DFS (Dynamic Frequency Selection) allows an AP to use channels in the same spectrum that some RADAR systems use and provide a method of changing channels when RADAR signals are detected. In this example, we will use a LANforge CT712 which is our customized script and integrated GUI control for the HackRF-One Software-Defined Radio (SDR) to generate the RF pulses that simulate RADAR signals and cause a third-party AP under test to detect and change channels. It is recommended that this type of testing be done in a RF isolation chamber to limit interference to production WLAN and RADAR systems in use. | |
For more information see
Wikipedia: 5GHz Channels
WLAN Pros WiFi Channel Reference
For more information see
WiFi Alliance: DFS Best Practices
usage: lf_hackrf_dfs.py [-h] [--lf_hackrf LF_HACKRF] [--pulse_width PULSE_WIDTH]
[--pulse_interval PULSE_INTERVAL] [--pulse_count PULSE_COUNT]
[--one_burst] [--bursts BURSTS] [--rf_type RF_TYPE]
[--uut_channel UUT_CHANNEL] [--sweep_time SWEEP_TIME] [--freq FREQ]
[--daemon DAEMON] [--pid_file PID_FILE] [--gain GAIN] [--if_gain IF_GAIN]
[--bb_gain BB_GAIN] [--log_level LOG_LEVEL] [--mgt_pipe MGT_PIPE]
[--no_repeat] [--sample_mod SAMPLE_MOD]
[--host_perf_adjust HOST_PERF_ADJUST] [--tx_sample_rate TX_SAMPLE_RATE]
dfs testing , FCC0-6, ETSI0-6
Note: some systems will need to preface command with sudo nice -19
options:
-h, --help show this help message and exit
--lf_hackrf LF_HACKRF
--lf_hackrf { last 4 bytes of serial num from hackrf_info }
--pulse_width PULSE_WIDTH
--pulse_width { usecs } default: 1
--pulse_interval PULSE_INTERVAL
--pulse_interval { usecs } default: 1
--pulse_count PULSE_COUNT
--pulse_count { number } default: 1
--one_burst --one_burst store_true default: False
--bursts BURSTS --bursts provide a number of bursts
--rf_type RF_TYPE, --radar_type RF_TYPE
Note: .lower used so upper case or lower case may be entered.
to see addition information telnet <lanforge ip> 4003 show_rfgen
--rf_type OFDM,<duration>,<header mod>,<payload mod>
--rf_type OFDM,<duration>,<header mod>,<payload mod>,<on T1><off T1>,<on T2>,<off T2>,<on T3>,<off T3>
duration in micro seconds, less the 500 us is invalid , 0 setting is converted to 1e6 us
Header Mod : BPSK , QPSK
Payload Mod : BASK , QPSK , 8PSK
on T1 : on period microseconds
off T1 : off period microseconds
on T2 : on period microseconds
off T2 : off period microseconds
on T3 : on period microseconds
off T3 : off period microseconds
duration seconds , 0 is continuous till stopped
--rf_type OFDM,3,BPSK,QPSK,50000,1000,0,0,0,0
./lf_hackrf_dfs.py --freq 5180000 --gain 14 --if_gain 34 --tx_sample_rate 20 --rf_type OFDM,0,BPSK,QPSK,1000,1000,2000,2000,4000,4000 --log_level info --lf_hackrf 22276763
For testing the modulated noise:
you expect STA to stop transmitting (or AP to stop transmitting beacons) as modulated constant-tx power goes
stronger than -72 (I think, something like that at least.) So to know pass/fail, you need very exact measurement
of the const-tx modulated power level as received by the DUT wifi device.
Use splitter to split one cable to DUT, other to RF scope, use RF scope to determine the -72 level.
