* MikroTik R11e 5HnD monitor mode @ 2025-05-13 16:19 Oleksiy Protas 2025-05-14 18:04 ` [PATCH] " Oleksiy Protas 0 siblings, 1 reply; 5+ messages in thread From: Oleksiy Protas @ 2025-05-13 16:19 UTC (permalink / raw) To: linux-wireless Hello, I'm sampling different wifi cards for a drone radio project (OpenHD). Essentially it puts the card into monitor mode and injects/sniffs out frames directly bypassing the whole 802.11 stack. This works fine with "conventional" RTL8812au, but I get very strange behavior with MikroTik R11e 5HnD. The card is served by the ath9k driver, AR9580 chipset. lspci: > 01:00.0 Network controller: Qualcomm Atheros AR958x 802.11abgn Wireless Network Adapter (rev 01) Manufacturer page: https://mikrotik.com/product/R11e-5HnD What I see happening is that on the TX side what essentially uses PF_PACKET sockets, the monitor mode code is unable to find a correct queue and goes into the following error: > af_packet: wlan0 selects TX queue 2, but real number of TX queues is 1 On the RX side it's even more confusing. The card goes into monitor mode as intended (via command line, without any extra software being involved) and can see the radio frames, but only for a split second after switching channels. Whenever I do "iw wlan0 set channel XXX" it captures like 2-5 frames according to ifconfig and just stops. If I switch to another channel and back, it captures a bunch again and stops another time. To me it seems that there is some mismatch with TX/RX queues in the driver or somewhere higher up in the stack. I wonder if anyone can give some guidance on how to investigate it further. (Got embedded experience, not so much for the wifi drivers specifically). Thank you. Kind regards, Alex ^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH] Re: MikroTik R11e 5HnD monitor mode 2025-05-13 16:19 MikroTik R11e 5HnD monitor mode Oleksiy Protas @ 2025-05-14 18:04 ` Oleksiy Protas 2025-05-14 18:04 ` [PATCH] ath9k: keep ANI in " Oleksiy Protas 2025-05-14 19:11 ` MikroTik R11e 5HnD " Oleksiy Protas 0 siblings, 2 replies; 5+ messages in thread From: Oleksiy Protas @ 2025-05-14 18:04 UTC (permalink / raw) To: elfy.ua; +Cc: linux-wireless, Oleksiy Protas From: Oleksiy Protas <elfy@gmail.com> After some poking around I managed to find a part of the problem: Adaptive Noise Immunity function is disabled possibly due to the changes in 5f841b4130a639e5f0fbcf4a9b26045d734e4ee6 This patch restores ANI operation (although it doesn't fix the issue at all), writte and tested against 6.6.74. If someone is a maintainer of the driver, I'd love a review and maybe a better implementation of the same idea. PS: Sorry if I mess up the email, first time :) Oleksiy Protas (1): ath9k: keep ANI in monitor mode drivers/net/wireless/ath/ath9k/link.c | 2 +- drivers/net/wireless/ath/ath9k/main.c | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) -- 2.41.0 ^ permalink raw reply [flat|nested] 5+ messages in thread
