Merge branch 'master' into pre-release

README.md

@@ -73,7 +73,7 @@ zcu102_9371|[Xilinx ZCU102 board](https://www.xilinx.com/products/boards-and-kit
 [[Application notes](doc/app_notes/README.md)]
 
 ## Quick start
-- Burn openwifi board specific img file (from the table) into a SD card ("Open With Disk Image Writer". Or "dd" command after unzip). The SD card has two partitions: BOOT and rootfs. You need to config the **correct files in the BOOT partition** according to the **board you have** by operation on your computer: 
+- Restore openwifi board specific img file (from the table) into a SD card. To do this, program "Disks" in Ubuntu can be used (Install: "sudo apt install gnome-disk-utility"). After restoring, the SD card should have two partitions: BOOT and rootfs. You need to config the **correct files in the BOOT partition** according to the **board you have** by operation on your computer: 
   - Copy files in **openwifi/board_name** to the base directory of BOOT partition.
   - Copy **openwifi/zynqmp-common/Image** (zcu102 board) or **openwifi/zynq-common/uImage** (other boards) to the base directory of BOOT partition
 - Connect two antennas to RXA/TXA ports. Config the board to SD card boot mode (check the board manual). Insert the SD card to the board. Power on. 
@@ -122,11 +122,13 @@ The board actually is an Linux/Ubuntu computer which is running **hostapd** to o
 
 Since the pre-built SD card image might not have the latest bug-fixes/updates, it is recommended to update the fpga bitstream on board.
 
-- Install Vivado/SDK 2018.3 (If you don't need to generate new FPGA bitstream, WebPack version without license is enough)
+- Install Vivado/SDK 2018.3 (Vivado Design Suite - HLx Editions - 2018.3 Full Product Installation. If you don't need to generate new FPGA bitstream, WebPack version without license is enough)
 - Setup environment variables (use absolute path):
   ```
-  export XILINX_DIR=your_Xilinx_directory
+  export XILINX_DIR=your_Xilinx_install_directory
+  (Example: export XILINX_DIR=/opt/Xilinx. The Xilinx directory should include sth like: Downloads, SDK, Vivado, xic)
   export OPENWIFI_HW_DIR=your_openwifi-hw_directory
+  (The directory where you store the open-sdr/openwifi-hw repo via git clone)
   export BOARD_NAME=your_board_name
   ```
 - Pick the FPGA bitstream from openwifi-hw, and generate BOOT.BIN and transfer it on board via ssh channel:
@@ -181,7 +183,7 @@ Since the pre-built SD card image might not have the latest bug-fixes/updates, i
 ## Easy Access and etc
 
 - FPGA and driver on board update scripts
-  - Setup [ftp server](https://help.ubuntu.com/lts/serverguide/ftp-server.html) on PC, allow anonymous and change ftp root directory to the openwifi directory.
+  - Setup [ftp server](https://ubuntu.com/server/docs/service-ftp) on PC, allow anonymous and change ftp root directory to the openwifi directory.
   - On board:
   ```
   ./sdcard_boot_update.sh $BOARD_NAME
@@ -198,7 +200,7 @@ Since the pre-built SD card image might not have the latest bug-fixes/updates, i
 - Insert the SD card to your Linux PC. Find out the mount point (that has two sub directories BOOT and rootfs), and setup environment variables (use absolute path):
   ```
   export SDCARD_DIR=sdcard_mount_point
-  export XILINX_DIR=your_Xilinx_directory
+  export XILINX_DIR=your_Xilinx_install_directory
   export OPENWIFI_HW_DIR=your_openwifi-hw_directory
   export BOARD_NAME=your_board_name
   ```

doc/app_notes/README.md

@@ -10,8 +10,10 @@ Application notes collect many small topics about using openwifi in different sc
 - [Communication between two SDR boards under AP and client mode](ap-client-two-sdr.md)
 - [Communication between two SDR boards under ad-hoc mode](ad-hoc-two-sdr.md)
 - [From CSI (Channel State Information) to CSI (Chip State Information)](csi.md)
+- [WiFi CSI radar via self CSI capturing](radar-self-csi.md)
 - [Capture IQ sample, AGC gain, RSSI with many types of trigger condition](iq.md)
 - [Capture dual antenna TX/RX IQ for multi-purpose (capture collision)](iq_2ant.md)
+- [WiFi packet and IQ sample self loopback test (over-the-air and FPGA internal)](packet-iq-self-loopback-test.md)
 - [IEEE 802.11n (Wi-Fi 4)](ieee80211n.md)
 - [802.11 packet injection and fuzzing](inject_80211.md)
 - [CSI fuzzer](csi_fuzzer.md)

doc/app_notes/iq.md

@@ -7,6 +7,8 @@ SPDX-License-Identifier: AGPL-3.0-or-later
 
 We implement the **IQ sample capture** with interesting extensions: many **trigger conditions**; **RSSI**, RF chip **AGC** **status (lock/unlock)** and **gain**.
