn are segmented by the Data Transfer Sublayer (DTS) into smaller 200-byte D_PDUs (PDU stands for Protocol Data Unit).

Fig. 2 - progressive encapsulations and segmentation in S-5066 stack

It's possible to verify that in some circumstances - probably when UDOP protocol is used - segmenting a C_PDU results in duplicate D_PDUs (!), except the first and the last D_PDUs (read below). As clearly shown in Figure 3, the analyzed transmission just matches that case.

Fig. 3 - The duplicated D_PDUs in the block 2 out-of 20 (the same block of Figure 2)

This behavior is easily seen in many transmissions, whether they use S-4539 or 188-110A waveforms: note in Figure 4 that the first D_PDU is repeated only in the first C_PDU, while the last D_PDU is never repeated.

Fig. 4

Where do the duplicate D_PDUs come from? Inspecting the headers in Figure 5, it's possible to note that the "C_PDU Segment Offset" field contains the same value in the pairs of the duplicate D_PDUs. Given that the Segment Offset indicates the location of the first byte of the segment with respect to the start of the C_PDU, it means that the C_PDU (and thus the upper sublayers) does not contain duplicate data, otherwise the Segment Offset fields in the pairs of the duplicate D_PDUs would have contained different values! Thus, in my opinion, the duplicate D_PDUs are originated by the DTS sublayer. Notice that what we see in Figure 5 are the on-air bytes, thus after they have leaved the DTS (see the S-5066 stack in Figure 2).

Fig. 5 - headers of the D_PDUs (each row is a D_PDU, see Figure 2)

Segment Offset fields contains a 200 bytes step values, as expected:
0x0000 =    0
0x00C8 =  200
0x0190 =  400
0x0258 =  600
0x0320 =  800
0x03E8 = 1000


The receive node will re-assembly a C_PDU from its segments (the D_PDUs) after they have passed the CRC error-check and have no detectable errors: probably the redundancy is used in this regard. I did not find any reference in the S-5066 standard, at least the one at my disposal, and I tend to exclude possible errors of the S-4539 (or 188-110A) decoder since the same results were obtained using different decoders and different HF waveforms: so, at least in my opinion, the repetition of the D_PDUs could be a custom modification of the code of DTS  (switchable to maintain NATO compatibility) or a new feature added to a recent edition of S-5066. Definitely, even if the latency increases (such transmission mode takes about twice as much time, although they have moved on the 3200 bps of S-4539) the add of redundancy improves the general reliability of the system since S-5066 is used in non-ARQ mode.

As for the string "WVKA", only guesswork can be made: further recordings are in need. For now, I'm going to code a S-5066 dissector to facilitate the reading of the headers...


8 January 2021

Fast WALE (4G-ALE) and wide band traffic (WBHF)

Thanks to a reporting of my friend Martin G8JNJ, on 4744.0 KHz - mostly in the morning -  it is possible to receive transmissions which use Fast WALE (188-141D App.G) and WBHF (188-110D App.D) waveforms: it's the first time for me that I have the canche to "see" and analyze 4G-ALE signals. 

The WALE (4G-ALE) system uses waveforms derived from the WBHF waveforms for its transmissions, and draws ideas from both second and third-generation ALE for its protocols. The WALE waveforms operate in 3 kHz and provide two interoperable modes for sending PDU: the “Fast” WALE waveform (intended for very fast link setup in voice-quality channels) and the “Deep” WALE waveform (designed for operation in the most challenging channels, including SNR < 0dB). The choice between Fast or Deep WALE can be made on a call-by-call basis as receivers listen to both types of WALE calls, as well as 3G & 2G ALE calls for simultaneous operation with existing narrowband circuits.[1]

In the recorded session shown in Figure 1, the transmissions consist of two-way WALE handshakes followed by data transfers using ARQ method and WBHF waveforms: the bursts following the last ACQs are probably an EOM signaling given that the following session begins with a WALE handshake. Since the strong signals in the analyzed sample, I can't say if it's a bidirectional link. 

Fig. 1

The WALE LSU protocol use a fixed 96-bit length PDU for both Fast and Deep waveforms with a correction coding consists of a constraint length 9 (CL-9), half rate convolutional code producing a 192-bit coded block (ie, for each bit input to the encoder, two bits are taken from the encoder). Using Fast WALE the coded and interleaved bits of each PDU are sent in alternating blocks of unknown (data) symbols and known (probe) symbols.

The WALE waveforms employ PSK8 modulation of an 1800 Hz subcarrier at a rate of 2400 symbols per second. The two more dense states in the phase plane of Figure 2 are due to the BPSK modulation of  Fast WALE data.

Fig. 2

In the analyzed samples the portion before the coded and interleaved PDU, according its 83.33 ms duration, consists of 200 PSK8 symbols (figure 3). Since the preamble and the TLC sections use the same 32-element Walsh chips (32 PSK8 symbols), the initial portion consists of 1 TLC block (13.333 ms) followed by 168 PSK8 symbols (70 ms) which do not resolve into an integer number of 32-element Walsh chips! These values, durations and symbols, are not compliant with relevant standard (188-141D #G. which requires nine 32-element Walsh chips for the Fast WALE  preamble, for a total of 288 PSK8 symbols and a 120 ms duration.

Fig. 3

The structure of the known/unknown symbols blocks is exactly compliant with 188-141D: ie, 288 PSK8 symbols and a 120 ms duration (figure 4). Notice that according 188-141D, the length of the preamble shall be equal to the sum of the lengths of the known/unknown symbols blocks.

Fig. 4

The traffic waveforms are PSK8 modulated at symbol rate of 9600Bd, ACF value is 120ms that makes a 3456-bit length period or 1152 PSK8 symbols (Figure 5): the frame structure (Figure 6) matches the waveform #7 of 188-110D App.D ie, 1024 Unknow symbols (3072 bit) + 128 Known symbols (384 bit). 

Fig. 5 - WBHF waveform #7

Fig. 6

The bursts I termed as "EOM" also employ PSK8 modulation at symbol rate of 9600 Baud and have a frame length of 1504 symbols (Figure 7).

Fig. 7

[1] https://www.rapidm.com/wp-content/uploads/2018/10/RM10_WBHF_EN.pdf