seemoo-lab / nexmon_csi

Channel State Information Extraction on Various Broadcom Wi-Fi Chips
299 stars 122 forks source link

Does anyone know about the range or coverage of Wi-Fi wireless transmission? #338

Open rack570 opened 6 months ago

rack570 commented 6 months ago

Hi, I'm a nexmon csi extractor user. I want to use csi to estimate whether each room is occupied in two adjacent rooms. If Tx is in the middle and there are people in Room 2 receiving csi from Rx1 and Rx2, the csi variation will be detected severely. On the contrary, however, if there are people in Room 1, there is some variation in Rx2, but it is not found very much. Why is that? Do you have any literature on the range form of radio waves? Is it not appropriate to put Tx between Rxs in a straight line? I would appreciate it if you could share your knowledge on the coverage of radio waves.

Note: Room1 is a private room and Room2 is a common area (ex. kitchen) image

jlinktu commented 6 months ago

Chapter 3.5 "802.11n and 802.11ac propagation model" of [1] might be a good starting point.

[1] Eldad Perahia and Robert Stacey. 2013. Next Generation Wireless LANs: 802.11n and 802.11ac (2nd. ed.). Cambridge University Press, USA.

rack570 commented 6 months ago

@jlinktu Oh, thanks for replying. By the way, is Nexmon csi extractor still an unstable program? I always run the same command in the same situation, sometimes I continuously extract csi for more than 24 hours, but sometimes it stops during packet extraction. I don't think it's the Raspberry Pi device's own problem. Do u know anything about this?

jlinktu commented 6 months ago

Don't know about it. But you could add debug flags "debug=0x100006" to brcmfmac as described in nexmon#595. If you encounter a crash, there should be a several-line long output, each line starting with the string CONSOLE, in the output of dmesg. If you can provide this, I can try to investigate.

rack570 commented 6 months ago

@jlinktu Hi, this is my dmesg output. I don't see any crashes, just went into promiscuous mode and didn't come out. For your information, I've written a repeat script. I'll show you the kernel input window that was suspended during the script and tcpdump. Let me know if you need anything else. For your information, if I'm suspended like this, no matter what I do, such as Chanspec or reset the MAC address, csi packet will be captured. It's only possible by reboot.

device = raspberry pi 4B kernel version = 5.10.92 Raspbian = Raspbian Buster Lite 2022-01-28 Chip = BCM43455c0