 
+(By default, openwifi Rx baseband is muted during self Tx, to unmute Rx baseband and capture self Tx signal you need to run "./sdrctl dev sdr0 set reg xpu 1 1" after the test running)
+
 ## Quick start
 - Power on the SDR board.
 - Connect a computer to the SDR board via Ethernet cable. The computer should have static IP 192.168.10.1. Open a terminal on the computer, and then in the terminal:

doc/app_notes/iq_2ant.md

@@ -7,6 +7,8 @@ SPDX-License-Identifier: AGPL-3.0-or-later
 
 Instead of [**normal IQ sample capture**](iq.md), this app note introduces how to enable the I/Q capture for dual antennas. Besides the I/Q from the main antenna (that is selected by baseband), the I/Q samples from the other antenna (monitoring antenna) is captured as well (coherently synchronized) in this dual antenna mode. You are suggested to read the [**normal IQ sample capture**](iq.md) to understand how we use the side channel to capture I/Q samples by different trigger conditions.
 
+(By default, openwifi Rx baseband is muted during self Tx, to unmute Rx baseband and capture self Tx signal you need to run "./sdrctl dev sdr0 set reg xpu 1 1" after the test running)
+
 This feature also support capturing TX I/Q (loopback) to test the baseband transmitter.
 
 - [[Quick start for collision capture](#Quick-start-for-collision-capture)]

doc/app_notes/packet-iq-self-loopback-test.md

@@ -0,0 +1,115 @@
+<!--
+Author: Xianjun Jiao
+SPDX-FileCopyrightText: 2022 UGent
+SPDX-License-Identifier: AGPL-3.0-or-later
+-->
+
+One super power of the openwifi platform is "**Full Duplex**" which means that openwifi baseband can receive its own TX signal.
+This makes the IQ sample and WiFi packet self loopback test possible. Reading the normal IQ sample capture [app note](iq.md) will help if you have issue or 
+want to understand openwifi side channel (for IQ and CSI) deeper.
+![](./openwifi-loopback-principle.jpg)
+
+[[IQ self loopback quick start](#IQ-self-loopback-quick-start)]
+[[Check the packet loopback on board](#Check-the-packet-loopback-on-board)]
+[[Self loopback config](#Self-loopback-config)]
+
+## IQ self loopback quick start
+(Please replace the IQ length **8187** by **4095** if you use low end FPGA board: zedboard/adrv9464z7020/antsdr/zc702)
+- Power on the SDR board.
+- Put the Tx and Rx antenna as close as possible.
+- Connect a computer to the SDR board via Ethernet cable. The computer should have static IP 192.168.10.1. Open a terminal on the computer, and then in the terminal:
+  ```
+  ssh root@192.168.10.122
+  (password: openwifi)
+  cd openwifi
+  ./wgd.sh
+  (Bring up the openwifi NIC sdr0)
+  ./monitor_ch.sh sdr0 44
+  (Setup monitor mode in WiFi channel 44. You should find a channel as clean as possible in your location)
+  insmod side_ch.ko iq_len_init=8187
+  ./side_ch_ctl wh11d0
+  (Set 0 to register 11. It means the pre trigger length is 0, so we only capture IQ after trigger condition is met)
+  ./side_ch_ctl wh8d16
+  (Set 16 to register 8 -- set trigger condition to phy_tx_started signal from openofdm tx core)
+  ./sdrctl dev sdr0 set reg xpu 1 1
+  (Unmute the baseband self-receiving to receive openwifi own TX signal/packet -- important for self loopback!)
+  ./side_ch_ctl wh5h0
+  (Set the loopback mode to over-the-air)
+  ./side_ch_ctl g0
+  (Relay the FPGA IQ capture to the host computer that will show the captured IQ later on)
+  ```
+  You should see on outputs like:
+  ```
+  loop 22848 side info count 0
+  loop 22912 side info count 0
+  ...
+  ```
+  Now the count is always 0, because we haven't instructed openwifi to send packet for loopback test.
+  
+- Leave above ssh session untouched. Open a new ssh session to the board from your computer. Then run on board:
+  ```
+  cd openwifi/inject_80211/
+  make
+  (Build our example packet injection program)
+  ./inject_80211 -m n -r 5 -n 1 sdr0
+  (Inject one packet to openwifi sdr0 NIC)
+  ```
+  Normally in the previous ssh session, the count becomes 1. It means one packet (of IQ sample) is sent and captured via loopback over the air.
+
+- On your computer (NOT ssh onboard!), run:
+  ```
+  cd openwifi/user_space/side_ch_ctl_src
+  python3 iq_capture.py 8187
+  ```
+  You might need to install beforehand: "sudo apt install python3-numpy", and "sudo apt install python3-matplotlib".
+  
+- Leave the above host session untouched. Let's go to the second ssh session (packet injection), and do single packet Tx again:
+  ```
+  ./inject_80211 -m n -r 5 -n 1 sdr0
+  ```
+  Normally in the 1st ssh session, the count becomes 2. You should also see IQ sample capture figures like this:
+  ![](./openwifi-iq-loopback.jpg)
+  
+- Stop the python3 script, which plots above, in the host session. A file **iq.txt** is generated. You can use the Matlab script test_iq_file_display.m 
+to do further offline analysis, or feed the IQ sample to the openwifi receiver simulation, etc.
