From owner-freebsd-questions@FreeBSD.ORG Mon May 16 09:58:47 2005 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E7E9816A4CE for ; Mon, 16 May 2005 09:58:47 +0000 (GMT) Received: from wproxy.gmail.com (wproxy.gmail.com [64.233.184.200]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7DD3A43DB7 for ; Mon, 16 May 2005 09:58:47 +0000 (GMT) (envelope-from luca.micali@gmail.com) Received: by wproxy.gmail.com with SMTP id 69so1486722wri for ; Mon, 16 May 2005 02:58:44 -0700 (PDT) DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:message-id:date:from:reply-to:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=OFq+4BMecD0J38R+TKHJ71JJVE0tNIlFdqK+b7PB5jMBzwNuORZv7G0DWypQDv5Xl7c1C0QgNpMWc+EmPHy4kPIV2Eo1sG2Th3Hw/uJ6fON8ZUz7t/jL3OD5eMR9psQXeNj2nylesXFUXB5mLQtBrR2lhBDPR7N/GdC7czohoA8= Received: by 10.54.56.40 with SMTP id e40mr3493083wra; Mon, 16 May 2005 02:58:43 -0700 (PDT) Received: by 10.54.61.20 with HTTP; Mon, 16 May 2005 02:58:42 -0700 (PDT) Message-ID: <58a92a8f05051602581bfd4641@mail.gmail.com> Date: Mon, 16 May 2005 09:58:42 +0000 From: Luca Micali To: freebsd-questions@freebsd.org Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Content-Disposition: inline Subject: atheros card and radiotap headers X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list Reply-To: Luca Micali List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 May 2005 09:58:48 -0000 Hi all, I have really big problems with radiotap-enabled captures, specially with atheros card/driver. Let's proceed. My test system is a fujitsu p7010, and FreeBSD 5.4-RELEASE [root@dagger.sunspot.org] # uname -a FreeBSD dagger.sunspot.org 5.4-RELEASE FreeBSD 5.4-RELEASE #1: Fri May 13 20:56:25 CEST 2005 =20 root@dagger.sunspot.org:/usr/src/sys/i386/compile/DAGGER i386 and my test card is a NetGear WG511T, here follows a snippet from dmesg and related sysctl variables: [root@dagger.sunspot.org] # dmesg | grep ^ath0 ath0: mem 0xd0210000-0xd021ffff irq 11 at device 0.0 on card= bus0 ath0: mac 5.6 phy 4.1 5ghz radio 4.6 ath0: Ethernet address: 00:09:5b:92:ec:80 ath0: 11b rates: 1Mbps 2Mbps 5.5Mbps 11Mbps ath0: 11g rates: 1Mbps 2Mbps 5.5Mbps 11Mbps 6Mbps 9Mbps 12Mbps 18Mbps 24Mbps 36Mbps 48Mbps 54Mbps [root@dagger.sunspot.org] # sysctl -a | grep -E '(^hw|^dev).ath' hw.ath.hal.swba_backoff: 0 hw.ath.hal.sw_brt: 10 hw.ath.hal.dma_brt: 2 hw.ath.hal.version: 0.9.6.3 hw.ath.dump: hw.ath.debug: 0 hw.ath.regdomain: 0 hw.ath.countrycode: 0 hw.ath.outdoor: 1 hw.ath.calibrate: 30 hw.ath.dwell: 200 dev.ath.0.%desc: Atheros 5212 dev.ath.0.%driver: ath dev.ath.0.%location: slot=3D0 function=3D0 dev.ath.0.%pnpinfo: vendor=3D0x168c device=3D0x0013 subvendor=3D0x1385 subdevice=3D0x4b00 class=3D0x020000 dev.ath.0.%parent: cardbus0 The WG511T works good in BSS and IBSS modes with pretty decent FTP peaks of 2.80 MB/s, but when it goes in monitor mode it receives a lot of noise and pcap enabled applications show up a lot of "malformed packets": [root@dagger.sunspot.org] # tethereal -i ath0 -y IEEE802_11_RADIO Warning: Couldn't obtain netmask info (ath0: no IPv4 address assigned). Capturing on ath0 0.000000 -> IEEE 802.11 Unrecognized (Reserved frame) 0.070546 XXX.XX.5.57 -> XXX.XX.255.255 BROWSER Host Announcement XXXXXX280016, Workstation, Server, NT Workstation, Potential Browser 0.131467 XXX.XX.4.105 -> 255.255.255.255 UDP Source port: 2301=20 Destination port: 2301 0.141319 3comEuro_d5:b9:b8 -> Broadcast IEEE 802.11 Beacon frame, SSID: "............"[Malformed Packet] 0.192535 XXX.XX.1.55 -> XXX.XX.255.255 NBNS Name query NB PRINTERS<00> 0.221540 XXX.XX.1.30 -> Broadcast ARP Who has XXX.XX.7.55? Tell XXX.XX.1.30 adns warning: sendto failed: Network is unreachable (NS=3DXXX.XXX.2.12) 0.237164 XXX.XX.1.30 -> Broadcast ARP Who has XXX.XX.4.234?