stopped during extraction

[ 0.000000] SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=4, Nodes=1 [ 0.000000] ftrace: allocating 34360 entries in 101 pages [ 0.000000] ftrace: allocated 101 pages with 4 groups [ 0.000000] rcu: Hierarchical RCU implementation. [ 0.000000] Rude variant of Tasks RCU enabled. [ 0.000000] Tracing variant of Tasks RCU enabled. [ 0.000000] rcu: RCU calculated value of scheduler-enlistment delay is 10 jiffies. [ 0.000000] NR_IRQS: 16, nr_irqs: 16, preallocated irqs: 16 [ 0.000000] GIC: Using split EOI/Deactivate mode [ 0.000000] irq_brcmstb_l2: registered L2 intc (/soc/interrupt-controller@7ef00100, parent irq: 25) [ 0.000000] random: get_random_bytes called from start_kernel+0x3c8/0x59c with crng_init=1 [ 0.000008] sched_clock: 32 bits at 1000kHz, resolution 1000ns, wraps every 2147483647500ns [ 0.000035] clocksource: timer: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 1911260446275 ns [ 0.000095] bcm2835: system timer (irq = 26) [ 0.000757] arch_timer: cp15 timer(s) running at 54.00MHz (phys). [ 0.000779] clocksource: arch_sys_counter: mask: 0xffffffffffffff max_cycles: 0xc743ce346, max_idle_ns: 440795203123 ns [ 0.000802] sched_clock: 56 bits at 54MHz, resolution 18ns, wraps every 4398046511102ns [ 0.000819] Switching to timer-based delay loop, resolution 18ns [ 0.001092] Console: colour dummy device 80x30 [ 0.001848] printk: console [tty1] enabled [ 0.001914] Calibrating delay loop (skipped), value calculated using timer frequency.. 108.00 BogoMIPS (lpj=540000) [ 0.001968] pid_max: default: 32768 minimum: 301 [ 0.002146] LSM: Security Framework initializing [ 0.002348] Mount-cache hash table entries: 2048 (order: 1, 8192 bytes, linear) [ 0.002394] Mountpoint-cache hash table entries: 2048 (order: 1, 8192 bytes, linear) [ 0.003871] cgroup: Disabling memory control group subsystem [ 0.004124] CPU: Testing write buffer coherency: ok [ 0.004602] CPU0: thread -1, cpu 0, socket 0, mpidr 80000000 [ 0.005827] Setting up static identity map for 0x200000 - 0x20003c [ 0.006041] rcu: Hierarchical SRCU implementation. [ 0.006988] smp: Bringing up secondary CPUs ... [ 0.008212] CPU1: thread -1, cpu 1, socket 0, mpidr 80000001 [ 0.009581] CPU2: thread -1, cpu 2, socket 0, mpidr 80000002 [ 0.010982] CPU3: thread -1, cpu 3, socket 0, mpidr 80000003 [ 0.011143] smp: Brought up 1 node, 4 CPUs [ 0.011190] SMP: Total of 4 processors activated (432.00 BogoMIPS). [ 0.011220] CPU: All CPU(s) started in HYP mode. [ 0.011246] CPU: Virtualization extensions available. [ 0.012098] devtmpfs: initialized [ 0.026493] VFP support v0.3: implementor 41 architecture 3 part 40 variant 8 rev 0 [ 0.026731] clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 19112604462750000 ns [ 0.026784] futex hash table entries: 1024 (order: 4, 65536 bytes, linear) [ 0.035026] pinctrl core: initialized pinctrl subsystem [ 0.036127] NET: Registered protocol family 16 [ 0.040101] DMA: preallocated 1024 KiB pool for atomic coherent allocations [ 0.040976] audit: initializing netlink subsys (disabled) [ 0.041252] audit: type=2000 audit(0.040:1): state=initialized audit_enabled=0 res=1 [ 0.041840] thermal_sys: Registered thermal governor 'step_wise' [ 0.042509] hw-breakpoint: found 5 (+1 reserved) breakpoint and 4 watchpoint registers. [ 0.042563] hw-breakpoint: maximum watchpoint size is 8 bytes. [ 0.042984] Serial: AMBA PL011 UART driver [ 0.087036] bcm2835-mbox fe00b880.mailbox: mailbox enabled [ 0.100923] raspberrypi-firmware soc:firmware: Attached to firmware from 2022-01-20T13:56:48, variant start [ 0.110936] raspberrypi-firmware soc:firmware: Firmware hash is bd88f66f8952d34e4e0613a85c7a6d3da49e13e2 [ 0.151963] Kprobes globally optimized [ 0.157538] bcm2835-dma fe007000.dma: DMA legacy API manager, dmachans=0x1 [ 0.162599] vgaarb: loaded [ 0.163086] SCSI subsystem initialized [ 0.163341] usbcore: registered new interface driver usbfs [ 0.163417] usbcore: registered new interface driver hub [ 0.163504] usbcore: registered new device driver usb [ 0.163916] usb_phy_generic phy: supply vcc not found, using dummy regulator [ 0.165848] clocksource: Switched to clocksource arch_sys_counter [ 1.190624] VFS: Disk quotas dquot_6.6.0 [ 1.190754] VFS: Dquot-cache hash table entries: 1024 (order 0, 4096 bytes) [ 1.190954] FS-Cache: Loaded [ 1.191161] CacheFiles: Loaded [ 1.201547] NET: Registered protocol family 2 [ 1.201803] IP idents hash table entries: 16384 (order: 5, 131072 bytes, linear) [ 1.203616] tcp_listen_portaddr_hash hash table entries: 512 (order: 0, 6144 bytes, linear) [ 1.203683] TCP established hash table entries: 8192 (order: 3, 32768 bytes, linear) [ 1.203766] TCP bind hash table entries: 8192 (order: 4, 65536 bytes, linear) [ 1.203852] TCP: Hash tables configured (established 8192 bind 8192) [ 1.204030] UDP hash table entries: 512 (order: 2, 16384 bytes, linear) [ 1.204086] UDP-Lite hash table entries: 512 (order: 2, 16384 bytes, linear) [ 1.204351] NET: Registered protocol family 1 [ 1.205463] RPC: Registered named UNIX socket transport module. [ 1.205497] RPC: Registered udp transport module. [ 1.205525] RPC: Registered tcp transport module. [ 1.205554] RPC: Registered tcp NFSv4.1 backchannel transport module. [ 1.205592] PCI: CLS 0 bytes, default 64 [ 1.209005] Initialise system trusted keyrings [ 1.209260] workingset: timestamp_bits=14 max_order=21 bucket_order=7 [ 1.217587] zbud: loaded [ 1.219391] FS-Cache: Netfs 'nfs' registered for caching [ 1.220180] NFS: Registering the id_resolver key type [ 1.220233] Key type id_resolver registered [ 1.220262] Key type id_legacy registered [ 1.220423] nfs4filelayout_init: NFSv4 File Layout Driver Registering... [ 1.220456] nfs4flexfilelayout_init: NFSv4 Flexfile Layout Driver Registering... [ 1.221551] Key type asymmetric registered [ 1.221583] Asymmetric key parser 'x509' registered [ 1.221793] bounce: pool size: 64 pages [ 1.221852] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 249) [ 1.222082] io scheduler mq-deadline registered [ 1.222115] io scheduler kyber registered [ 1.227084] brcm-pcie fd500000.pcie: host bridge /scb/pcie@7d500000 ranges: [ 1.227139] brcm-pcie fd500000.pcie: No bus range found for /scb/pcie@7d500000, using [bus 00-ff] [ 1.227242] brcm-pcie fd500000.pcie: MEM 0x0600000000..0x063fffffff -> 0x00c0000000 [ 1.227352] brcm-pcie fd500000.pcie: IB MEM 0x0000000000..0x01ffffffff -> 0x0400000000 [ 1.297957] brcm-pcie fd500000.pcie: link up, 5.0 GT/s PCIe x1 (SSC) [ 1.298347] brcm-pcie fd500000.pcie: PCI host bridge to bus 0000:00 [ 1.298385] pci_bus 0000:00: root bus resource [bus 00-ff] [ 1.298421] pci_bus 0000:00: root bus resource [mem 0x600000000-0x63fffffff] (bus address [0xc0000000-0xffffffff]) [ 1.298535] pci 0000:00:00.0: [14e4:2711] type 01 class 0x060400 [ 1.298794] pci 0000:00:00.0: PME# supported from D0 D3hot [ 1.302380] PCI: bus0: Fast back to back transfers disabled [ 1.302420] pci 0000:00:00.0: bridge configuration invalid ([bus 00-00]), reconfiguring [ 1.302847] pci 0000:01:00.0: [1106:3483] type 00 class 0x0c0330 [ 1.302989] pci 0000:01:00.0: reg 0x10: [mem 0x00000000-0x00000fff 64bit] [ 1.303445] pci 0000:01:00.0: PME# supported from D0 D3hot [ 1.307049] PCI: bus1: Fast back to back transfers disabled [ 1.307087] pci_bus 0000:01: busn_res: [bus 01-ff] end is updated to 01 [ 1.307144] pci 0000:00:00.0: BAR 8: assigned [mem 0x600000000-0x6000fffff] [ 1.307184] pci 0000:01:00.0: BAR 0: assigned [mem 0x600000000-0x600000fff 64bit] [ 1.307287] pci 0000:00:00.0: PCI bridge to [bus 01] [ 1.307327] pci 0000:00:00.0: bridge window [mem 0x600000000-0x6000fffff] [ 1.307753] pcieport 0000:00:00.0: enabling device (0140 -> 0142) [ 1.308018] pcieport 0000:00:00.0: PME: Signaling with IRQ 81 [ 1.318671] iproc-rng200 fe104000.rng: hwrng registered [ 1.319069] vc-mem: phys_addr:0x00000000 mem_base=0x3ec00000 mem_size:0x40000000(1024 MiB) [ 1.320593] gpiomem-bcm2835 fe200000.gpiomem: Initialised: Registers at 0xfe200000 [ 1.333064] brd: module loaded [ 1.345533] loop: module loaded [ 1.347680] Loading iSCSI transport class v2.0-870. [ 1.350925] libphy: Fixed MDIO Bus: probed [ 1.352835] bcmgenet fd580000.ethernet: GENET 5.0 EPHY: 0x0000 [ 1.365887] libphy: bcmgenet MII bus: probed [ 1.455994] unimac-mdio unimac-mdio.-19: Broadcom UniMAC MDIO bus [ 1.457214] usbcore: registered new interface driver r8152 [ 1.457301] usbcore: registered new interface driver lan78xx [ 1.457392] usbcore: registered new interface driver smsc95xx [ 1.505897] xhci_hcd 0000:01:00.0: xHCI Host Controller [ 1.505950] xhci_hcd 0000:01:00.0: new USB bus registered, assigned bus number 1 [ 1.509222] xhci_hcd 0000:01:00.0: hcc params 0x002841eb hci version 0x100 quirks 0x00000e0000000890 [ 1.510564] usb usb1: New USB device found, idVendor=1d6b, idProduct=0002, bcdDevice= 5.10 [ 1.510606] usb usb1: New USB device strings: Mfr=3, Product=2, SerialNumber=1 [ 1.510643] usb usb1: Product: xHCI Host Controller [ 1.510673] usb usb1: Manufacturer: Linux 5.10.92-v7l+ xhci-hcd [ 1.510704] usb usb1: SerialNumber: 0000:01:00.0 [ 1.511467] hub 1-0:1.0: USB hub found [ 1.511580] hub 1-0:1.0: 1 port detected [ 1.512270] xhci_hcd 0000:01:00.0: xHCI Host Controller [ 1.512313] xhci_hcd 0000:01:00.0: new USB bus registered, assigned bus number 2 [ 1.512358] xhci_hcd 0000:01:00.0: Host supports USB 3.0 SuperSpeed [ 1.512842] usb usb2: New USB device found, idVendor=1d6b, idProduct=0003, bcdDevice= 5.10 [ 1.512882] usb usb2: New USB device strings: Mfr=3, Product=2, SerialNumber=1 [ 1.512918] usb usb2: Product: xHCI Host Controller [ 1.512947] usb usb2: Manufacturer: Linux 5.10.92-v7l+ xhci-hcd [ 1.512978] usb usb2: SerialNumber: 0000:01:00.0 [ 1.513723] hub 2-0:1.0: USB hub found [ 1.513811] hub 2-0:1.0: 4 ports detected [ 1.515626] dwc_otg: version 3.00a 10-AUG-2012 (platform bus) [ 1.516046] dwc_otg: FIQ enabled [ 1.516061] dwc_otg: NAK holdoff enabled [ 1.516075] dwc_otg: FIQ split-transaction FSM enabled [ 1.516093] Module dwc_common_port init [ 1.516540] usbcore: registered new interface driver uas [ 1.516677] usbcore: registered new interface driver usb-storage [ 1.516899] mousedev: PS/2 mouse device common for all mice [ 1.518730] bcm2835-wdt bcm2835-wdt: Broadcom BCM2835 watchdog timer [ 1.522797] sdhci: Secure Digital Host Controller Interface driver [ 1.522831] sdhci: Copyright(c) Pierre Ossman [ 1.523598] mmc-bcm2835 fe300000.mmcnr: could not get clk, deferring probe [ 1.524259] sdhci-pltfm: SDHCI platform and OF driver helper [ 1.528885] ledtrig-cpu: registered to indicate activity on CPUs [ 1.529273] hid: raw HID events driver (C) Jiri Kosina [ 1.529500] usbcore: registered new interface driver usbhid [ 1.529532] usbhid: USB HID core driver [ 1.536012] Initializing XFRM netlink socket [ 1.536079] NET: Registered protocol family 17 [ 1.536208] Key type dns_resolver registered [ 1.536568] Registering SWP/SWPB emulation handler [ 1.536785] registered taskstats version 1 [ 1.536826] Loading compiled-in X.509 certificates [ 1.537727] Key type ._fscrypt registered [ 1.537759] Key type .fscrypt registered [ 1.537787] Key type fscrypt-provisioning registered [ 1.549936] uart-pl011 fe201000.serial: there is not valid maps for state default [ 1.550268] uart-pl011 fe201000.serial: cts_event_workaround enabled [ 1.550373] fe201000.serial: ttyAMA0 at MMIO 0xfe201000 (irq = 38, base_baud = 0) is a PL011 rev2 [ 1.559467] bcm2835-power bcm2835-power: Broadcom BCM2835 power domains driver [ 1.560576] mmc-bcm2835 fe300000.mmcnr: mmc_debug:0 mmc_debug2:0 [ 1.560611] mmc-bcm2835 fe300000.mmcnr: DMA channel allocated [ 1.591906] of_cfs_init [ 1.592167] of_cfs_init: OK [ 1.605742] mmc1: queuing unknown CIS tuple 0x80 (2 bytes) [ 1.607474] mmc1: queuing unknown CIS tuple 0x80 (3 bytes) [ 1.609200] mmc1: queuing unknown CIS tuple 0x80 (3 bytes) [ 1.612274] mmc1: queuing unknown CIS tuple 0x80 (7 bytes) [ 1.613999] mmc1: queuing unknown CIS tuple 0x80 (3 bytes) [ 1.625382] mmc0: SDHCI controller on fe340000.mmc [fe340000.mmc] using ADMA [ 1.626540] Waiting for root device PARTUUID=c678f507-02... [ 1.682974] mmc1: new high speed SDIO card at address 0001 [ 1.729066] mmc0: new ultra high speed DDR50 SDHC card at address aaaa [ 1.730017] mmcblk0: mmc0:aaaa SP32G 29.7 GiB [ 1.732291] mmcblk0: p1 p2 [ 1.757295] EXT4-fs (mmcblk0p2): mounted filesystem with ordered data mode. Opts: (null) [ 1.757410] VFS: Mounted root (ext4 filesystem) readonly on device 