SecureAngle: Improving Wireless Security Using
Angle-of-Arrival Information
继续阅读SecureAngle: Improving Wireless Security Using Angle-of-Arrival Information
分类: LTE
srsLTE使用LimeSDR代码分析PHY层流程
数据接收流向
RF处理线程
lib/src/phy/rf/rf_soapy_imp.c
int rf_soapy_recv_with_time(void *h,
void *data,
uint32_t nsamples,
bool blocking,
time_t *secs,
double *frac_secs)
->
lib/src/phy/rf/rf_dev.h
int (*srslte_rf_recv_with_time)(void *h, void *data, uint32_t nsamples,
bool blocking, time_t *secs,double *frac_secs)
->
lib/src/radio/radio_multi.cc
bool rx_now(cf_t *buffer[SRSLTE_MAX_PORTS], uint32_t nof_samples, srslte_timestamp_t* rxd_time)
->
srsenb/src/phy/txrx.cc
void run_thread() 接收完成后,触发信号,通知后续线程,也就是后面的发送接收线程。
eNB收发处理线程
srsenb/src/phy/phch_worker.cc
void work_imp();
->
srsenb/src/phy/phch_worker.cc
void srslte_enb_ul_fft(srslte_enb_ul_t *q)
填充关键的srslte_enb_ul_t->sf_symbols,这个指针在 int srslte_ofdm_rx_init(srslte_ofdm_t *q, srslte_cp_t cp_type, cf_t *in_buffer,cf_t *out_buffer,uint32_t max_prb)函数中被赋值,被共享,因此后面会不好理解何时srslte_enb_ul_t->sf_symbols被赋值
另外就是关注 int srslte_enb_ul_init(srslte_enb_ul_t *q,cf_t *in_buffer,uint32_t max_prb)中对于signal_buffer_rx的共享方式,也能解释后面的不需要拷贝内存的操作,主要就是指针被共享了。
srsenb/src/phy/phch_worker.cc
int decode_pucch()
->
lib/src/phy/enb/enb_ul.c
int srslte_enb_ul_get_pucch(srslte_enb_ul_t *q, uint16_t rnti,
uint32_t pdcch_n_cce, uint32_t sf_rx,
srslte_uci_data_t *uci_data)
->
lib/src/phy/enb/enb_ul.c
int get_pucch(srslte_enb_ul_t *q, uint16_t rnti,
uint32_t pdcch_n_cce, uint32_t sf_rx,
srslte_uci_data_t *uci_data, uint8_t bits[SRSLTE_PUCCH_MAX_BITS], uint32_t nof_bits)
->
lib/src/phy/phch/pusch.c
int srslte_pusch_decode(srslte_pusch_t *q,
srslte_pusch_cfg_t *cfg, srslte_softbuffer_rx_t *softbuffer,
cf_t *sf_symbols,
cf_t *ce, float noise_estimate, uint16_t rnti,
uint8_t *data, srslte_cqi_value_t *cqi_value, srslte_uci_data_t *uci_data)
|
1 2 3 4 5 |
解码函数在pucch.c,pusch.c中都存在 pucch主要是在上行上传送控制信息,cqi,ri,pmi和harq的应答 pusch除了传送控制信息外还要传送上行数据 两者在频域上所处的位置不同,pucch处于频带的两端,pusch处于中间,占据绝大部分资源 因此我们这里主要关注pusch |
->
lib/src/phy/modem/demod_soft.c
int srslte_demod_soft_demodulate_s(srslte_mod_t modulation, const cf_t* symbols, short* llr, int nsymbols)(QPSK解码)
On the Improvement of Positioning in LTE with Collaboration and Pressure Sensors
On the Improvement of Positioning in LTE with Collaboration and
Pressure Sensors
继续阅读On the Improvement of Positioning in LTE with Collaboration and Pressure Sensors