--rf_type GENERIC,<pulse width>,<pulse interval>,<number of pulses>,<tx_sample_rate>
--rf_type GENERIC_PRF,<pulse width>,<pulse interval>,<number of pulses>,<tx_sample_rate>
W53PULSE
--rf_type W53PULSE,<pulse width>,<prf>,<number of pulses>,<tx_sample_rate>
W53
--rf_type W53CHIRP,<pulse_width>,<blank_time>,<long_pulse>,<chrip_width>,<PRF>,<Number of continous_pairs>,<center freq>,<tx sample rate>
NOTE: the center frequency gets multiplies by 1000000
best performance at tx sample rate of 10
PRF = Pulse Repetition Frequency
Supports W53 Chirp3,4,5,6,7,8
--rf_type FCC0,<pulse width>,<pri (pulse interval)>,<number of pulses>,<tx_sample_rate>
(entering --rf_type FCC0 , will use defaults pulse_width: 1 , pri: 1428, number of pulses: 18 tx sample rate: 1
Pulse Width use: 1
Pulse Repetition Interval usec: 1428
Number of Pulses 18
W56PULSE
--rf_type W56PULSE,<pulse width>,<prf>,<number of pulses>,<tx_sample_rate>
KOREA
--rf_type KOREA1,<pulse width>,<prf>,<number of pulses>,<tx_sample_rate> : pulse width 1 us, PRF 700, pulses: 18
--rf_type KOREA2,<pulse width>,<prf>,<number of pulses>,<tx_sample_rate> : pulse width 1 us, PRF 1800, pulses: 10
--rf_type KOREA3,<pulse width>,<prf>,<number of pulses>,<tx_sample_rate> : pulse width 2 us, PRF 330, pulses: 70
example:
./lf_hackrf_dfs.py --rf_type KOREA1,1,700,18,20 --freq 5320000 --lf_hackrf 22276763 --gain 14 --if_gain 34 --log_level debug
--rf_type KOREA4,<number_bursts>
--rf_type KOREA4,20 (normally would be 100)
Pulse Width (usec): 1
PRI usec: 333
PRF 3000 pulses per second
Pulses per Hop: 3
Number of bursts: 20
Minumum number of Trials 30
CHINA
--rf_type CHINA0,<pulse_width>,<prf_1>,<tx_sample_rate> : pulse width 1 us, PRF 1000, pulses: 20
--rf_type CHINA1,<pulse_width>,<prf_1>,<tx_sample_rate> : pulse width 0.5-5 us, PRF 200-1000, pulses: 12
--rf_type CHINA2,<pulse_width>,<prf_1>,<tx_sample_rate> : pulse width 0.5-15 us, PRF 200-1600, pulses: 16
--rf_type CHINA3,<pulse_width>,<prf_1>,<tx_sample_rate> : pulse width 0.5-30 us, PRF 2300-4000, pulses: 24
CHINA4 - The radar test signal 4 is modulated radar test signal. The modulation to be used is a chirp modulated with +/- 2.5 Mhz
--rf_type CHINA4,<pulse_width>,<prf_1>,<tx_sample_rate>
--rf_type CHINA5,<pulse_width>,<prf_1>,<prf_2><prf_3>,<tx_sample_rate>,
where T1 = 1/<prf_1> and T2 = 1/<prf_2> and T3 = 1/<prf_3>
Pulse width .5 - 2 us
number of prf is 2/3 pulses per burst 10 for each PRF
prf_1 rand between (300,400)
prf_2 rand between (300,400)
prf_3 rand between (300,400)
The maximum differnence between two PRFs is 50 Hz and the minimum difference is 20 Hz
The total number of pulses in a burst is equal to the number of pulses for a single PRF multiplied
by the number of different PRFs used.
--rf_type CHINA6,<pulse_width>,<prf_1>,<prf_2>,<prf_3><tx_sample_rate>,
where T1 = 1/<prf_1> and T2 = 1/<prf_2> and T3 = 1/<prf_3>
Pulse width .5 - 2 us
number of prf is 2/3 pulses per burst 10 for each PRF
prf_1 rand between (400,1200)
prf_2 rand between (400,1200)
prf_3 rand between (400,1200)
The maximum differnence between two PRFs is 400 Hz and the minimum difference is 80 Hz
The total number of pulses in a burst is equal to the number of pulses for a single PRF multiplied
by the number of different PRFs used.
