- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi All,
This is a continuation to the discussion done at below link.
Monitor Mode Feature on CYW43455
As this discussion is locked. I am creating a discussion here.
We are able to capture the packets using tcpdump on linux. but not able to parse the radio header.
We would like to fetch channel,data rate and signal level information from the radio header.
Looks like first 25bytes of the packet is related to broadcom specific radio header and from 26th octet 802.11 MAC Header is started.
Needed help in parsing this broadcom specific radio header.
Sample header:
11:24:06.929119 00:00:24:d0:0c:00 (oui Unknown) > 00:00:00:00:04:00 (oui Ethernet) Null Information, send seq 0, rcv seq 0, Flags [Command], length 257
0x0000: 0100 0000 d100 0000 f3e7 7e65 0000 0000 ..........~e....
0x0010: bdff ffff 0000 0000 0100 0000 0200 0000 ................
0x0020: 0000 0000 0000 0000 0000 0000 1400 0000 ................
0x0030: 0000
Below are the steps followed.
Monitor Mode Bring-up:
wl mpc 0
wl up
wl monitor 1
ifconfig wlan0 up
Setting Channel:
wl channel 36
Capturing packets:
tcpdump -iwlan0 -XXX
Attached tcpdump output for Channel36 and Channel44
Below are the S/W version details:
Loading modules backported from Linux version v4.14.52-manda-RTM-0-g897c6ce
Backport generated by backports.git v4.14-rc2-1-70-g694b78f
brcmfmac: brcmf_fw_map_chip_to_name: using brcm/brcmfmac43455-sdio.bin for chip 0x004345(17221) rev 0x000006
usbcore: registered new interface driver brcmfmac
brcmfmac: brcmf_c_preinit_dcmds: Murata Customized Version: imx-rocko-manda_r1.0;
brcmfmac: brcmf_c_preinit_dcmds: Firmware version = wl0: Sep 21 2018 04:08:34 version 7.45.173 (r707987 CY) FWID 01-d2799ea2
wl ver:
1.21 RC0.0
wl0: Sep 21 2018 04:08:34 version 7.45.173 (r707987 CY) FWID 01-d2799ea2
vendorid 0x14e4
deviceid 0x43ab
radiorev 0x58030b
chipnum 0x4345
chiprev 0x6
chippackage 0x2
corerev 54.0
boardid 0x6e4
boardvendor 0x14e4
boardrev P201
driverrev 7.45.173.0
ucoderev 0x0
bus 0x0
phytype 0xb
phyrev 20.0
anarev 0x0
nvramrev 498373
#########################################################
Note: Below is the VinayakS_26 response from previous discussion.
"
Frame received in monitor mode contains 802.11 header and starts with d11 header(internal headers recieved from the firmware).
The driver handles the conversion of d11rxhdr to radiotap header conversion.
We will have to look into the driver to see where that parsing is happening.
"
Hi VinayakS_26,
Did you get any chance to look into the Driver Source to check d11 header parsing ?
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
I could see that the d11/dot11 headers are handled in the proto directory in /bcmdhd/proto.
In this directory, the 802.11.h folder contains the headers correponding to BRCM OUI.
brcm_ie information element structure is provided in here as well. The IE parsing is done in bcmutils.c.
Regards,
Vinayak
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
I could see that the d11/dot11 headers are handled in the proto directory in /bcmdhd/proto.
In this directory, the 802.11.h folder contains the headers correponding to BRCM OUI.
brcm_ie information element structure is provided in here as well. The IE parsing is done in bcmutils.c.
Regards,
Vinayak