From owner-freebsd-wireless@FreeBSD.ORG  Sat Oct  1 16:35:08 2011
Return-Path: <owner-freebsd-wireless@FreeBSD.ORG>
Delivered-To: freebsd-wireless@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 05D60106564A
	for <freebsd-wireless@freebsd.org>;
	Sat,  1 Oct 2011 16:35:08 +0000 (UTC)
	(envelope-from lars.engels@0x20.net)
Received: from mail.0x20.net (mail.0x20.net [217.69.76.211])
	by mx1.freebsd.org (Postfix) with ESMTP id 58C1D8FC0A
	for <freebsd-wireless@freebsd.org>;
	Sat,  1 Oct 2011 16:35:07 +0000 (UTC)
Received: from mail.0x20.net (mail.0x20.net [217.69.76.211])
	by mail.0x20.net (Postfix) with ESMTP id 9ABEC6A6627
	for <freebsd-wireless@freebsd.org>;
	Sat,  1 Oct 2011 18:19:29 +0200 (CEST)
X-Virus-Scanned: amavisd-new at mail.0x20.net
Received: from mail.0x20.net ([217.69.76.211])
	by mail.0x20.net (mail.0x20.net [217.69.76.211]) (amavisd-new,
	port 10024)
	with ESMTP id GVFN0XCtSCDT for <freebsd-wireless@freebsd.org>;
	Sat,  1 Oct 2011 18:19:29 +0200 (CEST)
Received: from 0x20.net (0x20.net [217.69.76.212]) (Authenticated sender: lala)
	by mail.0x20.net (Postfix) with ESMTPA id 4F9E36A61CC
	for <freebsd-wireless@freebsd.org>;
	Sat,  1 Oct 2011 18:19:29 +0200 (CEST)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8;
 format=flowed
Content-Transfer-Encoding: 7bit
Date: Sat, 01 Oct 2011 18:19:29 +0200
From: Lars Engels <lars.engels@0x20.net>
To: <freebsd-wireless@freebsd.org>
In-Reply-To: <23921b5c.3a8c1058.4e8582fc.7004e@mailplus.pl>
References: <23921b5c.3a8c1058.4e8582fc.7004e@mailplus.pl>
Message-ID: <42b6a75d420aeaa16aa9c7187ee70f9a@mail.0x20.net>
X-Sender: lars.engels@0x20.net
User-Agent: Roundcube Webmail/0.5.4
Subject: Re: Panic in AHDEMO mode (was: net-mgmt/aircrack-ng on FreeBSD 7+ /
 call for testing)
X-BeenThere: freebsd-wireless@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "Discussions of 802.11 stack,
	tools device driver development." <freebsd-wireless.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-wireless>, 
	<mailto:freebsd-wireless-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-wireless>
List-Post: <mailto:freebsd-wireless@freebsd.org>
List-Help: <mailto:freebsd-wireless-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-wireless>, 
	<mailto:freebsd-wireless-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sat, 01 Oct 2011 16:35:08 -0000

On Fri, 30 Sep 2011 10:51:08 +0200, Jakub Lach wrote:
> Hi list,
>
> Since some (2 years?) time, injection
> is not supported in monitor mode, but
> should work in ahdemo.
>
> aircrack-ng did not reflect this
> change, and was basically not working
> as intended.
>
> I filled a pr, since working on this
> issue was delayed in upstream, and
> there appeared to be simple workaround
> floating around (by richardpl).
>
> (ports/160564)
>
> But results are somewhat inconsistent,
> e.g. I still get
>
> wi_write(): Permission denied
>
> with AR242x / AR542x, even after
> updating aircrack for patched
> version.
>
> Others reported success.
>
> So this is basically call for testing
> net-mgmt/aircrack-ng  and/or finding
> better workaround.
>
> best regards,
> - Jakub Lach
>
> PS. Simple guide goes a long way:
>
> 1. Install net-mgmt/aircrack-ng.
>
> (e.g. portmaster net-mgmt/aircrack-ng)
>
> 2. Set card in ahdemo mode.
>
> (e.g. ifconfig wlan0 create wlandev ath0 wlanmode ahdemo)
>
> 3. Perform injection test.
>
> (e.g. aireplay-ng -9 wlan0)
>
> 4. Any "wi_write(): Permission denied"?

No, permission denied was not raised, but the kernel panicked:


Sat Oct  1 18:05:26 CEST 2011

FreeBSD maggie.bsd-geek.de 9.0-BETA2 FreeBSD 9.0-BETA2 #0: Thu Sep 15 
22:35:13 CEST 2011     
svenja@maggie.bsd-geek.de:/usr/obj/usr/src/sys/MAGGIE  i386

panic: page fault

GNU gdb 6.1.1 [FreeBSD]
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and 
you are
welcome to change it and/or distribute copies of it under certain 
conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB.  Type "show warranty" for 
details.
This GDB was configured as "i386-marcel-freebsd"...