+
+## Check the packet loopback on board
+
+- While signal/packet is looped back, you can capture it on board via normal sniffer program for further check/analysis on the packet (bit/byte level instead of IQ level), such as tcpdump or tshark.
+  A new ssh session to the board should be opened to do this before running the packet injection:
+  ```
+  tcpdump -i sdr0
+  ```
+  Run the packet injection "./inject_80211 -m n -r 5 -n 1 sdr0" in another session, you should see the packet information printed by tcpdump from self over-the-air loopback.
+  
+- You can also see the openwifi printk message of Rx packet (self Tx looped back) while the packet comes to the openwifi Rx interrupt.
+  A new ssh session to the board should be opened to do this before running the packet injection:
+  ```
+  cd openwifi
+  ./sdrctl dev sdr0 set reg drv_rx 7 7
+  ./sdrctl dev sdr0 set reg drv_tx 7 7
+  (Turn on the openwifi Tx/Rx printk logging)
+  ```
+  Stop the "./side_ch_ctl g0" in the very first ssh session. Run the packet injection, then check the printk message:
+  ```
+  ./inject_80211/inject_80211 -m n -r 5 -n 1 sdr0
+  dmesg
+  ```
+  You should see the printk message of packet Tx and Rx from the openwifi driver (sdr.c).
+
+## Self loopback config
+
+- By default, the loopback is via the air (from Tx antenna to Rx antenna). FPGA inernal loopback option is offered to have IQ sample and packet without 
+  any interference. To have FPGA internal loopback, replace the "./side_ch_ctl wh5h0" during setup (the very 1st ssh session) by:
+  ```
+  ./side_ch_ctl wh5h4
+  ```
+- Lots of packet injection parameters can be set: number of packet, type (data/control/management), MCS/rate, size, interval, etc. Please run the packet injection
+  program without any arguments to see the help.
+  
+- Besides the packet Tx via injection over monitor mode for loopback test, normal WiFi mode (AP/Client/ad-hoc) can also run together with self loopback. 
+  For instance, run **fosdem.sh** instead of **wgd.sh** to setup an openwifi AP that will transmit beacons. The wgd.sh can also be replaced with other scenario
+  setup scripts. Please check [Application notes](README.md)
+
+- To understand deeper of all above commands/settings, please refer to [Capture IQ sample, AGC gain, RSSI with many types of trigger condition](iq.md) and
+  [Capture dual antenna TX/RX IQ for multi-purpose (capture collision)](iq_2ant.md)

doc/app_notes/radar-self-csi.md

@@ -0,0 +1,51 @@
+<!--
+Author: Xianjun jiao
+SPDX-FileCopyrightText: 2019 UGent
+SPDX-License-Identifier: AGPL-3.0-or-later
+-->
+
+One super power of the openwifi platform is "**Full Duplex**" which means that openwifi baseband can receive its own TX signal. Just like a radar! This brings a unique capability of "**joint radar and communication**" to openwifi. For instance, put two directional antennas to openwifi TX and RX, and the **CSI** (Channel State Information) of the self-TX signal will refect the change of the target object.
+ ![](./openwifi-radar.jpg)
+
+## Quick start
+- Power on the SDR board.
+- Connect a computer to the SDR board via Ethernet cable. The computer should have static IP 192.168.10.1. Open a terminal on the computer, and then in the terminal:
+  ```
+  ssh root@192.168.10.122
+  (password: openwifi)
+  cd openwifi
+  ./fosdem.sh
+  (After the AP started by above command, you can connect a WiFi client to this openwifi AP)
+  (Or setup other scenario according to your requirement)
+  ./ifconfig
+  (Write down the openwifi AP MAC address. For example 66:55:44:33:22:5a)
+  insmod side_ch.ko num_eq_init=0
+  ./side_ch_ctl wh1h4001
+  ./side_ch_ctl wh7h4433225a
+  (Above two commands ensure receiving CSI only from XX:XX:44:33:22:5a. In this case, it is the openwifi self-TX)
+  ./sdrctl dev sdr0 set reg xpu 1 1
+  (Above unmute the baseband self-receiving to receive openwifi own TX signal/packet)
+  ./side_ch_ctl g0
+  ```
+  You should see on board outputs like:
+  ```
+  loop 64 side info count 4
+  loop 128 side info count 5
+  ...
+  ```
+  If the second number (4, 5, ...) keeps increasing, that means the CSI is going to the computer smoothly.
+  
+- On your computer (NOT ssh onboard!), run:
+  ```
+  cd openwifi/user_space/side_ch_ctl_src
+  python3 side_info_display.py 0
+  ```
+  The python script needs "matplotlib.pyplot" and "numpy" packages installed. Now you should see figures showing run-time **CSI** and **frequency offset**. Meanwhile the python script prints the **timestamp**.
