Re: Using ath5k/ath9k radio for constant-tx noise source.

2017-08-11 Thread Ben Greear 


On 10/22/2016 07:49 AM, Sebastian Gottschall wrote:

atheros has a continues transmission mode which is used for power calibration 
in factory using the ART utility. its available on ath9k cards as well.
once enabled no wifi connection is possible on the same frequency since it will 
break up all CSMA handling also with neighbor networks. its a nice
feature for disconnecting all wifi networks in your area
look for the called atheros / qca TESTMODE. its a simple register setting 
(enable, disable)


Hello,

I noticed recently that the carl9170 based system I was using can do a minimum
burst width of about 17us, which is not good enough for most RADAR emulation
settings (which often need 1us, 11us, etc).

So, I am back to thinking about trying this for ath9k, in hopes it can cycle
TX on/off faster.

So far, I have not found any useful info searching for TESTMODE in ath9k and 
madwifi code.

Do you have any more specific details about where I can find documents or source
code that uses the TX100 mode for ath9k?

Thanks,
Ben



Am 15.09.2016 um 17:28 schrieb Zefir Kurtisi:

Hi Ben,

On 09/15/2016 02:22 AM, Ben Greear wrote:

On 08/20/2015 08:11 AM, Zefir Kurtisi wrote:

On 08/19/2015 09:07 PM, Ben Greear wrote:

I have a commercial AP that is using a CM9 ath5k radio (evidently, I could be
wrong)
and it has the ability to do a constant transmit of raw noise (RF probe shows
noise, but a monitor-port sniffer does not see any frames from the CM9).

I don't know the low-level details of how it is doing this, but I suspect
it is using something like madwifi for a driver.

Does anyone know how this can be done with modern software and
ath5k or ath9k NICs?

Thanks,
Ben


Maybe slightly related: some years ago when DFS became a topic and it was hard 
to
get hands on radar pattern generators, Christian Lamparter wrote a variant of 
the
carl9170 fw [1] which can generate radar pulses to test ath9k and other DFS 
radar
detectors. Pulses are generated by enabling txout at defined sampling intervals.

It should be doable to mimic what you are looking for by generating a _very_ 
long
pulse.

Sorry to revive such an old thread..but I'm back poking at this.


Whew, that year went by so incredibly fast ;)


I've used the modified carl9170 firmware to generate pulses, with
the control being 'pulse-width' and 'pulse-interval'.

This sort of works, and sometimes our ath10k in an isolation chamber reports
a radar event.

But, after some reading, I am thinking I need more control to better mimic
a radar.

If I understand things properly, I need something like this:

A pulse event being:  pulse width, pulse period:  For instance 1us, 200us
Then, I need to configure an amount of pulse events, maybe 10-30 consecutive 
pulse
events.
Then, I need a quiet period to mimic the radar sweeping full circle (15 seconds
perhaps)

 From what I can tell, the carl9170 modified firmware is missing the features
to do this, though it should not be too difficult to add.


Yes, that's essentially it - the last step is even not needed if your goal is to
estimate DFS detection probabilities, since in the certification lab they 
usually
just repeatedly fire the radar pattern and count detection events.

When I played with the modified carl9170 FW, I estimated that developing an 
solid
and reliable radar pattern pulse scheduler would take me 2-4 weeks, so being in 
a
hurry I ended up using an SDR (Ettus USRP N200, see [1]). I developed a pulse
scheduler to feed arbitrary patterns (covering those for DFS testing), which is
available in [2]. It has not been maintained ever since, but might help you as
starting point if you decide to go that route.


If someone has an idea whether the control above is appropriate, I'd
appreciate feedback before I start hacking...

This document seemed useful, for instance:

https://dl.cdn-anritsu.com/en-en/test-measurement/files/Product-Introductions/Product-Introduction/mx370073a-el1200.pdf


We use the R SMBV100A [3], which we know is also used in some certification
labs. Unfortunately it is not exactly cheap - if you are not going to prepare 
your
product for certification, the SDR approach is affordable and good enough.


Thanks,
Ben


Good luck,
Zefir

[1] https://www.ettus.com/product/details/UN200-KIT
[2] https://github.com/zefir-kurtisi/USRP-Radar-Relay
[3]
https://www.rohde-schwarz.com/us/product/smbv100a-productstartpage_63493-10220.html








--
Ben Greear 
Candela Technologies Inc  http://www.candelatech.com

Re: Using ath5k/ath9k radio for constant-tx noise source.

