xref: /openwifi/doc/app_notes/iq.md (revision d79dd9b796a27618254295104a79f2aecb85ef5c) 
1<!--
2Author: Xianjun jiao
3SPDX-FileCopyrightText: 2019 UGent
4SPDX-License-Identifier: AGPL-3.0-or-later
5-->
6
7
8We implement the **IQ sample capture** with interesting extensions: many **trigger conditions**; **RSSI**, RF chip **AGC** **status (lock/unlock)** and **gain**.
9
10(By default, openwifi Rx baseband is muted during self Tx, to unmute Rx baseband and capture self Tx signal you need to run "./sdrctl dev sdr0 set reg xpu 1 1" after the test running)
11
12## Quick start
13- Power on the SDR board.
14- Connect a computer to the SDR board via Ethernet cable. The computer should have static IP 192.168.10.1. Open a terminal on the computer, and then in the terminal:
15  ```
16  ssh [email protected]
17  (password: openwifi)
18  cd openwifi
19  ./wgd.sh
20  (Wait for the script completed)
21  ./monitor_ch.sh sdr0 11
22  (Monitor on channel 11. You can change 11 to other channel that is busy)
23  insmod side_ch.ko iq_len_init=8187
24  (for smaller FPGA (7Z020), iq_len_init should be <4096, like 4095, instead of 8187)
25
26  ./side_ch_ctl wh11d4094
27  (Above command is needed only when you run with zed, adrv9364z7020, zc702 board)
28
29  ./side_ch_ctl g
30  ```
31  You should see on board outputs like:
32  ```
33  loop 64 side info count 61
34  loop 128 side info count 99
35  ...
36  ```
37  If the second number (side info count 61, 99, ...) keeps increasing, that means the trigger condition is met from time to time and the IQ sample is going to the computer smoothly.
38
39- Open another terminal on the computer, and run:
40  ```
41  cd openwifi/user_space/side_ch_ctl_src
42  python3 iq_capture.py
43  (for zed, adrv9364z7020, zc702 board, add argument that euqals to iq_len_init, like 4095)
44  ```
45  The python script needs "matplotlib.pyplot" and "numpy" packages installed. Now you should see 3 figures showing run-time **IQ sample**, **AGC gain and lock status** and **RSSI (uncalibrated)**. Meanwhile the python script prints the **timestamp**.
46  ![](./iq-screen-shot.jpg)
47
48  While running, all information is also stored into a file **iq.txt**. A matlab script **test_iq_file_display.m** is offered to help you do analysis on the IQ Information offline. For zed, adrv9364z7020, zc702 board, do not forget to change the **iq_len** in the matlab script to 4095.
49
50## Understand the IQ capture feature
51  The IQ information is extracted via the openwifi **side channel** infrastructure. This figure explains the related modules (also related source code file name) and how the information goes from the SDR board to the computer.
52  ![](./iq-architecture.jpg)
53
54  The IQ information format is shown in this figure.
55  ![](./iq-information-format.jpg)
56
57  For each element, the actual size is 64bit.
58  - timestamp: 64bit TSF timer value when the capture is triggered.
59  - IQ
60    - The first two 16bit are used for I/Q sample from the antenna currently used
61    - The 3rd 16bit is AD9361 AGC gain (bit7 -- lock/unlock; bit6~0 -- gain value)
62    - The 4th 16bit is RSSI (half dB, uncalibrated). Please check xpu.v and sdr.c to understand how the raw RSSI value is finally calibrated and reported to Linux mac80211.
63
64  The python and Matlab scripts are recommended for you to understand the IQ packet format precisely.
65
66## Config the IQ capture and interval
67  The quick start guide captures a period of history IQ when the packet FCS checksum is checked by Wifi receiver (no matter pass or fail). To initiate the capture with different trigger conditions and length, configuration commands should be issued before executing "**side_ch_ctl g**". The configuration command is realized by feeding a different parameter to "**side_ch_ctl**". The main parameters that are configurable are explained in this figure.
68  ![](./iq-capture-parameter.jpg)
69
70  **iq_len** is the number of IQ samples captured per trigger condition met. The capture is started from the time **pre_trigger_len** IQ samples before the trigger moment. **iq_len** is set only one time when you insert the side_ch.ko. Please check the next section for **iq_len** configuration. This section introduces the setting of pre_trigger_len and trigger condition.
71  - pre_trigger_len
72  ```
73  ./side_ch_ctl wh11dY
74  ```
75  The parameter **Y** specifies the pre_trigger_len. Valid range 0 ~ 8190. It is limited by the FPGA fifo size. For **small FPGA** (zed_fmcs2, adrv9364z7020, zc702), the valid range is 0 ~ **4094**.
