[BUG] Two bugs in monitor mode, iwl3945

[BUG] Two bugs in monitor mode, iwl3945

[Maxim Levitsky]

[-- Attachment #1: Type: text/plain, Size: 936 bytes --]

I noticed two bugs:

1) Monitor mode hangs the system randomly, and what is interesting that this
bug disappears if I patch the driver with packet injection patch from Gábor Stefanik.
I noticed this bug, after I removed his patch to see if it caused some problems.
Always reproducible, usually hangs just after airodump launch.

2) If I enable monitor mode regardless of injection patch, the scanning results got garbaged,
iwlist scan reports > 100 quality on most APs, or 0% quality on my router, shows extremely low and hi power levels, like
-127dBm or 160 dBm, and those levels change rapidly.
This why I removed the injection patch, I suspected it, but this bug appears to be not related to it.


Injection patch from Gábor Stefanik <netrolller.3d@gmail.com> attached
(I modified the patch to apply on latest wireless -git, but patch is the same)

I use iw to create new monitor interface and use it.

Best regards,
	Maxim Levitsky

[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: 0001-Enable-packet-injection-in-iwlwifi.patch --]
[-- Type: text/x-diff; name="0001-Enable-packet-injection-in-iwlwifi.patch", Size: 2540 bytes --]

>From Gábor Stefanik <netrolller.3d@gmail.com>
---
 drivers/net/wireless/iwlwifi/iwl3945-base.c |   23 ++++-------------------
 1 files changed, 4 insertions(+), 19 deletions(-)

diff --git a/drivers/net/wireless/iwlwifi/iwl3945-base.c b/drivers/net/wireless/iwlwifi/iwl3945-base.c
index 43cb8ff..13f61f6 100644
--- a/drivers/net/wireless/iwlwifi/iwl3945-base.c
+++ b/drivers/net/wireless/iwlwifi/iwl3945-base.c
@@ -2539,6 +2539,9 @@ static int iwl3945_get_sta_id(struct iwl3945_priv *priv, struct ieee80211_hdr *h
 		iwl3945_print_hex_dump(IWL_DL_DROP, (u8 *) hdr, sizeof(*hdr));
 		return priv->hw_setting.bcast_sta_id;
 	}
+	/* If we are in monitor mode, use BCAST */
+	case IEEE80211_IF_TYPE_MNTR:
+		return priv->hw_setting.bcast_sta_id;
 	default:
 		IWL_WARNING("Unknown mode of operation: %d", priv->iw_mode);
 		return priv->hw_setting.bcast_sta_id;
@@ -2578,11 +2581,6 @@ static int iwl3945_tx_skb(struct iwl3945_priv *priv, struct sk_buff *skb)
 		goto drop_unlock;
 	}
 
-	if (!priv->vif) {
-		IWL_DEBUG_DROP("Dropping - !priv->vif\n");
-		goto drop_unlock;
-	}
-
 	if ((ieee80211_get_tx_rate(priv->hw, info)->hw_value & 0xFF) == IWL_INVALID_RATE) {
 		IWL_ERROR("ERROR: No TX rate available.\n");
 		goto drop_unlock;
@@ -2602,14 +2600,6 @@ static int iwl3945_tx_skb(struct iwl3945_priv *priv, struct sk_buff *skb)
 		IWL_DEBUG_TX("Sending REASSOC frame\n");
 #endif
 
-	/* drop all data frame if we are not associated */
-	if ((!iwl3945_is_associated(priv) ||
-	     ((priv->iw_mode == IEEE80211_IF_TYPE_STA) && !priv->assoc_id)) &&
-	    ieee80211_is_data(fc)) {
-		IWL_DEBUG_DROP("Dropping - !iwl3945_is_associated\n");
-		goto drop_unlock;
-	}
-
 	spin_unlock_irqrestore(&priv->lock, flags);
 
 	hdr_len = ieee80211_get_hdrlen(le16_to_cpu(fc));
@@ -6350,7 +6340,7 @@ static void iwl3945_bg_request_scan(struct work_struct *data)
 	scan->flags |= iwl3945_get_antenna_flags(priv);
 
 	if (priv->iw_mode == IEEE80211_IF_TYPE_MNTR)
-		scan->filter_flags = RXON_FILTER_PROMISC_MSK;
+		scan->filter_flags |= RXON_FILTER_PROMISC_MSK | RXON_FILTER_CTL2HOST_MSK | RXON_FILTER_ACCEPT_GRP_MSK;
 
 	if (direct_mask)
 		scan->channel_count =
@@ -6693,11 +6683,6 @@ static int iwl3945_mac_tx(struct ieee80211_hw *hw, struct sk_buff *skb)
 