179:2. [ 1.762571] devtmpfs: mounted [ 1.772815] Freeing unused kernel memory: 2048K [ 1.795940] usb 1-1: new high-speed USB device number 2 using xhci_hcd [ 1.806205] Run /sbin/init as init process [ 1.806235] with arguments: [ 1.806250] /sbin/init [ 1.806264] with environment: [ 1.806279] HOME=/ [ 1.806294] TERM=linux [ 1.978544] usb 1-1: New USB device found, idVendor=2109, idProduct=3431, bcdDevice= 4.21 [ 1.978594] usb 1-1: New USB device strings: Mfr=0, Product=1, SerialNumber=0 [ 1.978628] usb 1-1: Product: USB2.0 Hub [ 1.980845] hub 1-1:1.0: USB hub found [ 1.981206] hub 1-1:1.0: 4 ports detected [ 2.136290] systemd[1]: System time before build time, advancing clock. [ 2.237671] NET: Registered protocol family 10 [ 2.239110] Segment Routing with IPv6 [ 2.303321] systemd[1]: systemd 247.3-6+rpi1 running in system mode. (+PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +ZSTD +SECCOMP +BLKID +ELFUTILS +KMOD +IDN2 -IDN +PCRE2 default-hierarchy=unified) [ 2.304275] systemd[1]: Detected architecture arm. [ 2.311605] systemd[1]: Set hostname to . [ 3.097538] systemd[1]: Queued start job for default target Graphical Interface. [ 3.099036] random: systemd: uninitialized urandom read (16 bytes read) [ 3.101487] systemd[1]: Created slice system-getty.slice. [ 3.102196] random: systemd: uninitialized urandom read (16 bytes read) [ 3.103200] systemd[1]: Created slice system-modprobe.slice. [ 3.103655] random: systemd: uninitialized urandom read (16 bytes read) [ 3.104602] systemd[1]: Created slice system-systemd\x2dfsck.slice. [ 3.105807] systemd[1]: Created slice User and Session Slice. [ 3.106682] systemd[1]: Started Dispatch Password Requests to Console Directory Watch. [ 3.107444] systemd[1]: Started Forward Password Requests to Wall Directory Watch. [ 3.108848] systemd[1]: Set up automount Arbitrary Executable File Formats File System Automount Point. [ 3.109506] systemd[1]: Reached target Local Encrypted Volumes. [ 3.110271] systemd[1]: Reached target Paths. [ 3.110846] systemd[1]: Reached target Slices. [ 3.111348] systemd[1]: Reached target Swap. [ 3.112767] systemd[1]: Listening on Syslog Socket. [ 3.113842] systemd[1]: Listening on fsck to fsckd communication Socket. [ 3.114621] systemd[1]: Listening on initctl Compatibility Named Pipe. [ 3.116403] systemd[1]: Listening on Journal Audit Socket. [ 3.117525] systemd[1]: Listening on Journal Socket (/dev/log). [ 3.118819] systemd[1]: Listening on Journal Socket. [ 3.126781] systemd[1]: Listening on udev Control Socket. [ 3.128022] systemd[1]: Listening on udev Kernel Socket. [ 3.129207] systemd[1]: Condition check resulted in Huge Pages File System being skipped. [ 3.133982] systemd[1]: Mounting POSIX Message Queue File System... [ 3.140370] systemd[1]: Mounting RPC Pipe File System... [ 3.147113] systemd[1]: Mounting Kernel Debug File System... [ 3.154414] systemd[1]: Mounting Kernel Trace File System... [ 3.155442] systemd[1]: Condition check resulted in Kernel Module supporting RPCSEC_GSS being skipped. [ 3.167587] systemd[1]: Starting Restore / save the current clock... [ 3.176518] systemd[1]: Starting Set the console keyboard layout... [ 3.184054] systemd[1]: Starting Create list of static device nodes for the current kernel... [ 3.195267] systemd[1]: Starting Load Kernel Module configfs... [ 3.202956] systemd[1]: Starting Load Kernel Module drm... [ 3.211681] systemd[1]: Starting Load Kernel Module fuse... [ 3.215468] systemd[1]: Condition check resulted in Set Up Additional Binary Formats being skipped. [ 3.221986] systemd[1]: Starting File System Check on Root Device... [ 3.239024] systemd[1]: Starting Journal Service... [ 3.252665] systemd[1]: Starting Load Kernel Modules... [ 3.272921] fuse: init (API version 7.32) [ 3.274429] systemd[1]: Starting Coldplug All udev Devices... [ 3.294438] systemd[1]: Mounted POSIX Message Queue File System. [ 3.295818] systemd[1]: Mounted RPC Pipe File System. [ 3.297972] systemd[1]: Mounted Kernel Debug File System. [ 3.298955] systemd[1]: Mounted Kernel Trace File System. [ 3.301154] systemd[1]: Finished Restore / save the current clock. [ 3.304180] systemd[1]: Finished Create list of static device nodes for the current kernel. [ 3.312264] systemd[1]: modprobe@configfs.service: Succeeded. [ 3.314058] systemd[1]: Finished Load Kernel Module configfs. [ 3.319961] systemd[1]: modprobe@fuse.service: Succeeded. [ 3.332146] systemd[1]: Finished Load Kernel Module fuse. [ 3.340915] systemd[1]: Mounting FUSE Control File System... [ 3.348411] systemd[1]: Mounting Kernel Configuration File System... [ 3.357777] systemd[1]: Started File System Check Daemon to report status. [ 3.394276] systemd[1]: modprobe@drm.service: Succeeded. [ 3.416271] systemd[1]: Finished Load Kernel Module drm. [ 3.431490] systemd[1]: Finished Load Kernel Modules. [ 3.432731] systemd[1]: Mounted FUSE Control File System. [ 3.433661] systemd[1]: Mounted Kernel Configuration File System. [ 3.440073] systemd[1]: Starting Apply Kernel Variables... [ 3.527551] systemd[1]: Finished Apply Kernel Variables. [ 3.536982] systemd[1]: Finished File System Check on Root Device. [ 3.542912] systemd[1]: Starting Remount Root and Kernel File Systems... [ 3.587649] systemd[1]: Started Journal Service. [ 3.728881] EXT4-fs (mmcblk0p2): re-mounted. Opts: (null) [ 3.799002] systemd-journald[134]: Received client request to flush runtime journal. [ 3.819611] systemd-journald[134]: File /var/log/journal/ce513f1a44ff4c9dbd382eb66e08c51e/system.journal corrupted or uncleanly shut down, renaming and replacing. [ 4.678822] rpivid-mem feb00000.hevc-decoder: rpivid-hevcmem initialised: Registers at 0xfeb00000 length 0x00010000 [ 4.679727] rpivid-mem feb10000.rpivid-local-intc: rpivid-intcmem initialised: Registers at 0xfeb10000 length 0x00001000 [ 4.680326] rpivid-mem feb20000.h264-decoder: rpivid-h264mem initialised: Registers at 0xfeb20000 length 0x00010000 [ 4.680905] rpivid-mem feb30000.vp9-decoder: rpivid-vp9mem initialised: Registers at 0xfeb30000 length 0x00010000 [ 4.720060] vc_sm_cma: module is from the staging directory, the quality is unknown, you have been warned. [ 4.722266] bcm2835_vc_sm_cma_probe: Videocore shared memory driver