2016-10-22 Thread Sebastian Gottschall 
atheros has a continues transmission mode which is used for power 
calibration in factory using the ART utility. its available on ath9k 
cards as well.
once enabled no wifi connection is possible on the same frequency since 
it will break up all CSMA handling also with neighbor networks. its a nice

feature for disconnecting all wifi networks in your area
look for the called atheros / qca TESTMODE. its a simple register 
setting (enable, disable)


Am 15.09.2016 um 17:28 schrieb Zefir Kurtisi:

Hi Ben,

On 09/15/2016 02:22 AM, Ben Greear wrote:

On 08/20/2015 08:11 AM, Zefir Kurtisi wrote:

On 08/19/2015 09:07 PM, Ben Greear wrote:

I have a commercial AP that is using a CM9 ath5k radio (evidently, I could be
wrong)
and it has the ability to do a constant transmit of raw noise (RF probe shows
noise, but a monitor-port sniffer does not see any frames from the CM9).

I don't know the low-level details of how it is doing this, but I suspect
it is using something like madwifi for a driver.

Does anyone know how this can be done with modern software and
ath5k or ath9k NICs?

Thanks,
Ben


Maybe slightly related: some years ago when DFS became a topic and it was hard 
to
get hands on radar pattern generators, Christian Lamparter wrote a variant of 
the
carl9170 fw [1] which can generate radar pulses to test ath9k and other DFS 
radar
detectors. Pulses are generated by enabling txout at defined sampling intervals.

It should be doable to mimic what you are looking for by generating a _very_ 
long
pulse.

Sorry to revive such an old thread..but I'm back poking at this.


Whew, that year went by so incredibly fast ;)


I've used the modified carl9170 firmware to generate pulses, with
the control being 'pulse-width' and 'pulse-interval'.

This sort of works, and sometimes our ath10k in an isolation chamber reports
a radar event.

But, after some reading, I am thinking I need more control to better mimic
a radar.

If I understand things properly, I need something like this:

A pulse event being:  pulse width, pulse period:  For instance 1us, 200us
Then, I need to configure an amount of pulse events, maybe 10-30 consecutive 
pulse
events.
Then, I need a quiet period to mimic the radar sweeping full circle (15 seconds
perhaps)

 From what I can tell, the carl9170 modified firmware is missing the features
to do this, though it should not be too difficult to add.


Yes, that's essentially it - the last step is even not needed if your goal is to
estimate DFS detection probabilities, since in the certification lab they 
usually
just repeatedly fire the radar pattern and count detection events.

When I played with the modified carl9170 FW, I estimated that developing an 
solid
and reliable radar pattern pulse scheduler would take me 2-4 weeks, so being in 
a
hurry I ended up using an SDR (Ettus USRP N200, see [1]). I developed a pulse
scheduler to feed arbitrary patterns (covering those for DFS testing), which is
available in [2]. It has not been maintained ever since, but might help you as
starting point if you decide to go that route.


If someone has an idea whether the control above is appropriate, I'd
appreciate feedback before I start hacking...

This document seemed useful, for instance:

https://dl.cdn-anritsu.com/en-en/test-measurement/files/Product-Introductions/Product-Introduction/mx370073a-el1200.pdf


We use the R SMBV100A [3], which we know is also used in some certification
labs. Unfortunately it is not exactly cheap - if you are not going to prepare 
your
product for certification, the SDR approach is affordable and good enough.


Thanks,
Ben


Good luck,
Zefir

[1] https://www.ettus.com/product/details/UN200-KIT
[2] https://github.com/zefir-kurtisi/USRP-Radar-Relay
[3]
https://www.rohde-schwarz.com/us/product/smbv100a-productstartpage_63493-10220.html





--
Mit freundlichen Grüssen / Regards

Sebastian Gottschall / CTO

NewMedia-NET GmbH - DD-WRT
Firmensitz:  Berliner Ring 101, 64625 Bensheim
Registergericht: Amtsgericht Darmstadt, HRB 25473
Geschäftsführer: Peter Steinhäuser, Christian Scheele
http://www.dd-wrt.com
email: s.gottsch...@dd-wrt.com
Tel.: +496251-582650 / Fax: +496251-5826565

Re: Using ath5k/ath9k radio for constant-tx noise source.

