Using nrf5340 with nrf70 on a custom board.
I want to use the wifi interface to send raw wifi network packets (both in associated and non-associated modes).
I have the nrf70 blob configured to use the bin that is good for both STA and RAW modes:
(in sysbuild.conf SB_CONFIG_WIFI_NRF70_SYSTEM_WITH_RAW_MODES=y and in prj.conf CONFIG_NRF70_RAW_DATA_TX=y)
I can open and bind a raw socket like this:
// When the nRF70 Series device is configured in Station mode, TX injection mode can be enabled regardless of whether the device is connected to an Access Point (AP) or not.
int ret = net_eth_txinjection_mode(_ctx.iface, true);
if (ret!=0) {
log_error("netwifi:init_ccx:Injection mode %d",ret);
return false;
}
_ctx.ccx_fd = socket(AF_PACKET, SOCK_RAW, htons(IPPROTO_RAW));
if (_ctx.ccx_fd < 0) {
log_error("netwifi:start_ccx:bad socket %d", errno);
return false;
}
_ctx.ccx_sa.sll_family = AF_PACKET;
_ctx.ccx_sa.sll_ifindex = net_if_get_by_iface(_ctx.iface);
/* Bind the socket */
ret = bind(_ctx.ccx_fd, (struct sockaddr *)(&_ctx.ccx_sa), sizeof(struct sockaddr_ll));
if (ret < 0) {
log_error("netwifi:start_ccx:bad bind:%d", errno);
return false;
}
and then I have a timer to send my raw packets prepared like this:
int buf_length = sizeof(struct raw_tx_pkt_header) + pkt_len; // sizeof(_raw_frame);
uint8_t* test_frame = Util_amalloc(buf_length+16); // a bit spare is always good
if (test_frame==NULL) {
log_error("netwifi:ccx_send alloc fail");
return;
}
struct raw_tx_pkt_header *raw_tx_pkt = (struct raw_tx_pkt_header *)test_frame;
/* Raw Tx Packet header */
raw_tx_pkt->magic_num = NRF_WIFI_MAGIC_NUM_RAWTX;
raw_tx_pkt->data_rate = CCX_RAW_TX_PKT_SAMPLE_RATE_VALUE;
raw_tx_pkt->packet_length = pkt_len;
raw_tx_pkt->tx_mode = CCX_RAW_TX_PKT_SAMPLE_RATE_FLAGS;
raw_tx_pkt->queue = CCX_RAW_TX_PKT_SAMPLE_QUEUE_NUM;
/* The byte is reserved and used by the driver */
raw_tx_pkt->raw_tx_flag = 0;
// Wifi packet
struct wifi_raw* pkt_hdr = (struct wifi_raw*)(test_frame+sizeof(struct raw_tx_pkt_header));
pkt_hdr->frame_control = htons(0x0803), // Protcol version=00, Type=10(data), subtype=0000(data),To-DS=1,From-DS=1. Note byte swapped
pkt_hdr->duration = 0x0000;
// Destination is cisco multicast address
memcpy(pkt_hdr->da, MULITCAST, 6);
// Transmitter Address: filled in with our MAC
memcpy(pkt_hdr->sa, devicemgr_device_id(), 6);
pkt_hdr->seq_ctrl = htons((bi & 0x0F)+(_ctx.ccx_seq_ctrl<<4));
if ((ret = sendto(_ctx.ccx_fd, test_frame, buf_length, 0,
(struct sockaddr *)(&_ctx.ccx_sa), sizeof(_ctx.ccx_sa)))<=0) {
log_warn("netwifi: failed to send CCX (%d, %d), stopping",ret, errno);
}
So far so good. Two questions:
1. critically, after this runs for a few tx periods, I start getting:
[00:01:35.146,514] <err> net_pkt: Data buffer (440) allocation failed.
[00:01:39.239,471] <err> net_pkt: Data buffer (120) allocation failed.
[00:01:40.468,292] <err> net_pkt: Data buffer (120) allocation failed.
[00:01:39.239,471] <err> net_pkt: Data buffer (120) allocation failed.
[00:01:40.468,292] <err> net_pkt: Data buffer (120) allocation failed.
and then
[00:03:08.847,869] <err> wifi_nrf: hal_rpu_event_get: Unable to alloc HAL msg for event (49 bytes)
and then no comms at all, and then it ends up running out of sys_heap memory and crashing.
I have my AP associated and running other sockets, eg mqtt, but this loss of memory only happens if I start doing the raw packet tx!
What is my raw sendto doing wrong that is causing the stack to lose memory? I assumed sendto() is copying my buffer so I can free it after?
2. how can I get the current wifi channel when the driver is associated with an AP? (I see I cannot change the channel just for my raw packets).
// Get channel in use
struct wifi_channel_info channel_info = {0};
channel_info.oper = WIFI_MGMT_GET;
channel_info.if_index = net_if_get_by_iface(_ctx.iface);
channel_info.channel = 1; // set to valid value in case GET fails
if ((ret = net_mgmt(NET_REQUEST_WIFI_CHANNEL, _ctx.iface, &channel_info, sizeof(struct wifi_channel_info)))!=0) {
log_cpwrn("netwifi:ccx_init:channel get nok (%d, %d), continuing", ret, errno);
}
This gives me an error each time as though I was trying to SET it?
from my prj.conf:
# Optimized networking settings for memory usage (STA MODE IOT DEVICES profile)
# nrf70 packet memory sizing
CONFIG_NRF70_MAX_TX_TOKENS=5
CONFIG_NRF70_MAX_TX_AGGREGATION=1
CONFIG_NRF70_RX_NUM_BUFS=6
# Zephyr networking config/tuning
# k_mallocd memory buffers
CONFIG_NET_TC_TX_COUNT=1
CONFIG_NET_PKT_RX_COUNT=24
CONFIG_NET_PKT_TX_COUNT=24
CONFIG_NET_BUF_RX_COUNT=24
CONFIG_NET_BUF_TX_COUNT=24
CONFIG_NET_BUF_FIXED_DATA_SIZE=y
CONFIG_NET_BUF_DATA_SIZE=128
