On Thu, Oct 17, 2019 at 05:43:30PM -0700, Mary Ann Horton Gmail wrote: > I see reasonable beacon and probe response elements in the debug output, > shown below. beacon_tail contains the Extended Capabilities and Time > Advertisement elements, and proberesp_ies has both the time and time zone. > (I've bracketed Extended Capabilities (7f), Time Advertisement (45), and > Time Zone (62) below to make it easier to read - the mailing list won't let > me colorize.) > nl80211: Beacon tail - hexdump(len=60): 2a 01 04 32 04 30 48 60 6c [ 7f 04 > 00 00 00 08 ][ 45 11 02 e3 07 0a 11 17 32 36 00 00 00 00 00 00 00 00 00 ][ > dd 18 00 50 f2 02 01 01 01 00 03 a4 00 00 27 a4 00 00 42 43 5e 00 62 32 2f > 00 > (snip) > nl80211: beacon_ies - hexdump(len=25): [ 45 11 02 e3 07 0a 11 17 32 36 00 00 > 00 00 00 00 00 00 00 ][ 7f 04 00 00 00 08 ] ... > Then I listened on the channel with Wireshark from my Linux workstation. > Beacons appear in Wireshark, and they all look similar. > > Wireshark, for some reason, sees a completely different beacon. Elements are > added and deleted. In particular, in Extended Capabilities, the length is > changed from 4 to 8 and octet 4, which should have the UTC TSF Offset bit > set, is zero, and the Time Advertisement element is missing. When I've > captured a Probe Response I don't see any of these fields either. > > Here is a a condensed beacon from Wireshark. I bracketed the Extended > Capabilities bytes. > 00c0 2c 01 c8 00 14 00 05 00 19 00[7f 08 05 00 08 00 ,............... > 00d0 00 00 00 40]dd 09 00 10 18 02 00 00 1c 00 00 a5 ...@............ > 00e0 b5 a1 dd > What in the world is going on? Is something else rewriting the beacons? I > can understand if the timestamps are changed, but the tail? The WLAN driver is responsible for building the full Beacon frame and it may end up overriding the payload that hostapd tries to configure. > This is on a Raspberry Pi 3B. I installed the latest Raspbian Buster, tried > it with the hostapd 2.8 it comes with, and then recompiled from the > 2.8-devel hostapd git source. The particular driver used on that does not seem to allow hostapd to set this type of contents for the Beacon frames. In other words, getting this to work would require changes to that driver. > I'm also puzzled that wpa_printf debug shuts off after initialization. It > makes sense that it would be excessively verbose while running, but how can > I capture debug when it's actually sending out a beacon? If you have -B on the command line, debug prints to stdout stop when the process forks into the background. Otherwise, debugging should continue.. Anyway, hostapd does not send out the Beacon frames; the driver does. As such, there would be no debug messages related to actual Beacon frame construction or transmission from hostapd. -- Jouni Malinen PGP id EFC895FA _______________________________________________ Hostap mailing list Hostap@xxxxxxxxxxxxxxxxxxx http://lists.infradead.org/mailman/listinfo/hostap
