From: "Jean-Pierre Tosoni" <jp.tosoni@acksys.fr>
To: ath10k@lists.infradead.org, linux-wireless@vger.kernel.org
Cc: Cedric VONCKEN <cedric.voncken@acksys.fr>
Subject: ath10k firmware sends probes on DFS channels without radar detection
Date: Tue, 6 Dec 2016 18:02:52 +0100 [thread overview]
Message-ID: <004a01d24fe2$94da8dc0$be8fa940$@acksys.fr> (raw)
This follows on the previous discussion
"Client station sends probes on DFS channels"
Problem:
The combination of QCA988X firmware v10.2.4.70-2 + ath10k +
wpa_supplicant do not comply with the norm ETSI/EN 301-893
section 4.7; because they can send probes for 600s when no
AP is around.
Analysis:
The problem seems to lie in the firmware, which regards the presence
of *any* beacon as a proof that the channel is radar-clean for 600s.
This is a wrong hypothesis, since a rogue AP sending fraudulent
beacons should not induce a scrupulous STA in sending illegal probes.
Moreover, the norm (table D.1) sets a time limit of 10s to
shutdown when no AP positively allows the STA to transmit on
the DFS channel.
Status:
- there is no known plan at QCA to fix the issue.
- ath10k firmware is not publicly available for fixes.
- there is no obvious fix working in ath10k.
- the issue does not show up with other mac80211 devices like ath9k.
- wpa_supplicant considers this is a kernel issue [2]
Jean-Pierre Tosoni
> -----Message d'origine-----
> De : ath10k [mailto:ath10k-bounces@lists.infradead.org] De la part de
> Jean-Pierre Tosoni
> Envoyé : mercredi 30 novembre 2016 19:04
> À : ath10k@lists.infradead.org
> Objet : Client station sends probes on DFS channels
>
> Hello list,
>
> There is a case where I can see probes on a DFS channel, from a non-
> associated station using ath10k. (note that the problem does not arise
> when using ath9k).
>
> *The setup*
>
> I am using Openwrt, wpa_supplicant and compat-wireless 2016-10-08,
> Card firmware is ath10k_pci: qca988x hw2.0 (0x4100016c, 0x043202ff)
> fw 10.2.4.70-2 api 5 htt-ver 2.1 wmi-op 5 htt-op 2
> cal otp max-sta 128 features no-p2p
> ath10k_pci: debug 0 debugfs 1 tracing 0 dfs 1 testmode 1
>
> I am using channel 116, regdom US or FR, where I see no traffic at all
> using wireshark+Airpcap.
> I set wpa_supplicant to scan this channel only for a specific SSID
> "ssid1".
>
> At initial startup of the client device, no probes are going out, which
> is OK.
>
> Then, on another device, I start a hostapd set to channel 116, with a
> different SSID "otherssid" so that the supplicant will not associate.
>
> Shortly (1-2s) after the beacons appear in the air, the client begins to
> Send probe request in the air, which is unexpected, but acceptable since
> the client can infer absence of radars from the presence of beacons.
>
> *The problem*
>
> If I power down the AP, the client continues to send probes for around
> 10 minutes, which is unacceptable since it cannot handle radar detection,
> as it is a slave device in the meaning of ETSI/EN 301-893[1].
>
>
> Some tests I made:
> - I tried to investigate the "beacon hint" mechanism but it appears
> that it is not used on DFS channels.
>
> - I tried to force the IEEE80211_NO_IR flag when IEEE80211_CHAN_DFS
> is set.
>
> - When I reload the reg. domain using "iw reg set", the probes cease,
> but will reappear if I cycle my AP again On then Off.
>
> - When I let the client associate, then disassociate and stop the AP,
> the same problem arises. It disappears if I add a call to
> ath10k_regd_update() in mac.c after a disconnection (This is not a
> fix, since in my case the client never associates).
>
> - Since at startup, the client does not send probes, I infer that the
> problem is *not* caused by a hidden AP that the card could see but
> not airpcap.
>
> - I tried with channels 52 and 100, with regdom FR or US: same problem.
>
> Any ideas?
>
>
> [1] http://www.etsi.org/deliver/etsi_en/301800_301899/301893/
> 01.08.01_60/en_301893v010801p.pdf
[2] http://lists.shmoo.com/pipermail/hostap/2015-January/031906.html
>
> J.P. Tosoni - ACKSYS
>
>
>
>
> _______________________________________________
> ath10k mailing list
> ath10k@lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/ath10k
_______________________________________________
ath10k mailing list
ath10k@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/ath10k
WARNING: multiple messages have this Message-ID (diff)
From: "Jean-Pierre Tosoni" <jp.tosoni@acksys.fr>
To: <ath10k@lists.infradead.org>, <linux-wireless@vger.kernel.org>
Cc: "Cedric VONCKEN" <cedric.voncken@acksys.fr>
Subject: ath10k firmware sends probes on DFS channels without radar detection
Date: Tue, 6 Dec 2016 18:02:52 +0100 [thread overview]
Message-ID: <004a01d24fe2$94da8dc0$be8fa940$@acksys.fr> (raw)
This follows on the previous discussion
"Client station sends probes on DFS channels"
Problem:
The combination of QCA988X firmware v10.2.4.70-2 + ath10k +
wpa_supplicant do not comply with the norm ETSI/EN 301-893
section 4.7; because they can send probes for 600s when no
AP is around.