TIMING-BASED LOCATION ESTIMATION FOR OFDM SIGNALS WITH APPLICATIONS IN LTE, WLAN AND WIMAX
TIMING-BASED LOCATION ESTIMATION FOR OFDM SIGNALS WITH APPLICATIONS IN LTE, WLAN AND WIMAX
继续阅读TIMING-BASED LOCATION ESTIMATION FOR OFDM SIGNALS WITH APPLICATIONS IN LTE, WLAN AND WIMAX
窄带信号&模拟信号的带宽
DOA estimation based on MUSIC algorithm
DOA estimation based on MUSIC algorithm
ubuntu 16.04系统LimeSDR V1.4使用最新版本的OpenAirInterface5g代码搭建LTE实验环境
注意,最新开发版本的代码不稳定,存在问题,以下的仅仅是记录自己的操作过程,代码并不能正常工作。正常使用的话,请不要使用如下的版本操作。
参考ubuntu 16.04系统LimeSDR V1.4使用OpenAirInterface搭建LTE实验环境,并参考 解决ubuntu 16.04系统上2017.06版本之后的LimeSDR V1.4驱动不能正常运行OpenAirInterface搭建的LTE实验环境的问题使用最新的LimeSDR驱动能正常进行LTE实验之后,我们开始尝试把OpenAirInterface的代码更新到最新版本(2018_w15),新版本的代码结构更加清晰,但是不可用。
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 |
$ cd ~ $ cd openairinterface5g $ rm -rf * $ git checkout develop $ git pull #对于国内的用户来说,国外的几个代码地址需要修改一下,否则会出现无法下载或者下载非常慢的情况 $ sed -i "s/git clone https:\/\/gist.github.com\/2190472.git \/opt\/ssh/wget https:\/\/www.mobibrw.com\/wp-content\/uploads\/2018\/03\/ssh.tar.gz \&\& sudo tar -zxvf ssh.tar.gz -C \/opt/g" cmake_targets/tools/build_helper $ sed -i "s/git clone https:\/\/gitlab.eurecom.fr\/oai\/asn1c.git \/tmp\/asn1c/wget https:\/\/www.mobibrw.com\/wp-content\/uploads\/2018\/03\/asn1c.tar.gz \&\& tar -zxvf asn1c.tar.gz -C \/tmp/g" cmake_targets/tools/build_helper $ sed -i "s/https:\/\/pypi.python.org\/packages\/18\/fa\/dd13d4910aea339c0bb87d2b3838d8fd923c11869b1f6e741dbd0ff3bc00\/netifaces-0.10.4.tar.gz/https:\/\/www.mobibrw.com\/wp-content\/uploads\/2018\/03\/netifaces-0.10.4.tar.gz/g" cmake_targets/tools/build_helper $ sed -i "s/https:\/\/github.com\/google\/protobuf\/releases\/download\/v3.3.0\/protobuf-cpp-3.3.0.tar.gz/https:\/\/www.mobibrw.com\/wp-content\/uploads\/2018\/04\/protobuf-cpp-3.3.0.tar.gz/g" cmake_targets/tools/build_helper $ sed -i "s/git clone https:\/\/github.com\/protobuf-c\/protobuf-c.git/wget https:\/\/www.mobibrw.com\/wp-content\/uploads\/2018\/03\/protobuf-c.tar.gz \&\& tar -zxvf protobuf-c.tar.gz/g" cmake_targets/tools/build_helper #修正兼容问题,更高版本的protobuf-c跟我们上面安装的版本不匹配,会导致编译错误 $ sed -i "s/cd protobuf-c/cd protobuf-c \&\& git checkout 2a46af42784abf86804d536f6e0122d47cfeea45/g" cmake_targets/tools/build_helper # 如果使用最新版本的limesdr驱动已经修正了数据读取的BUG,不需要丢弃第一次的报文,我们需要 # 阻止第一个报文的丢弃,否则数据读取是错误的 $ sed -r -i "s/first_rx[ \t]*=[ \t]*1;/first_rx = 0;/g" targets/ARCH/LMSSDR/USERSPACE/LIB/lms_lib.cpp #执行编译 $ source oaienv $ ./cmake_targets/build_oai -I # install SW packages from internet # ./cmake_targets/build_oai -w USRP --eNB -t ETHERNET# compile eNB # 注意如果后续重新编译过limesdr的驱动,这部分也需要重新编译 $ ./cmake_targets/build_oai -c -w LMSSDR --eNB -x |