2016-09-18 Thread Bob Copeland 
On Wed, Aug 19, 2015 at 12:07:50PM -0700, Ben Greear wrote:
> I have a commercial AP that is using a CM9 ath5k radio (evidently, I could be 
> wrong)
> and it has the ability to do a constant transmit of raw noise (RF probe shows
> noise, but a monitor-port sniffer does not see any frames from the CM9).
> 
> I don't know the low-level details of how it is doing this, but I suspect
> it is using something like madwifi for a driver.
> 
> Does anyone know how this can be done with modern software and
> ath5k or ath9k NICs?

So, see the below patch for something that might work.  I only dusted off
and compile-tested this, and I'm not sure if it is controllable to the
extent that would be needed for things like DFS testing.

Just to reiterate the disclaimer, I'm told running radio in this mode for
an extended period of time can damage it, so -- good luck.

Note, ath9k has another kind of tx-99 mode which just sends out packets
constantly; ath5k is of course capable of doing that kind of thing too.
Setup for that is mostly the same except the descriptor list is just
self-linked and some of the phy tricks aren't needed.

>From fd374ea31833f705d6a08bb8f8e171cfcda8c302 Mon Sep 17 00:00:00 2001
From: Bob Copeland 
Date: Tue, 17 May 2016 00:24:42 -0400
Subject: [PATCH] ath5k: add continuous-wave transmit mode

Continuous-wave mode is a kind of testmode in which RF is emitted on
a single carrier frequency; sometimes this kind of thing is needed
for FCC certification.  Some Atheros devices support entering this
mode for testing.

This patch demonstrates (some of?) the settings needed to get the
device into the mode.  I don't claim to understand it and the PHY
is 100% undocumented as far as I know, so a lot of this is guesswork
based on what is done in some versions of madwifi.  It seems to work
on one radio I tried it on (monitored with ath9k's spectral scan and
my own "speccy" tool) -- but it might well destroy yours, so, don't
run it unless you don't care about that possibility.

Signed-off-by: Bob Copeland 
---
 drivers/net/wireless/ath/ath5k/Makefile |   1 +
 drivers/net/wireless/ath/ath5k/ath5k.h  |   1 +
 drivers/net/wireless/ath/ath5k/base.h   |   3 +
 drivers/net/wireless/ath/ath5k/debug.c  |  47 
 drivers/net/wireless/ath/ath5k/tx99.c   | 200 
 5 files changed, 252 insertions(+)
 create mode 100644 drivers/net/wireless/ath/ath5k/tx99.c

diff --git a/drivers/net/wireless/ath/ath5k/Makefile 
b/drivers/net/wireless/ath/ath5k/Makefile
index 1b3a34f..afc699f 100644
--- a/drivers/net/wireless/ath/ath5k/Makefile
+++ b/drivers/net/wireless/ath/ath5k/Makefile
@@ -16,6 +16,7 @@ ath5k-y   += rfkill.o
 ath5k-y+= ani.o
 ath5k-y+= sysfs.o
 ath5k-y+= mac80211-ops.o
+ath5k-y+= tx99.o
 ath5k-$(CONFIG_ATH5K_DEBUG)+= debug.o
 ath5k-$(CONFIG_ATH5K_AHB)  += ahb.o
 ath5k-$(CONFIG_ATH5K_PCI)  += pci.o
diff --git a/drivers/net/wireless/ath/ath5k/ath5k.h 
b/drivers/net/wireless/ath/ath5k/ath5k.h
index 67fedb6..8c86a96 100644
--- a/drivers/net/wireless/ath/ath5k/ath5k.h
+++ b/drivers/net/wireless/ath/ath5k/ath5k.h
@@ -1446,6 +1446,7 @@ struct ath5k_hw {
 
/* Calibration mask */
u8  ah_cal_mask;
+   booltx99_active;
 