Unread portion of the kernel message buffer:


Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address   = 0xffff
fault code              = supervisor read, page not present
instruction pointer     = 0x20:0xc0adb2da
stack pointer           = 0x28:0xed25ba4c
frame pointer           = 0x28:0xed25ba60
code segment            = base 0x0, limit 0xfffff, type 0x1b
                         = DPL 0, pres 1, def32 1, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 89407 (aireplay-ng)
trap number             = 12
panic: page fault
cpuid = 0
Uptime: 1h3m7s
Physical memory: 2534 MB

Loaded symbols for /boot/kernel/drm.ko
#0  doadump (textdump=1) at pcpu.h:244
244     pcpu.h: No such file or directory.
         in pcpu.h
(kgdb) #0  doadump (textdump=1) at pcpu.h:244
#1  0xc0a1344a in kern_reboot (howto=260)
     at /usr/src/sys/kern/kern_shutdown.c:430
#2  0xc0a136a8 in panic (fmt=Variable "fmt" is not available.
) at /usr/src/sys/kern/kern_shutdown.c:595
#3  0xc0d435cc in trap_fatal (frame=0xed25ba0c, eva=65535)
     at /usr/src/sys/i386/i386/trap.c:967
#4  0xc0d43820 in trap_pfault (frame=0xed25ba0c, usermode=0, eva=65535)
     at /usr/src/sys/i386/i386/trap.c:880
#5  0xc0d43ce9 in trap (frame=0xed25ba0c) at 
/usr/src/sys/i386/i386/trap.c:555
#6  0xc0d2d90c in calltrap () at /usr/src/sys/i386/i386/exception.s:168
#7  0xc0adb2da in ieee80211_chan2mode (chan=0xffff)
     at /usr/src/sys/net80211/ieee80211.c:1427
#8  0xc0afe2de in ieee80211_node_set_chan (ni=0xcfe39000, chan=0xffff)
     at /usr/src/sys/net80211/ieee80211_node.c:285
#9  0xc0b0028b in ieee80211_dup_bss (vap=0xc7651000, macaddr=0xc725ad3c 
"")
     at /usr/src/sys/net80211/ieee80211_node.c:1219
#10 0xc0b003bc in ieee80211_fakeup_adhoc_node (vap=0xc7651000,
     macaddr=0xc725ad3c "") at 
/usr/src/sys/net80211/ieee80211_node.c:1401
#11 0xc0b00573 in ieee80211_find_txnode (vap=0xc7651000,
     macaddr=0xc725ad3c "") at 
/usr/src/sys/net80211/ieee80211_node.c:1646
#12 0xc0b029fd in ieee80211_output (ifp=0xc70b8400, m=0xc725ad00,
     dst=0xed25bb60, ro=0x0) at 
/usr/src/sys/net80211/ieee80211_output.c:440
#13 0xc0abd01b in bpfwrite (dev=0xc6d79200, uio=0xed25bc28, ioflag=4)
     at /usr/src/sys/net/bpf.c:947
#14 0xc092872f in devfs_write_f (fp=0xc86c5310, uio=0xed25bc28,
     cred=0xcf4b8e00, flags=0, td=0xcf32d5c0)
     at /usr/src/sys/fs/devfs/devfs_vnops.c:1637
#15 0xc0a57e77 in dofilewrite (td=0xcf32d5c0, fd=4, fp=0xc86c5310,
     auio=0xed25bc28, offset=-1, flags=0) at file.h:262
#16 0xc0a58188 in kern_writev (td=0xcf32d5c0, fd=4, auio=0xed25bc28)
     at /usr/src/sys/kern/sys_generic.c:449
#17 0xc0a5820f in write (td=0xcf32d5c0, uap=0xed25bcec)
     at /usr/src/sys/kern/sys_generic.c:365
#18 0xc0a53a78 in syscallenter (td=0xcf32d5c0, sa=0xed25bce4)
     at /usr/src/sys/kern/subr_trap.c:344
#19 0xc0d43874 in syscall (frame=0xed25bd28)
     at /usr/src/sys/i386/i386/trap.c:1082
#20 0xc0d2d971 in Xint0x80_syscall ()
     at /usr/src/sys/i386/i386/exception.s:266
#21 0x00000033 in ?? ()
Previous frame inner to this frame (corrupt stack?)
(kgdb)