[ 4.723382] [vc_sm_connected_init]: installed successfully [ 4.741598] mc: Linux media interface: v0.10 [ 4.786487] videodev: Linux video capture interface: v2.00 [ 4.814871] snd_bcm2835: module is from the staging directory, the quality is unknown, you have been warned. [ 4.823678] bcm2835_mmal_vchiq: module is from the staging directory, the quality is unknown, you have been warned. [ 4.826109] bcm2835_mmal_vchiq: module is from the staging directory, the quality is unknown, you have been warned. [ 4.841093] bcm2835_isp: module is from the staging directory, the quality is unknown, you have been warned. [ 4.857294] bcm2835_codec: module is from the staging directory, the quality is unknown, you have been warned. [ 4.858488] bcm2835_v4l2: module is from the staging directory, the quality is unknown, you have been warned. [ 4.863814] bcm2835-isp bcm2835-isp: Device node output[0] registered as /dev/video13 [ 4.866143] bcm2835-isp bcm2835-isp: Device node capture[0] registered as /dev/video14 [ 4.867827] bcm2835-isp bcm2835-isp: Device node capture[1] registered as /dev/video15 [ 4.878793] bcm2835-codec bcm2835-codec: Device registered as /dev/video10 [ 4.878843] bcm2835-codec bcm2835-codec: Loaded V4L2 decode [ 4.885434] bcm2835-codec bcm2835-codec: Device registered as /dev/video11 [ 4.885495] bcm2835-codec bcm2835-codec: Loaded V4L2 encode [ 4.891993] bcm2835-codec bcm2835-codec: Device registered as /dev/video12 [ 4.892040] bcm2835-codec bcm2835-codec: Loaded V4L2 isp [ 4.895797] bcm2835-codec bcm2835-codec: Device registered as /dev/video18 [ 4.895918] bcm2835-codec bcm2835-codec: Loaded V4L2 image_fx [ 4.906419] bcm2835-isp bcm2835-isp: Device node stats[2] registered as /dev/video16 [ 4.906455] bcm2835-isp bcm2835-isp: Register output node 0 with media controller [ 4.906481] bcm2835-isp bcm2835-isp: Register capture node 1 with media controller [ 4.906504] bcm2835-isp bcm2835-isp: Register capture node 2 with media controller [ 4.906530] bcm2835-isp bcm2835-isp: Register capture node 3 with media controller [ 4.911388] bcm2835_audio bcm2835_audio: card created with 8 channels [ 4.952227] bcm2835-isp bcm2835-isp: Device node output[0] registered as /dev/video20 [ 4.952763] bcm2835-isp bcm2835-isp: Device node capture[0] registered as /dev/video21 [ 4.953269] bcm2835-isp bcm2835-isp: Device node capture[1] registered as /dev/video22 [ 4.953608] bcm2835-isp bcm2835-isp: Device node stats[2] registered as /dev/video23 [ 4.953636] bcm2835-isp bcm2835-isp: Register output node 0 with media controller [ 4.953661] bcm2835-isp bcm2835-isp: Register capture node 1 with media controller [ 4.953683] bcm2835-isp bcm2835-isp: Register capture node 2 with media controller [ 4.953706] bcm2835-isp bcm2835-isp: Register capture node 3 with media controller [ 4.953931] bcm2835-isp bcm2835-isp: Loaded V4L2 bcm2835-isp [ 4.981624] brcmstb-i2c fef04500.i2c: @97500hz registered in polling mode [ 4.982424] brcmstb-i2c fef09500.i2c: @97500hz registered in polling mode [ 5.091817] cfg80211: Loading compiled-in X.509 certificates for regulatory database [ 5.108825] vc4-drm gpu: bound fe400000.hvs (ops vc4_hvs_ops [vc4]) [ 5.138573] Registered IR keymap rc-cec [ 5.138777] rc rc0: vc4 as /devices/platform/soc/fef00700.hdmi/rc/rc0 [ 5.138996] input: vc4 as /devices/platform/soc/fef00700.hdmi/rc/rc0/input0 [ 5.140777] cfg80211: Loaded X.509 cert 'sforshee: 00b28ddf47aef9cea7' [ 5.163508] cfg80211: loaded regulatory.db is malformed or signature is missing/invalid [ 5.178810] brcmfmac: loading out-of-tree module taints kernel. [ 5.178817] brcmfmac: loading out-of-tree module taints kernel. [ 5.241065] brcmfmac: F1 signature read @0x18000000=0x15264345 [ 5.280613] brcmfmac: brcmf_fw_alloc_request: using brcm/brcmfmac43455-sdio for chip BCM4345/6 [ 5.292208] usbcore: registered new interface driver brcmfmac [ 5.294955] vc4-drm gpu: bound fe400000.hvs (ops vc4_hvs_ops [vc4]) [ 5.301636] Registered IR keymap rc-cec [ 5.301818] rc rc0: vc4 as /devices/platform/soc/fef00700.hdmi/rc/rc0 [ 5.302047] input: vc4 as /devices/platform/soc/fef00700.hdmi/rc/rc0/input1 [ 5.390866] [drm] Initialized v3d 1.0.0 20180419 for fec00000.v3d on minor 1 [ 5.446203] vc4-drm gpu: bound fe400000.hvs (ops vc4_hvs_ops [vc4]) [ 5.452982] Registered IR keymap rc-cec [ 5.453183] rc rc0: vc4 as /devices/platform/soc/fef00700.hdmi/rc/rc0 [ 5.453404] input: vc4 as /devices/platform/soc/fef00700.hdmi/rc/rc0/input2 [ 5.739145] brcmfmac: brcmf_fw_alloc_request: using brcm/brcmfmac43455-sdio for chip BCM4345/6 [ 5.739290] brcmfmac: brcmf_fw_alloc_request: using brcm/brcmfmac43455-sdio for chip BCM4345/6 [ 5.748230] brcmfmac: brcmf_c_preinit_dcmds: Firmware: BCM4345/6 wl0: Mar 21 2022 11:56:57 version 7.45.189 (nexmon.org/csi: c037-1) [ 5.790310] ieee80211 phy0: brcmf_construct_chaninfo: Ignoring unexpected