[ath9k-devel] Spectral Scan in ath9k

[ath9k-devel] Spectral Scan in ath9k

[Saulo Queiroz]

Hello,

I intend to use ath9k to perform some tests on demodulated FFT samples.
I found out the definition  #define AR_PHY_SPECTRAL_SCAN
0x9910  /* AR9280 spectral scan configuration register
but since I am a beginner in the ath9k, I have no idea about using it to
achieve my goal.

 I really would be very grateful  if some can provide me with informations
that help me to access such data in the code.


thanks
-- 
Saulo Jorge bq
-
"In theory, there is no difference between practice and theory, in practice
there is"
-- Someone
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.ath9k.org/pipermail/ath9k-devel/attachments/20120324/00e36304/attachment.htm 

[ath9k-devel] Spectral Scan in ath9k

[Adrian Chadd]

On 24 March 2012 08:50, Saulo Queiroz <ssaulojorge@gmail.com> wrote:
> Hello,
>
> I intend to use ath9k to perform some tests on demodulated FFT samples.
> I found out the definition ?#define AR_PHY_SPECTRAL_SCAN
> 0x9910? /* AR9280 spectral scan configuration register
> but since I am a beginner in the ath9k, I have no idea about using it to
> achieve my goal.
>
> ?I really would be very grateful ?if some can provide me with informations
> that help me to access such data in the code.

Hi,

People keep asking about spectral scan, bah. :-)

There are some plans afoot to try and get this stuff opened and
documented. Like anything, it's more complicated than "just provide
register details", as it's not as easy as just flipping on some bits
and getting FFT samples.



Adrian

[ath9k-devel] Spectral Scan in ath9k

[Alex Hacker]

Hi,

It's easy to get raw FFT data from the card, but then some cryptoanalytic work
should be done in MathLab. Actualy I'm busy (lazy) man... will wait for open
information which Adrian promised. :) I beleave the open source community can
implement these features better than MicroTik did it.

Best regards,
Alex.

On Sat, Mar 24, 2012 at 03:53:40PM -0700, Adrian Chadd wrote:
> On 24 March 2012 08:50, Saulo Queiroz <ssaulojorge@gmail.com> wrote:
> > Hello,
> >
> > I intend to use ath9k to perform some tests on demodulated FFT samples.
> > I found out the definition ?#define AR_PHY_SPECTRAL_SCAN
> > 0x9910? /* AR9280 spectral scan configuration register
> > but since I am a beginner in the ath9k, I have no idea about using it to
> > achieve my goal.
> >
> > ?I really would be very grateful ?if some can provide me with informations
> > that help me to access such data in the code.
> 
> Hi,
> 
> People keep asking about spectral scan, bah. :-)
> 
> There are some plans afoot to try and get this stuff opened and
> documented. Like anything, it's more complicated than "just provide
> register details", as it's not as easy as just flipping on some bits
> and getting FFT samples.
> 
> 
> 
> Adrian
> _______________________________________________
> ath9k-devel mailing list
> ath9k-devel at lists.ath9k.org
> https://lists.ath9k.org/mailman/listinfo/ath9k-devel

-- 

[ath9k-devel] Spectral Scan in ath9k

[Saulo Queiroz]

Alex,

I'm really new in the ath9k code.

May you give at least soure-code-related key words about that?
What should I look for in the code to get raw FFT?
Then, what may you point a reference about what procedure should be
performed in mathlab to decoded it?
thanks

On 30 May 2012 07:25, Alex Hacker <hacker@epn.ru> wrote:

> Hi,
>
> It's easy to get raw FFT data from the card, but then some cryptoanalytic
> work
> should be done in MathLab. Actualy I'm busy (lazy) man... will wait for
> open
> information which Adrian promised. :) I beleave the open source community
> can
> implement these features better than MicroTik did it.
>
> Best regards,
> Alex.
>
> On Sat, Mar 24, 2012 at 03:53:40PM -0700, Adrian Chadd wrote:
> > On 24 March 2012 08:50, Saulo Queiroz <ssaulojorge@gmail.com> wrote:
> > > Hello,
> > >
> > > I intend to use ath9k to perform some tests on demodulated FFT samples.
> > > I found out the definition  #define AR_PHY_SPECTRAL_SCAN
> > > 0x9910  /* AR9280 spectral scan configuration register
> > > but since I am a beginner in the ath9k, I have no idea about using it
> to
> > > achieve my goal.
> > >
> > >  I really would be very grateful  if some can provide me with
> informations
> > > that help me to access such data in the code.
> >
> > Hi,
> >
> > People keep asking about spectral scan, bah. :-)
> >
> > There are some plans afoot to try and get this stuff opened and
> > documented. Like anything, it's more complicated than "just provide
> > register details", as it's not as easy as just flipping on some bits
> > and getting FFT samples.
> >
> >
> >
> > Adrian
> > _______________________________________________
> > ath9k-devel mailing list
> > ath9k-devel at lists.ath9k.org
> > https://lists.ath9k.org/mailman/listinfo/ath9k-devel
>
> --
> _______________________________________________
> ath9k-devel mailing list
> ath9k-devel at lists.ath9k.org
> https://lists.ath9k.org/mailman/listinfo/ath9k-devel
>