FCC
--rf_type FCC0,<pulse width>,<pri (pulse interval)>,<number of pulses>,<tx_sample_rate>
--rf_type FCC1,<pulse width>,<pri (pulse interval)>,<number of pulses>,<tx_sample_rate>
(entering --rf_type FCC1 , will use defaults pulse_width: 1 , pri: 518, number of pulses: 1930 tx sample rate: 1
Detection: 60 percent
Trials 30
Test A
Table 5a:
Pulse Repetition Frequency, Pulse Repetition Interval micro second
1930.5 518
1858.7 538
1792.1 558
1730.1 578
1672.2 598
1618.1 618
1567.4 638
1519.8 658
1474.9 678
1432.7 698
1392.8 718
1355 738
1319.3 758
1285.3 778
1253.1 798
1222.5 818
1193.3 838
1165.6 858
1139 878
1113.6 898
1089.3 918
1066.1 938
326.2 3066
Test B
15 unique PRI values randomly selected within the range of 518-3066 μsec, with a minimum
increment of 1 μsec, excluding PRI values selected in Test A
pulses roundup ( (1/360)((1910^6)/PRI usec)
roundup ((1/360)((1910^6)/3066) = round up {17.2} = 18
--rf_type FCC2,<pulse width>,<pri (pulse interval)>,<number of pulses>,<tx_sample_rate>
(entering --rf_type FCC2 , will use defaults pulse_width: 1 , pri: 150, number of pulses: 23 tx sample rate: 1
Detection: 60 percent
Trials: 30
Pulse Width usec: 1-5,
PRI usec: 150-230
Number Pulses 23-29
--rf_type FCC3,<pulse width>,<pri (pulse interval)>,<number of pulses>,<tx_sample_rate>
(entering --rf_type FCC3 , will use defaults pulse_width: 6 , pri: 200, number of pulses: 16 tx sample rate: 1
Detection: 60 percent
Trials: 30
Pulse Width usec : 6-10
PRI usec: 200-500
Number Pulses 16-18
--rf_type FCC4,<pulse width>,<pri (pulse interval)>,<number of pulses>,<tx_sample_rate>
(entering --rf_type FCC4 , will use defaults pulse_width: 11 , pri: 200, number of pulses: 12 tx sample rate: 1
Detection: 60 percent
Trials: 30
Pulse Width usec: 11-20
PRI usec: 200-500
Number PUlses 12-16
--rf_type FCC5 FCC6 with additional data after the type
--rf_type FCC5,<num_bursts>,<trials_center>,<trials_low>,<trials_high>,<uut_channel>,<freq modulation>,<tx_sample_rate>
--rf_type FCC5,10,10,0,0,20,15,20
10 bursts per trial,
10 trials center,
0 trials low,
0 trials high,
uut channel bw 20
chirp frequency modulation 15
tx_sample_rate 20 (will be 20 Mhz which is prefered)
--rf_type FCC5,0,10,0,0,20,12,20
0 will randomize bursts per trial (8,20),
10 trials center,
0 trials low,
0 trials high,
uut channel bw 20
chirp frequency modulation 12
tx sample rate 20 (will be 20 Mhz which is prefered)
Pulse Width usec: 50-100
Chirp Width (Mhz): 5-20
PRI usec : 1000-2000
Number of pulses per Burst 1-3
Number of bursts 8 -20
Detection: 80 percent
Minimum Number of Trials: 30
--rf_type FCC5B,<burst offset><pulse width>,<chirp frequency modulation>,<pulse rate frequency>,<pulse rate frequency 2>,<pulse rate frequency 3>,<num pulses in burst>,<uut_channel>,<carrier frequency><tx sample rate>
To do a single burst within a trial (TODO determing timing till start)
burst offset : micro seconds
pulse width : 50 - 100 us
chirp frequency modulation : 5-20 (number gets multiplied by 1e6)
PRF 1: 500 - 1000 Hz (is PRI 1000-2000 us)
PRF 2: 500 - 1000 Hz ( is PRI 2: 1000-2000 us , enter 0 if no pulse 2)
PRF 3: 500 - 1000 Hz ( is PRI 3: 1000-2000 us , enter 0 if no pulse 3 (needs to be zero if pulse 2 is zero) )
Number pulses per burst : 1-3
uut_channel : 20 40 80 160
carrier frequency : <number entered> is mulitplied by 1000000 (overrides --freq entry)
tx sample rate : samples per second 1 - 20 (should be 20 to meet spec.) number entered is mulplied by 1e6
example:
--rf_type FCC5B,400000,70,20,1100,1200,1300,3,20,5320,20
--rf_type FCC6,<fcc6_bursts>
--rf_type FCC6,20
for FCC6 if the list is of lenght 1 the number of fcc6s default to 20
Pulse Width (usec): 1
PRI usec: 333