firmware channel 106 [ 6.265923] random: crng init done [ 6.265944] random: 7 urandom warning(s) missed due to ratelimiting [ 6.367847] vc4-drm gpu: bound fe400000.hvs (ops vc4_hvs_ops [vc4]) [ 6.511606] Registered IR keymap rc-cec [ 6.511822] rc rc0: vc4 as /devices/platform/soc/fef00700.hdmi/rc/rc0 [ 6.512075] input: vc4 as /devices/platform/soc/fef00700.hdmi/rc/rc0/input3 [ 6.526282] vc4-drm gpu: bound fef00700.hdmi (ops vc4_hdmi_ops [vc4]) [ 6.586126] Registered IR keymap rc-cec [ 6.586334] rc rc1: vc4 as /devices/platform/soc/fef05700.hdmi/rc/rc1 [ 6.586565] input: vc4 as /devices/platform/soc/fef05700.hdmi/rc/rc1/input4 [ 6.598863] vc4-drm gpu: bound fef05700.hdmi (ops vc4_hdmi_ops [vc4]) [ 6.599305] vc4-drm gpu: bound fe004000.txp (ops vc4_txp_ops [vc4]) [ 6.599674] vc4-drm gpu: bound fe206000.pixelvalve (ops vc4_crtc_ops [vc4]) [ 6.600016] vc4-drm gpu: bound fe207000.pixelvalve (ops vc4_crtc_ops [vc4]) [ 6.600400] vc4-drm gpu: bound fe20a000.pixelvalve (ops vc4_crtc_ops [vc4]) [ 6.601466] vc4-drm gpu: bound fe216000.pixelvalve (ops vc4_crtc_ops [vc4]) [ 6.601881] vc4-drm gpu: bound fec12000.pixelvalve (ops vc4_crtc_ops [vc4]) [ 6.629882] uart-pl011 fe201000.serial: no DMA platform data [ 6.633245] [drm] Initialized vc4 0.0.0 20140616 for gpu on minor 0 [ 6.634031] vc4-drm gpu: [drm] Cannot find any crtc or sizes [ 6.966234] Adding 102396k swap on /var/swap. Priority:-2 extents:1 across:102396k SSFS [ 7.262524] 8021q: 802.1Q VLAN Support v1.8 [ 7.360970] bcmgenet fd580000.ethernet: configuring instance for external RGMII (RX delay) [ 7.361474] bcmgenet fd580000.ethernet eth0: Link is Down [ 11.516014] bcmgenet fd580000.ethernet eth0: Link is Up - 1Gbps/Full - flow control rx/tx [ 11.516042] IPv6: ADDRCONF(NETDEV_CHANGE): eth0: link becomes ready [ 13.575709] Bluetooth: Core ver 2.22 [ 13.575811] NET: Registered protocol family 31 [ 13.575907] Bluetooth: HCI device and connection manager initialized [ 13.576499] Bluetooth: HCI socket layer initialized [ 13.576521] Bluetooth: L2CAP socket layer initialized [ 13.576556] Bluetooth: SCO socket layer initialized [ 13.586383] Bluetooth: HCI UART driver ver 2.3 [ 13.586403] Bluetooth: HCI UART protocol H4 registered [ 13.586493] Bluetooth: HCI UART protocol Three-wire (H5) registered [ 13.586821] Bluetooth: HCI UART protocol Broadcom registered [ 13.877253] Bluetooth: BNEP (Ethernet Emulation) ver 1.3 [ 13.877261] Bluetooth: BNEP filters: protocol multicast [ 13.877272] Bluetooth: BNEP socket layer initialized [ 13.886687] NET: Registered protocol family 38 [ 13.903955] cryptd: max_cpu_qlen set to 1000 [ 31.835908] cam-dummy-reg: disabling [ 31.835940] cam1-reg: disabling [ 257.970867] brcmfmac: brcmf_cfg80211_set_power_mgmt: power save enabled [ 258.026500] brcmfmac: nexmon_nl_ioctl_handler: NEXMON: nexmon_nl_ioctl_handler: Enter [ 258.026513] brcmfmac: nexmon_nl_ioctl_handler: NEXMON: nexmon_nl_ioctl_handler: 0058454e 52 68 [ 258.026524] brcmfmac: nexmon_nl_ioctl_handler: NEXMON: nexmon_nl_ioctl_handler: calling brcmf_fil_cmd_data_set, cmd: 500 [ 258.034675] brcmfmac: nexmon_nl_ioctl_handler: NEXMON: nexmon_nl_ioctl_handler: Exit [ 258.072954] brcmfmac: brcmf_vif_add_validate: Attempt to add a MONITOR interface... [ 258.072971] brcmfmac: brcmf_mon_add_vif: brcmf_mon_add_vif called [ 258.072980] brcmfmac: brcmf_mon_add_vif: Adding vif "mon0" [ 393.964503] device wlan0 entered promiscuous mode [ 414.801778] device wlan0 left promiscuous mode [ 453.056003] device wlan0 entered promiscuous mode [ 473.420060] device wlan0 left promiscuous mode [ 513.715934] device wlan0 entered promiscuous mode [ 533.442951] device wlan0 left promiscuous mode [ 573.675968] device wlan0 entered promiscuous mode [ 593.443722] device wlan0 left promiscuous mode [ 633.693354] device wlan0 entered promiscuous mode [ 653.443688] device wlan0 left promiscuous mode [ 693.708068] device wlan0 entered promiscuous mode [ 713.445849] device wlan0 left promiscuous mode [ 753.718999] device wlan0 entered promiscuous mode [ 773.445412] device wlan0 left promiscuous mode [ 813.690579] device wlan0 entered promiscuous mode [ 833.445884] device wlan0 left promiscuous mode [ 873.683875] device wlan0 entered promiscuous mode [ 893.446219] device wlan0 left promiscuous mode [ 933.693801] device wlan0 entered promiscuous mode [ 953.446321] device wlan0 left promiscuous mode [ 993.663987] device wlan0 entered promiscuous mode [ 1013.457120] device wlan0 left promiscuous mode [ 1053.654373] device wlan0 entered promiscuous mode [ 1073.447614] device wlan0 left promiscuous mode [ 1113.711574] device wlan0 entered promiscuous mode [ 1133.448362] device wlan0 left promiscuous mode [ 1173.675448] device wlan0 entered promiscuous mode [ 1193.450528] device wlan0 left promiscuous mode [ 1233.684057] device wlan0 entered promiscuous mode