+  ![](./csi-screen-shot-radar.jpg)
+  
+  While running, all CSI data is also stored into a file **side_info.txt**. A matlab script **test_side_info_file_display.m** is offered to help you do CSI analysis offline. In this case, run **test_side_info_file_display(0)** in Matlab.
+  ![](./csi-screen-shot-radar-matlab.jpg)
+  
+Please learn the python and Matlab script for CSI data structure per packet according to your requirement.
+  
+Do read the [normal CSI app note](csi.md) to understand the basic implementation architecture.

doc/publications.md

@@ -9,21 +9,22 @@ If your work uses openwifi, please cite the first VTC2020 openwifi paper: [LaTex
 You can also cite openwifi github code: [LaTex example](cite-openwifi-github-code.md).
 
 Other openwifi related publications:
-- [VTC2020 spring Antwerp. openwifi: a free and open-source IEEE802.11 SDR implementation on SoC](https://www.orca-project.eu/wp-content/uploads/sites/4/2020/03/openwifi-vtc-antwerp-PID1249076.pdf)
-- [ORCA project opencall: CSI MURDER](https://ans.unibs.it/projects/csi-murder/)
-- [ELSEVIER Computer Networks, 2021. IEEE 802.11 CSI randomization to preserve location privacy: An empirical evaluation in different scenarios](https://www.sciencedirect.com/science/article/abs/pii/S138912862100102X)
-- [ICIT2021. Enabling TSN over IEEE 802.11: Low-overhead Time Synchronization for Wi-Fi Clients](https://biblio.ugent.be/publication/8700714/file/8700715.pdf)
-- [ACM WiSec 2021. Openwifi CSI fuzzer for authorized sensing and covert channels](https://dl.acm.org/doi/pdf/10.1145/3448300.3468255)
-- [Microwaves&RF, 2021. Wireless Time-Sensitive Networks: When Every Microsecond Counts](https://www.mwrf.com/technologies/systems/article/21164984/wireless-timesensitive-networks-when-every-microsecond-counts)
-- [CNERT2021. High precision time synchronization on Wi-Fi based multi-hop network](https://biblio.ugent.be/publication/8709058/file/8709060.pdf)
-- [Blackhat asia 2021, OWFuzz: WiFi Protocol Fuzzing Tool Based on OpenWiFi](https://www.blackhat.com/asia-21/arsenal/schedule/#owfuzz-wifi-protocol-fuzzing-tool-based-on-openwifi-22569), [[**code**]](https://github.com/alipay/Owfuzz)
-- [UGent master thesis 2021. The initial 802.11n 2*2 MIMO and diversity (CSD/Combining) work by Cedric Den Haese](https://users.ugent.be/~xjiao/Cedric_Den_Haese_masterproef.pdf)
-- [UGent master thesis 2021. IEEE 802.11 Physical Layer Fuzzing Using OpenWifi by Steven Heijse](https://users.ugent.be/~xjiao/Steven_Heijse_masterproef.pdf)
-- [Interoperable Time-Sensitive Networking Towards 6G (invited presentation)](https://biblio.ugent.be/publication/8719532/file/8719533.pdf)
-- [Arxiv. A Just-In-Time Networking Framework for Minimizing Request-Response Latency of Wireless Time-Sensitive Applications](https://arxiv.org/abs/2109.03032)
-- [Wireless Personal Communications (2021). Bringing Time-Sensitive Networking to Wireless Professional Private Networks](https://link.springer.com/article/10.1007/s11277-021-09056-0)
-- [MethodsX. A novel method for utilizing RF information from IEEE 802.11 frames in Software Defined Networks](https://www.sciencedirect.com/science/article/pii/S2215016121003368)
-- [IEEE Transactions on Industrial Informatics. Hardware Efficient Clock Synchronization across Wi-Fi and Ethernet Based Network Using PTP](https://ieeexplore.ieee.org/document/9573364)
-- [INFOCOM 2022. ChARM: NextG Spectrum Sharing Through Data-Driven Real-Time O-RAN Dynamic Control](https://ece.northeastern.edu/wineslab/papers/BaldesiInfocom22.pdf)
+- [Xianjun Jiao, et al. openwifi: a free and open-source IEEE802.11 SDR implementation on SoC. VTC2020 spring Antwerp](https://www.orca-project.eu/wp-content/uploads/sites/4/2020/03/openwifi-vtc-antwerp-PID1249076.pdf)
