Date: Mon, 16 May 2005 09:58:42 +0000 From: Luca Micali <luca.micali@gmail.com> To: freebsd-questions@freebsd.org Subject: atheros card and radiotap headers Message-ID: <58a92a8f05051602581bfd4641@mail.gmail.com>
next in thread | raw e-mail | index | archive | help
Hi all, I have really big problems with radiotap-enabled captures, specially with atheros card/driver. Let's proceed. My test system is a fujitsu p7010, and FreeBSD 5.4-RELEASE [root@dagger.sunspot.org] # uname -a FreeBSD dagger.sunspot.org 5.4-RELEASE FreeBSD 5.4-RELEASE #1: Fri May 13 20:56:25 CEST 2005 =20 root@dagger.sunspot.org:/usr/src/sys/i386/compile/DAGGER i386 and my test card is a NetGear WG511T, here follows a snippet from dmesg and related sysctl variables: [root@dagger.sunspot.org] # dmesg | grep ^ath0 ath0: <Atheros 5212> mem 0xd0210000-0xd021ffff irq 11 at device 0.0 on card= bus0 ath0: mac 5.6 phy 4.1 5ghz radio 4.6 ath0: Ethernet address: 00:09:5b:92:ec:80 ath0: 11b rates: 1Mbps 2Mbps 5.5Mbps 11Mbps ath0: 11g rates: 1Mbps 2Mbps 5.5Mbps 11Mbps 6Mbps 9Mbps 12Mbps 18Mbps 24Mbps 36Mbps 48Mbps 54Mbps [root@dagger.sunspot.org] # sysctl -a | grep -E '(^hw|^dev).ath' hw.ath.hal.swba_backoff: 0 hw.ath.hal.sw_brt: 10 hw.ath.hal.dma_brt: 2 hw.ath.hal.version: 0.9.6.3 hw.ath.dump: hw.ath.debug: 0 hw.ath.regdomain: 0 hw.ath.countrycode: 0 hw.ath.outdoor: 1 hw.ath.calibrate: 30 hw.ath.dwell: 200 dev.ath.0.%desc: Atheros 5212 dev.ath.0.%driver: ath dev.ath.0.%location: slot=3D0 function=3D0 dev.ath.0.%pnpinfo: vendor=3D0x168c device=3D0x0013 subvendor=3D0x1385 subdevice=3D0x4b00 class=3D0x020000 dev.ath.0.%parent: cardbus0 The WG511T works good in BSS and IBSS modes with pretty decent FTP peaks of 2.80 MB/s, but when it goes in monitor mode it receives a lot of noise and pcap enabled applications show up a lot of "malformed packets": [root@dagger.sunspot.org] # tethereal -i ath0 -y IEEE802_11_RADIO Warning: Couldn't obtain netmask info (ath0: no IPv4 address assigned). Capturing on ath0 0.000000 -> IEEE 802.11 Unrecognized (Reserved frame) 0.070546 XXX.XX.5.57 -> XXX.XX.255.255 BROWSER Host Announcement XXXXXX280016, Workstation, Server, NT Workstation, Potential Browser 0.131467 XXX.XX.4.105 -> 255.255.255.255 UDP Source port: 2301=20 Destination port: 2301 0.141319 3comEuro_d5:b9:b8 -> Broadcast IEEE 802.11 Beacon frame, SSID: "............"[Malformed Packet] 0.192535 XXX.XX.1.55 -> XXX.XX.255.255 NBNS Name query NB PRINTERS<00> 0.221540 XXX.XX.1.30 -> Broadcast ARP Who has XXX.XX.7.55? Tell XXX.XX.1.30 adns warning: sendto failed: Network is unreachable (NS=3DXXX.XXX.2.12) 0.237164 XXX.XX.1.30 -> Broadcast ARP Who has XXX.XX.4.234?=20 Tell XXX.XX.1.30 0.243721 3comEuro_d5:b9:b8 -> Broadcast IEEE 802.11 Beacon frame, SSID: "............"[Malformed Packet] 0.292573 XXX.XX.4.212 -> Broadcast ARP Who has XXX.XX.1.10? Tell XXX.XX.4.212 adns warning: sendto failed: Network is unreachable (NS=3DXXX.XXX.2.12) 0.325725 XXX.XX.1.11 -> Broadcast ARP Who has XXX.XX.7.37? Tell XXX.XX.1.11 adns warning: sendto failed: Network is unreachable (NS=3DXXX.XXX.2.12) 0.346129 3comEuro_d5:b9:b8 -> Broadcast IEEE 802.11 Beacon frame, SSID: "............"