/*
 * Function pointers
diff --git a/drivers/net/wireless/ath/ath5k/base.h 
b/drivers/net/wireless/ath/ath5k/base.h
index 97469d0..3e50c747 100644
--- a/drivers/net/wireless/ath/ath5k/base.h
+++ b/drivers/net/wireless/ath/ath5k/base.h
@@ -112,6 +112,9 @@ const char *ath5k_chip_name(enum ath5k_srev_type type, 
u_int16_t val);
 int ath5k_init_ah(struct ath5k_hw *ah, const struct ath_bus_ops *bus_ops);
 void ath5k_deinit_ah(struct ath5k_hw *ah);
 
+void ath5k_tx99_cw_start(struct ath5k_hw *ah);
+void ath5k_tx99_cw_stop(struct ath5k_hw *ah);
+
 /* Check whether BSSID mask is supported */
 #define ath5k_hw_hasbssidmask(_ah) (ah->ah_version == AR5K_AR5212)
 
diff --git a/drivers/net/wireless/ath/ath5k/debug.c 
b/drivers/net/wireless/ath/ath5k/debug.c
index 4f8d9ed..260f061 100644
--- a/drivers/net/wireless/ath/ath5k/debug.c
+++ b/drivers/net/wireless/ath/ath5k/debug.c
@@ -991,6 +991,50 @@ static const struct file_operations fops_eeprom = {
 };
 
 
+static ssize_t read_file_tx99(struct file *file, char __user *user_buf,
+ size_t count, loff_t *ppos)
+{
+   char buf[3];
+   struct ath5k_hw *ah = file->private_data;
+
+   if (!ah->tx99_active)
+   buf[0] = '0';
+   else
+   buf[0] = '1';
+   buf[1] = '\n';
+   buf[2] = '\0';
+   return simple_read_from_buffer(user_buf, count, ppos, buf, 2);
+}
+
+static ssize_t write_file_tx99(struct file *file, const char __user *user_buf,
+  size_t count, loff_t

Re: Using ath5k/ath9k radio for constant-tx noise source.

2016-09-15 Thread Ben Greear 

On 09/15/2016 06:26 AM, Bob Copeland wrote:

On Wed, Sep 14, 2016 at 05:22:46PM -0700, Ben Greear wrote:

On 08/20/2015 08:11 AM, Zefir Kurtisi wrote:

On 08/19/2015 09:07 PM, Ben Greear wrote:

I have a commercial AP that is using a CM9 ath5k radio (evidently, I could be 
wrong)
and it has the ability to do a constant transmit of raw noise (RF probe shows
noise, but a monitor-port sniffer does not see any frames from the CM9).

I don't know the low-level details of how it is doing this, but I suspect
it is using something like madwifi for a driver.

Does anyone know how this can be done with modern software and
ath5k or ath9k NICs?


Hi Ben,

I wrote some code to do this on ath5k -- I can post a patch if you're
interested in using ath5k for this.

Here's a snapshot of what it looks like when running on ch.1:

https://bobcopeland.com/images/speccy-testmode.png



I would be interested in seeing those patches.

ath5k is probably cheaper and easier to find than carl9170 nics.

Personally, such patches for ath9k would be best, but ath5k is still 
interesting.

Thanks,
Ben

--
Ben Greear 
Candela Technologies Inc  http://www.candelatech.com

Re: Using ath5k/ath9k radio for constant-tx noise source.

2016-09-15 Thread Ben Greear 

On 09/15/2016 08:28 AM, Zefir Kurtisi wrote:

Hi Ben,

On 09/15/2016 02:22 AM, Ben Greear wrote:

On 08/20/2015 08:11 AM, Zefir Kurtisi wrote:

On 08/19/2015 09:07 PM, Ben Greear wrote:

I have a commercial AP that is using a CM9 ath5k radio (evidently, I could be
wrong)
and it has the ability to do a constant transmit of raw noise (RF probe shows
noise, but a monitor-port sniffer does not see any frames from the CM9).

I don't know the low-level details of how it is doing this, but I suspect
it is using something like madwifi for a driver.

Does anyone know how this can be done with modern software and
ath5k or ath9k NICs?

Thanks,
Ben



Maybe slightly related: some years ago when DFS became a topic and it was hard 
to
get hands on radar pattern generators, Christian Lamparter wrote a variant of 
the
carl9170 fw [1] which can generate radar pulses to test ath9k and other DFS 
radar
detectors. Pulses are generated by enabling txout at defined sampling intervals.