+- [Marco Cominelli, et al. CSI MURDER. ORCA project opencall 2019](https://ans.unibs.it/projects/csi-murder/)
+- [Marco Cominelli, et al. IEEE 802.11 CSI randomization to preserve location privacy: An empirical evaluation in different scenarios. ELSEVIER Computer Networks, 2021](https://www.sciencedirect.com/science/article/abs/pii/S138912862100102X)
+- [Jetmir Haxhibeqiri, et al. Enabling TSN over IEEE 802.11: Low-overhead Time Synchronization for Wi-Fi Clients. ICIT2021](https://biblio.ugent.be/publication/8700714/file/8700715.pdf)
+- [Xianjun Jiao, et al. Openwifi CSI fuzzer for authorized sensing and covert channels. ACM WiSec 2021](https://dl.acm.org/doi/pdf/10.1145/3448300.3468255)
+- [Ingrid Moerman, et al. Wireless Time-Sensitive Networks: When Every Microsecond Counts. Microwaves&RF, 2021](https://www.mwrf.com/technologies/systems/article/21164984/wireless-timesensitive-networks-when-every-microsecond-counts)
+- [Muhammad Aslam, et al. High precision time synchronization on Wi-Fi based multi-hop network. CNERT2021](https://biblio.ugent.be/publication/8709058/file/8709060.pdf)
+- [Hongjian Cao, et al. OWFuzz: WiFi Protocol Fuzzing Tool Based on OpenWiFi. Blackhat asia 2021](https://www.blackhat.com/asia-21/arsenal/schedule/#owfuzz-wifi-protocol-fuzzing-tool-based-on-openwifi-22569), [[**code**]](https://github.com/alipay/Owfuzz)
+- [Cedric Den Haese, The initial 802.11n 2*2 MIMO and diversity (CSD/Combining) work. UGent master thesis 2021](https://users.ugent.be/~xjiao/Cedric_Den_Haese_masterproef.pdf)
+- [Steven Heijse, IEEE 802.11 Physical Layer Fuzzing Using OpenWifi. UGent master thesis 2021](https://users.ugent.be/~xjiao/Steven_Heijse_masterproef.pdf)
+- [Ingrid Moerman, et al. Interoperable Time-Sensitive Networking Towards 6G (invited presentation)](https://biblio.ugent.be/publication/8719532/file/8719533.pdf)
+- [Lihao Zhang, et al. A Just-In-Time Networking Framework for Minimizing Request-Response Latency of Wireless Time-Sensitive Applications. Arxiv 2021](https://arxiv.org/abs/2109.03032)
+- [Jetmir Haxhibeqiri, et al. Bringing Time-Sensitive Networking to Wireless Professional Private Networks. Wireless Personal Communications 2021](https://link.springer.com/article/10.1007/s11277-021-09056-0)
+- [Paul Zanna, et al. A novel method for utilizing RF information from IEEE 802.11 frames in Software Defined Networks. MethodsX 2021](https://www.sciencedirect.com/science/article/pii/S2215016121003368)
+- [Muhammad Aslam, et al. Hardware Efficient Clock Synchronization across Wi-Fi and Ethernet Based Network Using PTP. IEEE Transactions on Industrial Informatics 2021](https://ieeexplore.ieee.org/document/9573364)
+- [Luca Baldesi, et al. ChARM: NextG Spectrum Sharing Through Data-Driven Real-Time O-RAN Dynamic Control. INFOCOM 2022](https://ece.northeastern.edu/wineslab/papers/BaldesiInfocom22.pdf)
+- [Zelin Yun, et al. RT-WiFi on Software-Defined Radio: Design and Implementation. accepted RTAS2022 paper and demo](https://arxiv.org/abs/2203.10390)
 
 **Openwifi was born in ORCA project (EU's Horizon2020 programme under agreement number 732174).**

doc/videos.md

@@ -2,9 +2,10 @@
 - FOSDEM2020 presentation [[Youtube](https://youtu.be/Mq48cGthk7M)], [[link for CHN user](https://www.zhihu.com/zvideo/1280673506397425664)]
 - Low latency for gaming and general introduction [[Youtube](https://youtu.be/Notn9X482LI)], [[link for CHN user](https://www.zhihu.com/zvideo/1273823153371385856)]
 - CSI (Channel State Information) [[Youtube](https://youtu.be/DanB1ClVamU)], [[link for CHN user](https://www.zhihu.com/zvideo/1297662571618148352)]
-- FOSDEM2021 presentation [[Flash back](https://twitter.com/jxjputaoshu/status/1358462741703491584?s=20)], [[link for CHN user](https://www.zhihu.com/zvideo/1340748826311974912)]; [[Presentation](https://mirror.as35701.net/video.fosdem.org/2021/D.radio/fsr_openwifi_opensource_wifi_chip.webm)], [[link for CHN user](https://www.zhihu.com/zvideo/1345036055104360448)]
