From owner-freebsd-wireless@freebsd.org Wed Dec 6 10:09:47 2017 Return-Path: Delivered-To: freebsd-wireless@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id C9071E9B4D8 for ; Wed, 6 Dec 2017 10:09:47 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id B66606BC62 for ; Wed, 6 Dec 2017 10:09:47 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id vB6A9lBw067135 for ; Wed, 6 Dec 2017 10:09:47 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-wireless@FreeBSD.org Subject: [Bug 224141] possible Off-by-one bug in the Base64 decoding in the wpa supplicant Date: Wed, 06 Dec 2017 10:09:47 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: wireless X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: ikostov@gmail.com X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-wireless@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-wireless@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Discussions of 802.11 stack, tools device driver development." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Dec 2017 10:09:47 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D224141 Bug ID: 224141 Summary: possible Off-by-one bug in the Base64 decoding in the wpa supplicant Product: Base System Version: CURRENT Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: wireless Assignee: freebsd-wireless@FreeBSD.org Reporter: ikostov@gmail.com Hi guys, I think there is an issue with the base64 decode function: from http://web.mit.edu/freebsd/head/contrib/wpa/src/utils/base64.c unsigned char * base64_decode(const unsigned char *src, size_t len, size_t *out_len) { ...... for (i =3D 0; i < sizeof(base64_table) - 1; i++) dtable[base64_table[i]] =3D (unsigned char) i; ..... the problem is the for loop which initializes the dtable. It does not initialize the last element from the table ('/') which causes the char to be interpreted as a garbage and ignored. Please have a closer look. Best regards, Ivan --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-wireless@freebsd.org Wed Dec 6 15:42:15 2017 Return-Path: Delivered-To: freebsd-wireless@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 2DACEE8387F for ; Wed, 6 Dec 2017 15:42:15 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 1BD8876D2B for ; Wed, 6 Dec 2017 15:42:15 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id vB6FgE4H024883 for ; Wed, 6 Dec 2017 15:42:14 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-wireless@FreeBSD.org Subject: [Bug 202501] [request] Add support for Broadcom BCM 4313 and similar devices Date: Wed, 06 Dec 2017 15:42:13 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: wireless X-Bugzilla-Version: 10.2-RELEASE X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Some People X-Bugzilla-Who: info@juanmolina.eu X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-wireless@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-wireless@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Discussions of 802.11 stack, tools device driver development." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Dec 2017 15:42:15 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D202501 Juan Ram=C3=B3n Molina Menor changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |info@juanmolina.eu --- Comment #4 from Juan Ram=C3=B3n Molina Menor --- FYI: I=E2=80=99ve got a tiny Lenovo S20-30 (Bay Trail-M). It has a Broadcom= Wi-Fi NIC: none2 at pci0:2:0:0: class=3D0x028000 card=3D0x062117aa chip=3D0x436514e= 4 rev=3D0x01 hdr=3D0x00 vendor =3D 'Broadcom Corporation' device =3D 'BCM43142 802.11b/g/n' class =3D network After seeing landonf@ has been working on bwn(4) support for the bhnd(4) bus (r326454) I installed the bwn firmware on a HEAD memstick. All bhnd and bwn modules load correctly at boot but, unfortunately, the driver is not attach= ing to the card. Thanks anyway to Adrian and Landon for working on this! --=20 You are receiving this mail because: You are the assignee for the bug.= From owner-freebsd-wireless@freebsd.org Wed Dec 6 22:27:40 2017 Return-Path: Delivered-To: freebsd-wireless@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8183CE8E4B6 for ; Wed, 6 Dec 2017 22:27:40 +0000 (UTC) (envelope-from khanzf@gmail.com) Received: from mail-yb0-x22b.google.com (mail-yb0-x22b.google.com [IPv6:2607:f8b0:4002:c09::22b]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 3A2B765837 for ; Wed, 6 Dec 2017 22:27:40 +0000 (UTC) (envelope-from khanzf@gmail.com) Received: by mail-yb0-x22b.google.com with SMTP id i206so2207373ybc.10 for ; Wed, 06 Dec 2017 14:27:40 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=MJCYvKm+E6coyKL2SpybnaJH2sAJJPpZRSAhvsiEHlY=; b=O+xPJjkJu4dCyDe5d6scg1kQnNTNVXhol+qH9zfihOTncOBUgqhCJvCOmIZwPFcTDx 4qPzBhCMHXK/yUvRliM6P//bJaS+LBfpG4Oq0/guEaeFM/GAZFUrVpnltYvsYfv2eDMN Gm7rOaT4IX90vhC5GHPw2Bw2vwXwpY9WuW4heYOM5BjfEf+20RDWyMj+ea4TsGvDrmtk YmmsN9i+OGVlTD8fuMOOKxvbDVsNM7WRTsAljxRdpLkXi7ZsSeq+SFEBMWm6gral9FGi 080cO4OBTZ09TKBefR6WiZuVwyIdZFXu7NQQr9ykeM6ACMA/KRHfeOv8zOczlCyYL6lf hv3g== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=MJCYvKm+E6coyKL2SpybnaJH2sAJJPpZRSAhvsiEHlY=; b=g9DIYwDyVULeHtEy7AnwYO1n92aBYlMMLHPkUGEkbjezXI3TYIrHhFXjhCsvc2wiQu