-- 
Saulo Jorge bq
-
"In theory, there is no difference between practice and theory, in practice
there is"
-- Someone
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.ath9k.org/pipermail/ath9k-devel/attachments/20120531/bf9c0866/attachment.htm 

[ath9k-devel] Spectral Scan in ath9k

[Alex Hacker]

On Thu, May 31, 2012 at 07:58:11AM -0300, Saulo Queiroz wrote:
>    Alex,
>    I'm really new in the ath9k code.
>    May you give at least soure-code-related key words about that?
>    What should I look for in the code to get raw FFT?
>    Then, what may you point a reference about what procedure should be
>    performed in mathlab to decoded it?
>    thanks

Hi Saulo,
It's too long to describe all required code in detail but in short you need
to do the following.
1. Enable receiving of radar pulses in AR_RX_FILTER register.
2. Set some values in AR_PHY_SPECTRAL_SCAN. Do not miss both
AR_PHY_SPECTRAL_SCAN_ENABLE and AR_PHY_SPECTRAL_SCAN_ACTIVE bits.
3. Catch the rx descriptors with phy error 5 (on ar92xx) or 38 (on ar93xx).
You get several packets around 1500 bytes long with FFT data. About MatLab it
is joke of course, but it can be helpful in data analysis. :) For my eye it
looks like series of radar pulses.

Best wishes to you, let me know if you found something.
Alex.

> 
>    On 30 May 2012 07:25, Alex Hacker <hacker@epn.ru> wrote:
> 
>      Hi,
> 
>      It's easy to get raw FFT data from the card, but then some
>      cryptoanalytic work
>      should be done in MathLab. Actualy I'm busy (lazy) man... will wait for
>      open
>      information which Adrian promised. :) I beleave the open source
>      community can
>      implement these features better than MicroTik did it.
> 
>      Best regards,
>      Alex.
>      On Sat, Mar 24, 2012 at 03:53:40PM -0700, Adrian Chadd wrote:
>      > On 24 March 2012 08:50, Saulo Queiroz <ssaulojorge@gmail.com> wrote:
>      > > Hello,
>      > >
>      > > I intend to use ath9k to perform some tests on demodulated FFT
>      samples.
>      > > I found out the definition  #define AR_PHY_SPECTRAL_SCAN
>      > > 0x9910  /* AR9280 spectral scan configuration register
>      > > but since I am a beginner in the ath9k, I have no idea about using
>      it to
>      > > achieve my goal.
>      > >
>      > >  I really would be very grateful  if some can provide me with
>      informations
>      > > that help me to access such data in the code.
>      >
>      > Hi,
>      >
>      > People keep asking about spectral scan, bah. :-)
>      >
>      > There are some plans afoot to try and get this stuff opened and
>      > documented. Like anything, it's more complicated than "just provide
>      > register details", as it's not as easy as just flipping on some bits
>      > and getting FFT samples.
>      >
>      >
>      >
>      > Adrian
>      > _______________________________________________
>      > ath9k-devel mailing list
>      > ath9k-devel at lists.ath9k.org
>      > https://lists.ath9k.org/mailman/listinfo/ath9k-devel
>      --
>      _______________________________________________
>      ath9k-devel mailing list
>      ath9k-devel at lists.ath9k.org
>      https://lists.ath9k.org/mailman/listinfo/ath9k-devel
> 
>    --
>    Saulo Jorge bq
>    -
>    "In theory, there is no difference between practice and theory, in
>    practice there is"
>    -- Someone
> 
> References
> 
>    Visible links
>    . mailto:hacker at epn.ru
>    . mailto:ssaulojorge at gmail.com
>    . mailto:ath9k-devel at lists.ath9k.org
>    . https://lists.ath9k.org/mailman/listinfo/ath9k-devel
>    . mailto:ath9k-devel at lists.ath9k.org
>    . https://lists.ath9k.org/mailman/listinfo/ath9k-devel

> _______________________________________________
> ath9k-devel mailing list
> ath9k-devel at lists.ath9k.org
> https://lists.ath9k.org/mailman/listinfo/ath9k-devel


-- 

[ath9k-devel] Spectral Scan in ath9k

[abhinav narain]

hey,
  How do you know what is the meaning of PHY_ERR 5 or 38 ..
is there a documentation about finding out what causes phyerr 5 to occur ?

