You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Add a minimal single-tone / CW-carrier emit mode for Jaguar-1 (RTL8812AU / RTL8821AU) — the chip radiates a bare RF local-oscillator carrier at the channel-center frequency, no packets, no modulation. This is the smallest useful slice of T4 (MP-mode subcommand) in TODO.md (mp-ctx … single tone), and it doubles as a controllable narrowband interferer for RF experiments (e.g. the per-tone/beamforming-sounding work in docs/beamforming-self-sounding.md, where we need a ≤1 MHz on-channel tone that a wideband Wi-Fi AP can't provide).
Ask: implement, then validate the emitted signal against an SDR / spectrum analyser before we rely on it as an instrument. The register writes are known; what needs ground-truth confirmation is that a clean carrier actually comes out at the right frequency and power.
Mechanism
MP single-tone puts the RF LO into TX as a bare carrier: disable the baseband modulators, force the RF path to TX at a chosen gain, flip the LO-enable bit, set the RFE pinmux. Ported from the vendor hal_mpt_SetSingleToneTx() (reference/rtl8812au/hal/hal_mp.c, the IS_HARDWARE_TYPE_JAGUAR branch).
Implementation recipe (Jaguar-1, path A)
After a normal InitWrite() channel set (so the LO is already tuned to the target channel center — e.g. ch6 → 2437 MHz), do 6 register writes. All addresses/#defines already exist in hal/, and phy_set_rf_reg (src/jaguar1/RadioManagementModule.cpp) + phy_set_bb_reg (src/RtlUsbAdapter.cpp) are already available:
phy_set_bb_reg(rOFDMCCKEN_Jaguar /*0x808*/, BIT28|BIT29, 0x0); // disable OFDM+CCK
phy_set_rf_reg(RF_PATH_A, RF_AC_Jaguar /*0x00*/, 0xF0000, 0x2); // RF path A -> TX mode
phy_set_rf_reg(RF_PATH_A, RF_AC_Jaguar /*0x00*/, 0x1F, 0x0); // RF gain index (0=lowest; raise for tone power)
phy_set_rf_reg(RF_PATH_A, lna_low_gain_3 /*0x58*/, BIT1, 0x1); // RF LO enable <-- the CW carrier
phy_set_bb_reg(rA_RFE_Pinmux_Jaguar /*0xCB0*/, 0xFF00F0, 0x77007);
phy_set_bb_reg(rB_RFE_Pinmux_Jaguar /*0xEB0*/, 0xFF00F0, 0x77007);
External-PA parts additionally set 0xCB4/0xEB4 [23:16] (0x11 for ext-PA-2G, 0x12 for ext-PA-5G) — gate on the EFUSE ExternalPA_2G/5G flags; parts with no external PA (e.g. the Archer T2U Plus, ExternalPA_2G=0) skip those.
Stop / restore: save RF 0x58, 0xCB0, 0xEB0 before start; on stop restore them and re-enable 0x808 [29:28], returning the chip to normal.
Proposed interface
DEVOURER_CW_TONE=1 (with existing DEVOURER_CHANNEL=N selecting the tone frequency, and an optional DEVOURER_CW_TONE_GAIN=0..31 for RF 0x00[4:0]), applied at the end of RtlJaguarDevice::InitWrite() — then idle-hold. ~30 LOC in the Jaguar-1 HAL. (Or a small mp-tone demo; either is fine.)
SDR validation checklist (the point of this issue)
On an adapter emitting the tone, capture with an SDR/analyser and confirm:
A single CW carrier at the channel-center frequency (ch6 → 2437.0 MHz; also test a 5 GHz channel, e.g. ch36 → 5180 MHz).
Spectral purity — is it a clean tone, or are there significant spurs / images / residual modulation? Quantify carrier-to-spur.
Power is tunable and monotonic via RF 0x00[4:0] (the gain index) — sweep a few values, record dBm.
Clean stop — carrier disappears on stop and the adapter returns to normal TX/RX (a subsequent beacon TX or RX still works).
Frequency accuracy / drift over ~60 s (cert-style hold).
Summary
Add a minimal single-tone / CW-carrier emit mode for Jaguar-1 (RTL8812AU / RTL8821AU) — the chip radiates a bare RF local-oscillator carrier at the channel-center frequency, no packets, no modulation. This is the smallest useful slice of T4 (MP-mode subcommand) in
TODO.md(mp-ctx … single tone), and it doubles as a controllable narrowband interferer for RF experiments (e.g. the per-tone/beamforming-sounding work indocs/beamforming-self-sounding.md, where we need a ≤1 MHz on-channel tone that a wideband Wi-Fi AP can't provide).Ask: implement, then validate the emitted signal against an SDR / spectrum analyser before we rely on it as an instrument. The register writes are known; what needs ground-truth confirmation is that a clean carrier actually comes out at the right frequency and power.
Mechanism
MP single-tone puts the RF LO into TX as a bare carrier: disable the baseband modulators, force the RF path to TX at a chosen gain, flip the LO-enable bit, set the RFE pinmux. Ported from the vendor
hal_mpt_SetSingleToneTx()(reference/rtl8812au/hal/hal_mp.c, theIS_HARDWARE_TYPE_JAGUARbranch).Implementation recipe (Jaguar-1, path A)
After a normal
InitWrite()channel set (so the LO is already tuned to the target channel center — e.g. ch6 → 2437 MHz), do 6 register writes. All addresses/#defines already exist inhal/, andphy_set_rf_reg(src/jaguar1/RadioManagementModule.cpp) +phy_set_bb_reg(src/RtlUsbAdapter.cpp) are already available:External-PA parts additionally set
0xCB4/0xEB4 [23:16](0x11 for ext-PA-2G, 0x12 for ext-PA-5G) — gate on the EFUSEExternalPA_2G/5Gflags; parts with no external PA (e.g. the Archer T2U Plus,ExternalPA_2G=0) skip those.Stop / restore: save
RF 0x58,0xCB0,0xEB0before start; on stop restore them and re-enable0x808 [29:28], returning the chip to normal.Proposed interface
DEVOURER_CW_TONE=1(with existingDEVOURER_CHANNEL=Nselecting the tone frequency, and an optionalDEVOURER_CW_TONE_GAIN=0..31forRF 0x00[4:0]), applied at the end ofRtlJaguarDevice::InitWrite()— then idle-hold. ~30 LOC in the Jaguar-1 HAL. (Or a smallmp-tonedemo; either is fine.)SDR validation checklist (the point of this issue)
On an adapter emitting the tone, capture with an SDR/analyser and confirm:
RF 0x00[4:0](the gain index) — sweep a few values, record dBm.Scope
JAGUARbranch, 2T2R and 1T1R). The 1T1R 8821AU is a fine tone source (no NDP/sounding needed — see Jaguar1 RX: unify onto the async URB queue — fixes the radxa sounding TX wedge #164 for its sounding limitation, irrelevant here).mpt_SetSingleTone_8814A()path — follow-up.References
reference/rtl8812au/hal/hal_mp.c→hal_mpt_SetSingleToneTx(), JAGUAR branch.TODO.md→ T4 (full MP-mode subcommand; this is the single-tone slice).🤖 Generated with Claude Code