nKU8xnR1TzoSkG3K+YRPrFu0euwA0Xz/Oc0K6Bcb/Gv5ZR8lniVGPLB8Bi5QDmLPhV+t y+Nane1jp2FGe3g3+effodibRX1IyJ89+gvRxEbhvc9+8DaXoEl60X2fg5zHCUKknQ1n jXx17DJt81wC5ndiEPgHt3zXKac6yoz0uRiJRK3kDySnO/ZoLLIWrSDCS4zbBAA01AJt VSVQ+gtWN0Mer1p/SEEjaFuZYB3qyCFNMY9om6ZgESq8GcV126kcTqfR1xyM7YwEwsb1 BFmg== X-Gm-Message-State: AJaThX5+svPjQzq+nXvuu6Cn26tsr2RSlQC5R4RL7x1nZcEYuBw8hTz5 q/JfGnB8Gtn2EadpdairsXra3sgcYIbB+WuMH+8YnNMq X-Google-Smtp-Source: AGs4zMbSBe5Qko+trSdbxh79vrmteIacJ05lssSfOxMrcMLxlwYW2qLFyu7fX64HxnuaUr46HPlevZ64+XfrVsdThjc= X-Received: by 10.37.7.193 with SMTP id 184mr16284503ybh.353.1512599253823; Wed, 06 Dec 2017 14:27:33 -0800 (PST) MIME-Version: 1.0 Received: by 10.37.186.147 with HTTP; Wed, 6 Dec 2017 14:27:13 -0800 (PST) From: Farhan Khan Date: Wed, 6 Dec 2017 17:27:13 -0500 Message-ID: Subject: rtwn(4) with rtl8188ee reading line-noise data To: freebsd-wireless@freebsd.org Content-Type: text/plain; charset="UTF-8" X-BeenThere: freebsd-wireless@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Discussions of 802.11 stack, tools device driver development." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Dec 2017 22:27:40 -0000 Hi all, Still working on rtwn(4). TCP dump will identify data while in monitor mode. Great progress! However, I appear to be receiving garbled data. Specifically, it looks like below. Notice that the noise is the same data on repeat. Also, this is happening too fast for it to be a beacon frame. ------------------ # sudo tcpdump -ni wlan0 -y IEEE802_11_RADIO -xx 17:15:01.303981 457085us tsft 1.0 Mb/s 2437 MHz 11g -16dBm signal -95dBm noise unknown 802.11 frame type (3) 0x0000: 0000 1800 6f00 0000 7df9 0600 0000 0000 0x0010: 0002 8509 8004 f0a1 ec80 0600 ec80 0600 0x0020: ec80 0600 ec80 0600 ec80 0600 ec80 0600 [ I removed the same line that was repeated to 0x0120 ] 17:15:01.304045 457085us tsft 1.0 Mb/s 2437 MHz 11g -16dBm signal -95dBm noise unknown 802.11 frame type (3) 0x0000: 0000 1800 6f00 0000 7df9 0600 0000 0000 0x0010: 0002 8509 8004 f0a1 ec80 0600 ec80 0600 0x0020: ec80 0600 ec80 0600 ec80 0600 ec80 0600 [ Again, removed repeated line to 0x0120 ] ------------------ I have two ideas on why this is happening: A) Is there something you need to do to clear the interrupt message from the kernel (not the device driver) to say "I read this interrupt, please clear it" or similar? That would explain the speed at which I am receiving this data. B) Perhaps the data needs to be cleared from memory? That might explain why I am continuously receiving the same data. Not certain what my next step should be. Please advise if you have any ideas. Thanks to everyone for your continued help! -- Farhan Khan PGP Fingerprint: B28D 2726 E2BC A97E 3854 5ABE 9A9F 00BC D525 16EE From owner-freebsd-wireless@freebsd.org Thu Dec 7 18:15:17 2017 Return-Path: Delivered-To: freebsd-wireless@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 91CD4E8DF03 for ; Thu, 7 Dec 2017 18:15:17 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 80198703D7 for ; Thu, 7 Dec 2017 18:15:17 +0000 (UTC) (envelope-from bugzilla-noreply@freebsd.org) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.15.2/8.15.2) with ESMTP id vB7IFHDx014990 for ; Thu, 7 Dec 2017 18:15:17 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-wireless@FreeBSD.org Subject: [Bug 224141] possible Off-by-one bug in the Base64 decoding in the wpa supplicant Date: Thu, 07 Dec 2017 18:15:17 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: changed X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Base System X-Bugzilla-Component: wireless X-Bugzilla-Version: CURRENT X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: tbrown@freeshell.org X-Bugzilla-Status: New X-Bugzilla-Resolution: X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-wireless@FreeBSD.org X-Bugzilla-Flags: X-Bugzilla-Changed-Fields: cc Message-ID: In-Reply-To: References: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-wireless@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: "Discussions of 802.11 stack, tools device driver development." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Dec 2017 18:15:17 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D224141 Timothy Brown changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |tbrown@freeshell.org --- Comment #1 from Timothy Brown --- Hi Ivan, I was wondering if you've got a test case that shows this "off-by-one"? As when I read the code, I do not believe there is an "off-by-one" error. The base64_table: static const unsigned char base64_table[65] =3D "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/"; Is defined as size 65, yet contains 64 elements and the last trailing NULL. So sizeof(base64_table) will return 65, yet the for loop is creating the=20 reverse base64 lookup in dtable, so we only want to do this for elements=20 in base64_table. Which is sizeof(base64_table) -1, or strlen(base64_table). This is my understanding of the code and I am unable to encode/decode an er= ror. I would be interested to hear your thoughts. Regards Tim --=20 You are receiving this mail because: You are the assignee for the bug.=