From: Jan-Espen Pettersen <sigsegv@radiotube.org>
To: linux-wireless@vger.kernel.org
Subject: PROBLEM: mac80211 and 802.11a does not associate with ap [PATCH]
Date: Mon, 25 Aug 2008 01:32:05 +0200 [thread overview]
Message-ID: <48B1EF75.9060704@radiotube.org> (raw)
[-- Attachment #1.1: Type: text/plain, Size: 3921 bytes --]
Hello,
Short problem description:
mac80211 framework sends a possibly invalid assoc request (802.11a)
Patch url download (if the attachment is unusable or stripped):
http://www.radiotube.org/mac80211_emptyext.diff
PROBLEM DESCRIPTION
The association request includes a list of supported data rates.
802.11b: 4 supported rates.
802.11g: 12 (8 + 4) supported rates.
802.11a: 8 supported rates.
The rates tag of the assoc request has room for only 8 rates. In case of
802.11g an extended rate tag is appended. However in net/wireless/mlme.c
an extended (empty) rate tag is also appended if the number of rates is
exact 8.
Pseudo-code of current mlme.c implementation:
for (i = 0; i < num_rates && i < 8; i++)
... append_rate ...;
if (i == 8) { /* <-- problem */
length = num_rates - i;
... append ext rate ...;
}
The correct way to do this should be more like:
for (i = 0; i < num_rates && i < 8; i++)
... append_rate ...;
if (i < num_rates) { /* <--note this */
length = num_rates - i;
... append ext rate ...
}
A ZyXEL G-570U access point does not accept this empty extended rates
tag. It responds with a 'association denied' with code 18 (unsupported
rates). I do not know if this is correct behaviour, but as far as I can
see it would be wise to not send an empty extended rates tag anyway.
Kernel version:
Linux version 2.6.27-rc4 (sigsegv@challenger) (gcc version 4.3.1 (Debian
4.3.1-9) ) #9 SMP Sun Aug 24 22:24:27 CEST 2008
Wireless card (dmesg):
iwl3945: Intel(R) PRO/Wireless 3945ABG/BG Network Connection driver for
Linux, 1.2.26kds
iwl3945: Copyright(c) 2003-2008 Intel Corporation
iwl3945 0000:03:00.0: PCI INT A -> GSI 17 (level, low) -> IRQ 17
iwl3945 0000:03:00.0: setting latency timer to 64
iwl3945: Detected Intel Wireless WiFi Link 3945ABG
iwl3945: Tunable channels: 13 802.11bg, 23 802.11a channels
Debug output from mac80211 and iwl3945:
phy0: HW CONFIG: freq=5180
phy0: HW CONFIG: freq=5180
wlan0_rename: Initial auth_alg=0
wlan0_rename: authenticate with AP 00:19:cb:2f:4b:95
phy0: TX to low-level driver (len=30) FC=0x00b0 DUR=0x003c
A1=00:19:cb:2f:4b:95 A2=00:1b:77:40:82:46 A3=00:19:cb:2f:4b:95
phy0: HW CONFIG: freq=5180
wlan0_rename: Initial auth_alg=0
wlan0_rename: authenticate with AP 00:19:cb:2f:4b:95
phy0: TX to low-level driver (len=30) FC=0x00b0 DUR=0x003c
A1=00:19:cb:2f:4b:95 A2=00:1b:77:40:82:46 A3=00:19:cb:2f:4b:95
wlan0_rename: RX authentication from 00:19:cb:2f:4b:95 (alg=0
transaction=2 status=0)
wlan0_rename: authenticated
wlan0_rename: associate with AP 00:19:cb:2f:4b:95
phy0: TX to low-level driver (len=46) FC=0x0000 DUR=0x003c
A1=00:19:cb:2f:4b:95 A2=00:1b:77:40:82:46 A3=00:19:cb:2f:4b:95
wlan0_rename: authentication frame received from 00:19:cb:2f:4b:95, but
not in authenticate state - ignored
wlan0_rename: authentication frame received from 00:19:cb:2f:4b:95, but
not in authenticate state - ignored
wlan0_rename: RX AssocResp from 00:19:cb:2f:4b:95 (capab=0x421 status=18
aid=0)
wlan0_rename: AP denied association (code=18)
wlan0_rename: associate with AP 00:19:cb:2f:4b:95
phy0: TX to low-level driver (len=46) FC=0x0000 DUR=0x003c
A1=00:19:cb:2f:4b:95 A2=00:1b:77:40:82:46 A3=00:19:cb:2f:4b:95
wlan0_rename: RX AssocResp from 00:19:cb:2f:4b:95 (capab=0x421 status=18
aid=0)
wlan0_rename: AP denied association (code=18)
wlan0_rename: associate with AP 00:19:cb:2f:4b:95
phy0: TX to low-level driver (len=46) FC=0x0000 DUR=0x003c
A1=00:19:cb:2f:4b:95 A2=00:1b:77:40:82:46 A3=00:19:cb:2f:4b:95
wlan0_rename: RX AssocResp from 00:19:cb:2f:4b:95 (capab=0x421 status=18
aid=0)
wlan0_rename: AP denied association (code=18)
wlan0_rename: association with AP 00:19:cb:2f:4b:95 timed out
Regards
Jan-Espen Pettersen
Patch url download (if the attachment is unusable or stripped):
http://www.radiotube.org/mac80211_emptyext.diff
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #1.2: mac80211_emptyext.diff --]
[-- Type: text/x-diff; name="mac80211_emptyext.diff", Size: 341 bytes --]
--- net/mac80211/mlme.c.old 2008-08-25 00:19:30.000000000 +0200
+++ net/mac80211/mlme.c 2008-08-24 22:21:16.000000000 +0200
@@ -813,7 +813,7 @@
}
}
- if (count == 8) {
+ if (count == 8 && rates_len > count) {
pos = skb_put(skb, rates_len - count + 2);
*pos++ = WLAN_EID_EXT_SUPP_RATES;
*pos++ = rates_len - count;
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 552 bytes --]
next reply other threads:[~2008-08-24 23:38 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2008-08-24 23:32 Jan-Espen Pettersen [this message]
2008-08-25 14:53 ` PROBLEM: mac80211 and 802.11a does not associate with ap [PATCH] Dan Williams
2008-08-25 15:01 ` Tomas Winkler
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=48B1EF75.9060704@radiotube.org \
--to=sigsegv@radiotube.org \
--cc=linux-wireless@vger.kernel.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox