Subject: IEEE 802.11 PHY receive using GNU Radio and modified tap(4)
To: None <tech-net@netbsd.org, gdt@ir.bbn.com, dsumorok@bbn.com,>
From: Vivek raghunathan <vivek.raghunathan@gmail.com>
List: tech-net
Date: 08/03/2006 20:03:45
Hello all,

As part of the ADROIT project at BBN Technologies, we have been working
on getting GNU Radio to be able to receive and decode physical layer
IEEE 802.11 frames
and inject these decoded frames into the NetBSD networking stack at
the appropriate net80211 entry point.

As of now, our IEEE 802.11 PHY receive extensions to GNU Radio are
successfully receiving and
decoding IEEE 802.11 frames at the base rate (1 Mbps).  The 802.11
module is capable of demodulating 1 and 2 Mbps packets when the 1 Mbps
PLCP header is used (sometimes referred to as "long preamble" mode). The
code seems to max out a 1.6 GHz Mobile Pentium.  To receive the packets,
the (GNU Radio) USRP device is programmed to produce 8-bit samples (8
bits for I and 8 bits
for Q) at 8 mega samples per second.  This means we are looking at about
a 4 MHz (baseband) bandwidth.  Although the 802.11 signals are 11
(baseband) MHz wide, there is apparently enough energy in the 4 MHz we
are looking at to receive some 1 Mbps packets, and once in a while
receive a 2 Mbps packet.  To save processor resources, the receiver does
not do any phase or frequency synchronization.  The receiver is composed
of five blocks - an FIR filter, a time synchronizer block (which I call
slicer), a demodulator block, a de-scrambler block, and a "PLCP" block.
  The FIR filter attempts to de-spread the Barker code. The processor spends
more time on this block than any other block.  The slicer tries to find
the peaks of the filter output and produces samples at the symbol rate
(1 mega symbols/sec).  The demodulator simultaneously demodulates at 1
Mbps (differential BPSK) and 2 Mbps (differential QPSK).  There no time
or frequency synchronization.  The de-scrambler reverses the 802.11
scrambling operation.   And, finally, the "PLCP" block runs the receive
state machine.  It looks for a preamble, verifies the physical layer
header, and verifies the data frame checksum.  If everything checks out,
a small header is prepended to the packet, the frame checksum is
stripped off, and the packet is forwarded up.  The RSSI is calculated in
the demodulator block.  It averages the energy from 128 successive
samples (output from the slicer), and converts to dB.

To support the injection of IEEE 802.11 frames from (GNU Radio) user-space into
kernel-space, we have extended the tap(4) interface to support IEEE
802.11 frames in addition to the standard Ethernet mode. It is possible
to use BPF on this tap(4) interface using three different link types:
1. DLT_EN10MB: Ethernet header
2. DLT_IEEE802_11: IEEE 802.11 header
3. DLT_IEEE802_11_RADIO: IEEE 802.11 header + radiotap header for
meta-data using one of three DLT types

Currently, IEEE 802.11 frames received and decoded by GNURadio are written to a
file. A separate user-space program reads these frames from the file and
injects them into the NetBSD kernel using the modified tap(4) driver. Receive
meta-data from GNU Radio is pushed into kernel-space in the form of a radio-tap
header in DLT_IEEE802_11_RADIO format.

I am appending a sample capture of 802.11 received frames using tcpdump
on the extended tap(4) interface with link type set to
DLT_IEEE802_11_RADIO. The first 28 bytes of every packet in the dump
file is the radiotap header, followed by the IEEE 802.11 header, and the
payload. The radiotap header is:

struct tap_rx_radiotap_header {
struct ieee80211_radiotap_header wr_ihdr;
u_int64_t    wr_tsf;  // currently bogus, filled with rx timestamp from GNURadio
u_int8_t    wr_flags; // 0
u_int8_t    wr_rate; // from GnuRadio
u_int16_t    wr_chan_freq; // from GnuRadio
u_int16_t    wr_chan_flags; // 0
u_int8_t    wr_antenna; // 0
u_int8_t    wr_antsignal; // from GnuRadio
u_int8_t    wr_antnoise; // currently fixed at -100
};

Note that our GNU Radio IEEE 802.11 receive code currently reports
signal strength  in dB with respect to an arbitrary baseline. We haven't
yet calibrated this to dBm. Note that DLT_IEEE802_11_RADIO expects
signal strength and noise to
be 1 byte unsigned numbers - thus, 234dB reported by tcpdump is really
-20dB from the GNURadio IEEE 802.11 receive code.