On Wed, May 30, 2012 at 6:25 AM, Alex Hacker <hacker@epn.ru> wrote:

> Hi,
>
> It's easy to get raw FFT data from the card, but then some cryptoanalytic
> work
> should be done in MathLab. Actualy I'm busy (lazy) man... will wait for
> open
> information which Adrian promised. :) I beleave the open source community
> can
> implement these features better than MicroTik did it.
>
> Best regards,
> Alex.
>
> On Sat, Mar 24, 2012 at 03:53:40PM -0700, Adrian Chadd wrote:
> > On 24 March 2012 08:50, Saulo Queiroz <ssaulojorge@gmail.com> wrote:
> > > Hello,
> > >
> > > I intend to use ath9k to perform some tests on demodulated FFT samples.
> > > I found out the definition  #define AR_PHY_SPECTRAL_SCAN
> > > 0x9910  /* AR9280 spectral scan configuration register
> > > but since I am a beginner in the ath9k, I have no idea about using it
> to
> > > achieve my goal.
> > >
> > >  I really would be very grateful  if some can provide me with
> informations
> > > that help me to access such data in the code.
> >
> > Hi,
> >
> > People keep asking about spectral scan, bah. :-)
> >
> > There are some plans afoot to try and get this stuff opened and
> > documented. Like anything, it's more complicated than "just provide
> > register details", as it's not as easy as just flipping on some bits
> > and getting FFT samples.
> >
> >
> >
> > Adrian
> > _______________________________________________
> > ath9k-devel mailing list
> > ath9k-devel at lists.ath9k.org
> > https://lists.ath9k.org/mailman/listinfo/ath9k-devel
>
> --
> _______________________________________________
> ath9k-devel mailing list
> ath9k-devel at lists.ath9k.org
> https://lists.ath9k.org/mailman/listinfo/ath9k-devel
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.ath9k.org/pipermail/ath9k-devel/attachments/20120531/23f648b9/attachment-0001.htm 

[ath9k-devel] Spectral Scan in ath9k

[Adrian Chadd]

Argh, there's more to it.. :-)

For AR9160 and later, you can enable the FFT bit in one of the radar
registers and you'll get some FFT reports for longer radar pulses.
It's enabled by default in the code that we've committed to ath9k and
FreeBSD HAL.

Spectral scan mode is related but different (and not in AR9160.)

So for longer pulses, you'll get RADAR payload (phyerr code = 5) which
may just have the pri/ext pulse duration and some config info, or it
may have a series of FFT reports first. That's just for radar stuff
though, it's not spectral scan.

That's why he mentioned code = 5 or code = 38.


Adrian

[ath9k-devel] Spectral Scan in ath9k

[Peizhao Hu]

On 01/06/12 05:19, Adrian Chadd wrote:
> Argh, there's more to it.. :-)
>
> For AR9160 and later, you can enable the FFT bit in one of the radar
> registers and you'll get some FFT reports for longer radar pulses.
> It's enabled by default in the code that we've committed to ath9k and
> FreeBSD HAL.
>
> Spectral scan mode is related but different (and not in AR9160.)
>
> So for longer pulses, you'll get RADAR payload (phyerr code = 5) which
> may just have the pri/ext pulse duration and some config info, or it
> may have a series of FFT reports first. That's just for radar stuff
> though, it's not spectral scan.
>
> That's why he mentioned code = 5 or code = 38.
>
>
> Adrian
> _______________________________________________
> ath9k-devel mailing list
> ath9k-devel at lists.ath9k.org
> https://lists.ath9k.org/mailman/listinfo/ath9k-devel
Hi Adrian,

To summarize what you saying if I have later chipset than AR9160 (e.g., 
AR9280/AR9285), then the FFT bit is enabled by default.

So for longer pulses, you'll get RADAR payload (phyerr code = 5) which
may just have the pri/ext pulse duration and some config info, or it
may have a series of FFT reports first. That's just for radar stuff
though, it's not spectral scan.

Could you please explain what you mean by the radar stuff? So what is 
the spectral scan report? does anyone know?

Is there anyone ready to start a documentation on this feature?


--
Regards;

Peizhao

[ath9k-devel] Spectral Scan in ath9k

[Adrian Chadd]

If you have an AR9160 or later, the radar detection "FFT enable" bit
is set, so for long chirp looking pulses that match the radar detect
thresholds, you should see larger PHY error frames - those have radar
FFT data.

It's kind of, but not quite, spectral scan - which is a feature
starting with the AR9280.




Adrian

[ath9k-devel] Spectral Scan in ath9k

[Alex Hacker]

On Thu, May 31, 2012 at 12:19:08PM -0700, Adrian Chadd wrote:
> Argh, there's more to it.. :-)
> 
> For AR9160 and later, you can enable the FFT bit in one of the radar
> registers and you'll get some FFT reports for longer radar pulses.
> It's enabled by default in the code that we've committed to ath9k and
> FreeBSD HAL.
> 
> Spectral scan mode is related but different (and not in AR9160.)
> 
> So for longer pulses, you'll get RADAR payload (phyerr code = 5) which
> may just have the pri/ext pulse duration and some config info, or it
> may have a series of FFT reports first. That's just for radar stuff
> though, it's not spectral scan.
> 
> That's why he mentioned code = 5 or code = 38.
> 
> 
> Adrian

Hi Adrian.
Yes, I'm thinking same way. You right, some additional information required.
But for guys who have an interest and time to do some reverse engineering we
give a starting point. :) Just another more clear hint for them. Look into
published DFS code (it's low level part) and HW radar filter parameters in
AR_PHY_RADAR_* registers.

