search

seemoo-lab / nexmon_csi

Channel State Information Extraction on Various Broadcom Wi-Fi Chips
306 stars 121 forks source link

Suggestions on improvements :-) #51

Open ghost opened 4 years ago

ghost commented 4 years ago

Hi, I am a researcher at the area of wireless sensing, and I believe this project will impact a lot since it helps extend the CSI based development to 802.11ac platforms. Thanks for your work!

As a normal user, following the detailed user guide, currently I have made it work on Nexus5, Raspberry Pi and Asus-RT86U, CSI extraction on the receiver side operates well.

According to personal using experience, to help make the CSI extraction tool more user-friendly, I want to suggest as below, 1) Could you offer a user space application for frame injection on Tx side? When using CSI for Wi-Fi sensing, configuration on Tx is as important as it's on Rx, because it decides the channel sampling rate (frame interval), spatial resolution (#Antennas on Tx) and frequency resolution (bandwidth). Therefore, an application for frame injection with support on these configurations will provide great convenience for us lazy researchers who focus all energy on a narrow area. 2) Could you provide another version of matlab code that helps separate CSI of different spatial streams? When I use Asus-RT86U as the receiver with the number of antennas set to 3, the "decoded" CSI is in the size of #packet x #subcarriers, and without the dimension of #antennas (Tx/Rx). According to your recent papers, I believe CSI with full size is uploaded to user space with current firmware patch, and a final shot will make it perfect.

Although the advice comes from personal using experience, I think it also applies to many other researchers who are not experts on the register level engineering. So please consider the suggestions.

Again, thanks for your work and may this project get a lot of citations.

jlinktu commented 4 years ago

Hi @PtOH03 ,

thank you for the suggestions.

  1. It is indeed very useful to have control over the transmission side. I'm currently short on time but might be able to add tx functionalities directly to this patch in the near future. Till then you can also use the default nexmon patches for bcm4339, bcm43455c0, and bcm4358 that already support frame injection.
  2. The antenna and spatial streams the CSI are extracted from are given in the header of the CSI packet. For the Asus RT-AC86U you could use: 
    payloadbytes = typecast(payload,'uint8');
core = bitand(payloadbytes(56),3);
rxss = bitand(bitshift(payloadbytes(56),-3),3);

    and for the other chips:

    payloadbytes = typecast(payload,'uint8');
core = bitand(payloadbytes(55),3);
rxss = bitand(bitshift(payloadbytes(55),-3),3);

    Insert after https://github.com/seemoo-lab/nexmon_csi/blob/b52fca3abc18715d6d12692e531164b5d62a78fd/utils/matlab/csireader.m#L36 This will give you a value from 0 up to 3 for both core and spatial stream of the CSI that are currently processed.