-Vivek (vraghuna@bbn.com, vivek.raghunathan@gmail.com)
-Daniel Sumorok (dsumorok@bbn.com)

22:57:22.380382 27093352us tsft 1.0 Mb/s 2437 MHz antenna 0 234dB
signal 156dB noise Beacon (GnuRadio) [1.0* 2.0* 5.5* 11.0* Mbit] ESS
CH: 6
        0x0000:  009e 1c00 0f38 0000 6869 9d01 0000 0000  .....8..hi......
        0x0010:  0002 8509 0000 00ea 9cea bfbf 8000 0000  ................
        0x0020:  ffff ffff ffff 0016 b647 0d10 0016 b647  .........G.....G
        0x0030:  0d10 007a 8791 0924 b901 0000 6400 0100  ...z...$....d...
        0x0040:  0008 476e 7552 6164 696f 0104 8284 8b96  ..GnuRadio......
        0x0050:  0301 0605 0400 0100 00dd 0600 1018 0201  ................
        0x0060:  f4                                       .
22:57:22.380608 27195784us tsft 1.0 Mb/s 2437 MHz antenna 0 238dB
signal 156dB noise Beacon (GnuRadio) [1.0* 2.0* 5.5* 11.0* Mbit] ESS
CH: 6
        0x0000:  009e 1c00 0f38 0000 88f9 9e01 0000 0000  .....8..........
        0x0010:  0002 8509 0000 00ee 9cea bfbf 8000 0000  ................
        0x0020:  ffff ffff ffff 0016 b647 0d10 0016 b647  .........G.....G
        0x0030:  0d10 107a 8321 0b24 b901 0000 6400 0100  ...z.!.$....d...
        0x0040:  0008 476e 7552 6164 696f 0104 8284 8b96  ..GnuRadio......
        0x0050:  0301 0605 0400 0100 00dd 0600 1018 0201  ................
        0x0060:  f4                                       .
22:57:22.381206 27707816us tsft 1.0 Mb/s 2437 MHz antenna 0 235dB
signal 156dB noise Beacon (GnuRadio) [1.0* 2.0* 5.5* 11.0* Mbit] ESS
CH: 6
        0x0000:  009e 1c00 0f38 0000 a8c9 a601 0000 0000  .....8..........
        0x0010:  0002 8509 0000 00eb 9cea bfbf 8000 0000  ................
        0x0020:  ffff ffff ffff 0016 b647 0d10 0016 b647  .........G.....G
        0x0030:  0d10 707a 8bf1 1224 b901 0000 6400 0100  ..pz...$....d...
        0x0040:  0008 476e 7552 6164 696f 0104 8284 8b96  ..GnuRadio......
        0x0050:  0301 0605 0400 0100 00dd 0600 1018 0201  ................
        0x0060:  f4                                       .
22:57:22.381376 28629352us tsft 1.0 Mb/s 2437 MHz antenna 0 234dB
signal 156dB noise Beacon (GnuRadio) [1.0* 2.0* 5.5* 11.0* Mbit] ESS
CH: 6
        0x0000:  009e 1c00 0f38 0000 68d9 b401 0000 0000  .....8..h.......
        0x0010:  0002 8509 0000 00ea 9cea bfbf 8000 0000  ................
        0x0020:  ffff ffff ffff 0016 b647 0d10 0016 b647  .........G.....G
        0x0030:  0d10 007b 8401 2124 b901 0000 6400 0100  ...{..!$....d...
        0x0040:  0008 476e 7552 6164 696f 0104 8284 8b96  ..GnuRadio......
        0x0050:  0301 0605 0400 0100 00dd 0600 1018 0201  ................
        0x0060:  f4                                       .
22:57:22.381543 28731800us tsft 1.0 Mb/s 2437 MHz antenna 0 234dB
signal 156dB noise Beacon (GnuRadio) [1.0* 2.0* 5.5* 11.0* Mbit] ESS
CH: 6
        0x0000:  009e 1c00 0f38 0000 9869 b601 0000 0000  .....8...i......
        0x0010:  0002 8509 0000 00ea 9cea bfbf 8000 0000  ................
        0x0020:  ffff ffff ffff 0016 b647 0d10 0016 b647  .........G.....G
        0x0030:  0d10 207b 8b91 2224 b901 0000 6400 0100  ...{.."$....d...