Best regards to you,
Alex.

[ath9k-devel] Spectral Scan in ath9k

[Claudio]

Alex Hacker <hacker <at> epn.ru> writes:

> 
> On Thu, May 31, 2012 at 12:19:08PM -0700, Adrian Chadd wrote:
> > Argh, there's more to it.. 
> > 
> > For AR9160 and later, you can enable the FFT bit in one of the radar
> > registers and you'll get some FFT reports for longer radar pulses.
> > It's enabled by default in the code that we've committed to ath9k and
> > FreeBSD HAL.
> > 
> > Spectral scan mode is related but different (and not in AR9160.)
> > 
> > So for longer pulses, you'll get RADAR payload (phyerr code = 5) which
> > may just have the pri/ext pulse duration and some config info, or it
> > may have a series of FFT reports first. That's just for radar stuff
> > though, it's not spectral scan.
> > 
> > That's why he mentioned code = 5 or code = 38.
> > 
> > 
> > Adrian
> 
> Hi Adrian.
> Yes, I'm thinking same way. You right, some additional information 
required.
> But for guys who have an interest and time to do some reverse engineering 
we
> give a starting point. :) Just another more clear hint for them. Look into
> published DFS code (it's low level part) and HW radar filter parameters in
> AR_PHY_RADAR_* registers.
> 
> Best regards to you,
> Alex.
> 

Hi all,
 first of all thank you for the code you have developed.
I have tried to use it but at each time outputs a different number of FFT 
samples.

I am using FFT_eval (https://github.com/simonwunderlich/FFT_eval) and the 
following commands:


echo chanscan > /sys/kernel/debug/ieee80211/phy0/ath9k/spectral_scan_ctl
iw dev wlan0 scan
cat /sys/kernel/debug/ieee80211/phy0/ath9k/spectral_scan0 > /tmp/fft_resusts
./fft_eval /tmp/fft_results 

On average I get 200-400 samples but sometimes I got even 7k samples, which 
is very good.

I was wondering what causes such variability on how (if possible) perform 
the spectral scan obtaining a high and constant sample set.

I am not touching the other parameters and I am using compat-drivers-3.9-
rc4-2-s

Thank you

Claudio

[ath9k-devel] Spectral Scan in ath9k

[Oleksij Rempel]

Am 08.05.2013 18:15, schrieb Claudio:
>
> Alex Hacker <hacker <at> epn.ru> writes:
>
>>
>> On Thu, May 31, 2012 at 12:19:08PM -0700, Adrian Chadd wrote:
>>> Argh, there's more to it..
>>>
>>> For AR9160 and later, you can enable the FFT bit in one of the radar
>>> registers and you'll get some FFT reports for longer radar pulses.
>>> It's enabled by default in the code that we've committed to ath9k and
>>> FreeBSD HAL.
>>>
>>> Spectral scan mode is related but different (and not in AR9160.)
>>>
>>> So for longer pulses, you'll get RADAR payload (phyerr code = 5) which
>>> may just have the pri/ext pulse duration and some config info, or it
>>> may have a series of FFT reports first. That's just for radar stuff
>>> though, it's not spectral scan.
>>>
>>> That's why he mentioned code = 5 or code = 38.
>>>
>>>
>>> Adrian
>>
>> Hi Adrian.
>> Yes, I'm thinking same way. You right, some additional information
> required.
>> But for guys who have an interest and time to do some reverse engineering
> we
>> give a starting point. :) Just another more clear hint for them. Look into
>> published DFS code (it's low level part) and HW radar filter parameters in
>> AR_PHY_RADAR_* registers.
>>
>> Best regards to you,
>> Alex.
>>
>
> Hi all,
>   first of all thank you for the code you have developed.
> I have tried to use it but at each time outputs a different number of FFT
> samples.
>
> I am using FFT_eval (https://github.com/simonwunderlich/FFT_eval) and the
> following commands:
>
>
> echo chanscan > /sys/kernel/debug/ieee80211/phy0/ath9k/spectral_scan_ctl
> iw dev wlan0 scan
> cat /sys/kernel/debug/ieee80211/phy0/ath9k/spectral_scan0 > /tmp/fft_resusts
> ./fft_eval /tmp/fft_results
>
> On average I get 200-400 samples but sometimes I got even 7k samples, which
> is very good.
>
> I was wondering what causes such variability on how (if possible) perform
> the spectral scan obtaining a high and constant sample set.
>
> I am not touching the other parameters and I am using compat-drivers-3.9-
> rc4-2-s

each time driver do scheduled or unscheduled channel scan, it collect 
samples for spectral scan.
make a lopp with "iw dev wlan0 scan" and you will got mach more samples :)



-- 
Regards,
Oleksij

[ath9k-devel] Spectral Scan in ath9k

[Gui Iribarren]

On 05/08/2013 07:50 PM, Oleksij Rempel wrote:
> Am 08.05.2013 18:15, schrieb Claudio:
>> Hi all,
>>    first of all thank you for the code you have developed.