+- FOSDEM2021 presentation [[Flash back](https://twitter.com/jxjputaoshu/status/1358462741703491584?s=20)], [[link for CHN user](https://www.zhihu.com/zvideo/1340748826311974912)]; [[Presentation](https://video.fosdem.org/2021/D.radio/fsr_openwifi_opensource_wifi_chip.webm)], [[link for CHN user](https://www.zhihu.com/zvideo/1345036055104360448)]
 - FSF Libreplanet 2021 presentation [[Official](https://media.libreplanet.org/u/libreplanet/m/openwifi-project-the-dawn-of-the-free-libre-wifi-chip/)], [[LinuxReviews](https://linuxreviews.org/Openwifi_project:_The_dawn_of_the_free/libre_WiFi_chip)], [[link for CHN user](https://www.zhihu.com/zvideo/1373649688906883072)]
 - Openwifi industrial real-time high reliable low latency applications (EU Horizon 2020 SHOP4CF project) [[Youtube](https://youtu.be/p7zkkdMvPNc)], [[link for CHN user](https://www.zhihu.com/zvideo/1378413483944538113)]
 - CSI fuzzer [[Youtube](https://youtu.be/aOPYwT77Qdw)], [[link for CHN user](https://www.zhihu.com/zvideo/1378409348163506177)]
 - NGI zero, nlnet online session on future of European open hardware [[Session](https://nlnet.nl/news/2021/20210507-NGI-Zero-workshop-open-hardware.html)], [[Original record](https://archive.org/details/ngiforum-open-hardware-workshop-ngizero)], [[Youtube](https://youtu.be/m9Tw5VuHAfk)], [[link for CHN user](https://www.zhihu.com/zvideo/1379302398096285696)]
 - High Precision Time Synchronization on Wi-Fi based Multi-Hop Network [[Youtube](https://youtu.be/m5ryRArbdC8)], [[link for CHN user](https://www.zhihu.com/zvideo/1418222775224492032)]
+- FOSDEM2022 presentation [[Presentation](https://video.fosdem.org/2022/D.radio/radio_openwifi.webm)], [[link for CHN user](https://www.bilibili.com/video/BV12b4y1j7YK?share_source=copy_web)]

user_space/inject_80211/inject_80211.c

@@ -24,6 +24,9 @@
 #include "inject_80211.h"
 #include "radiotap.h"
 
+#define BUF_SIZE_MAX   (1536)
+#define BUF_SIZE_TOTAL (BUF_SIZE_MAX+1) // +1 in case the sprintf insert the last 0
+
 /* wifi bitrate to use in 500kHz units */
 static const u8 u8aRatesToUse[] = {
 	6*2,
@@ -58,15 +61,37 @@ static const u8 u8aRadiotapHeader[] =
 #define MCS_RATE_OFFSET 0x1b
 
 /* IEEE80211 header */
-static const u8 ieee_hdr[] =
+static u8 ieee_hdr_data[] =
 {
-	0x08, 0x01, 0x00, 0x00,             // FC 0x0801. 0--subtype; 8--type&version; 01--toDS1 fromDS0 (data packet to DS)
+	0x08, 0x02, 0x00, 0x00,             // FC 0x0801. 0--subtype; 8--type&version; 02--toDS0 fromDS1 (data packet from DS to STA)
 	0x66, 0x55, 0x44, 0x33, 0x22, 0x11, // BSSID/MAC of AP
 	0x66, 0x55, 0x44, 0x33, 0x22, 0x22, // Source address (STA)
 	0x66, 0x55, 0x44, 0x33, 0x22, 0x33, // Destination address (another STA under the same AP)
 	0x10, 0x86,                         // 0--fragment number; 0x861=2145--sequence number
 };
 
+static u8 ieee_hdr_mgmt[] =
+{
+	0x00, 0x00, 0x00, 0x00,             // FC 0x0000. 0--subtype; 0--type&version; 
+	0x66, 0x55, 0x44, 0x33, 0x22, 0x11, // BSSID/MAC of AP
+	0x66, 0x55, 0x44, 0x33, 0x22, 0x22, // Source address (STA)
+	0x66, 0x55, 0x44, 0x33, 0x22, 0x33, // Destination address (another STA under the same AP)
+	0x10, 0x86,                         // 0--fragment number; 0x861=2145--sequence number
+};
+
+static u8 ieee_hdr_ack_cts[] =
+{
+	0xd4, 0x00, 0x00, 0x00,             // FC 0xd400. d--subtype; 4--type&version;
+	0x66, 0x55, 0x44, 0x33, 0x22, 0x11, // mac addr of the peer
+};
+
+static u8 ieee_hdr_rts[] =
+{
+	0xb4, 0x00, 0x00, 0x00,             // FC 0xb400. b--subtype; 4--type&version;
+	0x66, 0x55, 0x44, 0x33, 0x22, 0x11, // mac addr of the peer
+	0x66, 0x55, 0x44, 0x33, 0x22, 0x22, // mac addr of the peer