jlinktu commented 6 months ago

Unfortunately, this doesn't help in identifying the issues.

You can try to make sure not being in sleep mode with: sudo iw dev wlan0 set power_save off, but it can be that this doesn't make any difference as the chip should not sleep anyways.

When such a hang-up occurs again, please run the following and post the output:

sudo -u root cat /sys/kernel/debug/ieee80211/$(iw dev wlan0 info | awk '/wiphy/ {printf "phy" $2}')/forensics; echo
rack570 commented 6 months ago

@jlinktu Hi, thank you for continuing to reply. I was in the middle of trouble because I was constantly getting errors. I didn't expect to have trouble extracting csi before I even solved the problem with csi data processing. XD

Just like you said "sudo iw dev wlan0 set power_save off" I wrote the script by adding this command from the original script. But the error is still continuing. I'll give you a general command that might help you. I really hope this is resolved.

Note: I don't think it's a "sleep" issue. Instead of a script that sets this extraction cycle, I've had csi continuously extracted and observed it. This time, I was getting about 9300 packets, but stopped along the way. My sampling rates are 25Hz, and it's a beacon frame, not an artificial ICMP ping. Is the beacon signal an issue?

pi@raspberrypi:~ $ sudo su root@raspberrypi:/home/pi# chmod +x nexmon_v3_5G_2.sh root@raspberrypi:/home/pi# ./nexmon_v3_5G_2.sh hihi zz nexmon extractor gogo Enter the value of k : 144 Enter capture duration (second) : 20 Enter sleep duration over 60s (second) : 280 Enter the time (ex.hhmmss) : 193500 tcpdump: listening on wlan0, link-type EN10MB (Ethernet), snapshot length 262144 bytes Maximum file limit reached: 1 457 packets captured 482 packets received by filter 0 packets dropped by kernel Saved file number zz : 1 of 144 Next desired time: 194000 Sleeping for 252 seconds... & Waiting for 28 seconds... tcpdump: listening on wlan0, link-type EN10MB (Ethernet), snapshot length 262144 bytes Maximum file limit reached: 1 460 packets captured 485 packets received by filter 0 packets dropped by kernel Saved file number zz : 2 of 144 Next desired time: 194500 Sleeping for 252 seconds... & Waiting for 28 seconds... tcpdump: listening on wlan0, link-type EN10MB (Ethernet), snapshot length 262144 bytes Maximum file limit reached: 1 456 packets captured 481 packets received by filter 0 packets dropped by kernel Saved file number zz : 3 of 144 Next desired time: 195000 Sleeping for 252 seconds... & Waiting for 28 seconds... tcpdump: listening on wlan0, link-type EN10MB (Ethernet), snapshot length 262144 bytes Maximum file limit reached: 1 481 packets captured 506 packets received by filter 0 packets dropped by kernel Saved file number zz : 4 of 144 Next desired time: 195500 Sleeping for 252 seconds... & Waiting for 28 seconds... tcpdump: listening on wlan0, link-type EN10MB (Ethernet), snapshot length 262144 bytes Maximum file limit reached: 1 458 packets captured 482 packets received by filter 0 packets dropped by kernel Saved file number zz : 5 of 144 Next desired time: 200000 Sleeping for 252 seconds... & Waiting for 28 seconds... tcpdump: listening on wlan0, link-type EN10MB (Ethernet), snapshot length 262144 bytes ^Zt 0 --------------------------------------------------------> Stop command due to error [1]+ Stopped ./nexmon_v3_5G_2.sh root@raspberrypi:/home/pi# sudo -u root cat /sys/kernel/debug/ieee80211/$(iw dev wlan0 info | awk '/wiphy/ {printf "phy" $2}')/forensics; echo hndarm_armr addr: 0x18002000, cr4_idx: 0 000000.001 RTE (SDIO-CDC) 7.45.189 (r714228 CY) on BCM4345 r6 @ 37.4/160.2/160.2MHz 000000.001 nvram_init: called again without calling nvram_exit() 000000.002 sdpcmdcdc0: Broadcom SDPCMD CDC driver 000000.002 nvram_init: called again without calling nvram_exit() 000000.002 Decompressing ucode at 002207a4 (len: 28657) at 0025a4e0 000000.146 Decompression res:0 000000.147 reclaim section 0: Returned 41892 bytes to the heap 000000.149 wlc_bmac_info_init: host_enab 0 000000.149 Overriding vendor id = 0x14e4 000000.149 Overriding device id = 0x43ab 000000.149 wlc_bmac_attach, deviceid 0x43ab nbands 2 000000.172 wl0: wlc_bmac_attach: chiprev 6 corerev 54 cccap 0x18680009 maccap 0xa0018305 band 2.4G, phy_type 11 phy_rev 20 000000.172 wl0: wlc_bmac_attach: chiprev 6 corerev 54 cccap 0x18680009 maccap 0xa0018305 band 5G, phy_type 11 phy_rev 20 000000.199 wl0: wlc_stf_txcore_shmem_write: No clock 000000.200 wl0: wlc_ampdu_tx_set: AGG Mode = MAC+AQM txmaxpkts 0 txmaxpkts_agg 1024 000000.205 wl0: wlc_channels_commit: no valid channel for "#n" nbands 2 bandlocked 0 000000.206 wl0: Broadcom BCM4345 802.11 Wireless Controller 7.45.189 (r714228 CY) 000000.207 TCAM: 256 used: 237 exceed:0 000000.208 reclaim section 1: Returned 118076 bytes to the heap 000000.208 reclaim section 4: Returned 44 bytes to the heap 000000.208 sdpcmd_dpc: Enable 000000.246 wl0: wlc_iovar_op: txbf BCME -23 (Unsupported) 000000.249 wl0: unable to find iovar "rsdb_mode" 000000.249 wl0: wlc_iovar_op: rsdb_mode BCME -23 (Unsupported) 000000.250 wl0: unable to find iovar "tdls_enable" 000000.250 wl0: wlc_iovar_op: tdls_enable BCME -23 (Unsupported) 000036.327 wl0: unable to find iovar "toe_ol" 000036.327 wl0: wlc_iovar_op: toe_ol BCME -23 (Unsupported) 000036.327 wl0: wl_open 000036.338 wl0: wlc_phy_set_regtbl_on_femctrl: FIXME bt_coex 000036.508 wl0: unable to find iovar "toe_ol" 000036.508 wl0: wlc_iovar_op: toe_ol BCME -23 (Unsupported) root@raspberrypi:/home/pi#

jlinktu commented 6 months ago

Nothing in there that indicated a crash or misbehavior of the firmware.

