1 2## 802.11 packet injection 3 4The Linux wireless networking stack (i.e. driver, mac80211, cfg80211, net_dev, user app) is a robust implementation supporting a plethora of wireless devices. As robust as it is, it also has a drawback when it comes to single-layer testing. 5 6Ping and Iperf are well established performance measurement tools. However, using such tools to measure 802.11 PHY performance can be misleading, simply because they touch multiple layers in the network stack. 7 8Luckily, the mac80211 Linux subsystem provides packet injection functionality and it allows us to have finer control over physical layer testing. 9 10To this end, we have adapted a [packetspammer](https://github.com/gnychis/packetspammer) application originally written by Andy Green <[email protected]> and maintained by George Nychis <[email protected]>. 11 12### inject_80211 13Userspace program to inject 802.11 packets through mac80211 supported (softmac) wireless devices. 14 15### Options 16 ``` 17-m/--hw_mode <hardware operation mode> (a,g,n) 18-r/--rate_index <rate/MCS index> (0,1,2,3,4,5,6,7) 19-i/--sgi_flag (0,1) 20-n/--num_packets <number of packets> 21-s/--payload_size <payload size in bytes> 22-d/--delay <delay between packets in usec> 23-h this menu 24 ``` 25 26### Example: 27``` 28iw dev wlan0 interface add mon0 type monitor && ifconfig mon0 up 29inject_80211 -m n -r 0 -n 64 -s 100 mon0 # Inject 10 802.11n packets at 6.5Mbps bitrate and 64bytes size 30``` 31 32### Link performance test 33 34To make a profound experimental analysis on the physical layer performance, we can rely on automation scripts. 35 36The following script will inject 100 802.11n packets at different bitrates and payload sizes. 37 38``` 39#!/bin/bash 40 41HW_MODE='n' 42COUNT=100 43DELAY=1000 44RATE=( 0 1 2 3 4 5 6 7 ) 45SIZE=( $(seq -s' ' 50 100 1450) ) # paload size in bytes 46IF="mon0" 47 48for (( i = 0 ; i < ${#PAYLOAD[@]} ; i++ )) do 49 for (( j = 0 ; j < ${#RATE[@]} ; j++ )) do 50 inject_80211 -m $HW_MODE -n $COUNT -d $DELAY -r ${RATE[$j]} -s ${SIZE[$i]} $IF 51 sleep 1 52 done 53done 54 55``` 56 57On the receiver side, we can use tcpdump to collect the pcap traces. 58 59``` 60iw dev wlan0 interface add mon0 type monitor && ifconfig mon0 up 61tcpdump -i mon0 -w trace.pcap 'wlan addr1 ff:ff:ff:ff:ff:ff and wlan addr2 66:55:44:33:22:11' 62``` 63 64Wlan addresses *ff:ff:ff:ff:ff:ff* and *66:55:44:33:22:11* are specific to our injector application. 65 66Next, we analyze the collected pcap traces using the analysis tool provided. 67 68``` 69analyze_80211 trace.pcap 70``` 71 72An excerpt from a sample analysis looks the following 73 74``` 75HW MODE RATE(Mbps) SGI SIZE(bytes) COUNT Duration(sec) 76======= ========== === =========== ===== ============= 77802.11n 6.5 OFF 54 100 0.11159 78802.11n 13.0 OFF 54 100 0.11264 79802.11n 19.5 OFF 54 100 0.11156 80802.11n 26.0 OFF 54 100 0.11268 81802.11n 39.0 OFF 54 100 0.11333 82802.11n 52.0 OFF 54 100 0.11149 83802.11n 58.5 OFF 54 100 0.11469 84802.11n 65.0 OFF 54 100 0.11408 85``` 86 87