It should be doable to mimic what you are looking for by generating a _very_ 
long
pulse.


Sorry to revive such an old thread..but I'm back poking at this.


Whew, that year went by so incredibly fast ;)


I've used the modified carl9170 firmware to generate pulses, with
the control being 'pulse-width' and 'pulse-interval'.

This sort of works, and sometimes our ath10k in an isolation chamber reports
a radar event.

But, after some reading, I am thinking I need more control to better mimic
a radar.

If I understand things properly, I need something like this:

A pulse event being:  pulse width, pulse period:  For instance 1us, 200us
Then, I need to configure an amount of pulse events, maybe 10-30 consecutive 
pulse
events.
Then, I need a quiet period to mimic the radar sweeping full circle (15 seconds
perhaps)

From what I can tell, the carl9170 modified firmware is missing the features
to do this, though it should not be too difficult to add.


Yes, that's essentially it - the last step is even not needed if your goal is to
estimate DFS detection probabilities, since in the certification lab they 
usually
just repeatedly fire the radar pattern and count detection events.

When I played with the modified carl9170 FW, I estimated that developing an 
solid
and reliable radar pattern pulse scheduler would take me 2-4 weeks, so being in 
a
hurry I ended up using an SDR (Ettus USRP N200, see [1]). I developed a pulse
scheduler to feed arbitrary patterns (covering those for DFS testing), which is
available in [2]. It has not been maintained ever since, but might help you as
starting point if you decide to go that route.


Out of curiosity, about how much did that kit cost?




If someone has an idea whether the control above is appropriate, I'd
appreciate feedback before I start hacking...

This document seemed useful, for instance:

https://dl.cdn-anritsu.com/en-en/test-measurement/files/Product-Introductions/Product-Introduction/mx370073a-el1200.pdf


We use the R SMBV100A [3], which we know is also used in some certification
labs. Unfortunately it is not exactly cheap - if you are not going to prepare 
your
product for certification, the SDR approach is affordable and good enough.


Thanks for the info.  We previously used the carl9170 to do some const-tx 
signal generation
to reproduce some interesting crashes in ath10k, and now a user wants a cheap 
radar emulator.

We could also use it for some basic testing in our own labs.

I'll work on allowing the specific number of pulses as well as a quiet period in
the carl9170.  Hopefully just a day or two of work on top of what I already 
have.

Thanks much for the suggestions.

--Ben




Thanks,
Ben



Good luck,
Zefir

[1] https://www.ettus.com/product/details/UN200-KIT
[2] https://github.com/zefir-kurtisi/USRP-Radar-Relay
[3]
https://www.rohde-schwarz.com/us/product/smbv100a-productstartpage_63493-10220.html




--
Ben Greear 
Candela Technologies Inc  http://www.candelatech.com

Re: Using ath5k/ath9k radio for constant-tx noise source.

2016-09-15 Thread Zefir Kurtisi 
Hi Ben,

On 09/15/2016 02:22 AM, Ben Greear wrote:
> On 08/20/2015 08:11 AM, Zefir Kurtisi wrote:
>> On 08/19/2015 09:07 PM, Ben Greear wrote:
>>> I have a commercial AP that is using a CM9 ath5k radio (evidently, I could 
>>> be
>>> wrong)
>>> and it has the ability to do a constant transmit of raw noise (RF probe 
>>> shows
>>> noise, but a monitor-port sniffer does not see any frames from the CM9).
>>>
>>> I don't know the low-level details of how it is doing this, but I suspect
>>> it is using something like madwifi for a driver.
>>>
>>> Does anyone know how this can be done with modern software and
>>> ath5k or ath9k NICs?
>>>
>>> Thanks,
>>> Ben
>>>
>>
>> Maybe slightly related: some years ago when DFS became a topic and it was 
>> hard to
>> get hands on radar pattern generators, Christian Lamparter wrote a variant 
>> of the
>> carl9170 fw [1] which can generate radar pulses to test ath9k and other DFS 
>> radar
>> detectors. Pulses are generated by enabling txout at defined sampling 
>> intervals.
>>
>> It should be doable to mimic what you are looking for by generating a _very_ 
>> long
>> pulse.
> 
> Sorry to revive such an old thread..but I'm back poking at this.
> 
Whew, that year went by so incredibly fast ;)