 	IWL_DEBUG_MAC80211("enter\n");
 
-	if (priv->iw_mode == IEEE80211_IF_TYPE_MNTR) {
-		IWL_DEBUG_MAC80211("leave - monitor\n");
-		return -1;
-	}
-
 	IWL_DEBUG_TX("dev->xmit(%d bytes) at rate 0x%02x\n", skb->len,
 		     ieee80211_get_tx_rate(hw, IEEE80211_SKB_CB(skb))->bitrate);
 
-- 
1.5.4.3

Re: [BUG] Two bugs in monitor mode, iwl3945

[Stefanik Gábor]

On Mon, Jun 23, 2008 at 11:10 AM, Maxim Levitsky
<maximlevitsky@gmail.com> wrote:
> I noticed two bugs:
>
> 1) Monitor mode hangs the system randomly, and what is interesting th=
at this
> bug disappears if I patch the driver with packet injection patch from=
 G=E1bor
> Stefanik.
> I noticed this bug, after I removed his patch to see if it caused som=
e
> problems.
> Always reproducible, usually hangs just after airodump launch.

Something tries to transmit on the monitor interface, which is
impossible without the injection patch. However, the method used for
preventing TX in monitor mode is incorrect (it just drops the packet
silently, without notifying mac80211, which, in the absence of an ACK,
tries to retransmit the packet - an obvious infinite loop). This is
what causes the freeze. (Do you have networkmanager running? That
often tends to interfere with monitor interfaces.)

>
> 2) If I enable monitor mode regardless of injection patch, the scanni=
ng
> results got garbaged,
> iwlist scan reports > 100 quality on most APs, or 0% quality on my ro=
uter,
> shows extremely low and hi power levels, like
> -127dBm or 160 dBm, and those levels change rapidly.
> This why I removed the injection patch, I suspected it, but this bug =
appears
> to be not related to it.

Does this also happen if you create an extra managed or AP (AP
requires a patch to mac80211) interface, or is it specific to monitor
interfaces?

>
>
> Injection patch from G=E1bor Stefanik <netrolller.3d@gmail.com> attac=
hed
> (I modified the patch to apply on latest wireless -git, but patch is =
the
> same)
>
> I use iw to create new monitor interface and use it.
>
> Best regards,
>        Maxim Levitsky
>



--=20
Vista: [V]iruses, [I]ntruders, [S]pyware, [T]rojans and [A]dware. :-)
--
To unsubscribe from this list: send the line "unsubscribe linux-wireles=
s" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [BUG] Two bugs in monitor mode, iwl3945

[Maxim Levitsky]

Stefanik G=E1bor wrote:
> On Mon, Jun 23, 2008 at 11:10 AM, Maxim Levitsky
> <maximlevitsky@gmail.com> wrote:
>> I noticed two bugs:
>>
>> 1) Monitor mode hangs the system randomly, and what is interesting t=
hat this
>> bug disappears if I patch the driver with packet injection patch fro=
m G=E1bor
>> Stefanik.
>> I noticed this bug, after I removed his patch to see if it caused so=
me
>> problems.
>> Always reproducible, usually hangs just after airodump launch.
>=20
> Something tries to transmit on the monitor interface, which is
> impossible without the injection patch. However, the method used for
> preventing TX in monitor mode is incorrect (it just drops the packet
> silently, without notifying mac80211, which, in the absence of an ACK=
,
> tries to retransmit the packet - an obvious infinite loop). This is
> what causes the freeze. (Do you have networkmanager running? That
> often tends to interfere with monitor interfaces.)
I have it running, I will test without it.
>=20
>> 2) If I enable monitor mode regardless of injection patch, the scann=
ing
>> results got garbaged,
>> iwlist scan reports > 100 quality on most APs, or 0% quality on my r=
outer,
>> shows extremely low and hi power levels, like
>> -127dBm or 160 dBm, and those levels change rapidly.
>> This why I removed the injection patch, I suspected it, but this bug=
 appears
>> to be not related to it.
>=20
> Does this also happen if you create an extra managed or AP (AP
> requires a patch to mac80211) interface, or is it specific to monitor
> interfaces?
If I create any interface, managed/ibss/monitor nothing bad happens.
But when I turn the mon0 up (ifconfig mon0 up), this happens.