76  - trigger condition
77  ```
78  ./side_ch_ctl wh8dY
79  ```
80  The parameter **Y** specifies the trigger condition. Valid range 0 ~ 31, which is explained in this table.
81
82  value|meaning
83  -----|-------
84  0 |receiver gives FCS checksum result. no matter pass/fail
85  1 |receiver gives FCS checksum result. pass
86  2 |receiver gives FCS checksum result. fail
87  3 |the tx_intf_iq0 becomes non zero (the 1st I/Q out)
88  4 |receiver gives SIGNAL field checksum result. pass
89  5 |receiver gives SIGNAL field checksum result. fail
90  6 |receiver gives SIGNAL field checksum result. no matter pass/fail. HT packet
91  7 |receiver gives SIGNAL field checksum result. no matter pass/fail. non-HT packet
92  8 |receiver gives  long preamble detected
93  9 |receiver gives short preamble detected
94  10|RSSI (half dB uncalibrated) goes above the threshold
95  11|RSSI (half dB uncalibrated) goes below the threshold
96  12|AD9361 AGC from lock to unlock
97  13|AD9361 AGC from unlock to lock
98  14|AD9361 AGC gain goes above the threshold
99  15|AD9361 AGC gain goes below the threshold
100  16|phy_tx_started signal from openofdm tx core
101  17|phy_tx_done signal from openofdm tx core
102  18|positive edge of tx_bb_is_ongoing from xpu core
103  19|negative edge of tx_bb_is_ongoing from xpu core
104  20|positive edge of tx_rf_is_ongoing from xpu core
105  21|negative edge of tx_rf_is_ongoing from xpu core
106  22|phy_tx_started and this tx packet needs ACK
107  23|phy_tx_done and this tx packet needs ACK
108  24|positive edge of tx_bb_is_ongoing and this tx packet needs ACK
109  25|negative edge of tx_bb_is_ongoing and this tx packet needs ACK
110  26|positive edge of tx_rf_is_ongoing and this tx packet needs ACK
111  27|negative edge of tx_rf_is_ongoing and this tx packet needs ACK
112  28|tx_bb_is_ongoing and I/Q amplitude from the other antenna is above rssi_or_iq_th
113  29|tx_rf_is_ongoing and I/Q amplitude from the other antenna is above rssi_or_iq_th
114  30|start tx, meanwhile I/Q amplitude from the other antenna is above rssi_or_iq_th
115  31|start tx and need for ACK, meanwhile I/Q amplitude from the other antenna is above rssi_or_iq_th
116
117  If free running is wanted (alway trigger), please use the following two commands together.
118  ```
119  ./side_ch_ctl wh8d0
120  ./side_ch_ctl wh5d1
121  ```
122
123  To set the RSSI threshold
124  ```
125  ./side_ch_ctl wh9dY
126  ```
127  The parameter **Y** specifies the RSSI threshold. Valid range 0 ~ 2047.
128
129  To set the AGC gain threshold
130  ```
131  ./side_ch_ctl wh10dY
132  ```
133  The parameter **Y** specifies the AGC gain threshold. Valid range 0 ~ 127.
134
135  The command "**side_ch_ctl g**" will perform IQ capture every 100ms until you press ctrl+C. To use a different capture interval:
136  ```
137  side_ch_ctl gN
138  ```
139  The interval will become N*1ms
140
141## Config the iq_len
142  The **iq_len** (number of IQ sample per capture) is configurable in case you want less IQ samples per capture so that it can be triggered more times during a specific analysis period. The valid value is 1~**8187**. For **small FPGA** (zed_fmcs2, adrv9364z7020, zc702), the valid range is 0 ~ **4095**. It is independent from pre_trigger_len, and it can be less than pre_trigger_len if you want. You should align the **iq_len** value at the side_ch.ko, iq_capture.py and test_iq_file_display.m.
143  - When insert the kernel module, use:
144  ```
145  insmod side_ch.ko iq_len_init=3000
146  ```
147  Here 3000 is an example. **ATTENTION:** You need to specify **iq_len_init** explicitly to turn on IQ capture, which will turn off the default CSI mode. Insert the side_ch.ko without any parameter will run the default CSI mode.
148  - When launch the python script, use:
149  ```
150  python3 iq_capture.py 3000
151  ```
152  - When use the matlab script, please change the **iq_len** variable in the script to 3000.
153
154## Compile the side channel driver and user space program
155  - side_ch.ko
156  ```
157  $OPENWIFI_DIR/driver/side_ch/make_driver.sh $OPENWIFI_DIR $XILINX_DIR ARCH_BIT
158(For Zynq 7000, ARCH_BIT should be 32, for Zynq MPSoC, ARCH_BIT should be 64)
159  ```
160  - side_ch_ctl (take user_space/side_ch_ctl_src/side_ch_ctl.c and compile it on board!)
161  ```
162  gcc -o side_ch_ctl side_ch_ctl.c
163  ```
164
165## Run the IQ capture together with modes other than monitor
166  The openwifi IQ capture feature could run with not only monitor mode but also other modes, such as AP-Client or ad-hoc mode. After the communication functionality is fully up in those modes, you can start IQ capture from "**insmod side_ch.ko**" and "**./side_ch_ctl g**" on board as described in the previous sections to extract IQ information to your computer.
167
168## Map the IQ information to the WiFi packet
169  (See this https://github.com/open-sdr/openwifi/discussions/344 to understand how to map the collected data to the packet via the TSF timestamp)
170
171  If you want to relate the IQ information to the WiFi packet, you need to capture WiFi packets (tcpdump/wireshark/etc) while capturing IQ. Then you can relate the timestamp between WiFi packet and IQ information. Please be noticed that the timestamp in the IQ information is the moment when capture is triggered, which could be different from the timestamp reported in the packet capture program. But since they share the same time base (TSF timer), you can relate them easily by analyzing the WiFi packet and IQ sample sequence.
172
173  Please learn the python and Matlab script to extract IQ information per capture according to your requirement.
174