diff --git a/docs/cf_FunctionalRequirements.csv b/docs/cf_FunctionalRequirements.csv index a0a4bd66..cc294896 100644 --- a/docs/cf_FunctionalRequirements.csv +++ b/docs/cf_FunctionalRequirements.csv @@ -10,15 +10,16 @@ CF2000,CF2000,"When CF receives a CFDP receive-file protocol-directive PDU, CF s CF2001,CF2001,CF shall extract uplinked CFDP PDUs from cFE-SB messages.,CF application is a cFS compliant component that must implement the cFS architectural patterns CF2002,CF2002,CF shall extract file data from File-Data PDUs and reconstruct an identical copy of the extracted file from the meta-data-specified directory.,Basic CFDP function with fault handling defined in sub requirements CF2002.1,CF2002.1,"If CF detects that a ""fault"" has occurred, CF shall close out the transaction and issue an ""Error"" cFE event message.","For robust and secure operations, errors in execution must be detected and handled with appropriate constraints on resource use and state machine iterations. ""Close out"" is intentionally vague since the action needs to be appropriate for the transmission class. As long as the transaction doesn't hang and become stale the requirement is met. Note ""cancel"" is overly specific, there's a cancel transaction command that is different than what is done here." -CF2002.1.2,CF2002.1.2,"CF shall detect the following scenarios and identify them as faults: -1. Positive Ack Limit Reached -2. Filestore Rejection -3. File-CRC Mismatch Failure -4. File-Size Error -5. NAK Limit Reached +CF2002.1.2,CF2002.1.2,"CF shall detect the following scenarios and identify them as faults: +1. Positive Ack Limit Reached +2. Filestore Rejection +3. File-CRC Mismatch Failure +4. File-Size Error +5. NAK Limit Reached 6. Inactivity Limit Reached",Fault scenarios explicitly listed and tested for specification compliance. CF3000,CF3000,"When CF receives a ""Transfer File"" command, CF shall play back the file indicated by the command-specified: filename, source path, destination path, keep/delete flag, service class, priority, channel, and peer-entity id. ","Also referred to as ""playback file"" command. Basic function of file transfer required to operate cFS flight systems. " CF3000.1,CF3000.1,"When CF receives a ""Transfer File"" command, if the command-specified is open, CF reject the command.",Open files are in a uncertain state and may change during transfer potential containing erroneous data or cause other undefined behaviors +CF3000.2,CF3000.2, CF3000.3,CF3000.3,"When CF receives a ""Transfer File"" command, if the command-specified file is not found, CF shall reject the command.","For robust and secure operations, command must be validated prior to execution. Provides operational interface as to why the command was not executed." CF3000.4,CF3000.4,"When CF receives a ""Transfer File"" command, if the playback-pending queue is full, CF shall reject the command.","For robust and secure operations, command must be validated prior to execution. Provides operational interface as to why the command was not executed. Filterable is required to avoid multiple events when commands are sequenced." CF3000.5,CF3000.5,"When CF receives a ""Transfer File"" command, if the command-specified playback-channel number is not valid, CF shall reject the command.","For robust and secure operations, command must be validated prior to execution" @@ -33,37 +34,38 @@ CF3005,CF3005,CF shall encapsulate and publish CFDP-PDUs as cFE-SB messages.,CF CF3005.1,CF3005.1,Each CF channel shall have a unique cFE-SB Message ID.,"Playback channels may have different message routes to destination. In cFS, the Message ID provides that routing identifier. Unique cFE-SB Message IDs can avoid data corruption and memory problems. " CF3005.1.1,CF3005.1.1,The CF-channel cFE-SB Message IDs shall be specified in a CF configuration table.,"Run-time configuration table supports ease of deployment, operation maintenance, fault management, and data path configuration." CF3006,CF3006,The PDU output rate shall be controllable from outside the CF Application.,"As a data source in a real-time resourced constrained system, CF must not send more data than the receiver can reliably process or forward" -CF3007,CF3007,"While there are multiple transactions in the playback-pending queue for a given channel, CF shall wait for the ""EOF Sent"" marker on the file currently being played back before starting playback for the next file in the queue. ","Provides predictable file-in-order delivery. This does not imply that the ""EOF Sent"" has been acknowledged by the receiving peer entity. - +CF3007,CF3007,"While there are multiple transactions in the playback-pending queue for a given channel, CF shall wait for the ""EOF Sent"" marker on the file currently being played back before starting playback for the next file in the queue. ","Provides predictable file-in-order delivery. This does not imply that the ""EOF Sent"" has been acknowledged by the receiving peer entity. + Although CCSDS 3.1.2 says ""The CFDP entity shall be implemented such that virtually any number of transactions may be concurrently in various stages of