0%

P2P设备和Miracast设备发现过程

Posted on Edited on In
Symbols count in article: 7.1k Reading time ≈ 6 mins.
Device Discovery
  • toc
    {:toc}

*

P2P Device Discovery用于P2P Devcie能够互相发现并构建P2P Group

WFD Devcie Discovery用于WFD Device能够互相发现并构建WFD Session,基于P2P技术,与之相比较多了WFD[协议2]内容

P2P Device Discovery

P2P Device
Discovery consists of two major phases: Scan and Find, which are described in
detail in the following sections. P2P设备发现主要有Scan和Find两个阶段

Device Discovery uses Probe Request and Probe Response frames to
exchange device information. The P2P Devices in a P2P Group are discovered
via a Probe Response frame from the P2P Group Owner.P2P设备发现利用Probe Request帧和Probe Response帧来发现周围P2P设备

A P2P Device shall not respond to Probe Request frames unless it is:
允许对Probe Request帧进行应答(发送Probe Response帧)的三种情况

  • a P2P Group Owner or
  • in the Listen State, or
  • a P2P Device associated with an infrastructure AP on the channel on
    which the Probe Request was sent — in which case the P2P Device may
    respond provided it is not already a member of a P2P Group.

A P2P Device shall not transmit Beacon frames unless it is a P2P Group Owner. 只有P2P GO才可以发送Beacon帧(信标帧)

Listen State

In the Listen State a P2P Device dwells on a given channel,
termed the Listen Channel. This is a channel chosen from the list of Social
Channels. Channels 1, 6, and 11 in the 2.4 GHz band shall be used as the
Social Channels. The Listen Channel shall be chosen at the beginning of the
Device Discovery and shall remain the same until P2P Discovery completes.
P2P Device在Device Discovery开始时在1,6,11频段中选择一个作为Listen Channel,
一旦选择好后,在整个P2P Discovery阶段就不再更改

A P2P Device in the Listen State shall only reply to Probe Request frames that
contain the P2P IE, the P2P Wildcard SSID element, a Wildcard BSSID, and a
Destination Address that is either the broadcast address or its P2P Device
Address.
P2P Device监听Probe Request帧并回复Probe Response帧。只处理那些包含了P2P IE信息的Probe Request帧

One or more P2P IEs and the WSC IE shall be inserted after other information
elements in the Probe Response frames transmitted by a P2P Device.
P2P IEs和WSC IE插入到Probe Response帧的尾部

Scan Phase

In the Scan Phase, devices collect information about surrounding devices or networks
by scanning all supported channels.
The P2P Device in the Scan Phase shall not reply to Probe Request frames.
P2P Device会在各个频段上发送Probe Request帧。
P2P Device在这一阶段中不会处理来自其他设备的Probe Request帧

Find Phase

The Find Phase is used to ensure that two simultaneously searching P2P
Devices arrive on a common channel to enable communication. This is
achieved by cycling between states where the P2P Device waits on a fixed
channel for Probe Request frames (the Listen State) or sends Probe Request
frames on a fixed list of channels (the Search State).
Find Phase确保当两个设备处于同一频段,一方发送的帧才能被对方接收到,用于建立连接。
Search State中,P2P Device将发送Probe Request帧,
而Listen State中,它将接收其他设备的Probe Request帧并回复Probe Response帧

In the Find Phase, a P2P Device shall alternate between the
Listen and Search states as specified below.
P2P Device将在Search State和Listen State之间来回切换

The duration of each Listen State within the Find Phase shall be a random
integer of 100 TU Intervals. This random number shall be no greater than the
maxDiscoverableInterval value and no less than the minDiscoverableInterval.
Default values for maxDiscoverableInterval and minDiscoverableInterval values
are 3 and 1 respectively. The randomness in the time spent in the Listen state is
to avoid a case where two P2P Devices in the Find Phase are in lock-step and
thus will never find each other. While in the Listen State within the Find Phase a
P2P Device shall be constantly available on the Listen Channel.
在Find Phase中,Listen State的时间是100TU的整数倍,倍数值是一个随机数,
位于minDiscoverableInterval和maxDiscoverableInterval之间。
这两个值默认为1和3,而厂商可以修改。选择随机倍数的原因是为了防止两个Device进入Lock-Step,
即两个Device同时进入Listen State,等待相同的时间后又同时进入Search State。
如此,双方都无法处理对方的Probe Request信息(Search State中,Device只发送Probe Request)

P2P Devices in the Search State shall transmit one or more Probe Request
frames on each of the Social Channels.
处于Find Phase中的Search State时,它将在1,6,11频段上发送Probe Request帧

A P2P Device in the Search State shall not reply to Probe Request frames.
处于Find Phase中的Search State时,不会对Probe Request帧作出应答

流程图如下:

  • Device Discovery开始
  • Sacn Phase,所有频段发送Probe Request帧
  • Find Phase,Listen Channel确定,不一定一样。在Listen State和Search State中切换
  • Listen State持续时间是100TU的随机整数倍,避免Lock-Step,只监听应答带有P2P IEs的Probe Request帧
  • Search State在channel1、6、11上发送Probe Request,不响应Probe Request帧
  • Find Phase中在Listen和Search中切换,一旦在某一个相同的channel上,完成Probe Request和Probe Response,即完成设备发现
  • 图中最终设备在channel 6上完成Devcie Found

针对各个帧中所必须的内容,例如P2P IEs、WSC等,协议中有明确描述。

WFD Devcie Discovery

Wi-Fi Display Device Discovery builds upon the P2P Device Discovery mechanisms defined in [协议1]
enabling a WFD Device to quickly find a peer WFD Device and to determine whether a connection may be
established for a subsequent WFD Session.
WFD Devcie Discovery基于P2P Device Discovery技术,用于找到WFD device并确认是否可以建立WFD Session

A WFD Device shall comply with all procedures as specified for P2P Device Discovery in [协议1] with the
following additions.

