From 82161c4199d112aedae5fb4ec2d3f191ff387e4c Mon Sep 17 00:00:00 2001 From: Mikhail Zakharov Date: Thu, 13 Feb 2020 11:06:42 -0500 Subject: [PATCH 1/7] check for NULL pointer --- src/csi_extractor.c | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/src/csi_extractor.c b/src/csi_extractor.c index 7ab6816..20338b1 100644 --- a/src/csi_extractor.c +++ b/src/csi_extractor.c @@ -155,6 +155,9 @@ create_new_csi_frame(struct wl_info *wl, uint16 csiconf, int length) struct osl_info *osh = wl->wlc->osh; // create new csi udp frame p_csi = pkt_buf_get_skb(osh, sizeof(struct csi_udp_frame) + length); + if (p_csi == 0) { + return; + } // fill header struct csi_udp_frame *udpfrm = (struct csi_udp_frame *) p_csi->data; // add magic bytes, csi config and chanspec to new udp frame @@ -195,6 +198,10 @@ process_frame_hook(struct sk_buff *p, struct wlc_d11rxhdr *wlc_rxhdr, struct wlc pkt_buf_free_skb(osh, p_csi, 0); } create_new_csi_frame(wl, csiconf, missing * CSIDATA_PER_CHUNK); + if (p_csi == 0) { + printf("unable to allocate csi frame\n"); + pkt_buf_free_skb(osh, p, 0); + } missing_csi_frames = missing; inserted_csi_values = 0; } @@ -325,3 +332,7 @@ __attribute__((at(0x210F60, "", CHIP_VER_BCM43455c0, FW_VER_7_45_189))) __attribute__((at(0x1F6802, "", CHIP_VER_BCM4358, FW_VER_7_112_300_14))) __attribute__((at(0x2F4332, "", CHIP_VER_BCM4366c0, FW_VER_10_10_122_20))) GenericPatch1(hwrxoff_pktget, (RXE_RXHDR_LEN * 2) + RXE_RXHDR_EXTRA + 2); + +//Workaround to skip AMSDU frames. https://github.com/seemoo-lab/nexmon/issues/280#issuecomment-516731866 +__attribute__((at(0x1B6B02, "", CHIP_VER_BCM43455c0,FW_VER_7_45_189))) +BPatch(wlc_monitor_amsdu_patch, 0x1B6B1E); From 18339e5c2c7b14296141939b639bbc68aeb5ece8 Mon Sep 17 00:00:00 2001 From: mzakharo Date: Mon, 18 May 2020 17:31:25 -0400 Subject: [PATCH 2/7] add missing return --- src/csi_extractor.c | 1 + 1 file changed, 1 insertion(+) diff --git a/src/csi_extractor.c b/src/csi_extractor.c index 20338b1..22a487c 100644 --- a/src/csi_extractor.c +++ b/src/csi_extractor.c @@ -201,6 +201,7 @@ process_frame_hook(struct sk_buff *p, struct wlc_d11rxhdr *wlc_rxhdr, struct wlc if (p_csi == 0) { printf("unable to allocate csi frame\n"); pkt_buf_free_skb(osh, p, 0); + return; } missing_csi_frames = missing; inserted_csi_values = 0; From c74d78bdad6594c09a5effae430954428879ff55 Mon Sep 17 00:00:00 2001 From: Mikhail Zakharov Date: Mon, 15 Jun 2020 09:24:36 -0400 Subject: [PATCH 3/7] fix Q/I to I/Q order for Raspberry PI/Nexus 5 --- src/csi_extractor.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/csi_extractor.c b/src/csi_extractor.c index 22a487c..6785f0c 100644 --- a/src/csi_extractor.c +++ b/src/csi_extractor.c @@ -228,9 +228,9 @@ process_frame_hook(struct sk_buff *p, struct wlc_d11rxhdr *wlc_rxhdr, struct wlc // convert to int16 real, int16 imag struct int14 sint14; sint14.val = (ucodecsifrm->csi[i] >> 14) & 0x3fff; - udpfrm->csi_values[inserted_csi_values] = (uint32)((int16)(sint14.val)<<16); + udpfrm->csi_values[inserted_csi_values] = (uint32)((int16)(sint14.val)) & 0xffff; sint14.val = ucodecsifrm->csi[i] & 0x3fff; - udpfrm->csi_values[inserted_csi_values] |= ((uint32)((int16)(sint14.val)))&0xffff; + udpfrm->csi_values[inserted_csi_values] |= ((uint32)((int16)(sint14.val))) << 