transmission or reception at a single CFDP entity."" this number must be constrained for performance." CF3008,CF3008,"While there is no playback in progress, CF shall check the playback-pending channel queue for files at the configuration-table-defied frequency.",Supports automation of playback queuing CF3009,CF3009,The CF channel playback-pending-queue depth shall be configurable.,Supports recovery of file transfer operations to a known configuration and state CF3010,CF3010,The CF file-transfer history-queue depth shall be configurable.,Operational interface to support user knowledge of which files have been transferred and in what order. CF4000,CF4000,The number of CF channels shall be defined by a CF configuration table.,Table-defined configurations support cFS architecture goals of scalability and reconfiguration of mission variability points CF4000.1,CF4000.1,CF-channel parameters shall be defined by a CF configuration table.,Table-defined configurations support cFS architecture goals of scalability and reconfiguration of mission variability points -CF4000.1.1,CF4000.1.1,"The ""CF Configuration Table"" shall include the following parameters: --- Engine parameter(s) -1. Local entity ID --- Channel parameters (per-channel) -2. Dequeue Enable -3. Transmit PDU MID -4. Receive PDU MID -5. Handshake Semaphore Name -6. Acknowledge timer limit -7. Non-acknowledge timer limit -8. Acknowledge retry limit -9. Non-acknowledge retry limit -10. Inactivity timer limit --- Polling Directory Parameters (per-polling directory) -11. Enable State -12. CFDP Class -13. Priority -14. Source Path -15. Destination Path +CF4000.1.1,CF4000.1.1,"The ""CF Configuration Table"" shall include the following parameters: +-- Engine parameter(s) +1. Local entity ID +-- Channel parameters (per-channel) +2. Dequeue Enable +3. Transmit PDU MID +4. Receive PDU MID +5. Handshake Semaphore Name +6. Acknowledge timer limit +7. Non-acknowledge timer limit +8. Acknowledge retry limit +9. Non-acknowledge retry limit +10. Inactivity timer limit +-- Polling Directory Parameters (per-polling directory) +11. Enable State +12. CFDP Class +13. Priority +14. Source Path +15. Destination Path 16. Peer Entity Id","Engine, channel, and polling directory configuration parameters for operational flexibility." -CF4000.2,CF4000.2,Each CF channel shall have a dedicated and independent pending queue. ,"Playback channels should be independent to avoid one channels from stalling another channel. - +CF4000.2,CF4000.2,Each CF channel shall have a dedicated and independent pending queue. ,"Playback channels should be independent to avoid one channels from stalling another channel. + The channel dictates the SB MsgId / Apid that the playback data PDUs will be generated with. Separate queues also helps when the one channel is throttled - e.g. if there are two channels and one is slow and one is faster, a playback requests to the slow channel may block the faster channel if they shared a single pending queue." +CF4000.3,CF4000.3 CF4001,CF4001,"When CF receives an ""Enable Polling"" command, CF shall enable poll-directory processing.",Operational interface CF4001.1,CF4001.1,CF Polling Directories shall be polled for files at the configuration-table-defined frequency.,Operational interface to support optimization of resource utilization and file transfer bandwidth CF4001.2.1,CF4001.2.1,CF shall send all files in the polling directory at the configuration-table-specified priority level.,Operational interface for resource management @@ -73,30 +75,33 @@ CF5000.1,CF5000.1,"When CF receives a ""Freeze Channel"" command, CF shall pause CF5000.2,CF5000.2,"While a channel is frozen, when a new transaction is received for that channel, CF shall not process that transaction.",A frozen channel cannot receive new transactions CF5001,CF5001,"When CF receives a ""Thaw Channel"" command, CF shall re-enable the command-specified channel.",Operational Interface CF5001.1,CF5001.1,"When CF receives a ""Thaw Channel"" command, CF shall resume processing all paused transactions for the command-specified channel.","Operational interface that resumes all transactions at their current state. (timers, suspend,…) Typical used for contact scheduling" -CF5002,CF5002,"The following parameters shall be configurable by a CF command: -1. CFDP channel Ack-Timer Value (seconds) -2. CFDP channel NAK-Timer Value (seconds) -3. CFDP channel Inactivity-Timeout Value (seconds) -4. CFDP channel Maximum Ack Timeouts (integer counts) -5. CFDP channel Maximum NAK Timeouts (integer counts)","Operational interface to support mission variability and reconfiguration +CF5002,CF5002,"The following parameters shall be configurable by a CF command: +1. CFDP channel Ack-Timer Value (seconds) +2. CFDP channel NAK-Timer Value (seconds) +3. CFDP channel Inactivity-Timeout Value (seconds) +4. CFDP channel Maximum Ack Timeouts (integer counts) +5. CFDP channel Maximum NAK Timeouts (integer counts)","Operational interface to support mission variability and reconfiguration " -CF5002.1,CF5002.1,"The default values for the CFDP channel protocol parameters below shall be