Subject: Re: IEEE 802.11 PHY receive using GNU Radio and modified tap(4)
To: None <tech-net@netbsd.org, gdt@ir.bbn.com, dsumorok@bbn.com,>
From: Vivek raghunathan <vivek.raghunathan@gmail.com>
List: tech-net
Date: 08/07/2006 12:50:39
All,

As I had mentioned in the last email, we have a working implementation
of IEEE 802.11 receive on GNU Radio, and have been able to
successfully decode and inject 802.11 frames into a NetBSD kernel. I
forgot to include a link to our GNU Radio sources in that email. All
of our GNU Radio development is on our public development server at
http://acert.ir.bbn.com/cvs/?group=adroitgrdevel

The IEEE 802.11 receive stuff is in adroitgrdevel/gr-bbn/src/examples/.
A readme file in the directory describes how to run the receiver.
There are currently two python scripts that take the same arguments
that can be used for receiving 802.11 packets.  One script just prints
out information about received packets (The other one currently sends
packets to the Linux tap driver, which does not support 802.11 mode.
Do not use this script.)

In order to inject 802.11 frames into the kernel, you'll need to use
NetBSD and our modified NetBSD tap(4) kernel interface. We are
currently in the process of cleaning up this code to integrate it back
into NetBSD-current. The current "bleeding edge" version of the code
is on our public server at
http://acert.ir.bbn.com/cvs/?group=netbsd and can be found in
netbsd/src/sys/net/if_tap.{c,h}.