16; #elif ((NEXMON_CHIP == CHIP_VER_BCM4358) || (NEXMON_CHIP == CHIP_VER_BCM4366c0)) // csi format // for bcm4358: From 7e3f9f720e1eb12ef11afd855515981d5a3b715b Mon Sep 17 00:00:00 2001 From: Mikhail Zakharov Date: Mon, 15 Jun 2020 10:57:10 -0400 Subject: [PATCH 4/7] add RSSI for all platforms and Frame Control (supporting Raspberry PI only for now) --- src/csi.ucode.bcm43455c0.7_45_189.patch | 3 ++- src/csi_extractor.c | 11 +++++++++-- 2 files changed, 11 insertions(+), 3 deletions(-) diff --git a/src/csi.ucode.bcm43455c0.7_45_189.patch b/src/csi.ucode.bcm43455c0.7_45_189.patch index aad6a69..fb8d8a6 100644 --- a/src/csi.ucode.bcm43455c0.7_45_189.patch +++ b/src/csi.ucode.bcm43455c0.7_45_189.patch @@ -283,7 +283,7 @@ --- > orx 0, 2, 0x1, [RX_HDR_RxStatus1], [RX_HDR_RxStatus1] > orx 0, 1, 0x0, [RX_HDR_RxStatus2], [RX_HDR_RxStatus2] -4158a4291,4378 +4158a4291,4379 > je DUMP_CSI, 0, csi_end+ > #define ACPHY_TBL_ID_CORE0CHANESTTBL 73 > #define ACPHY_TBL_ID_CORE1CHANESTTBL 105 @@ -359,6 +359,7 @@ > mov [SRC_MAC_CACHE_1], [1,off5] > mov [SRC_MAC_CACHE_2], [2,off5] > mov [SEQ_NUM_CACHE], [3,off5] +> and [3,off1], 0xff, [4,off5] > not_last_chunk_skip_mac: > mov RX_HDR_BASE + RXE_RXHDR_LEN, SPR_RXE_RXHDR_OFFSET > calls L900 diff --git a/src/csi_extractor.c b/src/csi_extractor.c index 6785f0c..a3a2a99 100644 --- a/src/csi_extractor.c +++ b/src/csi_extractor.c @@ -134,7 +134,9 @@ struct wlc_d11rxhdr { struct csi_udp_frame { struct ethernet_ip_udp_header hdrs; - uint32 kk1; + uint16 kk1; + int8 rssi; + uint8 fc; //frame control uint8 SrcMac[6]; uint16 seqCnt; uint16 csiconf; @@ -148,6 +150,7 @@ struct int14 {signed int val:14;} __attribute__((packed)); uint16 missing_csi_frames = 0; uint16 inserted_csi_values = 0; struct sk_buff *p_csi = 0; +int8 last_rssi = 0; void create_new_csi_frame(struct wl_info *wl, uint16 csiconf, int length) @@ -161,7 +164,9 @@ create_new_csi_frame(struct wl_info *wl, uint16 csiconf, int length) // fill header struct csi_udp_frame *udpfrm = (struct csi_udp_frame *) p_csi->data; // add magic bytes, csi config and chanspec to new udp frame - udpfrm->kk1 = 0x11111111; + udpfrm->kk1 = 0x1111; + udpfrm->rssi = last_rssi; + udpfrm->fc = 0; udpfrm->seqCnt = 0; udpfrm->csiconf = csiconf; udpfrm->chanspec = get_chanspec(wl->wlc); @@ -253,6 +258,7 @@ process_frame_hook(struct sk_buff *p, struct wlc_d11rxhdr *wlc_rxhdr, struct wlc #else memcpy(udpfrm->SrcMac, &(ucodecsifrm->csi[tones]), sizeof(udpfrm->SrcMac)); // last csifrm also contains SrcMac udpfrm->seqCnt = *((uint16*)(&(ucodecsifrm->csi[tones]))+(sizeof(udpfrm->SrcMac)>>1)); // last csifrm also contains seqN + udpfrm->fc = (*((uint16*)(&(ucodecsifrm->csi[tones]))+(sizeof(udpfrm->SrcMac)>>1)+1)); // last csifrm also contains frame control field #endif p_csi->len = sizeof(struct csi_udp_frame) + inserted_csi_values * sizeof(uint32); skb_pull(p_csi, sizeof(struct ethernet_ip_udp_header)); @@ -266,6 +272,7 @@ process_frame_hook(struct sk_buff *p, struct wlc_d11rxhdr *wlc_rxhdr, struct wlc wlc_rxhdr->tsf_l = tsf_l; wlc_phy_rssi_compute(wlc_hw->band->pi, wlc_rxhdr); + last_rssi = wlc_rxhdr->rssi; wlc_recv(wlc_hw->wlc, p); } From b79d935c846fbae6ab9b28eafe8416358671feb3 Mon Sep 17 00:00:00 2001 From: Mikhail Zakharov Date: Mon, 15 Jun 2020 