I can't turn on other interfaces (managed/ibss), ifconfig complains tha=
t interface is busy
I think that it isn't allowed to run two managed interfaces in same tim=
e, don't know why.


Best regards,
	Maxim Levitsky
--
To unsubscribe from this list: send the line "unsubscribe linux-wireles=
s" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [BUG] Two bugs in monitor mode, iwl3945

[Maxim Levitsky]

Maxim Levitsky wrote:
> I noticed two bugs:
>=20
> 1) Monitor mode hangs the system randomly, and what is interesting th=
at=20
> this
> bug disappears if I patch the driver with packet injection patch from=
=20
> G=E1bor Stefanik.
> I noticed this bug, after I removed his patch to see if it caused som=
e=20
> problems.
> Always reproducible, usually hangs just after airodump launch.
>=20
> 2) If I enable monitor mode regardless of injection patch, the scanni=
ng=20
> results got garbaged,
> iwlist scan reports > 100 quality on most APs, or 0% quality on my=20
> router, shows extremely low and hi power levels, like
> -127dBm or 160 dBm, and those levels change rapidly.
> This why I removed the injection patch, I suspected it, but this bug=20
> appears to be not related to it.
I noticed that exactly same bug happens if I enable promisc mode on the=
=20
wlan0. Does this give any additional clue why this bug happens?

Best regards,
	Maxim levitsky
--
To unsubscribe from this list: send the line "unsubscribe linux-wireles=
s" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [ipw3945-devel] [BUG] Two bugs in monitor mode, iwl3945

[Dan Halperin]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I've observed that (often?) if you ifconfig wlan0 down before enabling =
=20
monitor/promisc mode, then it seems to not hang the system.

- -Dan

On Jul 9, 2008, at 9:25 AM, Maxim Levitsky wrote:

> Maxim Levitsky wrote:
>> I noticed two bugs:
>>
>> 1) Monitor mode hangs the system randomly, and what is interesting =20
>> that
>> this
>> bug disappears if I patch the driver with packet injection patch fro=
m
>> G=E1bor Stefanik.
>> I noticed this bug, after I removed his patch to see if it caused =20
>> some
>> problems.
>> Always reproducible, usually hangs just after airodump launch.
>>
>> 2) If I enable monitor mode regardless of injection patch, the =20
>> scanning
>> results got garbaged,
>> iwlist scan reports > 100 quality on most APs, or 0% quality on my
>> router, shows extremely low and hi power levels, like
>> -127dBm or 160 dBm, and those levels change rapidly.
>> This why I removed the injection patch, I suspected it, but this bug
>> appears to be not related to it.
> I noticed that exactly same bug happens if I enable promisc mode on =20
> the
> wlan0. Does this give any additional clue why this bug happens?
>
> Best regards,
> 	Maxim levitsky
>
> ---------------------------------------------------------------------=
----
> Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW!
> Studies have shown that voting for your favorite open source project,
> along with a healthy diet, reduces your potential for chronic lamenes=
s
> and boredom. Vote Now at http://www.sourceforge.net/community/cca08
> _______________________________________________
> Ipw3945-devel mailing list
> Ipw3945-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/ipw3945-devel

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)

iEYEARECAAYFAkh077UACgkQy9GYuuMoUJ4dHwCfUMQxWYvXEHTtna7YYZoAHLYw
m4MAoMMjySqqdA8K5UmiwqE83Sr5K+L9
=3Dkx/b
-----END PGP SIGNATURE-----
--
To unsubscribe from this list: send the line "unsubscribe linux-wireles=
s" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html