+};
+
 // Generate random string
 void gen_rand_str(int size, char *rand_char)
 {
@@ -97,11 +122,19 @@ void usage(void)
 {
 	printf(
 	    "(c)2006-2007 Andy Green <andy@warmcat.com>  Licensed under GPL2\n"
-		"(r)2020 Michael Tetemke Mehari <michael.mehari@ugent.be>"
+		"(r)2020 Michael Tetemke Mehari <michael.mehari@ugent.be>\n"
+		"(r)2022 Xianjun Jiao <xianjun.jiao@ugent.be>"
 	    "\n"
 	    "Usage: inject_80211 [options] <interface>\n\nOptions\n"
 	    "-m/--hw_mode <hardware operation mode> (a,g,n)\n"
 	    "-r/--rate_index <rate/MCS index> (0,1,2,3,4,5,6,7)\n"
+		"-t/--packet_type (m/c/d/r for management/control/data/reserved)\n"
+		"-e/--sub_type (hex value. example:\n"
+		"     8/A/B/C for Beacon/Disassociation/Authentication/Deauth, when packet_type m\n"
+		"     A/B/C/D for PS-Poll/RTS/CTS/ACK, when packet_type c\n"
+		"     0/1/2/8 for Data/Data+CF-Ack/Data+CF-Poll/QoS-Data, when packet_type d)\n"
+		"-a/--addr1 <the last byte of addr1 in hex>\n"
+		"-b/--addr2 <the last byte of addr2 in hex>\n"
 	    "-i/--sgi_flag (0,1)\n"
 	    "-n/--num_packets <number of packets>\n"
 	    "-s/--payload_size <payload size in bytes>\n"
@@ -118,9 +151,10 @@ void usage(void)
 
 int main(int argc, char *argv[])
 {
-	u8 buffer[1536];
-	char szErrbuf[PCAP_ERRBUF_SIZE], rand_char[1484], hw_mode = 'n';
+	u8 buffer[BUF_SIZE_TOTAL], addr1=1, addr2=2, sub_type=1, *ieee_hdr;
+	char szErrbuf[PCAP_ERRBUF_SIZE], rand_char[1484], hw_mode = 'n', packet_type = 'd';
 	int i, nLinkEncap = 0, r, rate_index = 0, sgi_flag = 0, num_packets = 10, payload_size = 64, packet_size, nDelay = 100000;
+	int ieee_hdr_len, payload_len;
 	pcap_t *ppcap = NULL;
 
 	while (1)
@@ -130,6 +164,10 @@ int main(int argc, char *argv[])
 		{
 			{ "hw_mode", required_argument, NULL, 'm' },
 			{ "rate_index", required_argument, NULL, 'r' },
+			{ "packet_type", required_argument, NULL, 't' },
+			{ "sub_type", required_argument, NULL, 'e' },
+			{ "addr1", required_argument, NULL, 'a' },
+			{ "addr2", required_argument, NULL, 'b' },
 			{ "sgi_flag", no_argument, NULL, 'i' },
 			{ "num_packets", required_argument, NULL, 'n' },
 			{ "payload_size", required_argument, NULL, 's' },
@@ -137,7 +175,7 @@ int main(int argc, char *argv[])
 			{ "help", no_argument, &flagHelp, 1 },
 			{ 0, 0, 0, 0 }
 		};
-		int c = getopt_long(argc, argv, "m:r:i:n:s:d:h", optiona, &nOptionIndex);
+		int c = getopt_long(argc, argv, "m:r:t:e:a:b:i:n:s:d:h", optiona, &nOptionIndex);
 
 		if (c == -1)
 			break;
@@ -157,6 +195,22 @@ int main(int argc, char *argv[])
 				rate_index = atoi(optarg);
 				break;
 
+			case 't':
+				packet_type = optarg[0];
+				break;
+
+			case 'e':
+				sub_type = strtol(optarg, NULL, 16);
+				break;
+
+			case 'a':
+				addr1 = strtol(optarg, NULL, 16);
+				break;
+
+			case 'b':
+				addr2 = strtol(optarg, NULL, 16);
+				break;
+
 			case 'i':
 				sgi_flag = atoi(optarg);
 				break;
@@ -210,10 +264,65 @@ int main(int argc, char *argv[])
 
 	pcap_setnonblock(ppcap, 1, szErrbuf);
 
+	// Fill the IEEE hdr
+	if (packet_type == 'd') // data packet
+	{
+		ieee_hdr_data[0]  = ( ieee_hdr_data[0]|(sub_type<<4) );
+		ieee_hdr_data[9]  = addr1;
+		ieee_hdr_data[15] = addr2;
+		ieee_hdr_len = sizeof(ieee_hdr_data);
+		ieee_hdr = ieee_hdr_data;
+	}
+	else if (packet_type == 'm') // managment packet
+	{
+		ieee_hdr_mgmt[0]  = ( ieee_hdr_mgmt[0]|(sub_type<<4) );
+		ieee_hdr_mgmt[9]  = addr1;
+		ieee_hdr_mgmt[15] = addr2;
+		ieee_hdr_len = sizeof(ieee_hdr_mgmt);
+		ieee_hdr = ieee_hdr_mgmt;
+	}
+	else if (packet_type == 'c')
+	{
+		payload_size = 0;
+		if (sub_type == 0xC || sub_type == 0xD)
+		{
+			ieee_hdr_ack_cts[0] = ( ieee_hdr_ack_cts[0]|(sub_type<<4) );
+			ieee_hdr_ack_cts[9] = addr1;
+			ieee_hdr_len = sizeof(ieee_hdr_ack_cts);