[Malformed Packet] 0.350925 HewlettP_7c:ab:31 -> HP LLC U P, func=3DTEST; SNAP, OUI 0x00805F (Unknown), PID 0x0002 0.351848 XXX.XX.255.115 -> Broadcast ARP XXX.XX.255.115 is at 00:0b:46:01:34:80 adns warning: sendto failed: Network is unreachable (NS=3DXXX.XXX.2.12) 0.382862 00000002.0030c12f2eff -> 00000002.ffffffffffff IPX SAP General Response 0.384205 00000002.0030c12f2eff -> 00000002.ffffffffffff IPX SAP General Response 0.386566 XXX.XX.6.125 -> XXX.XX.255.255 BROWSER Host Announcement XXXXXXFI008, Workstation, Server, SQL Server, NT Workstation, Potential Browser 0.448530 3comEuro_d5:b9:b8 -> Broadcast IEEE 802.11 Beacon frame, SSID: "............"[Malformed Packet] 0.473888 XXX.XX.1.10 -> Broadcast ARP Who has XXX.XX.7.98? Tell XXX.XX.1.10 adns warning: sendto failed: Network is unreachable (NS=3DXXX.XXX.2.12) 0.653333 3comEuro_d5:b9:b8 -> Broadcast IEEE 802.11 Beacon frame, SSID: "............"[Malformed Packet] I see that here there is just one really noisy packet (the first one), if they could be helpful I could capture a lot more of them this evening. There's another interesting thing is that launching kismet with radiotab_fbsd_b and setting debug.ieee80211 to 1, machine says: [...] ieee80211_newstate: SCAN -> SCAN ieee80211_newstate: SCAN -> INIT ieee80211_newstate: INIT -> RUN ieee80211_newstate: invalid transition ieee80211_newstate: RUN -> INIT ieee80211_newstate: INIT -> RUN ieee80211_newstate: invalid transition ieee80211_newstate: RUN -> INIT ieee80211_newstate: INIT -> RUN ieee80211_newstate: invalid transition ieee80211_newstate: RUN -> INIT ieee80211_newstate: INIT -> RUN ieee80211_newstate: invalid transition ieee80211_newstate: RUN -> INIT ieee80211_newstate: INIT -> RUN ieee80211_newstate: invalid transition ieee80211_newstate: RUN -> INIT ieee80211_newstate: INIT -> RUN ieee80211_newstate: invalid transition [...] until i shutdown kismet, but maybe this is a kismet bug in channel hopping. enabling hw.ath.debug it says: ath_stop: invalid 0 if_flags 0x48842 ath_newstate: SCAN -> INIT Is this a known bug? How can i fix this? Thanks in advance and sorry for my poor english, Luca Micali ####### KERNEL CONFIG, what you don't see here is loaded as kld machine i386 cpu I686_CPU ident DAGGER options SCHED_4BSD options INET options INET6 options FFS options SOFTUPDATES options UFS_ACL options UFS_DIRHASH options NFSCLIENT options NFSSERVER options LIBICONV options EICON_DIVA options MSDOSFS options MSDOSFS_LARGE options MSDOSFS_ICONV options NTFS options NTFS_ICONV options CD9660 options CD9660_ICONV options UDF options UDF_ICONV options PROCFS options PSEUDOFS options COMPAT_43 options SYSVSHM options SYSVMSG options SYSVSEM options _KPOSIX_PRIORITY_SCHEDULING options KBD_INSTALL_CDEV device apic device isa device eisa device pci device ata device atadisk device atapicam options ATA_STATIC_ID device uhci device ehci device usb device scbus device da device cd device pass device atkbdc device atkbd device psm device vga device sc device splash options SC_PIXEL_MODE device agp device npx device apm device acpi device pty device loop device mem device io device random device ether device ppp device tun device bpf device md
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?58a92a8f05051602581bfd4641>