Analysis:
The problem seems to lie in the firmware, which regards the presence
of *any* beacon as a proof that the channel is radar-clean for 600s.
This is a wrong hypothesis, since a rogue AP sending fraudulent
beacons should not induce a scrupulous STA in sending illegal probes.
Moreover, the norm (table D.1) sets a time limit of 10s to
shutdown when no AP positively allows the STA to transmit on
the DFS channel.
Status:
- there is no known plan at QCA to fix the issue.
- ath10k firmware is not publicly available for fixes.
- there is no obvious fix working in ath10k.
- the issue does not show up with other mac80211 devices like ath9k.
- wpa_supplicant considers this is a kernel issue [2]
Jean-Pierre Tosoni
> -----Message d'origine-----
> De : ath10k [mailto:ath10k-bounces@lists.infradead.org] De la part de
> Jean-Pierre Tosoni
> Envoyé : mercredi 30 novembre 2016 19:04
> À : ath10k@lists.infradead.org
> Objet : Client station sends probes on DFS channels
>
> Hello list,
>
> There is a case where I can see probes on a DFS channel, from a non-
> associated station using ath10k. (note that the problem does not arise
> when using ath9k).
>
> *The setup*
>
> I am using Openwrt, wpa_supplicant and compat-wireless 2016-10-08,
> Card firmware is ath10k_pci: qca988x hw2.0 (0x4100016c, 0x043202ff)
> fw 10.2.4.70-2 api 5 htt-ver 2.1 wmi-op 5 htt-op 2
> cal otp max-sta 128 features no-p2p
> ath10k_pci: debug 0 debugfs 1 tracing 0 dfs 1 testmode 1
>
> I am using channel 116, regdom US or FR, where I see no traffic at all
> using wireshark+Airpcap.
> I set wpa_supplicant to scan this channel only for a specific SSID
> "ssid1".
>
> At initial startup of the client device, no probes are going out, which
> is OK.
>
> Then, on another device, I start a hostapd set to channel 116, with a
> different SSID "otherssid" so that the supplicant will not associate.
>
> Shortly (1-2s) after the beacons appear in the air, the client begins to
> Send probe request in the air, which is unexpected, but acceptable since
> the client can infer absence of radars from the presence of beacons.
>
> *The problem*
>
> If I power down the AP, the client continues to send probes for around
> 10 minutes, which is unacceptable since it cannot handle radar detection,
> as it is a slave device in the meaning of ETSI/EN 301-893[1].
>
>
> Some tests I made:
> - I tried to investigate the "beacon hint" mechanism but it appears
> that it is not used on DFS channels.
>
> - I tried to force the IEEE80211_NO_IR flag when IEEE80211_CHAN_DFS
> is set.
>
> - When I reload the reg. domain using "iw reg set", the probes cease,
> but will reappear if I cycle my AP again On then Off.
>
> - When I let the client associate, then disassociate and stop the AP,
> the same problem arises. It disappears if I add a call to
> ath10k_regd_update() in mac.c after a disconnection (This is not a
> fix, since in my case the client never associates).
>
> - Since at startup, the client does not send probes, I infer that the
> problem is *not* caused by a hidden AP that the card could see but
> not airpcap.
>
> - I tried with channels 52 and 100, with regdom FR or US: same problem.
>
> Any ideas?
>
>
> [1] http://www.etsi.org/deliver/etsi_en/301800_301899/301893/
> 01.08.01_60/en_301893v010801p.pdf
[2] http://lists.shmoo.com/pipermail/hostap/2015-January/031906.html
>
> J.P. Tosoni - ACKSYS
>
>
>
>
> _______________________________________________
> ath10k mailing list
> ath10k@lists.infradead.org
> http://lists.infradead.org/mailman/listinfo/ath10k
next reply other threads:[~2016-12-06 17:47 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2016-12-06 17:02 Jean-Pierre Tosoni [this message]
2016-12-06 17:02 ` ath10k firmware sends probes on DFS channels without radar detection Jean-Pierre Tosoni
2016-12-06 19:36 ` Ben Greear
2016-12-06 19:36 ` Ben Greear
2016-12-14 18:14 ` Jean-Pierre Tosoni
2016-12-14 18:14 ` Jean-Pierre Tosoni
2016-12-14 18:28 ` Ben Greear
2016-12-14 18:28 ` Ben Greear
2016-12-14 19:58 ` Jouni Malinen
2016-12-14 19:58 ` Jouni Malinen
2016-12-15 15:22 ` Jean-Pierre Tosoni
2016-12-15 15:22 ` Jean-Pierre Tosoni
2016-12-15 16:32 ` Ben Greear
2016-12-15 16:32 ` Ben Greear
2016-12-15 17:53 ` Jean-Pierre Tosoni
2016-12-15 17:53 ` Jean-Pierre Tosoni
2016-12-15 22:58 ` Jouni Malinen
2016-12-15 22:58 ` Jouni Malinen
2016-12-26 11:15 ` Jean-Pierre Tosoni
2016-12-26 11:15 ` Jean-Pierre Tosoni
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='004a01d24fe2$94da8dc0$be8fa940$@acksys.fr' \
--to=jp.tosoni@acksys.fr \
--cc=ath10k@lists.infradead.org \
--cc=cedric.voncken@acksys.fr \
--cc=linux-wireless@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.