From owner-freebsd-wireless@FreeBSD.ORG Sat Sep 21 12:59:39 2013 Return-Path: Delivered-To: freebsd-wireless@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTP id CC52B9B9 for ; Sat, 21 Sep 2013 12:59:39 +0000 (UTC) (envelope-from adrian.chadd@gmail.com) Received: from mail-wg0-x234.google.com (mail-wg0-x234.google.com [IPv6:2a00:1450:400c:c00::234]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 54EA62DE4 for ; Sat, 21 Sep 2013 12:59:39 +0000 (UTC) Received: by mail-wg0-f52.google.com with SMTP id m15so1496643wgh.31 for ; Sat, 21 Sep 2013 05:59:36 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:date:message-id:subject :from:to:cc:content-type; bh=EzjnPQsJbs3QVIY/HgWibYuUiE99EFRtjLuINE9tPn0=; b=F2fP913DNuagGsSNM6udxfdabaVRb4WIHHKrXchx23EN3HBI8fI7TOvgXZ63b7Hi3J e0Qd5elhFCKXft2/lbJsZ5DTg9oUecPB3NZ88a1QXBXzLz40xVRUrgnpwKm0eev7ura5 qEETXe9jIA/ORIvpFjOkj+vUHRciQtIo17iYp6wvtJDWtAowoju6eU1G56soslPIWMQP PshbVg77Vgz8biRjNCbcro7Mr1EVU9CQ+dle50gQxmOZGISTT2Vy2b3vYriY4BJ0ttEv Ko8T3o852/+VuxK/d7VJoHb9LYJWRT6gUzHNxK7f/gc1lecU88pVKKUG+Fl0jg66Ykxt 23qA== MIME-Version: 1.0 X-Received: by 10.195.13.45 with SMTP id ev13mr9826444wjd.20.1379768376441; Sat, 21 Sep 2013 05:59:36 -0700 (PDT) Sender: adrian.chadd@gmail.com Received: by 10.216.73.133 with HTTP; Sat, 21 Sep 2013 05:59:36 -0700 (PDT) In-Reply-To: References: Date: Sat, 21 Sep 2013 05:59:36 -0700 X-Google-Sender-Auth: wpjiCQ4muUjDaIfNkvqfCJF7KkU Message-ID: Subject: Re: ath0 "monitor mode" mystery From: Adrian Chadd To: hiren panchasara Content-Type: text/plain; charset=ISO-8859-1 X-Content-Filtered-By: Mailman/MimeDel 2.1.14 Cc: "freebsd-wireless@freebsd.org" X-BeenThere: freebsd-wireless@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: "Discussions of 802.11 stack, tools device driver development." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 21 Sep 2013 12:59:39 -0000 Hi! I don't know what the "monitor" flag is supposed to do, sorry. I think it's supposed to do the same as having a monitor mode vap but I don't know if the ath(4) driver knows about this. I honestly haven't used it. :-P The monitor mode vap is so you can create a monitoring interface without having to be an AP or a STA. Ie, in monitor mode the NIC doesn't respond to frames, doesn't ACK things that are destined to it, etc. It also doesn't allow you transmit on it from userspace. The DMA errors there are likely just from channel changes. Normally I do: ifconfig wlan0 create wlandev ath0 wlanmode monitor ifconfig wlan0 channel X ifconfig wlan0 up -adrian On 20 September 2013 15:29, hiren panchasara wrote: > I am trying to enable (what I think is) monitor mode on PicoStation M2HP. > > I am confused though. "man ifconfig" is also showing 2 different "monitor" > things. I tried both below: > > # ifconfig wlan0 create wlandev ath0 > wlan0: Ethernet address: dc:9f:db:6a:3e:9e > # ifconfig wlan0 down > # ifconfig wlan0 monitor > # ifconfig wlan0 channel 4 > # ifconfig wlan0 up > # > # ifconfig wlan0 > wlan0: flags=48843 metric > 0 mtu 1500 > ether dc:9f:db:6a:3e:9e > media: IEEE 802.11 Wireless Ethernet