From: Jan-Espen Pettersen <sigsegv@radiotube.org>
To: linux-wireless@vger.kernel.org
Subject: PROBLEM: mac80211 and 802.11a does not associate with ap [PATCH]
Date: Mon, 25 Aug 2008 01:32:05 +0200 [thread overview]
Message-ID: <48B1EF75.9060704@radiotube.org> (raw)
[-- Attachment #1.1: Type: text/plain, Size: 3921 bytes --]
Hello,
Short problem description:
mac80211 framework sends a possibly invalid assoc request (802.11a)
Patch url download (if the attachment is unusable or stripped):
http://www.radiotube.org/mac80211_emptyext.diff
PROBLEM DESCRIPTION
The association request includes a list of supported data rates.
802.11b: 4 supported rates.
802.11g: 12 (8 + 4) supported rates.
802.11a: 8 supported rates.
The rates tag of the assoc request has room for only 8 rates. In case of
802.11g an extended rate tag is appended. However in net/wireless/mlme.c
an extended (empty) rate tag is also appended if the number of rates is
exact 8.
Pseudo-code of current mlme.c implementation:
for (i = 0; i < num_rates && i < 8; i++)
... append_rate ...;
if (i == 8) { /* <-- problem */
length = num_rates - i;
... append ext rate ...;
}
The correct way to do this should be more like:
for (i = 0; i < num_rates && i < 8; i++)
... append_rate ...;
if (i < num_rates) { /* <--note this */
length = num_rates - i;
... append ext rate ...
}
A ZyXEL G-570U access point does not accept this empty extended rates
tag. It responds with a 'association denied' with code 18 (unsupported
rates). I do not know if this is correct behaviour, but as far as I can
see it would be wise to not send an empty extended rates tag anyway.
Kernel version:
Linux version 2.6.27-rc4 (sigsegv@challenger) (gcc version 4.3.1 (Debian
4.3.1-9) ) #9 SMP Sun Aug 24 22:24:27 CEST 2008
Wireless card (dmesg):
iwl3945: Intel(R) PRO/Wireless 3945ABG/BG Network Connection driver for
Linux, 1.2.26kds
iwl3945: Copyright(c) 2003-2008 Intel Corporation
iwl3945 0000:03:00.0: PCI INT A -> GSI 17 (level, low) -> IRQ 17
iwl3945 0000:03:00.0: setting latency timer to 64
iwl3945: Detected Intel Wireless WiFi Link 3945ABG
iwl3945: Tunable channels: 13 802.11bg, 23 802.11a channels
Debug output from mac80211 and iwl3945:
phy0: HW CONFIG: freq=5180
phy0: HW CONFIG: freq=5180
wlan0_rename: Initial auth_alg=0
wlan0_rename: authenticate with AP 00:19:cb:2f:4b:95
phy0: TX to low-level driver (len=30) FC=0x00b0 DUR=0x003c
A1=00:19:cb:2f:4b:95 A2=00:1b:77:40:82:46 A3=00:19:cb:2f:4b:95
phy0: HW CONFIG: freq=5180
wlan0_rename: Initial auth_alg=0
wlan0_rename: authenticate with AP 00:19:cb:2f:4b:95
phy0: TX to low-level driver (len=30) FC=0x00b0 DUR=0x003c
A1=00:19:cb:2f:4b:95 A2=00:1b:77:40:82:46 A3=00:19:cb:2f:4b:95
wlan0_rename: RX authentication from 00:19:cb:2f:4b:95 (alg=0
transaction=2 status=0)
wlan0_rename: authenticated
wlan0_rename: associate with AP 00:19:cb:2f:4b:95
phy0: TX to low-level driver (len=46) FC=0x0000 DUR=0x003c
A1=00:19:cb:2f:4b:95 A2=00:1b:77:40:82:46 A3=00:19:cb:2f:4b:95
wlan0_rename: authentication frame received from 00:19:cb:2f:4b:95, but
not in authenticate state - ignored
wlan0_rename: authentication frame received from 00:19:cb:2f:4b:95, but
not in authenticate state - ignored
wlan0_rename: RX AssocResp from 00:19:cb:2f:4b:95 (capab=0x421 status=18
aid=0)
wlan0_rename: AP denied association (code=18)
wlan0_rename: associate with AP 00:19:cb:2f:4b:95
phy0: TX to low-level driver (len=46) FC=0x0000 DUR=0x003c
A1=00:19:cb:2f:4b:95 A2=00:1b:77:40:82:46 A3=00:19:cb:2f:4b:95
wlan0_rename: RX AssocResp from 00:19:cb:2f:4b:95 (capab=0x421 status=18
aid=0)
wlan0_rename: AP denied association (code=18)
wlan0_rename: associate with AP 00:19:cb:2f:4b:95
phy0: TX to low-level driver (len=46) FC=0x0000 DUR=0x003c
A1=00:19:cb:2f:4b:95 A2=00:1b:77:40:82:46 A3=00:19:cb:2f:4b:95
wlan0_rename: RX AssocResp from 00:19:cb:2f:4b:95 (capab=0x421 status=18
aid=0)
wlan0_rename: AP denied association (code=18)
wlan0_rename: association with AP 00:19:cb:2f:4b:95 timed out
Regards
Jan-Espen Pettersen
Patch url download (if the attachment is unusable or stripped):
http://www.radiotube.org/mac80211_emptyext.diff
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1.2: mac80211_emptyext.diff --]
[-- Type: text/x-diff; name="mac80211_emptyext.diff", Size: 341 bytes --]
--- net/mac80211/mlme.c.old 2008-08-25 00:19:30.000000000 +0200
+++ net/mac80211/mlme.c 2008-08-24 22:21:16.000000000 +0200
@@ -813,7 +813,7 @@
}
}
- if (count == 8) {
+ if (count == 8 && rates_len > count) {
pos = skb_put(skb, rates_len - count + 2);
*pos++ = WLAN_EID_EXT_SUPP_RATES;
*pos++ = rates_len - count;
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 552 bytes --]
next reply other threads:[~2008-08-24 23:38 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-08-24 23:32 Jan-Espen Pettersen [this message]
2008-08-25 14:53 ` PROBLEM: mac80211 and 802.11a does not associate with ap [PATCH] Dan Williams
2008-08-25 15:01 ` Tomas Winkler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=48B1EF75.9060704@radiotube.org \
--to=sigsegv@radiotube.org \
--cc=linux-wireless@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.