        0x0040:  0008 476e 7552 6164 696f 0104 8284 8b96  ..GnuRadio......
        0x0050:  0301 0605 0400 0100 00dd 0600 1018 0201  ................
        0x0060:  f4                                       .
22:57:22.381711 29038992us tsft 1.0 Mb/s 2437 MHz antenna 0 238dB
signal 156dB noise Beacon (GnuRadio) [1.0* 2.0* 5.5* 11.0* Mbit] ESS
CH: 6
        0x0000:  009e 1c00 0f38 0000 9019 bb01 0000 0000  .....8..........
        0x0010:  0002 8509 0000 00ee 9cea bfbf 8000 0000  ................
        0x0020:  ffff ffff ffff 0016 b647 0d10 0016 b647  .........G.....G
        0x0030:  0d10 507b 8441 2724 b901 0000 6400 0100  ..P{.A'$....d...
        0x0040:  0008 476e 7552 6164 696f 0104 8284 8b96  ..GnuRadio......
        0x0050:  0301 0605 0400 0100 00dd 0600 1018 0201  ................
        0x0060:  f4                                       .
22:57:22.381880 29653432us tsft 1.0 Mb/s 2437 MHz antenna 0 235dB
signal 156dB noise Beacon (GnuRadio) [1.0* 2.0* 5.5* 11.0* Mbit] ESS
CH: 6
        0x0000:  009e 1c00 0f38 0000 b879 c401 0000 0000  .....8...y......
        0x0010:  0002 8509 0000 00eb 9cea bfbf 8000 0000  ................
        0x0020:  ffff ffff ffff 0016 b647 0d10 0016 b647  .........G.....G
        0x0030:  0d10 b07b 86a1 3024 b901 0000 6400 0100  ...{..0$....d...
        0x0040:  0008 476e 7552 6164 696f 0104 8284 8b96  ..GnuRadio......
        0x0050:  0301 0605 0400 0100 00dd 0600 1018 0201  ................
        0x0060:  f4                                       .
22:57:22.382335 36718872us tsft 1.0 Mb/s 2437 MHz antenna 0 234dB
signal 156dB noise Beacon (GnuRadio) [1.0* 2.0* 5.5* 11.0* Mbit] ESS
CH: 6
        0x0000:  009e 1c00 0f38 0000 1849 3002 0000 0000  .....8...I0.....
        0x0010:  0002 8509 0000 00ea 9cea bfbf 8000 0000  ................
        0x0020:  ffff ffff ffff 0016 b647 0d10 0016 b647  .........G.....G
        0x0030:  0d10 0082 8771 9c24 b901 0000 6400 0100  .....q.$....d...
        0x0040:  0008 476e 7552 6164 696f 0104 8284 8b96  ..GnuRadio......
        0x0050:  0301 0605 0400 0100 00dd 0600 1018 0201  ................
        0x0060:  f4                                       .
22:57:22.382504 39483712us tsft 1.0 Mb/s 2437 MHz antenna 0 233dB
signal 156dB noise Beacon (GnuRadio) [1.0* 2.0* 5.5* 11.0* Mbit] ESS
CH: 6
        0x0000:  009e 1c00 0f38 0000 4079 5a02 0000 0000  .....8..@yZ.....
        0x0010:  0002 8509 0000 00e9 9cea bfbf 8000 0000  ................
        0x0020:  ffff ffff ffff 0016 b647 0d10 0016 b647  .........G.....G
        0x0030:  0d10 d083 84a1 c624 b901 0000 6400 0100  .......$....d...
        0x0040:  0008 476e 7552 6164 696f 0104 8284 8b96  ..GnuRadio......
        0x0050:  0301 0605 0400 0100 00dd 0600 1018 0201  ................
        0x0060:  f4                                       .




-- 

---

*************************************
Vivek Raghunathan,
PhD student,
University of Illinois, Urbana-Champaign

Summer Intern,
Internetwork Research Group,
BBN Technologies.

Contact Details:
1012 W. Clark St #31,
Urbana IL 61801

ph: 217-766-1868 (cell)
    217-333-7541 (off)