* [PATCH] ath9k: keep ANI in monitor mode 2025-05-14 18:04 ` [PATCH] " Oleksiy Protas @ 2025-05-14 18:04 ` Oleksiy Protas 2025-08-11 12:18 ` Toke Høiland-Jørgensen 2025-05-14 19:11 ` MikroTik R11e 5HnD " Oleksiy Protas 1 sibling, 1 reply; 5+ messages in thread From: Oleksiy Protas @ 2025-05-14 18:04 UTC (permalink / raw) To: elfy.ua; +Cc: linux-wireless, Oleksiy Protas Earlier changes that made is_monitoring a separate flag as opposed to setting the opmode caused AMI to never start when monitoring --- drivers/net/wireless/ath/ath9k/link.c | 2 +- drivers/net/wireless/ath/ath9k/main.c | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/drivers/net/wireless/ath/ath9k/link.c b/drivers/net/wireless/ath/ath9k/link.c index 9d84003db800..cd2ead7b2883 100644 --- a/drivers/net/wireless/ath/ath9k/link.c +++ b/drivers/net/wireless/ath/ath9k/link.c @@ -468,7 +468,7 @@ void ath_check_ani(struct ath_softc *sc) if (!test_bit(ATH_OP_PRIM_STA_VIF, &common->op_flags)) goto stop_ani; } - } else if (ah->opmode == NL80211_IFTYPE_STATION) { + } else if (ah->opmode == NL80211_IFTYPE_STATION && !ah->is_monitoring) { if (!test_bit(ATH_OP_PRIM_STA_VIF, &common->op_flags)) goto stop_ani; } diff --git a/drivers/net/wireless/ath/ath9k/main.c b/drivers/net/wireless/ath/ath9k/main.c index aa271b82875e..2685aeecffad 100644 --- a/drivers/net/wireless/ath/ath9k/main.c +++ b/drivers/net/wireless/ath/ath9k/main.c @@ -1530,6 +1530,7 @@ static int ath9k_config(struct ieee80211_hw *hw, u32 changed) if (conf->flags & IEEE80211_CONF_MONITOR) { ath_dbg(common, CONFIG, "Monitor mode is enabled\n"); sc->sc_ah->is_monitoring = true; + ath_check_ani(sc); } else { ath_dbg(common, CONFIG, "Monitor mode is disabled\n"); sc->sc_ah->is_monitoring = false; -- 2.41.0 ^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [PATCH] ath9k: keep ANI in monitor mode 2025-05-14 18:04 ` [PATCH] ath9k: keep ANI in " Oleksiy Protas @ 2025-08-11 12:18 ` Toke Høiland-Jørgensen 0 siblings, 0 replies; 5+ messages in thread From: Toke Høiland-Jørgensen @ 2025-08-11 12:18 UTC (permalink / raw) To: Oleksiy Protas, elfy.ua; +Cc: linux-wireless, Oleksiy Protas Oleksiy Protas <elfy.ua@gmail.com> writes: > Earlier changes that made is_monitoring a separate flag as opposed to setting the opmode caused AMI to never start when monitoring > --- > drivers/net/wireless/ath/ath9k/link.c | 2 +- > drivers/net/wireless/ath/ath9k/main.c | 1 + > 2 files changed, 2 insertions(+), 1 deletion(-) > > diff --git a/drivers/net/wireless/ath/ath9k/link.c b/drivers/net/wireless/ath/ath9k/link.c > index 9d84003db800..cd2ead7b2883 100644 > --- a/drivers/net/wireless/ath/ath9k/link.c > +++ b/drivers/net/wireless/ath/ath9k/link.c > @@ -468,7 +468,7 @@ void ath_check_ani(struct ath_softc *sc) > if (!test_bit(ATH_OP_PRIM_STA_VIF, &common->op_flags)) > goto stop_ani; > } > - } else if (ah->opmode == NL80211_IFTYPE_STATION) { > + } else if (ah->opmode == NL80211_IFTYPE_STATION && !ah->is_monitoring) { > if (!test_bit(ATH_OP_PRIM_STA_VIF, &common->op_flags)) > goto stop_ani; > } AFAICT, if you're trying to restore the old logic, ANI should always be enabled if monitoring is. But here you're only changing the station branch of the logic. Shouldn't it be something like: --- i/drivers/net/wireless/ath/ath9k/link.c +++ w/drivers/net/wireless/ath/ath9k/link.c @@ -481,6 +481,9 @@ void ath_check_ani(struct ath_softc *sc) struct ath_common *common = ath9k_hw_common(sc->sc_ah); struct ath_beacon_config *cur_conf = &sc->cur_chan->beacon; + if (ah->is_monitoring) + goto