接下来就是创建LimeSDR的启动配置文件(从enb.band7.tm1.50PRB.usrpb210.conf修改而来):
|
1 |
$ vim targets/PROJECTS/GENERIC-LTE-EPC/CONF/enb.band7.tm1.25PRB.lmssdr.conf |
里面的内容如下:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 |
Active_eNBs = ( "eNB-Eurecom-LTEBox"); # Asn1_verbosity, choice in: none, info, annoying Asn1_verbosity = "none"; eNBs = ( { ////////// Identification parameters: eNB_ID = 0xe00; cell_type = "CELL_MACRO_ENB"; eNB_name = "eNB-Eurecom-LTEBox"; // Tracking area code, 0x0000 and 0xfffe are reserved values tracking_area_code = "1"; mobile_country_code = "208"; mobile_network_code = "92"; tr_s_preference = "local_mac" ////////// Physical parameters: component_carriers = ( { node_function = "3GPP_eNODEB"; node_timing = "synch_to_ext_device"; node_synch_ref = 0; frame_type = "FDD"; tdd_config = 3; tdd_config_s = 0; prefix_type = "NORMAL"; eutra_band = 7; downlink_frequency = 2685000000L; uplink_frequency_offset = -120000000; Nid_cell = 0; N_RB_DL = 25; Nid_cell_mbsfn = 0; nb_antenna_ports = 1; nb_antennas_tx = 1; nb_antennas_rx = 1; tx_gain = 90; rx_gain = 125; pbch_repetition = "FALSE"; prach_root = 0; prach_config_index = 0; prach_high_speed = "DISABLE"; prach_zero_correlation = 1; prach_freq_offset = 2; pucch_delta_shift = 1; pucch_nRB_CQI = 0; pucch_nCS_AN = 0; pucch_n1_AN = 32; pdsch_referenceSignalPower = -27; pdsch_p_b = 0; pusch_n_SB = 1; pusch_enable64QAM = "DISABLE"; pusch_hoppingMode = "interSubFrame"; pusch_hoppingOffset = 0; pusch_groupHoppingEnabled = "ENABLE"; pusch_groupAssignment = 0; pusch_sequenceHoppingEnabled = "DISABLE"; pusch_nDMRS1 = 1; phich_duration = "NORMAL"; phich_resource = "ONESIXTH"; srs_enable = "DISABLE"; /* srs_BandwidthConfig =; srs_SubframeConfig =; srs_ackNackST =; srs_MaxUpPts =;*/ pusch_p0_Nominal = -96; pusch_alpha = "AL1"; pucch_p0_Nominal = -104; msg3_delta_Preamble = 6; pucch_deltaF_Format1 = "deltaF2"; pucch_deltaF_Format1b = "deltaF3"; pucch_deltaF_Format2 = "deltaF0"; pucch_deltaF_Format2a = "deltaF0"; pucch_deltaF_Format2b = "deltaF0"; rach_numberOfRA_Preambles = 64; rach_preamblesGroupAConfig = "DISABLE"; /* rach_sizeOfRA_PreamblesGroupA = ; rach_messageSizeGroupA = ; rach_messagePowerOffsetGroupB = ; */ rach_powerRampingStep = 