Maybe interference with a different program that tries to access the wifi chip, such as wpa_supplicant or a network manager? Is the channel of your choice still set when the capture stops? (you can check with nexutil -k)

Can you rule out that your transmitter is misbehaving?

rack570 commented 6 months ago

@jlinktu The extraction just stopped, so I checked thenexutil -k you mentioned, and it's the same channel 44 I set initially. And I have 3 transmitters in total, just in case, I've already checked them and these errors are constantly occurring for all transmitters. wpa_supplicant is not running. If there is no problem with the firmware, is it because of the instability of the raspberry pie due to the device load? I purposely added the sleep command to stop the load. However, when I asked ( nexmonster/nexmon_csi ), they answered that they had tried it for up to 16 hours. hmm,. I'm having a lot of worries.

Could you please check this out? This is the result of running sudo -u root cat /sys/ kernel/debug/ieeee80211/$ (iw dev wlan0 info | awk '/wiphy/{printf "py" $2})/forensics; echo. There's something different from the output I gave you before. "wl0: dma_rx: bad frame length"

Saved file number zz : 43 of 100 Next desired time: 115400 Sleeping for 36 seconds... & Waiting for 4 seconds... tcpdump: listening on wlan0, link-type EN10MB (Ethernet), snapshot length 262144 bytes Maximum file limit reached: 1 1404 packets captured 1480 packets received by filter 0 packets dropped by kernel Saved file number zz : 44 of 100 Next desired time: 115500 Sleeping for 36 seconds... & Waiting for 4 seconds... tcpdump: listening on wlan0, link-type EN10MB (Ethernet), snapshot length 262144 bytes ^Zt 0 ---------------------------------------------------> csi packets capture stopped [1]+ Stopped ./nexmon_v3.sh root@raspberrypi:/home/pi# nexutil -k chanspec: 0xd02c, 44 root@raspberrypi:/home/pi# sudo -u root cat /sys/kernel/debug/ieee80211/$(iw dev wlan0 info | awk '/wiphy/ {printf "phy" $2}')/forensics; echo lled again without calling nvram_exit() 000000.002 sdpcmdcdc0: Broadcom SDPCMD CDC driver 000000.002 nvram_init: called again without calling nvram_exit() 000000.002 Decompressing ucode at 002207a4 (len: 28657) at 0025a4e0 000000.146 Decompression res:0 000000.147 reclaim section 0: Returned 41892 bytes to the heap 000000.149 wlc_bmac_info_init: host_enab 0 000000.149 Overriding vendor id = 0x14e4 000000.149 Overriding device id = 0x43ab 000000.149 wlc_bmac_attach, deviceid 0x43ab nbands 2 000000.172 wl0: wlc_bmac_attach: chiprev 6 corerev 54 cccap 0x18680009 maccap 0xa0018305 band 2.4G, phy_type 11 phy_rev 20 000000.172 wl0: wlc_bmac_attach: chiprev 6 corerev 54 cccap 0x18680009 maccap 0xa0018305 band 5G, phy_type 11 phy_rev 20 000000.199 wl0: wlc_stf_txcore_shmem_write: No clock 000000.200 wl0: wlc_ampdu_tx_set: AGG Mode = MAC+AQM txmaxpkts 0 txmaxpkts_agg 1024 000000.205 wl0: wlc_channels_commit: no valid channel for "#n" nbands 2 bandlocked 0 000000.206 wl0: Broadcom BCM4345 802.11 Wireless Controller 7.45.189 (r714228 CY) 000000.207 TCAM: 256 used: 237 exceed:0 000000.208 reclaim section 1: Returned 118076 bytes to the heap 000000.208 reclaim section 4: Returned 44 bytes to the heap 000000.208 sdpcmd_dpc: Enable 000000.224 wl0: wlc_iovar_op: txbf BCME -23 (Unsupported) 000000.227 wl0: unable to find iovar "rsdb_mode" 000000.227 wl0: wlc_iovar_op: rsdb_mode BCME -23 (Unsupported) 000000.228 wl0: unable to find iovar "tdls_enable" 000000.228 wl0: wlc_iovar_op: tdls_enable BCME -23 (Unsupported) 000103.756 wl0: unable to find iovar "toe_ol" 000103.756 wl0: wlc_iovar_op: toe_ol BCME -23 (Unsupported) 000103.756 wl0: wl_open 000103.768 wl0: wlc_phy_set_regtbl_on_femctrl: FIXME bt_coex 000103.928 wl0: unable to find iovar "toe_ol" 000103.928 wl0: wlc_iovar_op: toe_ol BCME -23 (Unsupported) 000747.342 wl0: dma_rx: bad frame length (1651) 000924.803 wl0: dma_rx: bad frame length (1698) 002392.853 wl0: dma_rx: bad frame length (1682) 002453.845 wl0: dma_rx: bad frame length (1682)

jlinktu commented 6 months ago

Seems not to be related to your problem.

rack570 commented 5 months ago

Hello @jlinktu

I think I might have found something regarding this phenomenon. When extracting data at 80MHz, I can receive CSI continuously without interruptions, but when I set it to 20MHz or 40MHz, it stops partway through. I have insisted on using 20MHz because I thought that 256 subcarriers were too many. Could there be a software bug when extracting CSI at 20MHz or 40MHz?

jlinktu commented 5 months ago

I don't think so. There is no obvious place where different bandwidths behave that differently. But I also can't reproduce this behavior.