  • A WFD Device shall include the WFD Information Element (WFD IE) in all beacon, probe
    request and probe response frames. The WFD IE carries basic information such as device-type and
    device-status as specified in section 5.1.1 so as to facilitate an optimal connection with a peer
    WFD Device. If a WFD Device is acting as a GO and receives a Probe Request frame containing a
    WFD IE, then that WFD Device shall respond with a Probe Response frame containing the
    information of its WFD capable client(s) as specified in section 5.1.11.

  • A WFD Device that is associated with an infrastructure AP, and that is operating as a Wi-Fi P2P
    device, should respond to Probe Requests containing a P2P IE, a WFD IE, and a P2P wildcard
    SSID. The Probe Response frame shall have the P2P IE and the WFD IE. This Probe Response
    frame should be transmitted on the channel on which the Probe Request was received.

  • WFD 设备在所有的beacon、probe request和probe response帧中有WFD IE,含有WFD Device的基本信息。
    当一个WFD Device作为P2P GO并且收到一个含有WFD IE的Probe Request帧时,应该以一个含有它的WFD capable client(s)
    的Probe Response帧作为应答

  • 当WFD Device与一个infrastructure AP连接,并且作为P2P设备操作时,对Probe Requests帧的应答Probe Response帧
    应该含有P2P IE、WFD IE、P2P wildcard SSID。

在P2P Devcie Discovery基础上添加WFD IE可以实现WFD Device Discovery!!

相关数据帧分析

  • 抓包环境 :Omnipeek + winxp + Dlink DWA-125
  • P2P GO :Wifi-MT7601
  • WFD Sink :Wifi-MT7601
  • P2P Client :Phone-Huawei3C
  • WFD Source :Phone-Huawei3C

涉及三种数据帧

  • Beacon

  • Probe Request

  • Probe Response

  • P2P IE : OUI=50-6F-9AOUI Type=0x9

  • WFD IE : OUI=50-6F-9AOUI Type=0xA

Beacon帧

普通的网络中AP发送的Beacon不带有P2P IE、WFD IE等信息,数据帧如下:

Normal Beacon

做为GO的P2P设备发送的Beacon带有P2P IE、WFD IE等信息,数据帧如下:

WFD Beacon

其中涉及WFD IE的数据高亮如下:

WFD Beacon Data

根据 OUI=50-6F-9AOUI Type=0xA 可以确认为WFD IE(WFD Information Element),其他数据解析如下:

  • Subelement ID = 0x0 : WFD Device Information
  • Length = 0x0006 : Len段之后的数据长度
  • WFD Device Information = 0x0011 : 二进制数据0000 0000 0001 0001
    • WFD Device Type bits 1:0 = 01b : Primary Sink 说明是接收显示设备
    • WFD Session Availability bits 5:4 = 01b : Available for WFD Session
    • PC bit 7 = 0b : Preferred Connectivity (PC): P2P
  • Session Management Control Port = 0x1c44 : 默认端口7236

Probe Request帧

P2P Devcie和WFD Source进行设备发现时发送的Probe Request帧有一些区别,主要是是否含有WFD IE,数据帧如下:

P2P Probe Request数据帧,只包含P2P IE:

P2P Probe Request

WFD Probe Request数据帧,包含P2P IE和WFD IE:

WFD Probe Request

WFD ID内容解析如下:

  • Subelement ID = 0x0 : WFD Device Information
  • Length = 0x0006 : Len段之后的数据长度
  • WFD Device Information = 0x0010 : 二进制数据0000 0000 0001 0000
    • WFD Device Type bits 1:0 = 00b : WFD Source 说明是发送设备
    • WFD Session Availability bits 5:4 = 01b : Available for WFD Session
    • PC bit 7 = 0b : Preferred Connectivity (PC): P2P
  • Session Management Control Port = 0x1c44 : 默认端口7236

根据数据帧内容可以知道:是否进行WFD Devcie Discovery取决于Probe Request帧中是否带有WFD IE!

Probe Response帧

Probe Request有两种格式,但是对Request的响应Probe Response只有一种格式,不论请求中是否有WFD IE,
Probe Response中都有WFD IE,数据帧如下:

WFD Probe Response

数据帧中看不到对WFD IE的解析,是因为Omnipeek软件的版本比较低,对WFD的协议支持不够,具体WFD IE数据如下:

WFD Probe Response

数据解析如下:

  • Head : DD 29 50 6F 9A 0A
  • WFD Device Information : 00 00 06 00 11 1C 44 00 00
  • Associated BSSID : 01 00 06 28 C6 8E 3C 93 B4
  • Coupled Sink Information : 06 00 07 00 00 00 00 00 00 00
  • Alternative MAC Address : 0A 00 06 00 11 7F 21 B3 77

根据Probe Request中是否含有WFD IE,当收到Probe Response时完成P2P Device 或 WFD Device Discovery!

相关标准协议

  • Wi-Fi Peer-to-Peer (P2P) Technical Specification Version 1.2
  • Wi-Fi Display Technical Specification v1.0.0
  • Wi-Fi Protected Setup Specification 1.0h