4; rach_preambleInitialReceivedTargetPower = -108; rach_preambleTransMax = 10; rach_raResponseWindowSize = 10; rach_macContentionResolutionTimer = 48; rach_maxHARQ_Msg3Tx = 4; pcch_default_PagingCycle = 128; pcch_nB = "oneT"; bcch_modificationPeriodCoeff = 2; ue_TimersAndConstants_t300 = 1000; ue_TimersAndConstants_t301 = 1000; ue_TimersAndConstants_t310 = 1000; ue_TimersAndConstants_t311 = 10000; ue_TimersAndConstants_n310 = 20; ue_TimersAndConstants_n311 = 1; ue_TransmissionMode = 1; } ); srb1_parameters : { # timer_poll_retransmit = (ms) [5, 10, 15, 20,... 250, 300, 350, ... 500] timer_poll_retransmit = 80; # timer_reordering = (ms) [0,5, ... 100, 110, 120, ... ,200] timer_reordering = 35; # timer_reordering = (ms) [0,5, ... 250, 300, 350, ... ,500] timer_status_prohibit = 0; # poll_pdu = [4, 8, 16, 32 , 64, 128, 256, infinity(>10000)] poll_pdu = 4; # poll_byte = (kB) [25,50,75,100,125,250,375,500,750,1000,1250,1500,2000,3000,infinity(>10000)] poll_byte = 99999; # max_retx_threshold = [1, 2, 3, 4 , 6, 8, 16, 32] max_retx_threshold = 4; } # ------- SCTP definitions SCTP : { # Number of streams to use in input/output SCTP_INSTREAMS = 2; SCTP_OUTSTREAMS = 2; }; ////////// MME parameters: mme_ip_address = ( { ipv4 = "127.0.0.20"; ipv6 = "192:168:30::17"; active = "yes"; preference = "ipv4"; } ); NETWORK_INTERFACES : { ENB_INTERFACE_NAME_FOR_S1_MME = "lo"; ENB_IPV4_ADDRESS_FOR_S1_MME = "127.0.0.10/8"; ENB_INTERFACE_NAME_FOR_S1U = "lo"; ENB_IPV4_ADDRESS_FOR_S1U = "127.0.0.10/8"; ENB_PORT_FOR_S1U = 2152; # Spec 2152 }; } ); MACRLCs = ( { num_cc = 1; tr_s_preference = "local_L1"; tr_n_preference = "local_RRC"; phy_test_mode = 1; } ); L1s = ( { num_cc = 1; tr_n_preference = "local_mac"; } ); RUs = ( { local_rf = "yes" nb_tx = 1 nb_rx = 1 att_tx = 0 att_rx = 0; bands = [7]; max_pdschReferenceSignalPower = -27; max_rxgain = 125; eNB_instances = [0]; } ); NETWORK_CONTROLLER : { FLEXRAN_ENABLED = "no"; FLEXRAN_INTERFACE_NAME = "lo"; FLEXRAN_IPV4_ADDRESS = "127.0.0.1"; FLEXRAN_PORT = 2210; FLEXRAN_CACHE = "/mnt/oai_agent_cache"; FLEXRAN_AWAIT_RECONF = "no"; }; log_config : { global_log_level ="info"; global_log_verbosity ="medium"; hw_log_level ="info"; hw_log_verbosity ="medium"; phy_log_level ="info"; phy_log_verbosity ="medium"; mac_log_level ="info"; mac_log_verbosity ="high"; rlc_log_level ="info"; rlc_log_verbosity ="medium"; pdcp_log_level ="info"; pdcp_log_verbosity ="medium"; rrc_log_level ="info"; rrc_log_verbosity ="medium"; }; |