start_ani; + /* * Check for the various conditions in which ANI has to * be stopped. @@ -502,6 +505,7 @@ void ath_check_ani(struct ath_softc *sc) goto stop_ani; } +start_ani: if (!test_bit(ATH_OP_ANI_RUN, &common->op_flags)) { set_bit(ATH_OP_ANI_RUN, &common->op_flags); ath_start_ani(sc); > diff --git a/drivers/net/wireless/ath/ath9k/main.c b/drivers/net/wireless/ath/ath9k/main.c > index aa271b82875e..2685aeecffad 100644 > --- a/drivers/net/wireless/ath/ath9k/main.c > +++ b/drivers/net/wireless/ath/ath9k/main.c > @@ -1530,6 +1530,7 @@ static int ath9k_config(struct ieee80211_hw *hw, u32 changed) > if (conf->flags & IEEE80211_CONF_MONITOR) { > ath_dbg(common, CONFIG, "Monitor mode is enabled\n"); > sc->sc_ah->is_monitoring = true; > + ath_check_ani(sc); > } else { > ath_dbg(common, CONFIG, "Monitor mode is disabled\n"); > sc->sc_ah->is_monitoring = false; And shouldn't this call to ath_check_ani() be done regardless of whether monitoring mode is being enabled or disabled? I.e., go after the else of that if branch? -Toke ^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: MikroTik R11e 5HnD monitor mode 2025-05-14 18:04 ` [PATCH] " Oleksiy Protas 2025-05-14 18:04 ` [PATCH] ath9k: keep ANI in " Oleksiy Protas @ 2025-05-14 19:11 ` Oleksiy Protas 1 sibling, 0 replies; 5+ messages in thread From: Oleksiy Protas @ 2025-05-14 19:11 UTC (permalink / raw) To: elfy.ua; +Cc: linux-wireless Additional findings so far for the RX side of the problem: 1. Upon coming from a modprobe && iw set monitor && ifconfig the interface receives nothing. 2. The inferface starts hearing packets after coming of a reset (verifiable with debugfs). Changing frequencies isn't required, just resetting the interface allows to grab a portion of traffic. 3. Judging by tcpdump timestamps, around 1.4 ms worth of traffic is collected before going silent again. 4. After a reset we have a 2.5 ms gap between these entries (full debugging): >[23363.517582] ath: phy14: TS Start 0xc4268000 End 0xc426c800 Virt 00000000973829f0, Size 512 >[23363.520142] ath: phy14: Doing Tx IQ Cal for chain 0 5. Then the calibration goes on for some time and ends like this after ~1ms: >[23363.520886] ath: phy14: rx chain 1: mag corr=-13 phase corr=0 >[23363.520891] ath: phy14: rx chain 1: iq corr coeff=fffff980 >[23363.520928] ath: phy14: starting IQ Mismatch Calibration 6. Last messages before the log goes silent until the next reset: >[23363.521178] ath: phy14: New interrupt mask 0xf0000473 >[23363.521182] ath: phy14: new IMR 0x81800175 >[23363.521187] ath: phy14: enable IER >[23363.521195] ath: phy14: AR_IMR 0x81800175 IER 0x1 7. If I apply the patch above, the ANI calibration timer keeps going past this point, but nothing else is. ^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2025-08-11 12:19 UTC | newest] Thread overview: 5+ messages (download: mbox.gz follow: Atom feed -- links below jump to the message on this page -- 2025-05-13 16:19 MikroTik R11e 5HnD monitor mode Oleksiy Protas 2025-05-14 18:04 ` [PATCH] " Oleksiy Protas 2025-05-14 18:04 ` [PATCH] ath9k: keep ANI in " Oleksiy Protas 2025-08-11 12:18 ` Toke Høiland-Jørgensen 2025-05-14 19:11 ` MikroTik R11e 5HnD " Oleksiy Protas
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).