-Vivek


On 8/3/06, Vivek raghunathan <vivek.raghunathan@gmail.com> wrote:
> Hello all,
>
> As part of the ADROIT project at BBN Technologies, we have been working
> on getting GNU Radio to be able to receive and decode physical layer
> IEEE 802.11 frames
> and inject these decoded frames into the NetBSD networking stack at
> the appropriate net80211 entry point.
>
> As of now, our IEEE 802.11 PHY receive extensions to GNU Radio are
> successfully receiving and
> decoding IEEE 802.11 frames at the base rate (1 Mbps).  The 802.11
> module is capable of demodulating 1 and 2 Mbps packets when the 1 Mbps
> PLCP header is used (sometimes referred to as "long preamble" mode). The
> code seems to max out a 1.6 GHz Mobile Pentium.  To receive the packets,
> the (GNU Radio) USRP device is programmed to produce 8-bit samples (8
> bits for I and 8 bits
> for Q) at 8 mega samples per second.  This means we are looking at about
> a 4 MHz (baseband) bandwidth.  Although the 802.11 signals are 11
> (baseband) MHz wide, there is apparently enough energy in the 4 MHz we
> are looking at to receive some 1 Mbps packets, and once in a while
> receive a 2 Mbps packet.  To save processor resources, the receiver does
> not do any phase or frequency synchronization.  The receiver is composed
> of five blocks - an FIR filter, a time synchronizer block (which I call
> slicer), a demodulator block, a de-scrambler block, and a "PLCP" block.
>   The FIR filter attempts to de-spread the Barker code. The processor spends
> more time on this block than any other block.  The slicer tries to find
> the peaks of the filter output and produces samples at the symbol rate
> (1 mega symbols/sec).  The demodulator simultaneously demodulates at 1
> Mbps (differential BPSK) and 2 Mbps (differential QPSK).  There no time
> or frequency synchronization.  The de-scrambler reverses the 802.11
> scrambling operation.   And, finally, the "PLCP" block runs the receive
> state machine.  It looks for a preamble, verifies the physical layer
> header, and verifies the data frame checksum.  If everything checks out,
> a small header is prepended to the packet, the frame checksum is
> stripped off, and the packet is forwarded up.  The RSSI is calculated in
> the demodulator block.  It averages the energy from 128 successive
> samples (output from the slicer), and converts to dB.
>
> To support the injection of IEEE 802.11 frames from (GNU Radio) user-space into
> kernel-space, we have extended the tap(4) interface to support IEEE
> 802.11 frames in addition to the standard Ethernet mode. It is possible
> to use BPF on this tap(4) interface using three different link types:
> 1. DLT_EN10MB: Ethernet header
> 2. DLT_IEEE802_11: IEEE 802.11 header
> 3. DLT_IEEE802_11_RADIO: IEEE 802.11 header + radiotap header for
> meta-data using one of three DLT types
>
> Currently, IEEE 802.11 frames received and decoded by GNURadio are written to a
> file. A separate user-space program reads these frames from the file and
> injects them into the NetBSD kernel using the modified tap(4) driver. Receive
> meta-data from GNU Radio is pushed into kernel-space in the form of a radio-tap
> header in DLT_IEEE802_11_RADIO format.
>
> I am appending a sample capture of 802.11 received frames using tcpdump
> on the extended tap(4) interface with link type set to
> DLT_IEEE802_11_RADIO. The first 28 bytes of every packet in the dump
> file is the radiotap header, followed by the IEEE 802.11 header, and the
> payload. The radiotap header is:
>
> struct tap_rx_radiotap_header {
> struct ieee80211_radiotap_header wr_ihdr;
> u_int64_t    wr_tsf;  // currently bogus, filled with rx timestamp from GNURadio
> u_int8_t    wr_flags; // 0
> u_int8_t    wr_rate; // from GnuRadio
> u_int16_t    wr_chan_freq; // from GnuRadio
> u_int16_t    wr_chan_flags; // 0
> u_int8_t    wr_antenna; // 0
> u_int8_t    wr_antsignal; // from GnuRadio
> u_int8_t    wr_antnoise; // currently fixed at -100
> };
>
> Note that our GNU Radio IEEE 802.11 receive code currently reports
> signal strength  in dB with respect to an arbitrary baseline. We haven't
> yet calibrated this to dBm. Note that DLT_IEEE802_11_RADIO expects
> signal strength and noise to
> be 1 byte unsigned numbers - thus, 234dB reported by tcpdump is really
> -20dB from the GNURadio IEEE 802.11 receive code.
>
>
> -Vivek (vraghuna@bbn.com, vivek.raghunathan@gmail.com)
> -Daniel Sumorok (dsumorok@bbn.com)
>
> 22:57:22.380382 27093352us tsft 1.0 Mb/s 2437 MHz antenna 0 234dB
> signal 156dB noise Beacon (GnuRadio) [1.0* 2.0* 5.5* 11.0* Mbit] ESS
> CH: 6
>         0x0000:  009e 1c00 0f38 0000 6869 9d01 0000 0000  .....8..hi......
>         0x0010:  0002 8509 0000 00ea 9cea bfbf 8000 0000  ................
>         0x0020:  ffff ffff ffff 0016 b647 0d10 0016 b647  .........G.....G
>         0x0030:  0d10 007a 8791 0924 b901 0000 6400 0100  ...z...$....d...
>         0x0040:  0008 476e 7552 6164 696f 0104 8284 8b96  ..GnuRadio......
>         0x0050:  0301 0605 0400 0100 00dd 0600 1018 0201  ................
>         0x0060:  f4                                       .
> 22:57:22.380608 27195784us tsft 1.0 Mb/s 2437 MHz antenna 0 238dB
> signal 156dB noise Beacon (GnuRadio) [1.0* 2.0* 5.5* 11.0* Mbit] ESS
> CH: 6
>         0x0000:  009e 1c00 0f38 0000 88f9 9e01 0000 0000  .....8..........
>         0x0010:  0002 8509 0000 00ee 9cea bfbf 8000 0000  ................
>         0x0020:  ffff ffff ffff 0016 b647 0d10 0016 b647  .........G.....G