Indeed, it opens the door to many interesting possibilities!
Thanks a lot Simon and Mathias for letting the genie out of the bottle, 
and Adrian, Felix, Zefir for helping its way out :P

I finally got to play with Simon's code and it works better than i expected
http://blog.altermundi.net/article/playing-with-ath9k-spectral-scan/

>> echo chanscan > /sys/kernel/debug/ieee80211/phy0/ath9k/spectral_scan_ctl
>> iw dev wlan0 scan
>> cat /sys/kernel/debug/ieee80211/phy0/ath9k/spectral_scan0 > /tmp/fft_resusts
>> ./fft_eval /tmp/fft_results
>>
>> On average I get 200-400 samples but sometimes I got even 7k samples, which
>> is very good.

In my case i get a fairly constant 112 samples per "iw wlan0 scan", but 
as always, YMMV.

maybe something is triggering periodic scans on your hardware? (i.e. a 
STA wifi-iface in OpenWrt does this every 2 or 3 seconds until it 
associates to an AP). In that case, just idling between "cat 
spectral_scan"s will increase the number of samples.
Try running "iw event" in parallel to see what's happening.

Cheers and have spectral fun!!

Gui

[ath9k-devel] Realtime plot of Spectral Scan in ath9k

[Gui Iribarren]

On 06/10/2013 12:15 PM, Gui Iribarren wrote:
> Indeed, it opens the door to many interesting possibilities!
> Thanks a lot Simon and Mathias for letting the genie out of the bottle,
> and Adrian, Felix, Zefir for helping its way out :P
>
> I finally got to play with Simon's code and it works better than i expected
> http://blog.altermundi.net/article/playing-with-ath9k-spectral-scan/

And today, as a homage,
I destroyed Simon's code, removing SDL-related stuff, and managed to 
port it to (a.k.a. blindly hacked my way into) an openwrt package.

then threw in some flot and *cough*bash-cgi, and made this mashup of a 
realtime plot of a spectral scan result, running at 3fps, while 
maintaining normal traffic, since samples are collected during idle 
times with no channel hopping involved

http://czuk.red.quintanalibre.org.ar/spectral_scan.html

(as usual, it's ipv6 only, `dig aaaa @8.8.8.8` if in doubt
also, czuk's connectivity has been flaky these days, so if it doesn't 
work, retry in a couple hours)

i only wrote a few lines (most of the work was in fact the *opposite* of 
writing ;) ), but the obligatory fork is here

https://github.com/libre-mesh/FFT_eval/

i haven't wrapped up neatly the openwrt Makefile yet, or flot html/ json 
cgi, but will do ASAP and send links

plotting the whole spectrum is trivial (a single line of code) but 
hopping takes longer (i see a 45ms gap between one freq and another, vs 
1.5 ms between samples on the same freq) and disrupts communications, so 
fps must be lowered to about 0.3 to get a reasonable compromise between 
1) temporal resolution, and 2) being able to communicate to get the data.

(unless, of course, you do like some propietary vendors who disable 
radios during spectral scan views, which then you can only get through 
ethernet, with mobile-unfriendly java software :P)

Cheers!

Gui

[ath9k-devel] Realtime plot of Spectral Scan in ath9k

[Adrian Chadd]

Cool!

Where's the web-side of things?

I'd like to write a freebsd version of this and just share the same
web UI for plotting.


-adrian

On 25 July 2013 06:43, Gui Iribarren <gui@altermundi.net> wrote:
> On 06/10/2013 12:15 PM, Gui Iribarren wrote:
>>
>> Indeed, it opens the door to many interesting possibilities!
>> Thanks a lot Simon and Mathias for letting the genie out of the bottle,
>> and Adrian, Felix, Zefir for helping its way out :P
>>
>> I finally got to play with Simon's code and it works better than i
>> expected
>> http://blog.altermundi.net/article/playing-with-ath9k-spectral-scan/
>
>
> And today, as a homage,
> I destroyed Simon's code, removing SDL-related stuff, and managed to port it
> to (a.k.a. blindly hacked my way into) an openwrt package.
>
> then threw in some flot and *cough*bash-cgi, and made this mashup of a
> realtime plot of a spectral scan result, running at 3fps, while maintaining
> normal traffic, since samples are collected during idle times with no
> channel hopping involved
>
> http://czuk.red.quintanalibre.org.ar/spectral_scan.html
>
> (as usual, it's ipv6 only, `dig aaaa @8.8.8.8` if in doubt
> also, czuk's connectivity has been flaky these days, so if it doesn't work,
> retry in a couple hours)
>
> i only wrote a few lines (most of the work was in fact the *opposite* of
> writing ;) ), but the obligatory fork is here
>
> https://github.com/libre-mesh/FFT_eval/
>
> i haven't wrapped up neatly the openwrt Makefile yet, or flot html/ json
> cgi, but will do ASAP and send links
>
> plotting the whole spectrum is trivial (a single line of code) but hopping
> takes longer (i see a 45ms gap between one freq and another, vs 1.5 ms
> between samples on the same freq) and disrupts communications, so fps must
> be lowered to about 0.3 to get a reasonable compromise between 1) temporal
> resolution, and 2) being able to communicate to get the data.
>
> (unless, of course, you do like some propietary vendors who disable radios
> during spectral scan views, which then you can only get through ethernet,
> with mobile-unfriendly java software :P)
>
> Cheers!
>
> Gui
>
>

[ath9k-devel] Realtime plot of Spectral Scan in ath9k

[Gui Iribarren]

On 07/25/2013 04:54 PM, Adrian Chadd wrote:
> Cool!
>
> Where's the web-side of things?
>
> I'd like to write a freebsd version of this and just share the same
> web UI for plotting.