defined by a CF Configuration Table: -1. CFDP channel Ack-Timer Value (seconds) -2. CFDP channel NAK-Timer Value (seconds) -3. CFDP channel Inactivity-Timeout Value (seconds) -4. CFDP channel Maximum Ack Timeouts (integer counts) +CF5002.1,CF5002.1,"The default values for the CFDP channel protocol parameters below shall be defined by a CF Configuration Table: +1. CFDP channel Ack-Timer Value (seconds) +2. CFDP channel NAK-Timer Value (seconds) +3. CFDP channel Inactivity-Timeout Value (seconds) +4. CFDP channel Maximum Ack Timeouts (integer counts) 5. CFDP channel Maximum NAK Timeouts (integer counts)",Ensure CF starts in a known and valid operational state CF5002.2,CF5002.2,"When CF receives a ""Set CFDP Channel Protocol Configuration"" command, CF shall set the command-specified parameter to the command-specified value and issue a cFE event message that confirms the change. ",Operational Interface CF5002.3,CF5002.3,"When CF receives a ""Set CFDP Channel Protocol Configuration"" command, if the command-specified parameter is invalid, CF shall reject the command. ",Command validity check for robust operation CF5002.4,CF5002.4,"When CF receives a ""Set CFDP Channel Protocol Configuration"" command, if the command-specified parameter *value* is invalid, CF shall reject the command.",Command validity check for robust operation CF5003,CF5003,"When CF receives a ""Get CFDP Channel-Protocol Configuration Parameter"" command, CF shall issue an event message containing the current value of the command-specified configuration-table parameter.",Operational interface CF5003.1,CF5003.1,"When CF receives a ""Get CFDP Channel-Protocol Configuration Parameter"" command, if the command-specified parameter is invalid, CF shall reject the command. ",Operational robustness +CF5004,CF5004,"When CF receives a ""Get Full CFDP Channel-Protocol Configuration"" command, CF shall publish all CFDP Channel Protocol Configuration parameters to a cFS-SB message. ",Compatibility with cFE App behavior. Message can be downlinked as Housekeeping Data or sent to another app for consumption CF5005,CF5005,"When CF receives a ""Cancel Transaction"" command, CF shall cancel the transaction indicated by the command-specified Entity ID and transaction-sequence number.",Support an operational interface to control transactions. Transaction-Id provides a mechanism to scale to large systems and avoid performance issues with string searches CF5005.1,CF5005.1,"When CF receives a ""Cancel Transaction"" command, if the command-specified transaction is not in progress, CF shall reject the command.",Support an operational interface to provide operator feedback. CF5006,CF5006,"When CF receives an ""Abandon Transaction"" command, CF shall abandon the command-specified transaction.",Support an operational interface to provide operator feedback. CF5006.1,CF5006.1,"When CF receives an ""Abandon Transaction"" command, if the command-specified transaction is not in progress, CF shall reject the command.",Support an operational interface to provide operator feedback. CF5007,CF5007,"When CF receives an ""Abandon All Transactions"" command, CF shall abandon all transactions.",Operational interface that removes transaction state for all active transaction. CF5007.1,CF5007.1,"When CF receives an ""Abandon All Transactions"" command, if there are no transactions in progress, CF shall reject the command.",Support an operational interface to provide operator feedback. +CF5008,CF5008, +CF5008.1,CF5008.1, CF5009,CF5009,"When CF receives a ""Write Active Transactions"" command, CF shall write all active transactions to a file. ",Operational interface supporting operator insight into transfer sequence and state CF5012,CF5012,The CF maximum-uplink PDU size shall be defined and configured at compile time.,Support constraints for security checks and resource utilization. CF5013,CF5013,The CF maximum number of simultaneous per-channel transactions shall be defined and configured at compile time. ,Channel concept extended to allow independent operations when other channels may be blocked due to maximum transactions @@ -116,6 +121,8 @@ CF5020.1,CF5020.1,"When CF receives a ""Purge Queue"" command, if the command-sp CF5020.2,CF5020.2,"When CF receives a ""Purge Queue"" command, if the command-specified channel is not defined, CF shall reject the command. ",Ensure robust operations and provide operator feedback. CF5021,CF5021,"When CF receives a ""Write Queue"" command, CF shall write the command-specified queue's contents to the command-specified file.",Operational interface to allow insight into file transfer order. CF5021.1,CF5021.1,"When CF receives a ""Write Queue"" command, if the command-specified queue is not defined, CF shall reject the command. ",Ensure robust operations and provide operator feedback. +CF5022,CF5022,"When CF receives a ""De-Queue File"" command, CF shall remove the command-specified file from its current queue.",Support an operational interface to provide operator feedback. +CF5022.1,CF5022.1,"When CF receives a ""De-Queue File"" command, if the command-specified file is not found, CF shall reject