>         0x0030:  0d10 107a 8321 0b24 b901 0000 6400 0100  ...z.!.$....d...
>         0x0040:  0008 476e 7552 6164 696f 0104 8284 8b96  ..GnuRadio......
>         0x0050:  0301 0605 0400 0100 00dd 0600 1018 0201  ................
>         0x0060:  f4                                       .
> 22:57:22.381206 27707816us tsft 1.0 Mb/s 2437 MHz antenna 0 235dB
> signal 156dB noise Beacon (GnuRadio) [1.0* 2.0* 5.5* 11.0* Mbit] ESS
> CH: 6
>         0x0000:  009e 1c00 0f38 0000 a8c9 a601 0000 0000  .....8..........
>         0x0010:  0002 8509 0000 00eb 9cea bfbf 8000 0000  ................
>         0x0020:  ffff ffff ffff 0016 b647 0d10 0016 b647  .........G.....G
>         0x0030:  0d10 707a 8bf1 1224 b901 0000 6400 0100  ..pz...$....d...
>         0x0040:  0008 476e 7552 6164 696f 0104 8284 8b96  ..GnuRadio......
>         0x0050:  0301 0605 0400 0100 00dd 0600 1018 0201  ................
>         0x0060:  f4                                       .
> 22:57:22.381376 28629352us tsft 1.0 Mb/s 2437 MHz antenna 0 234dB
> signal 156dB noise Beacon (GnuRadio) [1.0* 2.0* 5.5* 11.0* Mbit] ESS
> CH: 6
>         0x0000:  009e 1c00 0f38 0000 68d9 b401 0000 0000  .....8..h.......
>         0x0010:  0002 8509 0000 00ea 9cea bfbf 8000 0000  ................
>         0x0020:  ffff ffff ffff 0016 b647 0d10 0016 b647  .........G.....G
>         0x0030:  0d10 007b 8401 2124 b901 0000 6400 0100  ...{..!$....d...
>         0x0040:  0008 476e 7552 6164 696f 0104 8284 8b96  ..GnuRadio......
>         0x0050:  0301 0605 0400 0100 00dd 0600 1018 0201  ................
>         0x0060:  f4                                       .
> 22:57:22.381543 28731800us tsft 1.0 Mb/s 2437 MHz antenna 0 234dB
> signal 156dB noise Beacon (GnuRadio) [1.0* 2.0* 5.5* 11.0* Mbit] ESS
> CH: 6
>         0x0000:  009e 1c00 0f38 0000 9869 b601 0000 0000  .....8...i......
>         0x0010:  0002 8509 0000 00ea 9cea bfbf 8000 0000  ................
>         0x0020:  ffff ffff ffff 0016 b647 0d10 0016 b647  .........G.....G
>         0x0030:  0d10 207b 8b91 2224 b901 0000 6400 0100  ...{.."$....d...
>         0x0040:  0008 476e 7552 6164 696f 0104 8284 8b96  ..GnuRadio......
>         0x0050:  0301 0605 0400 0100 00dd 0600 1018 0201  ................
>         0x0060:  f4                                       .
> 22:57:22.381711 29038992us tsft 1.0 Mb/s 2437 MHz antenna 0 238dB
> signal 156dB noise Beacon (GnuRadio) [1.0* 2.0* 5.5* 11.0* Mbit] ESS
> CH: 6
>         0x0000:  009e 1c00 0f38 0000 9019 bb01 0000 0000  .....8..........
>         0x0010:  0002 8509 0000 00ee 9cea bfbf 8000 0000  ................
>         0x0020:  ffff ffff ffff 0016 b647 0d10 0016 b647  .........G.....G
>         0x0030:  0d10 507b 8441 2724 b901 0000 6400 0100  ..P{.A'$....d...
>         0x0040:  0008 476e 7552 6164 696f 0104 8284 8b96  ..GnuRadio......
>         0x0050:  0301 0605 0400 0100 00dd 0600 1018 0201  ................
>         0x0060:  f4                                       .
> 22:57:22.381880 29653432us tsft 1.0 Mb/s 2437 MHz antenna 0 235dB
> signal 156dB noise Beacon (GnuRadio) [1.0* 2.0* 5.5* 11.0* Mbit] ESS
> CH: 6
>         0x0000:  009e 1c00 0f38 0000 b879 c401 0000 0000  .....8...y......
>         0x0010:  0002 8509 0000 00eb 9cea bfbf 8000 0000  ................
>         0x0020:  ffff ffff ffff 0016 b647 0d10 0016 b647  .........G.....G
>         0x0030:  0d10 b07b 86a1 3024 b901 0000 6400 0100  ...{..0$....d...
>         0x0040:  0008 476e 7552 6164 696f 0104 8284 8b96  ..GnuRadio......
>         0x0050:  0301 0605 0400 0100 00dd 0600 1018 0201  ................
>         0x0060:  f4                                       .
> 22:57:22.382335 36718872us tsft 1.0 Mb/s 2437 MHz antenna 0 234dB
> signal 156dB noise Beacon (GnuRadio) [1.0* 2.0* 5.5* 11.0* Mbit] ESS
> CH: 6
>         0x0000:  009e 1c00 0f38 0000 1849 3002 0000 0000  .....8...I0.....
>         0x0010:  0002 8509 0000 00ea 9cea bfbf 8000 0000  ................
>         0x0020:  ffff ffff ffff 0016 b647 0d10 0016 b647  .........G.....G
>         0x0030:  0d10 0082 8771 9c24 b901 0000 6400 0100  .....q.$....d...
>         0x0040:  0008 476e 7552 6164 696f 0104 8284 8b96  ..GnuRadio......
>         0x0050:  0301 0605 0400 0100 00dd 0600 1018 0201  ................
>         0x0060:  f4                                       .
> 22:57:22.382504 39483712us tsft 1.0 Mb/s 2437 MHz antenna 0 233dB
> signal 156dB noise Beacon (GnuRadio) [1.0* 2.0* 5.5* 11.0* Mbit] ESS
> CH: 6
>         0x0000:  009e 1c00 0f38 0000 4079 5a02 0000 0000  .....8..@yZ.....
>         0x0010:  0002 8509 0000 00e9 9cea bfbf 8000 0000  ................
>         0x0020:  ffff ffff ffff 0016 b647 0d10 0016 b647  .........G.....G
>         0x0030:  0d10 d083 84a1 c624 b901 0000 6400 0100  .......$....d...
>         0x0040:  0008 476e 7552 6164 696f 0104 8284 8b96  ..GnuRadio......
>         0x0050:  0301 0605 0400 0100 00dd 0600 1018 0201  ................
>         0x0060:  f4                                       .
>
>
>
>
> --
>
> ---
>
> *************************************
> Vivek Raghunathan,
> PhD student,
> University of Illinois, Urbana-Champaign
>
> Summer Intern,
> Internetwork Research Group,
> BBN Technologies.
>
> Contact Details:
> 1012 W. Clark St #31,
> Urbana IL 61801
>
> ph: 217-766-1868 (cell)
>     217-333-7541 (off)
>


-- 

---

*************************************
Vivek Raghunathan,
PhD student,
University of Illinois, Urbana-Champaign

Contact Details:
1012 W. Clark St #31,
Urbana IL 61801

ph: 217-766-1868 (cell)
    217-333-7541 (off)