1 Reply Latest reply on Mar 15, 2019 2:42 AM by VinayakS_26

    Monitor Mode Feature on CYW43455 - Parsing Radio Tap Header

    maku_2263101

      Hi All,

       

      This is a continuation to the discussion done at below link.

      Monitor Mode Feature on CYW43455

       

      As this discussion is locked. I am creating a  discussion here.

       

      We are able to capture the packets using tcpdump on linux. but not able to parse the radio header.

      We would like to fetch channel,data rate and signal level information from the radio header.

      Looks like first 25bytes of the packet is related to broadcom specific radio header and from 26th octet 802.11 MAC Header is started.

       

      Needed help in parsing this broadcom specific radio header.

       

      Sample header:

      11:24:06.929119 00:00:24:d0:0c:00 (oui Unknown) > 00:00:00:00:04:00 (oui Ethernet) Null Information, send seq 0, rcv seq 0, Flags [Command], length 257

              0x0000:  0100 0000 d100 0000 f3e7 7e65 0000 0000  ..........~e....

              0x0010:  bdff ffff 0000 0000 0100 0000 0200 0000  ................

              0x0020:  0000 0000 0000 0000 0000 0000 1400 0000  ................

              0x0030:  0000

       

      Below are the steps followed.

      Monitor Mode Bring-up:

          wl mpc 0

          wl up

          wl monitor 1

          ifconfig wlan0 up

       

      Setting Channel:

          wl channel 36

      Capturing packets: 

          tcpdump -iwlan0 -XXX

       

      Attached tcpdump output for Channel36 and Channel44

       

      Below are the S/W version details:

       

      Drivers Loading log:

       

      Loading modules backported from Linux version v4.14.52-manda-RTM-0-g897c6ce

      Backport generated by backports.git v4.14-rc2-1-70-g694b78f

      brcmfmac: brcmf_fw_map_chip_to_name: using brcm/brcmfmac43455-sdio.bin for chip 0x004345(17221) rev 0x000006

      usbcore: registered new interface driver brcmfmac

      brcmfmac: brcmf_c_preinit_dcmds: Murata Customized Version: imx-rocko-manda_r1.0;

      brcmfmac: brcmf_c_preinit_dcmds: Firmware version = wl0: Sep 21 2018 04:08:34 version 7.45.173 (r707987 CY) FWID 01-d2799ea2

      wl ver:

      1.21 RC0.0

      wl0: Sep 21 2018 04:08:34 version 7.45.173 (r707987 CY) FWID 01-d2799ea2

       

      wl revinfo:

       

      vendorid 0x14e4

      deviceid 0x43ab

      radiorev 0x58030b

      chipnum 0x4345

      chiprev 0x6

      chippackage 0x2

      corerev 54.0

      boardid 0x6e4

      boardvendor 0x14e4

      boardrev P201

      driverrev 7.45.173.0

      ucoderev 0x0

      bus 0x0

      phytype 0xb

      phyrev 20.0

      anarev 0x0

      nvramrev 498373

       

      #########################################################

       

      Note: Below is the VinayakS_26 response from previous discussion.

      "

      Frame received in monitor mode contains 802.11 header and starts with d11 header(internal headers recieved from the firmware).

      The driver handles the conversion of d11rxhdr to radiotap header conversion.

      We will have to look into the driver to see where that parsing is happening.

      "

       

      Hi VinayakS_26,

       

      Did you get any chance to look into the Driver Source to check d11 header parsing ?