berkus
/
wifi-densepose
mirror of https://github.com/ruvnet/wifi-densepose.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
wifi-densepose/v2/crates/wifi-densepose-wifiscan
History
rUv cf2a85db66
feat(beyond-sota): ADR-157 M1 — constant-time HMAC compare + MEASURED 5.57x native wlanapi scan (#1054) 
* fix(hardware): constant-time HMAC sync-beacon tag compare (ADR-157 §B4)

AuthenticatedBeacon::verify compared the 8-byte HMAC-SHA256 tag with
`self.hmac_tag == expected`, which short-circuits on the first differing
byte and leaks, via verification latency, how many leading bytes a forged
tag matched — a byte-by-byte tag-recovery oracle (~256·N trials vs 256^N).

Replace with a hand-rolled branch-free `constant_time_tag_eq`: XOR-accumulate
every byte difference into a single u8 with no early exit, compare to zero
once. `#[inline(never)]` + `core::hint::black_box(diff)` resist the optimizer
reintroducing a short-circuit or a non-constant-time memcmp; length mismatch
returns false without inspecting contents. No new dependency — ADR-157 had
deferred this only to avoid the `subtle` crate; a fixed 8-byte compare needs
none.

Test (hard gate): tag_compare_is_constant_time_shape — equal / first-differ /
last-differ / all-differ / length-mismatch + end-to-end verify() last-byte
tamper. Proven to fail on a last-byte-skipping constant-time bug. A coarse
timing smoke check (tag_compare_timing_invariance_smoke) is #[ignore]d to
avoid CI flakiness. Grade MEASURED (constant-time construction).

ADR-157 §8 §B4 → RESOLVED. wifi-densepose-hardware: 164 passed / 0 failed.

Co-Authored-By: claude-flow <ruv@ruv.net>

* feat(wifiscan): MEASURE native wlanapi.dll vs netsh throughput (ADR-157 §5 #4)

ADR-157 §5 #4 recorded the native wlanapi.dll multi-BSSID fast path as
"asserted but NOT implemented; live scanner is the ~2 Hz netsh shim". Audit
finding: that status is stale — wlanapi_native::scan_native already implements
the real WlanOpenHandle → WlanEnumInterfaces → WlanGetNetworkBssList →
WlanFreeMemory/WlanCloseHandle FFI (handle cleanup on all exits, length-bounded
buffer walks, #[cfg(windows)] with typed Unsupported off-Windows), and
WlanApiScanner::scan_instrumented already wires it native-first with a netsh
fallback. The missing piece was an honest MEASUREMENT.

Add benchmark_backend(backend, window): drives one specific backend over a
fixed wall-clock window so netsh is timed independently (the existing
benchmark() picks native-first and so never measures netsh on a box where
native works). Returns None for an unavailable native path (honest negative,
not a fabricated number).

MEASURED on this box (Intel Wi-Fi 7 BE201 320MHz, 2026-06-13), 10 s window:
  native 21.42 Hz vs netsh 3.84 Hz = 5.57× (mean 5.0 BSSIDs/scan each).
  native-only run: 18.0 Hz. 50/50 back-to-back native scans, no handle leak.
A real positive result — NOT a fabricated 10×. Achieved 21.4 Hz is in the
asserted >2 Hz regime, below the asserted 10–20 Hz upper bound.

Tests (live-WLAN, #[ignore] for CI, RUN here):
  measure_native_vs_netsh_throughput, native_scans_dont_leak_handles,
  measure_native_scan_rate. Non-ignored pin native_scan_runs_real_ffi_on_windows
  (pre-existing) stays green. wifi-densepose-wifiscan: 94 passed / 0 failed.

ADR-157 §5 #4 + §8 → MEASURED (was ACCEPTED-FUTURE / CLAIMED-unmeasured).

Co-Authored-By: claude-flow <ruv@ruv.net>
 		2026-06-13 16:32:34 -04:00
..
src feat(beyond-sota): ADR-157 M1 — constant-time HMAC compare + MEASURED 5.57x native wlanapi scan (#1054) 2026-06-13 16:32:34 -04:00
Cargo.toml release: bump 9 crates changed in the beyond-SOTA sweep for crates.io 2026-06-11 22:41:21 -04:00
README.md chore(repo): rename rust-port/wifi-densepose-rs → v2/ (flatten to one level) (#427) 2026-04-25 21:28:13 -04:00

README.md

wifi-densepose-wifiscan

Crates.io Documentation License

Multi-BSSID WiFi scanning for Windows-enhanced DensePose sensing (ADR-022).

Overview

wifi-densepose-wifiscan implements the BSSID Acquisition bounded context for the WiFi-DensePose system. It discovers and tracks nearby WiFi access points, parses platform-specific scan output, and feeds multi-AP signal data into a sensing pipeline that performs motion detection, breathing estimation, attention weighting, and fingerprint matching.

The crate uses #[forbid(unsafe_code)] and is designed as a pure-Rust domain layer with pluggable platform adapters.

Features

  • BSSID registry -- Tracks observed access points with running RSSI statistics, band/radio type classification, and metadata. Types: BssidId, BssidObservation, BssidRegistry, BssidEntry.
  • Netsh adapter (Tier 1) -- Parses netsh wlan show networks mode=bssid output into structured BssidObservation records. Zero platform dependencies.
  • WLAN API scanner (Tier 2, wlanapi feature) -- Async scanning via the Windows WLAN API with tokio integration.
  • Multi-AP frame -- MultiApFrame aggregates observations from multiple BSSIDs into a single timestamped frame for downstream processing.
  • Sensing pipeline (pipeline feature) -- WindowsWifiPipeline orchestrates motion detection, breathing estimation, attention-weighted AP selection, and location fingerprint matching.

Feature flags

Flag Default Description
serde yes Serialization for domain types
pipeline yes WindowsWifiPipeline sensing orchestration
wlanapi no Tier 2 async scanning via tokio (Windows WLAN API)

Quick Start

use wifi_densepose_wifiscan::{
    NetshBssidScanner, BssidRegistry, WlanScanPort,
};

// Parse netsh output (works on any platform for testing)
let netsh_output = "..."; // output of `netsh wlan show networks mode=bssid`
let observations = wifi_densepose_wifiscan::parse_netsh_output(netsh_output);

// Register observations
let mut registry = BssidRegistry::new();
for obs in &observations {
    registry.update(obs);
}

println!("Tracking {} access points", registry.len());

With the pipeline feature enabled:

use wifi_densepose_wifiscan::WindowsWifiPipeline;

let pipeline = WindowsWifiPipeline::new();
// Feed MultiApFrame data into the pipeline for sensing...

Architecture

wifi-densepose-wifiscan/src/
  lib.rs          -- Re-exports, feature gates
  domain/
    bssid.rs      -- BssidId, BssidObservation, BandType, RadioType
    registry.rs   -- BssidRegistry, BssidEntry, BssidMeta, RunningStats
    frame.rs      -- MultiApFrame (multi-BSSID aggregated frame)
    result.rs     -- EnhancedSensingResult
  port.rs         -- WlanScanPort trait (platform abstraction)
  adapter.rs      -- NetshBssidScanner (Tier 1), WlanApiScanner (Tier 2)
  pipeline.rs     -- WindowsWifiPipeline (motion, breathing, attention, fingerprint)
  error.rs        -- WifiScanError

Related Crates

Crate Role
wifi-densepose-signal Advanced CSI signal processing
wifi-densepose-vitals Vital sign extraction from CSI
wifi-densepose-hardware ESP32 and other hardware interfaces
wifi-densepose-mat Disaster detection using multi-AP data

License

MIT OR Apache-2.0