11:17:04 -0400 Subject: [PATCH 5/7] add phy bits --- src/csi_extractor.c | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/src/csi_extractor.c b/src/csi_extractor.c index a3a2a99..772e1ac 100644 --- a/src/csi_extractor.c +++ b/src/csi_extractor.c @@ -151,6 +151,7 @@ uint16 missing_csi_frames = 0; uint16 inserted_csi_values = 0; struct sk_buff *p_csi = 0; int8 last_rssi = 0; +uint16 phystatus[6] = {0,0,0,0, 0, 0}; void create_new_csi_frame(struct wl_info *wl, uint16 csiconf, int length) @@ -260,6 +261,12 @@ process_frame_hook(struct sk_buff *p, struct wlc_d11rxhdr *wlc_rxhdr, struct wlc udpfrm->seqCnt = *((uint16*)(&(ucodecsifrm->csi[tones]))+(sizeof(udpfrm->SrcMac)>>1)); // last csifrm also contains seqN udpfrm->fc = (*((uint16*)(&(ucodecsifrm->csi[tones]))+(sizeof(udpfrm->SrcMac)>>1)+1)); // last csifrm also contains frame control field #endif + uint8 bw = (udpfrm->chanspec & 0x3800) >> 11; + //BW 2 (20Mhz) -> payload 28:36 are unused (tested on BCM4358 (Nexus 6P) and BCM43455c0 (Raspberry PI)) + uint8 offset = (bw == 2) ? 28 : 0; + //Description of the bits: https://github.com/MerlinRdev/86u-merlin/blob/master/release/src-rt-5.02hnd/bcmdrivers/broadcom/net/wl/impl51/4365/src/include/d11.h#L2935 + memcpy(&udpfrm->csi_values[offset], phystatus, sizeof(phystatus)); + p_csi->len = sizeof(struct csi_udp_frame) + inserted_csi_values * sizeof(uint32); skb_pull(p_csi, sizeof(struct ethernet_ip_udp_header)); prepend_ethernet_ipv4_udp_header(p_csi); @@ -273,6 +280,8 @@ process_frame_hook(struct sk_buff *p, struct wlc_d11rxhdr *wlc_rxhdr, struct wlc wlc_rxhdr->tsf_l = tsf_l; wlc_phy_rssi_compute(wlc_hw->band->pi, wlc_rxhdr); last_rssi = wlc_rxhdr->rssi; + struct d11rxhdr * rxh = &wlc_rxhdr->rxhdr; + memcpy(phystatus, &rxh->PhyRxStatus_0, sizeof(phystatus)); wlc_recv(wlc_hw->wlc, p); } From 86100269992156c36872f22c071860c199e67713 Mon Sep 17 00:00:00 2001 From: Mikhail Zakharov Date: Mon, 15 Jun 2020 16:04:58 -0400 Subject: [PATCH 6/7] add gitignore --- .gitignore | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..99c9aab --- /dev/null +++ b/.gitignore @@ -0,0 +1,17 @@ +/BUILD_NUMBER +*.o.cmd +*.ko.cmd +.tmp* + +*.o +modules.order +Module.symvers +*.ko +*.mod.c +/gen +/log +/obj/ +/src/*.asm +/src/ucode_compressed.c +/*-sdio.bin +*.swp From a9d2a2fb5d93b555d53fa8cea2756280345103fd Mon Sep 17 00:00:00 2001 From: Mikhail Zakharov Date: Mon, 15 Jun 2020 18:43:57 -0400 Subject: [PATCH 7/7] disable autoscale -> conflicts with phybits extraction --- utils/matlab/unpack_float.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/utils/matlab/unpack_float.c b/utils/matlab/unpack_float.c index 6e59de8..4a21e51 100644 --- a/utils/matlab/unpack_float.c +++ b/utils/matlab/unpack_float.c @@ -114,9 +114,9 @@ void mexFunction(int nlhs, mxArray *plhs[], plhs[0] = mxCreateNumericMatrix((*nfftp)<<1, 1, mxINT32_CLASS, mxREAL); Hout = (int32_T*)mxGetPr(plhs[0]); if (*formatp == 0) { - unpack_float_acphy(10, 1, 0, 1, 9, 5, *nfftp, H, Hout); + unpack_float_acphy(10, 0, 0, 1, 9, 5, *nfftp, H, Hout); } else if (*formatp == 1) { - unpack_float_acphy(10, 1, 0, 1, 12, 6, *nfftp, H, Hout); + unpack_float_acphy(10, 0, 0, 1, 12, 6, *nfftp, H, Hout); } else { mexErrMsgIdAndTxt("NexmonCSI:unpack_float:format", "format can only be 0 or 1.");