the command. ",Ensure robust operations and provide operator feedback. CF5023,CF5023,"The maximum number of transmissions, that is, the sum of simultaneous transmit and receive transactions, shall be defined at compile time.",Supports scaling resource use for mission variability CF5024,CF5024,"When CF receives a file-transfer request, if the requested file's size is larger than 2^32 bytes, CF shall reject the request and issue an error event message.",Constrain resources use and exclude implementation complexity of CCSDS Large-file-size header extensions. CFDP-1S-01 CF5025,CF5025,"When CF receives a PDU, if the size of the Entity ID fields are too large for the configured internal storage, CF shall reject the PDU and issue an error event message.",Prevent silent truncation of variable length Entity ID fields in PDU by checking the configured storage size and rejecting PDUs that with an Entity ID field that would be truncated. @@ -126,33 +133,35 @@ CF5030.2,CF5030.2,The highest file-transfer priority level shall be zero.,Standa CF5031,CF5031,CF shall send NAK re-transmissions in the order received at the same priority as the NAK-targeted file,PDU re-transmission priority should be the same as the original request. To not do so would allow a form of priority inversion where a large number of NAKs on a lower priority transfer would suppress re-transmission of higher priority transfers. CF5040,CF5040,"CF shall support CFDP file transfers in ""Unacknowledged""(Class-1) Service Mode.","Basic file transfer function. Unacknowledged Mode, also called unreliable mode, is used for non-critical data or operations without bi-directional data paths." CF5041,CF5041,"CF shall support CFDP file transfer in ""Acknowledged"" (Class-2) Service, Mode.","Basic file transfer function. Acknowledged Mode, also called reliable mode, is used for critical data and/or operations with bi-directional data paths." -CF6000,CF6000,"The CF Housekeeping message shall include -1. Command Counter -2. Command Error Counter --- Per-Channel HouseKeeping Entries -4. Number of transactions on the various queues -5. Frozen Status -6. Number of Valid PDUs Received -7. Number of Receive-Transaction Errors -8. Number of Sent PDUs -9. Number of Acknowledge Retry Limit Exceeded Faults -10. Number of Non-Acknowledge Retry Limit Exceeded Faults -11. Number of Inactivity Timer-Limit Faults -12. Number of CRC Mismatch Faults -13. Number of Filestore Rejection Faults (can be split by type) +CF6000,CF6000,"The CF Housekeeping message shall include +1. Command Counter +2. Command Error Counter +-- Per-Channel HouseKeeping Entries +4. Number of transactions on the various queues +5. Frozen Status +6. Number of Valid PDUs Received +7. Number of Receive-Transaction Errors +8. Number of Sent PDUs +9. Number of Acknowledge Retry Limit Exceeded Faults +10. Number of Non-Acknowledge Retry Limit Exceeded Faults +11. Number of Inactivity Timer-Limit Faults +12. Number of CRC Mismatch Faults +13. Number of Filestore Rejection Faults (can be split by type) 14. Number of Filesize Mismatch Faults",Operator interface that provides detailed status on operational state -CF6001,CF6001,"The CF End of Transaction message shall include -1. Transaction identifier -2. Channel number -3. Direction of transaction -4. Filenames associated with transaction -5. Transaction state -6. Condition code -7. Source EID of transaction -8. Peer EID of transaction -9. File size +CF6001,CF6001,"The CF End of Transaction message shall include +1. Transaction identifier +2. Channel number +3. Direction of transaction +4. Filenames associated with transaction +5. Transaction state +6. Condition code +7. Source EID of transaction +8. Peer EID of transaction +9. File size 10. CRC state",Operator interface that provides detailed information on transaction CF6001.1,CF6001.1,"When a transaction terminates, CF shall generate an End of Transaction information packet",Operational awareness of transaction closure and potential automation of follow-on actions +CF6001.2,CF6001.2,"If a transaction has reached the FIN or EOF state, the CF End of Transaction message Condition Code shall be set to the CFDP condition code for that transaction.", +CF6001.3,CF6001.3,"If the transaction has not reached the FIN or EOF state, the CF End of Transaction message Condition Code shall indicate why the transaction stopped early.", CF7000,CF7000,"When CF is initialized, CF shall initialize the the housekeeping counters/numbers to zero and the frozen status as ""thawed"".",All variable must be set to a known valid state on initialization to support reliable functioning CF7001,CF7001,"When CF is initialized, CF shall load valid CF Configuration Tables.",All variables must be set to a known valid state on initialization to support reliable functioning. Table interface supports operational reconfiguration of CF functions. CF7001.1,CF7001.1,"If a CF Configuration Table fails validation, CF shall issue an error cFE event message and exit.",Support constraints for security checks and resource utilization. Without a valid configuration CF can not initialize to a functional state.