Hey Adrian!
glad you liked it :D

i made fft_eval output JSON with that in mind. Later it can be optimized 
to save bandwidth, but for my first tinkerings, plain JSON is easier :)

>> i haven't wrapped up neatly the openwrt Makefile yet, or flot html/ json
>> cgi, but will do ASAP and send links

work in progress...
[as of this writing, still mising a trivial Makefile to make a proper 
openwrt package]

https://github.com/libre-mesh/lime-packages/tree/master/packages/spectral-scan-webgui

http://[2a00:1508:1:f002:6670:2ff:feed:f8da]/spectral_scan.html

San Piccinini is working on the waterfall view, consuming the same JSON

http://[2a00:1508:1:f002:6670:2ff:feed:f8da]/spectral_scan_waterfall.html

Gabriel Tolon has various measurement equipment, so i hope with this 
visualization he'll be able to better calibrate or find 
misintepretations of the source data :D

>>
>> plotting the whole spectrum is trivial (a single line of code) but hopping
>> takes longer (i see a 45ms gap between one freq and another, vs 1.5 ms
>> between samples on the same freq)

Turns out I didn't quite understand the meaning of the "tsf",
so those figures are crap,

A full pass over thirteen 2.4ghz channels on my hardware (iw wlan0 scan) 
takes about 75ms, so about 6ms per hop

(specifying "passive" only makes it take longer, funny)

have a nice day!

gui

>> and disrupts communications, so fps must
>> be lowered to about 0.3 to get a reasonable compromise between 1) temporal
>> resolution, and 2) being able to communicate to get the data.
>>
>> (unless, of course, you do like some propietary vendors who disable radios
>> during spectral scan views, which then you can only get through ethernet,
>> with mobile-unfriendly java software :P)
>>
>> Cheers!
>>
>> Gui
>>
>>

[ath9k-devel] Realtime plot of Spectral Scan in ath9k

[Gui Iribarren]

On 07/26/2013 01:18 PM, Gui Iribarren wrote:
> On 07/25/2013 04:54 PM, Adrian Chadd wrote:
>> Cool!
>>
>
> Gabriel Tolon has various measurement equipment, so i hope with this
> visualization he'll be able to better calibrate or find
> misintepretations of the source data :D

Ahh, already enjoying this! Baby steps so far, but already answering my 
own questions about why the data plots the way it is... :)

While trying to visualize a transfer on channel 1, i can see perfectly 
the "ladder" on neighbouring channels, but an unexplainable low sampling 
on the actual channel 1.
Turns out, the FFT is done only when the radio is idle; that is, not 
receiving or sending packets;
Felix told me about that back in April,
and Adrian clearly states in
https://wiki.freebsd.org/dev/ath_hal%284%29/SpectralScan
"either spectral scan FFT reporting can run, OR packet 
transmission/reception"
(+1 Insightful)

but seeing it live, is a whole another thing :D

http://tinypic.com/r/16bld2r/5

now it's pretty clear that when radio is tuned to (say) channel 2, it 
can't decode the packets and only sees a very intense "noise" (i.e part 
of the neighbouring transmission).
but when it's on channel 1, it can fully decode the packets (even though 
they're destinated for someone else) and during that time no FFTs are made.
So, what are the few samples you can see on channel 1?
Well, either A) silent instants along the transfer, or B) partial 
transmissions, but in terms of time; i.e. the radio tuned into 2412 in 
the middle of an ongoing packet, and since it lost half of it, can't 
decode it and samples the "tail" of the packet as a mildly intense "noise".

Cheers!

[ath9k-devel] Realtime plot of Spectral Scan in ath9k

[Adrian Chadd]

Right. Adjacent channels can decode some CCK frames, but OFDM should
look like garbage.

Now, the $50 question - can we (ab)use the signal sizing / threshold
parameters (like what ANI does) to make the OFDM/CCK receiver
effectively deaf to wireless frames, so they appear as spectral
samples? Hm!


-adrian

[ath9k-devel] Realtime plot of Spectral Scan in ath9k

[Gui Iribarren]

On 07/26/2013 06:18 PM, Adrian Chadd wrote:
> Right. Adjacent channels can decode some CCK frames, but OFDM should
> look like garbage.
>
> Now, the $50 question - can we (ab)use the signal sizing / threshold
> parameters (like what ANI does) to make the OFDM/CCK receiver
> effectively deaf to wireless frames, so they appear as spectral
> samples? Hm!