另外,最新版本运行的时候如果增加-d参数,启动图形界面,程序会崩溃。目前这个版本可以运行,但是貌似会导致LimeSDR驱动数据发送异常,目前已知,这个版本的驱动没有正确的读取配置文件,导致给硬件的配置信息是错误的,暂时这个版本还不可用。
LTE物理层总结
LTE物理层总结
OpenAirInterface使用LimeSDR代码分析PHY层流程
参考ubuntu 16.04系统LimeSDR V1.4使用OpenAirInterface搭建LTE实验环境建立完成的环境。
代码为当时的代码,不是最新的代码。
数据接收流向
RF处理线程
targets/ARCH/LMSSDR/USERSPACE/LIB/lms_lib.cpp
int trx_lms_read(openair0_device *device, openair0_timestamp *ptimestamp, void **buff, int nsamps, int antenna_id)-> targets/RT/USER/lte-enb.c
void rx_rf(PHY_VARS_eNB *eNB,int *frame,int *subframe) (eNB->rfdevice.trx_read_func)
int trx_lms_read(openair0_device *device, openair0_timestamp *ptimestamp, void **buff, int nsamps, int antenna_id)-> targets/RT/USER/lte-enb.c
void rx_rf(PHY_VARS_eNB *eNB,int *frame,int *subframe) (eNB->rfdevice.trx_read_func)
->
targets/RT/USER/lte-enb.c
static void* eNB_thread_FH( void* param ) (eNB->rx_fh)
接收完成后,触发信号,通知后续线程,也就是后面的发送接收线程。
eNB收发处理线程
targets/RT/USER/lte-enb.c
static void* eNB_thread_rxtx( void* param )
->
targets/RT/USER/lte-enb.c
static inline int rxtx(PHY_VARS_eNB *eNB,eNB_rxtx_proc_t *proc, char *thread_name) (eNB->proc_uespec_rx(eNB, proc, no_relay ))
->
openair1/SCHED/phy_procedures_lte_eNb.c
void phy_procedures_eNB_uespec_RX(PHY_VARS_eNB *phy_vars_eNB,eNB_rxtx_proc_t *proc,relaying_type_t r_type)
->
openair1/SCHED/phy_procedures_lte_eNb.c
void pucch_procedures(PHY_VARS_eNB *eNB,eNB_rxtx_proc_t *proc,int UE_id,int harq_pid,uint8_t do_srs)
->
此处实际的解码,涉及到相位信息,这部分是PUCCH部分的数据,主要是通信控制数据,比如信噪比等,不包含实际的通信数据,比如TCP,UDP协议等等
openair1/PHY/LTE_TRANSPORT/pucch.c
uint32_t rx_pucch(PHY_VARS_eNB *phy_vars_eNB,
PUCCH_FMT_t fmt,
uint8_t UE_id,
uint16_t n1_pucch,
uint16_t n2_pucch,
uint8_t shortened_format,
uint8_t *payload,
int frame,
uint8_t subframe,
uint8_t pucch1_thres)
->
此处实际的解码,涉及到相位信息,实际的通信数据,比如TCP,UDP协议等等
openair1/PHY/LTE_TRANSPORT/ulsch_decoding.c
unsigned int ulsch_decoding(PHY_VARS_eNB *eNB,eNB_rxtx_proc_t *proc,
uint8_t UE_id,
uint8_t control_only_flag,
uint8_t Nbundled,
uint8_t llr8_flag) ( eNB->td)
->
此处解析数据段,TCP,IP相关部分了
openair1/PHY/LTE_TRANSPORT/ulsch_decoding.c
int ulsch_decoding_data(PHY_VARS_eNB *eNB,int UE_id,int harq_pid,int llr8_flag)
解码后的数据通过rx_sdu函数上报到MAC层。
IQ信号
当前的数字射频芯片,无一例外的用到了I/Q信号,就算是RFID芯片,内部也用到了I/Q信号,然而绝大部分射频人员,对于IQ的了解除了名字之外,基本上一无所知。I/Q信号一般是模拟的。也有数字的比如方波。基带内处理的一般是数字信号,在出口处都要进行D/A(数—>模)转换,每个基带的结构图里都有,可以仔细看。
网上有大量关于IQ信号的资料,但都是公式一大堆,什么四相图,八相图之类的,最后还是不明白,除了知道这两个名次解释:
I:in-phase 表示同相
Q:quadrature 表示正交,与I相位差90度。