3.1.3) MAVLink Filter

Overview

The MAVLink filter is one of the fundamental safety pieces for the AERPAW vehicles. The fundamental approach for vehicle control in AERPAW is that the experimenter can do any control moves with the vehicle as long as they pass the MAVLink filter filtering criteria. The main reason for implementing a filter is that MAVLink is extremely powerful to the point where an experimenter could take control away from the safety pilot and stop all the motors in mid-flight. Obviously, allowing this level of control is excessive and violates the FAA Part 107 rules.

The MAVLink Filter is interposed between the vehicle control application and the vehicle autopilot. In the direction from the autopilot to the vehicle control application (the blue arrow shown in the figure), none of the status messages are filtered out. On the contrary, the commands from the vehicle control application to the autopilot are severely limited.

Filtering Criteria

The filter limits the types of commands allowed, as well as imposing movement restrictions on the vehicles.

Commands

The set of commands allowed is different for drones and for rovers:

Rovers

Rovers are allowed to:

Navigate to a specified waypoint (latitude, longitude)
Change the yaw angle (specified in degrees, clockwise, with respect to true North).
Change the mode to GUIDED (used for movement or changing the yaw angle)

Drones

Drones are allowed to:

Navigate to a specified waypoint (latitude, longitude, altitude)
Change the yaw angle (specified in degrees, clockwise, with respect to true North).
Takeoff at a specified altitude. The specified altitude has to be between the minimum and maximum altitudes. The altitude is specified in meters with respect to ground level (AGL).
Change the drone mode to GUIDED, or LAND

Movement Restrictions

Similar to the case of commands, drones and rovers have different sets of movement restrictions:

Rovers

Each movement from a rover has to:

Stay entirely in the geofenced area.
Stay entirely out of a no-go zone.

Drones

Each movement from a drone has to:

Stay entirely in the geofenced area.
Stay entirely out of a no-go zone.
Stay at an altitude higher than MIN_ALT (20M) and lower than MAX_ALT (100m)

Other Restrictions

If any of the conditions above is violated, the MAVLink filter stops any subsequent commands from reaching the autopilot, and it further informs the operator experiment oversight (OEO) system of the violation, leading to an experiment abort.

Furthermore, the MAVLink filter is monitoring the change of modes at the vehicle. If the mode of the vehicle changes for any other reason than a command from the vehicle script, the MAVLink filter also aborts the experiment (and prevents subsequent commands to the autopilot). This allows for an immediate override by the pilot at any time during the experiment, or a automatic failsafe event (e.g., low battery, loss of GPS lock, etc.).