He-he ;)
well, i actually did try the opposite: i wanted to generate/visualize 
recognizable spectral patterns, like a 5mhz bw communication, which 
would definitely appear and stand out clear, so i set a couple of 
routers with wireless.radio0.chanbw=5 ... sadly it didn't work.

/sys/kernel/debug/ieee80211/phy0/ath9k/chanbw was correctly set to 0x5
but communication used 20mhz as usual. didn't dug into it, maybe i was 
missing some other option.. who knows, didn't care much, it was just a test.

Yet, I must admit I didn't think about setting the *scanning* radio to a 
narrower bandwidth, that would definitely make the trick!
Hm, there's no code yet for sampling anything else than HT20,
But in any case, I think we would need a "spectral scan" mode, distinct 
from "normal" scan (which is currently overloaded with sampling), to be 
able to:
a) Use a narrower bandwidth like you say,
b) not send any beacon request, or wait for any beacon (which is what i 
suspect happens in "passive" scans) which would speed up the hopping

i don't know what are the implications of modifying the bw size, is it 
something that can be done just for a single scan? i.e. radio is 
operating normally on 20/40mhz, talking to peers, and for an instant 
(100ms?) makes a quick scan with 5mhz bw over 14 channels in 2.4ghz, 
then goes back to normal 20/40mhz?
maybe a reset is needed between those bw changes?
[I have *absolutely* no idea of what i'm talking about]

Thanks a lot for the feedback Adrian!

Gui

>
>
> -adrian
>

[ath9k-devel] Realtime plot of Spectral Scan in ath9k

[Adrian Chadd]

If you drop the chip into 5/10mhz, it'll still "work". It still
operates the same number of OFDM bins as in HT20 operation; everything
is just half or quarter the width.

So, just drop the chip into 5/10mhz mode and do a spectral scan. Each
bin is going to be 1/2 or 1/4 the width and spacing; the signal level
math may need changing a little, but the results should still be
valid.



-adrian

On 28 July 2013 00:29, Gui Iribarren <gui@altermundi.net> wrote:
> On 07/26/2013 06:18 PM, Adrian Chadd wrote:
>>
>> Right. Adjacent channels can decode some CCK frames, but OFDM should
>> look like garbage.
>>
>> Now, the $50 question - can we (ab)use the signal sizing / threshold
>> parameters (like what ANI does) to make the OFDM/CCK receiver
>> effectively deaf to wireless frames, so they appear as spectral
>> samples? Hm!
>
>
> He-he ;)
> well, i actually did try the opposite: i wanted to generate/visualize
> recognizable spectral patterns, like a 5mhz bw communication, which would
> definitely appear and stand out clear, so i set a couple of routers with
> wireless.radio0.chanbw=5 ... sadly it didn't work.
>
> /sys/kernel/debug/ieee80211/phy0/ath9k/chanbw was correctly set to 0x5
> but communication used 20mhz as usual. didn't dug into it, maybe i was
> missing some other option.. who knows, didn't care much, it was just a test.
>
> Yet, I must admit I didn't think about setting the *scanning* radio to a
> narrower bandwidth, that would definitely make the trick!
> Hm, there's no code yet for sampling anything else than HT20,
> But in any case, I think we would need a "spectral scan" mode, distinct from
> "normal" scan (which is currently overloaded with sampling), to be able to:
> a) Use a narrower bandwidth like you say,
> b) not send any beacon request, or wait for any beacon (which is what i
> suspect happens in "passive" scans) which would speed up the hopping
>
> i don't know what are the implications of modifying the bw size, is it
> something that can be done just for a single scan? i.e. radio is operating
> normally on 20/40mhz, talking to peers, and for an instant (100ms?) makes a
> quick scan with 5mhz bw over 14 channels in 2.4ghz, then goes back to normal
> 20/40mhz?
> maybe a reset is needed between those bw changes?
> [I have *absolutely* no idea of what i'm talking about]
>
> Thanks a lot for the feedback Adrian!
>
> Gui
>
>>
>>
>> -adrian
>>
>

[ath9k-devel] Realtime plot of Spectral Scan in ath9k

[Michal Kazior]

Hi,


On 25 July 2013 15:43, Gui Iribarren <gui@altermundi.net> wrote:
> On 06/10/2013 12:15 PM, Gui Iribarren wrote:
>> Indeed, it opens the door to many interesting possibilities!
>> Thanks a lot Simon and Mathias for letting the genie out of the bottle,
>> and Adrian, Felix, Zefir for helping its way out :P
>>
>> I finally got to play with Simon's code and it works better than i expected
>> http://blog.altermundi.net/article/playing-with-ath9k-spectral-scan/

This post prompted me to play with spectral scan on ath9k. I came up
with a real-time plotting using gnuplot for fun. With my scan
chan-time parameter patches I've posted recently, the plot can be
updated quite fluently.