> I've used the modified carl9170 firmware to generate pulses, with
> the control being 'pulse-width' and 'pulse-interval'.
> 
> This sort of works, and sometimes our ath10k in an isolation chamber reports
> a radar event.
> 
> But, after some reading, I am thinking I need more control to better mimic
> a radar.
> 
> If I understand things properly, I need something like this:
> 
> A pulse event being:  pulse width, pulse period:  For instance 1us, 200us
> Then, I need to configure an amount of pulse events, maybe 10-30 consecutive 
> pulse
> events.
> Then, I need a quiet period to mimic the radar sweeping full circle (15 
> seconds
> perhaps)
> 
> From what I can tell, the carl9170 modified firmware is missing the features
> to do this, though it should not be too difficult to add.
> 
Yes, that's essentially it - the last step is even not needed if your goal is to
estimate DFS detection probabilities, since in the certification lab they 
usually
just repeatedly fire the radar pattern and count detection events.

When I played with the modified carl9170 FW, I estimated that developing an 
solid
and reliable radar pattern pulse scheduler would take me 2-4 weeks, so being in 
a
hurry I ended up using an SDR (Ettus USRP N200, see [1]). I developed a pulse
scheduler to feed arbitrary patterns (covering those for DFS testing), which is
available in [2]. It has not been maintained ever since, but might help you as
starting point if you decide to go that route.

> If someone has an idea whether the control above is appropriate, I'd
> appreciate feedback before I start hacking...
> 
> This document seemed useful, for instance:
> 
> https://dl.cdn-anritsu.com/en-en/test-measurement/files/Product-Introductions/Product-Introduction/mx370073a-el1200.pdf
> 
We use the R SMBV100A [3], which we know is also used in some certification
labs. Unfortunately it is not exactly cheap - if you are not going to prepare 
your
product for certification, the SDR approach is affordable and good enough.

> 
> Thanks,
> Ben
> 

Good luck,
Zefir

[1] https://www.ettus.com/product/details/UN200-KIT
[2] https://github.com/zefir-kurtisi/USRP-Radar-Relay
[3]
https://www.rohde-schwarz.com/us/product/smbv100a-productstartpage_63493-10220.html

Re: Using ath5k/ath9k radio for constant-tx noise source.

2016-09-15 Thread Bob Copeland 
On Wed, Sep 14, 2016 at 05:22:46PM -0700, Ben Greear wrote:
> On 08/20/2015 08:11 AM, Zefir Kurtisi wrote:
> >On 08/19/2015 09:07 PM, Ben Greear wrote:
> >>I have a commercial AP that is using a CM9 ath5k radio (evidently, I could 
> >>be wrong)
> >>and it has the ability to do a constant transmit of raw noise (RF probe 
> >>shows
> >>noise, but a monitor-port sniffer does not see any frames from the CM9).
> >>
> >>I don't know the low-level details of how it is doing this, but I suspect
> >>it is using something like madwifi for a driver.
> >>
> >>Does anyone know how this can be done with modern software and
> >>ath5k or ath9k NICs?

Hi Ben,

I wrote some code to do this on ath5k -- I can post a patch if you're
interested in using ath5k for this.

Here's a snapshot of what it looks like when running on ch.1:

https://bobcopeland.com/images/speccy-testmode.png

-- 
Bob Copeland %% http://bobcopeland.com/

Re: Using ath5k/ath9k radio for constant-tx noise source.

2016-09-14 Thread Ben Greear 

On 08/20/2015 08:11 AM, Zefir Kurtisi wrote:

On 08/19/2015 09:07 PM, Ben Greear wrote:

I have a commercial AP that is using a CM9 ath5k radio (evidently, I could be 
wrong)
and it has the ability to do a constant transmit of raw noise (RF probe shows
noise, but a monitor-port sniffer does not see any frames from the CM9).

I don't know the low-level details of how it is doing this, but I suspect
it is using something like madwifi for a driver.

Does anyone know how this can be done with modern software and
ath5k or ath9k NICs?