+			ieee_hdr = ieee_hdr_ack_cts;
+		} 
+		else if (sub_type == 0xA || sub_type == 0xB)
+		{
+			ieee_hdr_rts[0]  = ( ieee_hdr_rts[0]|(sub_type<<4) );
+			ieee_hdr_rts[9]  = addr1;
+			ieee_hdr_rts[15] = addr2;
+			ieee_hdr_len = sizeof(ieee_hdr_rts);
+			ieee_hdr = ieee_hdr_rts;
+		}
+		else
+		{
+			printf("!!! sub_type %x is not supported yet!\n", sub_type);
+			return (1);
+		}
+	} 
+	else 
+	{
+		printf("!!! packet_type %c is not supported yet!\n", packet_type);
+		return (1);
+	}
+
 	// Generate random string
-	gen_rand_str(payload_size, rand_char);
-	packet_size = sizeof(u8aRadiotapHeader) + sizeof(ieee_hdr) + strlen(rand_char);
+	gen_rand_str(payload_size+4, rand_char); //4 for space reserved for crc
+	payload_len = strlen(rand_char);
+	
+	packet_size = sizeof(u8aRadiotapHeader) + ieee_hdr_len + payload_len;
 	printf("mode = 802.11%c, rate index = %d, SHORT GI = %d, number of packets = %d and packet size = %d bytes, delay = %d usec\n", hw_mode, rate_index, sgi_flag, num_packets, packet_size, nDelay);
+	printf("packet_type %c sub_type %x payload_len %d ieee_hdr_len %d addr1 %02x addr2 %02x\n", packet_type, sub_type, payload_len, ieee_hdr_len, addr1, addr2);
+
+	if (packet_size > BUF_SIZE_MAX) {
+		printf("packet_size %d > %d! Quite\n", packet_size, BUF_SIZE_MAX);
+		return(1);
+	}
 
 	// Clear storage buffer
 	memset(buffer, 0, sizeof (buffer));
@@ -234,9 +343,9 @@ int main(int argc, char *argv[])
 		buffer[MCS_RATE_OFFSET] = rate_index;
 	}
 	// Insert IEEE DATA header
-	memcpy(buffer + sizeof(u8aRadiotapHeader), ieee_hdr, sizeof (ieee_hdr));
+	memcpy(buffer + sizeof(u8aRadiotapHeader), ieee_hdr, ieee_hdr_len);
 	// Insert IEEE DATA payload
-	sprintf((char *)(buffer + sizeof(u8aRadiotapHeader) + sizeof(ieee_hdr)), "%s", rand_char);
+	sprintf((char *)(buffer + sizeof(u8aRadiotapHeader) + ieee_hdr_len), "%s", rand_char);
 
 	// Inject packets
 	for(i = 1; i <= num_packets; i++)

user_space/side_ch_ctl_src/iq_capture.py

@@ -74,6 +74,7 @@ UDP_PORT = 4000         #Local port to listen
 
 sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) # UDP
 sock.bind((UDP_IP, UDP_PORT))
+sock.setsockopt(socket.SOL_SOCKET, socket.SO_RCVBUF, 464) # for low latency. 464 is the minimum udp length in our case (CSI only)
 
 # align with side_ch_control.v and all related user space, remote files
 MAX_NUM_DMA_SYMBOL = 8192

user_space/side_ch_ctl_src/iq_capture_2ant.py

@@ -53,6 +53,7 @@ UDP_PORT = 4000         #Local port to listen
 
 sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) # UDP
 sock.bind((UDP_IP, UDP_PORT))
+sock.setsockopt(socket.SOL_SOCKET, socket.SO_RCVBUF, 464) # for low latency. 464 is the minimum udp length in our case (CSI only)
 
 # align with side_ch_control.v and all related user space, remote files
 MAX_NUM_DMA_SYMBOL = 8192

user_space/side_ch_ctl_src/side_info_display.py

@@ -112,6 +112,7 @@ UDP_PORT = 4000         #Local port to listen
 
 sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) # UDP
 sock.bind((UDP_IP, UDP_PORT))
+sock.setsockopt(socket.SOL_SOCKET, socket.SO_RCVBUF, 464) # for low latency. 464 is the minimum udp length in our case (CSI only)
 
 # align with side_ch_control.v and all related user space, remote files
 MAX_NUM_DMA_SYMBOL = 8192

user_space/side_ch_ctl_src/test_side_info_file_display.m

@@ -1,11 +1,17 @@
 % Xianjun Jiao. xianjun.jiao@imec.be; putaoshu@msn.com
 
-clear all;
+function test_side_info_file_display(num_eq, side_info_filename)
 close all;
 
-num_eq = 8;
+if exist('num_eq', 'var')==0 || isempty(num_eq)
+    num_eq = 8;
+end
 
-a = load('side_info.txt');
+if exist('side_info_filename', 'var')==0 || isempty(side_info_filename)
+    side_info_filename = 'side_info.txt';
+end
+
+a = load(side_info_filename);
 len_a = floor(length(a)/4)*4;
 a = a(1:len_a);