If anyone's interested here's the code:

  https://github.com/kazikcz/ath9k-spectral-scan

And here's a gif of how it looks like:

  https://github.com/kazikcz/ath9k-spectral-scan/blob/master/anim1.gif


Pozdrawiam / Best regards,
Michal Kazior.

[ath9k-devel] Measurements with Spectral Scan in ath9k

[Gabriel Tolón]

Hi,

I also want to thank you all for this code. It's a very useful feature!

I've been playing with it to understand how it works and to compare some 
measurements made with a wdr3500 router, and with an RF power meter.

The test consisted of a wifi card transmitting in 802.11n in different 
channels, using MCS7, with an output power of 0dbm for the whole 20 MHz 
channel (measured with the power meter), attenuated with different 
levels, and conducted to one of the antenna connectors of the WDR3500. 
Also a generator was used to transmit a non wifi signal, a carrier 
modulated with FM.

Now, if I understood correctly how ath9k and the code for spectral scan 
work, when at the antenna input there's a signal with for example -60 
dbm in a 20 MHz channel, the RSSI + Noise reported for that channel 
should equal that value. On the other hand, the values in dbm for each 
bin on that channel should be in average 17.48 dbm (10*log(56)) lower, 
because the total power is divided by the 56 bins, right?

Well, for example in 2) I'd expect an RSSI + N equal to -60 dbm, and the 
bins more or less in the line of -77 dbm, but the actual RSSI + N is 
much higher, it's -32 dbm. That difference is not the same in all cases, 
but the RSSI always seems to be higher than expected.

Also, for each channel, when increasing the singal 20 dB, the resulting 
RSSI + N varies much more in same cases.

I know I shouldn't expect a high precision, and I really think al this 
is very useful even if not being an absolute reference, to make relative 
comparisons over time, or over frequency. But I'd like to be sure that 
I'm not misinterpreting the way these measurements are done, and that 
I'm measuring OK. So if someone have done something similar or 
understands better the theory involved I'd appreciate any feedback.

Thanks!



These are the results:

1) Channel 2, 80 dB attenuation:

http://picpaste.com/ch2_att80-xGCxbMXP.png


2) Channel 2, 60 dB att:

http://picpaste.com/ch2_att60-bGozXimM.png


3) Channel 2, 40 dB att:

http://picpaste.com/ch2_att40-bckD2dUU.png


4) Channel 6, 80 dB att:

http://picpaste.com/ch6_att80-upzGPCK8.png


5)Channel 6, 60 dB att:

http://picpaste.com/ch6_att60-CYmnx77n.png


6) Channel 6, 40 dB att:

http://picpaste.com/ch6_att40-MKE99zA0.png


7) Channel 10, 80 dB att:

http://picpaste.com/ch10_att80-Fe1ODcmZ.png


8) Channel 10, 60 dB att:

http://picpaste.com/ch10_att60-HbvPIUuw.png


9) Channel 10, 40 dB att:

http://picpaste.com/ch10_att40-93rJirGQ.png


Using a carrier modulated with FM, with 8.5 MHz width (17 MHz total):


10) Channel 2, 60 dB att:

http://picpaste.com/ch2_att60_FM-urbCkYMf.png


11) Channel 6, 60 dB att:

http://picpaste.com/ch6_att60_FM-5D9aTcJo.png


12) Channel 10, 60 dB att:

http://picpaste.com/ch10_att60_FM-nZGpzKEi.png



El 10/06/13 12:15, Gui Iribarren escribi?:
> On 05/08/2013 07:50 PM, Oleksij Rempel wrote:
>> Am 08.05.2013 18:15, schrieb Claudio:
>>> Hi all,
>>>     first of all thank you for the code you have developed.
>
> Indeed, it opens the door to many interesting possibilities!
> Thanks a lot Simon and Mathias for letting the genie out of the bottle,
> and Adrian, Felix, Zefir for helping its way out :P
>
> I finally got to play with Simon's code and it works better than i expected
> http://blog.altermundi.net/article/playing-with-ath9k-spectral-scan/
>
>>> echo chanscan > /sys/kernel/debug/ieee80211/phy0/ath9k/spectral_scan_ctl
>>> iw dev wlan0 scan
>>> cat /sys/kernel/debug/ieee80211/phy0/ath9k/spectral_scan0 > /tmp/fft_resusts
>>> ./fft_eval /tmp/fft_results
>>>
>>> On average I get 200-400 samples but sometimes I got even 7k samples, which
>>> is very good.
>
> In my case i get a fairly constant 112 samples per "iw wlan0 scan", but
> as always, YMMV.
>
> maybe something is triggering periodic scans on your hardware? (i.e. a
> STA wifi-iface in OpenWrt does this every 2 or 3 seconds until it
> associates to an AP). In that case, just idling between "cat
> spectral_scan"s will increase the number of samples.
> Try running "iw event" in parallel to see what's happening.
>
> Cheers and have spectral fun!!
>
> Gui
> _______________________________________________
> ath9k-devel mailing list
> ath9k-devel at lists.ath9k.org
> https://lists.ath9k.org/mailman/listinfo/ath9k-devel
>