=20 Tell XXX.XX.1.30 0.243721 3comEuro_d5:b9:b8 -> Broadcast IEEE 802.11 Beacon frame, SSID: "............"[Malformed Packet] 0.292573 XXX.XX.4.212 -> Broadcast ARP Who has XXX.XX.1.10? Tell XXX.XX.4.212 adns warning: sendto failed: Network is unreachable (NS=3DXXX.XXX.2.12) 0.325725 XXX.XX.1.11 -> Broadcast ARP Who has XXX.XX.7.37? Tell XXX.XX.1.11 adns warning: sendto failed: Network is unreachable (NS=3DXXX.XXX.2.12) 0.346129 3comEuro_d5:b9:b8 -> Broadcast IEEE 802.11 Beacon frame, SSID: "............"[Malformed Packet] 0.350925 HewlettP_7c:ab:31 -> HP LLC U P, func=3DTEST; SNAP, OUI 0x00805F (Unknown), PID 0x0002 0.351848 XXX.XX.255.115 -> Broadcast ARP XXX.XX.255.115 is at 00:0b:46:01:34:80 adns warning: sendto failed: Network is unreachable (NS=3DXXX.XXX.2.12) 0.382862 00000002.0030c12f2eff -> 00000002.ffffffffffff IPX SAP General Response 0.384205 00000002.0030c12f2eff -> 00000002.ffffffffffff IPX SAP General Response 0.386566 XXX.XX.6.125 -> XXX.XX.255.255 BROWSER Host Announcement XXXXXXFI008, Workstation, Server, SQL Server, NT Workstation, Potential Browser 0.448530 3comEuro_d5:b9:b8 -> Broadcast IEEE 802.11 Beacon frame, SSID: "............"[Malformed Packet] 0.473888 XXX.XX.1.10 -> Broadcast ARP Who has XXX.XX.7.98? Tell XXX.XX.1.10 adns warning: sendto failed: Network is unreachable (NS=3DXXX.XXX.2.12) 0.653333 3comEuro_d5:b9:b8 -> Broadcast IEEE 802.11 Beacon frame, SSID: "............"[Malformed Packet] I see that here there is just one really noisy packet (the first one), if they could be helpful I could capture a lot more of them this evening. There's another interesting thing is that launching kismet with radiotab_fbsd_b and setting debug.ieee80211 to 1, machine says: [...] ieee80211_newstate: SCAN -> SCAN ieee80211_newstate: SCAN -> INIT ieee80211_newstate: INIT -> RUN ieee80211_newstate: invalid transition ieee80211_newstate: RUN -> INIT ieee80211_newstate: INIT -> RUN ieee80211_newstate: invalid transition ieee80211_newstate: RUN -> INIT ieee80211_newstate: INIT -> RUN ieee80211_newstate: invalid transition ieee80211_newstate: RUN -> INIT ieee80211_newstate: INIT -> RUN ieee80211_newstate: invalid transition ieee80211_newstate: RUN -> INIT ieee80211_newstate: INIT -> RUN ieee80211_newstate: invalid transition ieee80211_newstate: RUN -> INIT ieee80211_newstate: INIT -> RUN ieee80211_newstate: invalid transition [...] until i shutdown kismet, but maybe this is a kismet bug in channel hopping. enabling hw.ath.debug it says: ath_stop: invalid 0 if_flags 0x48842 ath_newstate: SCAN -> INIT Is this a known bug? How can i fix this? Thanks in advance and sorry for my poor english, Luca Micali ####### KERNEL CONFIG, what you don't see here is loaded as kld machine i386 cpu I686_CPU ident DAGGER options SCHED_4BSD options INET options INET6 options FFS options SOFTUPDATES options UFS_ACL options UFS_DIRHASH options NFSCLIENT options NFSSERVER options LIBICONV options EICON_DIVA options MSDOSFS options MSDOSFS_LARGE options MSDOSFS_ICONV options NTFS options NTFS_ICONV options CD9660 options CD9660_ICONV options UDF options UDF_ICONV options PROCFS options PSEUDOFS options COMPAT_43 options SYSVSHM options SYSVMSG options SYSVSEM options _KPOSIX_PRIORITY_SCHEDULING options KBD_INSTALL_CDEV device apic device isa device eisa device pci device ata device atadisk device atapicam options ATA_STATIC_ID device uhci device ehci device usb device scbus device da device cd device pass device atkbdc device atkbd device psm device vga device sc device splash options SC_PIXEL_MODE device agp device npx device apm device acpi device pty device loop device mem device io device random device ether device ppp device tun device bpf device md