Thanks,
Ben



Maybe slightly related: some years ago when DFS became a topic and it was hard 
to
get hands on radar pattern generators, Christian Lamparter wrote a variant of 
the
carl9170 fw [1] which can generate radar pulses to test ath9k and other DFS 
radar
detectors. Pulses are generated by enabling txout at defined sampling intervals.

It should be doable to mimic what you are looking for by generating a _very_ 
long
pulse.


Sorry to revive such an old thread..but I'm back poking at this.

I've used the modified carl9170 firmware to generate pulses, with
the control being 'pulse-width' and 'pulse-interval'.

This sort of works, and sometimes our ath10k in an isolation chamber reports
a radar event.

But, after some reading, I am thinking I need more control to better mimic
a radar.

If I understand things properly, I need something like this:

A pulse event being:  pulse width, pulse period:  For instance 1us, 200us
Then, I need to configure an amount of pulse events, maybe 10-30 consecutive 
pulse events.
Then, I need a quiet period to mimic the radar sweeping full circle (15 seconds 
perhaps)

From what I can tell, the carl9170 modified firmware is missing the features
to do this, though it should not be too difficult to add.

If someone has an idea whether the control above is appropriate, I'd
appreciate feedback before I start hacking...

This document seemed useful, for instance:

https://dl.cdn-anritsu.com/en-en/test-measurement/files/Product-Introductions/Product-Introduction/mx370073a-el1200.pdf

Thanks,
Ben

--
Ben Greear 
Candela Technologies Inc  http://www.candelatech.com

Re: Using ath5k/ath9k radio for constant-tx noise source.

2015-09-08 Thread Nick Kossifidis 
On 8/19/15 10:07 PM, Ben Greear wrote:
> I have a commercial AP that is using a CM9 ath5k radio (evidently, I
> could be wrong)
> and it has the ability to do a constant transmit of raw noise (RF
> probe shows
> noise, but a monitor-port sniffer does not see any frames from the CM9).
>
> I don't know the low-level details of how it is doing this, but I suspect
> it is using something like madwifi for a driver.
>
> Does anyone know how this can be done with modern software and
> ath5k or ath9k NICs?
>
> Thanks,
> Ben
>
Maybe TX99 mode on ath9k is what you are looking for (ath5k hw can also
do this but there is no driver support for it, madwifi and the old HAL
has support for it but there was no interest on porting it to ath5k).

Regards
Nick
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: Using ath5k/ath9k radio for constant-tx noise source.

2015-08-20 Thread Zefir Kurtisi 
On 08/19/2015 09:07 PM, Ben Greear wrote:
 I have a commercial AP that is using a CM9 ath5k radio (evidently, I could be 
 wrong)
 and it has the ability to do a constant transmit of raw noise (RF probe shows
 noise, but a monitor-port sniffer does not see any frames from the CM9).
 
 I don't know the low-level details of how it is doing this, but I suspect
 it is using something like madwifi for a driver.
 
 Does anyone know how this can be done with modern software and
 ath5k or ath9k NICs?
 
 Thanks,
 Ben
 

Maybe slightly related: some years ago when DFS became a topic and it was hard 
to
get hands on radar pattern generators, Christian Lamparter wrote a variant of 
the
carl9170 fw [1] which can generate radar pulses to test ath9k and other DFS 
radar
detectors. Pulses are generated by enabling txout at defined sampling intervals.

It should be doable to mimic what you are looking for by generating a _very_ 
long
pulse.


Good Luck,
Zefir


[1] https://github.com/chunkeey/carl9170fw/tree/radar
--
To unsubscribe from this list: send the line unsubscribe linux-wireless in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Using ath5k/ath9k radio for constant-tx noise source.

2015-08-19 Thread Ben Greear 

I have a commercial AP that is using a CM9 ath5k radio (evidently, I could be 
wrong)
and it has the ability to do a constant transmit of raw noise (RF probe shows
noise, but a monitor-port sniffer does not see any frames from the CM9).

I don't know the low-level details of how it is doing this, but I suspect
it is using something like madwifi for a driver.

Does anyone know how this can be done with modern software and
ath5k or ath9k NICs?

Thanks,
Ben

--
Ben Greear gree...@candelatech.com
Candela Technologies Inc  http://www.candelatech.com

--
To unsubscribe from this list: send the line unsubscribe linux-wireless in
the body of a message to majord...@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html