Drone auto provisioning

Quickstart

Auto provisioning simplifies key pair generation/distribution for drone and GS and selection unique link_domain to avoid conflicts. Also you could use it as "recovery mode" or for uploading wfb-ng config files from the GS to the drone.

You don't need it if you manage config files and keys manually!

Install wfb-ng deb package and wifi drivers both on drone and gs (see Setup-HOWTO or flash ready-to-use image).

After this you just need to run:

• sudo init_drone.sh on the drone
• sudo init_gs.sh on the gs

It will create (if doesn't exists) on the GS:

• /etc/wifibroadcast.cfg
• /etc/bind.key
• /etc/gs.key
• /etc/drone.key
• /etc/bind.yaml (for drone profile. It doesn't used by mainline wfb-ng but provides enough data for side implementations like OpenIPC)

and create /etc/bind.key on the drone

After this it will transfer /etc/wifibroadcast.cfg, /etc/drone.key, /etc/bind.yaml from the GS to the drone and restart wifibroadcast services both on drone and GS.

---

Developer notes

Bind protocol description:

1. Switch drone and gs to bind mode by some event (key press, mavlink command, etc). This is out of scope and defined by vendor.
2. Stop all standard wfb-ng profiles
3. Start drone_bind profile on drone and gs_bind on gs
4. Start bind protocol server on drone and bind protocol client on gs
5. GS will initiate binding process and send config files (as base64 encoded tar.gz archive) via IP tunnel using TCP socket
6. Drone will receive it, check for correctness and apply changes. Then return binding status to GS
7. After binding finished then both drone and gs will switch to normal state

Implementation notes:

• Use special IP-addresses for drone and gs tunnel endpoints during binding. This will avoid security risks due to using default keys
• Always stop default wfb-ng profiles to disallow using bind mode for normal operation
• Use simple text protocol for communication via TCP socket.
• No executable scripts will be transferred from gs to drone due to security reasons
• Drone must check file checksums before any actions

Protocol description

• Each command or response are always single line of text
• Command has a format: command_name [\t arg1 [arg2] ... ] where \t is tabulation
• Response has a format: status \t [optional message]. Predefined statuses are OK and ERR

Commands:

• VERSION Should return drone version
• BIND message Where message is tar.gz archive base64 encoded

Bind archive contents:

• checksum.txt Contains sha1 checksum of all files inside of archive (use sha1sum command to generate)
• wifibroadcast.cfg (optional). WFG-ng config file for drone.
• bind.yaml (optional). Simple machine readable config. Will include basic link parameters.
• drone.key (optional). Encryption key.

Bind archive must not be empty.

Default bind.key

echo "OoLVgEYyFofg9zdhfYPks8/L8fqWaF9Jk8aEnynFPsXNqhSpRCMbVKBFP4fCEOv5DGcbXmUHV5eSykAbFB70ew==" | base64 -d > /etc/bind.key

Bind tunnel parameters for drone:

    wifi_channel: 165
    link_domain: drone_bind
    link_id: 10531917
    bind_tunnel:
          stream_rx: 255
          stream_tx: 127
          bandwidth: 20
          fec_k: 1
          fec_n: 2
          ifaddr: 10.5.99.2/24
          ifname: drone-bind
          keypair: bind.key
          ldpc: 0
          stbc: 0
          mcs_index: 1
          short_gi: false

Bind tunnel parameters for gs:

    wifi_channel: 165
    link_domain: drone_bind
    link_id: 10531917
    bind_tunnel:
          stream_tx: 255
          stream_rx: 127
          bandwidth: 20
          fec_k: 1
          fec_n: 2
          ifaddr: 10.5.99.1/24
          ifname: gs-bind
          keypair: bind.key
          ldpc: 0
          stbc: 0
          mcs_index: 1
          short_gi: false

Sample bind.yaml for drone:

max_bw: 20
profiles:
  drone:
    link_domain: default
    link_id: 7669206
    services:
      mavlink:
        cfg:
          bandwidth: 20
          call_on_arm: null
          call_on_disarm: null
          control_port: 0
          fec_delay: 0
          fec_k: 1
          fec_n: 2
          fec_timeout: 0
          force_vht: false
          frame_type: data
          fwmark: 10
          inject_rssi: true
          keypair: drone-test.key
          ldpc: 1
          log_messages: true
          mavlink_comp_id: 68
          mavlink_sys_id: 3
          mavlink_tcp_port: null
          mcs_index: 1
          mirror: false
          osd: null
          peer: listen://0.0.0.0:14560
          short_gi: false
          stbc: 1
          stream_rx: 144
          stream_tx: 16
          use_qdisc: true
        type: mavlink
      tunnel:
        cfg:
          bandwidth: 20
          control_port: 0
          default_route: false
          fec_delay: 0
          fec_k: 1
          fec_n: 2
          fec_timeout: 0
          force_vht: false
          frame_type: data
          fwmark: 20
          ifaddr: 10.5.0.2/24
          ifname: drone-wfb
          keypair: drone-test.key
          ldpc: 1
          mcs_index: 1
          mirror: false
          short_gi: false
          stbc: 1
          stream_rx: 160
          stream_tx: 32
          use_qdisc: true
        type: tunnel
      video:
        cfg:
          bandwidth: 20
          control_port: 7103
          fec_delay: 0
          fec_k: 8
          fec_n: 12
          fec_timeout: 0
          force_vht: false
          frame_type: data
          fwmark: 1
          keypair: drone-test.key
          ldpc: 1
          mcs_index: 1
          mirror: false
          peer: listen://0.0.0.0:5602
          short_gi: false
          stbc: 1
          stream_rx: null
          stream_tx: 0
          use_qdisc: true
        type: udp_direct_tx
wifi_channel: 165