autoselect (autoselect) > status: no carrier > ssid "" channel 4 (2427 MHz 11g) > regdomain FCC3 country US indoor ecm authmode OPEN privacy OFF > txpower 30 bmiss 7 scanvalid 60 protmode CTS wme burst bintval 0 > # > > And now I get things via: > # tcpdump -ni wlan0 -y IEEE802_11_RADIO > wlan0: promiscuous mode enabled > wlan0: promiscuous mode disabled > wlan0: promiscuous mode enabled > tcpdump: data link type IEEE802_11_RADIO > tcpdump: WARNING: wlan0: no IPv4 address assigned > tcpdump: verbose output suppressed, use -v or -vv for full protocol decode > listening on wlan0, link-type IEEE802_11_RADIO (802.11 plus radiotap > header), capture size 65535 bytes > 18:56:23.803065 9838362989us tsft 1.0 Mb/s 60dBm tx power antenna 0 2427 > MHz 11g Probe Request () [1.0* 2.0* 5.5* 11.0* 6.0 9.0 12.0 18.0 Mbit] > 18:56:23.994159 9838553735us tsft 1.0 Mb/s -75dB signal -96dB noise > antenna 1 2427 MHz 11g Probe Request () [1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 > Mbit] > 18:56:23.995089 9838554678us tsft 1.0 Mb/s -75dB signal -96dB noise > antenna 1 2427 MHz 11g Probe Request (Y!Office) [1.0 2.0 5.5 11.0 6.0 9.0 > 12.0 18.0 Mbit] > 18:56:23.995979 9838555575us tsft 1.0 Mb/s -75dB signal -96dB noise > antenna 1 2427 MHz 11g Probe Request () [1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 > Mbit] > 18:56:24.002484 9838562077us tsft 1.0 Mb/s -76dB signal -96dB noise > antenna 1 2427 MHz 11g Probe Request () [1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 > Mbit] > 18:56:24.016082 9838576006us tsft 1.0 Mb/s 60dBm tx power antenna 0 2427 > MHz 11g ht/40+ Probe Request () [1.0* 2.0* 5.5* 11.0* 6.0 9.0 12.0 18.0 > Mbit] > > But is this really a monitor mode? Not according to tcpdump. > > What we are seeing above are beacons sent out by APs? How do we get probe > requests sent to APs by devices? > > man tcpdump says: > > -I Put the interface in "monitor mode"; this is supported only on > IEEE 802.11 Wi-Fi interfaces, and supported only on some > operat- > ing systems. > > Note that in monitor mode the adapter might disassociate > from > the network with which it's associated, so that you will not > be > able to use any wireless networks with that adapter. This > could > prevent accessing files on a network server, or resolving > host > names or network addresses, if you are capturing in monitor > mode > and are not connected to another network with another > adapter. > > This flag will affect the output of the -L flag. If -I > isn't > specified, only those link-layer types available when > not in > monitor mode will be shown; if -I is specified, only those > link- > layer types available when in monitor mode will be shown. > > So I tried -I, > > # tcpdump -Ii wlan0 -y IEEE802_11_RADIO > tcpdump: wlan0 is not a monitor mode VAP > To create a new monitor mode VAP use: > ifconfig wlan1 create wlandev ath0 wlanmode monitor > and use wlan1 as the tcpdump interface > # > > Okay, lets create wlan1 as suggested: > > # ifconfig wlan1 create wlandev ath0 wlanmode monitor > wlan1: Ethernet address: dc:9f:db:6a:3e:9e > # ifconfig wlan1 > wlan1: flags=8802 metric 0 mtu 1500 > ether dc:9f:db:6a:3e:9e > media: IEEE 802.11 Wireless Ethernet autoselect > (autoselect ) > status: no carrier > ssid "" channel 4 (2427 MHz 11g) > regdomain FCC3 country US indoor ecm authmode OPEN privacy OFF > txpower 30 scanvalid 60 protmode CTS wme burst bintval 0 > # > > See subtle difference between wlan0 and wlan1. > > Still no success (but new error): > > # tcpdump -Ii wlan1 -y IEEE802_11_RADIO > wlan1: promiscuous mode enabled > tcpdump: data link type IEEE802_11_RADIO > tcpdump: WARNING: wlan1: no IPv4 address assigned > ar5416StopDmaReceive: dma failed to stop in 10ms > AR_CR=0x00000024 > AR_DIAG_SW=0x42000020 > tcpdump: verbose output suppressed, use -v or -vv for full protocol decode > listening on wlan1, link-type IEEE802_11_RADIO (802.11 plus radiotap > header), capture size 65535 bytes > ar5416StopDmaReceive: dma failed to stop in 10ms > AR_CR=0x00000024 > AR_DIAG_SW=0x42000020 > ar5416StopDmaReceive: dma failed to stop in 10ms > AR_CR=0x00000024 > AR_DIAG_SW=0x42000020 > ar5416StopDmaReceive: dma failed to stop in 10ms > AR_CR=0x00000024 > AR_DIAG_SW=0x42000020 > ar5416StopDmaReceive: dma failed to stop in 10ms > AR_CR=0x00000024 > AR_DIAG_SW=0x42000020 > ar5416StopDmaReceive: dma failed to stop in 10ms > AR_CR=0x00000024 > AR_DIAG_SW=0x42000020 > ar5416StopDmaReceive: dma failed to stop in 10ms > AR_CR=0x00000024 > AR_DIAG_SW=0x42000020 > ar5416StopDmaReceive: dma failed to stop in 10ms > AR_CR=0x00000024 > AR_DIAG_SW=0x42000020 > ar5416StopDmaReceive: dma failed to stop in 10ms > AR_CR=0x00000024 > AR_DIAG_SW=0x42000020 > ^C > 0 packets captured > 0 packets received by filter > 0 packets dropped by kernel > ar5416StopDmaReceive: dma failed to stop in 10ms > AR_CR=0x00000024 > AR_DIAG_SW=0x42000020 > wlan1: promiscuous mode disabled > # > > I also tried to do mixed version of both wlan0 and wlan1: > > # ifconfig wlan0 destroy > # ifconfig wlan0 create wlandev ath0 wlanmode monitor > wlan0: Ethernet address: dc:9f:db:6a:3e:9e > # ifconfig wlan0 monitor > # ifconfig wlan0 channel 4 > # ifconfig wlan0 up > ar5416PerCalibrationN: NF calibration didn't finish; delaying CCA > # > # ifconfig wlan0 > wlan0: flags=48843 metric > 0 mtu 1500 > ether dc:9f:db:6a:3e:9e > media: IEEE 802.11 Wireless Ethernet autoselect mode 11ng > status: running > ssid "" channel 4 (2427 MHz 11g ht/40+) bssid dc:9f:db:6a:3e:9e > regdomain FCC3 country US indoor ecm authmode OPEN privacy OFF > txpower 30 scanvalid 60 protmode CTS ampdulimit 8k ampdudensity 8 > shortgi wme burst > # > > But no success: > > # tcpdump -Ii wlan0 -y IEEE802_11_RADIO > wlan0: promiscuous mode enabled > tcpdump: data link type IEEE802_11_RADIO > tcpdump: WARNING: wlan0: no IPv4 address assigned > tcpdump: verbose output suppressed, use -v or -vv for full protocol decode > listening on wlan0, link-type IEEE802_11_RADIO (802.11 plus radiotap > header), capture size 65535 bytes > ^C > 0 packets capturwlan0: promiscuous mode disabled > ed > 0 packets received by filter > 0 packets dropped by kernel > # >