PUlses per Hop: 9
Hopping rate (kHz): 0.333
Hopping Sequency Length (msec) : 300
Minumum Percentage Successful Detection 70 percent
Minumum number of Trials 30
ETSI
--rf_type ETSI0,<pulse_width>,<prf_1>,<tx_sample_rate>,
--rf_type ETSI1,<pulse_width>,<prf_1>,<tx_sample_rate>,
--rf_type ETSI2,<pulse_width>,<prf_1>,<tx_sample_rate>,
--rf_type ETSI3,<pulse_width>,<prf_1>,<tx_sample_rate>,
where T1 = 1/<prf_1>
ETSI0 pulse width: 1 us, PRF (pulse repetition frequency) 1428, pulse count 18 (fixed)
ETSI1 pulse width: .5 - 5us, PRF (pulse repetition frequency) 200 - 1000, pulse count 10 (fixed)
ETSI2 pulse width: .5 - 5us, PRF (pulse repetition frequency) 200 - 1600, pulse count 15 (fixed)
ETSI3 pulse width: .5 - 5us, PRF (pulse repetition frequency) 2300 - 4000, pulse count 25 (fixed)
tx_sample_rate : 20
--rf_type ETSI4,<pulse_width>,<prf>,<tx_sample_rate>,
where T1 = 1/<prf_1>
ETSI4 pulse width 20-30us, PRF (pulse repetition frequency)2000-4000, pulse count 20 (fixed)
for ETSI4 if list length is greater than one
pulse width rand between(20,30)
prf rand between (2000,4000)
--rf_type ETSI5,<pulse_width>,<prf_1>,<prf_2><prf_3>,<tx_sample_rate>,
where T1 = 1/<prf_1> and T2 = 1/<prf_2> and T3 = 1/<prf_3>
Pulse width .5 - 2 us
number of prf is 2/3 pulses per burst 10 for each PRF
prf_1 rand between (300,400)
prf_2 rand between (300,400)
prf_3 rand between (300,400)
The maximum differnence between two PRFs is 50 Hz and the minimum difference is 20 Hz
The total number of pulses in a burst is equal to the number of pulses for a single PRF multiplied
by the number of different PRFs used.
--rf_type ETSI6,<pulse_width>,<prf_1>,<prf_2>,<prf_3><tx_sample_rate>,
where T1 = 1/<prf_1> and T2 = 1/<prf_2> and T3 = 1/<prf_3>
Pulse width .5 - 2 us
number of prf is 2/3 pulses per burst 10 for each PRF
prf_1 rand between (400,1200)
prf_2 rand between (400,1200)
prf_3 rand between (400,1200)
The maximum differnence between two PRFs is 400 Hz and the minimum difference is 80 Hz
The total number of pulses in a burst is equal to the number of pulses for a single PRF multiplied
by the number of different PRFs used.
--uut_channel UUT_CHANNEL
--uut_channel 20 (uut_channel) default: 20
--sweep_time SWEEP_TIME
--sweep_time { msec } default: 10
--freq FREQ --freq { khz } center frequency (multiplied by 1000) default: 5300000
--daemon DAEMON --daemon { 0 | 1 } default: 0
--pid_file PID_FILE --pid_file { pid-file-name } default: lf_hackrf_py.pid
--gain GAIN --gain default: 14
--if_gain IF_GAIN --if_gain default: 27
--bb_gain BB_GAIN --bb_gain default: 24
--log_level LOG_LEVEL
--level {critial|error|warning|info|debug}
--mgt_pipe MGT_PIPE --mgt_pipe default: ""
--no_repeat --noq_repeat store true
--sample_mod SAMPLE_MOD
--sample_mod 2 default: 2
--host_perf_adjust HOST_PERF_ADJUST
--host_perf_adjust <float>
The default is 0 which is to adjust automatically based on number of bursts,
the rf generation peformance is affected by the host system, this switch is used for verification
This switch is to tune the bursts to occur within the 12 sec
For FCC5 the time between bursts needs to be adjusted based on the host system performance
the smaller the float the less time between bursts
--tx_sample_rate TX_SAMPLE_RATE
--tx_sample_rate is the transmit sample rate
lf_hackrf_dfs.py
example tp store into file
./lf_hackrf_dfs.py --freq 5320000 --gain 14 --if_gain 20 --tx_sample_rate 20 --rf_type fcc5 --log_level debug --lf_hackrf 22276763 2>&1 | tee fcc5_trial_03_axe11000.txt
./lf_hackrf_dfs.py --freq 5320000 --gain 14 --if_gain 20 --tx_sample_rate 5 --rf_type FCC5,8,1,0,0,20 --log_level debug --lf_hackrf 22276763 2>&1 | tee fcc5_trial_03_axe11000.txt