Good morning, I recently (yesterday) bought an RTL8188RU-based wifi card, the Alfa AWUS036NHR <0bda:817f>, and proceeded to compile compat-wireless 3.6.8-1 to have it working. I'm using this card for penetration testing purposes, so I applied this this patch to be able to switch channels in monitor mode and to prevent the driver from overwriting QoS headers: <snip> --- a/net/mac80211/tx.c Sat Sep 29 20:29:54 2012 -0400 +++ b/net/mac80211/tx.c Sat Sep 29 20:37:29 2012 -0400 @@ -1487,7 +1487,10 @@ /* Older kernels do not have the select_queue callback */ skb_set_queue_mapping(skb, ieee80211_select_queue(sdata, skb)); #endif - ieee80211_set_qos_hdr(sdata, skb); + // Don't overwrite QoS header in monitor mode + if (likely(info->control.vif-> type != NL80211_IFTYPE_MONITOR)) { + ieee80211_set_qos_hdr(sdata, skb); + } ieee80211_tx(sdata, skb, false); rcu_read_unlock(); } diff -r 0de05c2ae1be net/wireless/chan.c --- a/net/wireless/chan.c Sat Sep 29 20:29:54 2012 -0400 +++ b/net/wireless/chan.c Sat Sep 29 20:37:29 2012 -0400 @@ -85,8 +85,8 @@ if (!rdev->ops->set_monitor_channel) return -EOPNOTSUPP; - if (!cfg80211_has_monitors_only(rdev)) - return -EBUSY; + //if (!cfg80211_has_monitors_only(rdev)) + // return -EBUSY; chan = rdev_freq_to_chan(rdev, freq, chantype); if (!chan) </snip> Now, it works almost perfectly, I can use my card for regular surfing with all kinds of AP (WEP/WPA/OPN), monitor mode works and injection too; however, when in monitor mode, it detects associated WPA clients as non-associated (exept for itself, it detects its own association and its own generated wpa-handshake), and I'm unable to get any WPA handshake. Also, after the first succesfull connection and disconnection, the card goes 'mute', it just stops responding, scanning etc, until unplugged and replugged. For this purpose I'm using the latest aircrack-ng suite, other equipment I have, correctly reports all the clients in my own wireless network as being associated, but not this rtl8188ru card; I think some unicast frames are being filtered out while in monitor mode. It's worth noting that injection works and I'm currently able to effectively deauth wpa clients, but the card doesn't pick up their (re-)association nor the wpa handshake. I tried also compat-wireless from linux-next and compat-drivers aswell; all exhibit this behaviour, unfortunately compat-drivers exposes some other bugs. I'm willing to patch/test/recompile to get this bugs ironed out, unfortunately loading rtl8192cu with "options debug=5" doesn't seem to have any effect on my logs, however I'm attaching a .pcap capture and I'm willing to follow your instructions to get you useful info from my system. Also, this bug/problem seems to be a regression, beacuse using an ancient 2.6.34 kernel with compat-wireless-backport.2.6.39-1 the problem doesn't exist, all works perfectly. In the attached .pcap file, you'll find a 2-3 APs, including my own, and 2-3 clients (all connected on my network - CCC), the only associated client shown is the alfa card itself, the handshake has been captured aswell, but the other clients (my phone and my tablet) are show not-associated, when in reality they are connected/reconnecting and their 4-way handshake shoud be visible aswell; this is kinda weird. My system is Ubuntu 12.10 kernel 3.5.0-19 compat-wireless 3.6.8-1 Alfa AWUS036NHR device id 0bda:817f dmesg output (I know it's probably useless, but it's all it gives me) <snip> Dec 6 15:43:26 rothor kernel: [ 1562.960110] rtl8192cu: Chip version 0x10 Dec 6 15:43:26 rothor kernel: [ 1563.036520] rtl8192cu: MAC address: 00:c0:ca:6a:e2:38 Dec 6 15:43:26 rothor kernel: [ 1563.036523] rtl8192cu: Board Type 1 Dec 6 15:43:26 rothor kernel: [ 1563.036822] rtl8192cu: Loading firmware rtlwifi/rtl8192cufw.bin Dec 6 15:43:26 rothor kernel: [ 1563.036901] usbcore: registered new interface driver rtl8192cu Dec 6 15:43:35 rothor kernel: [ 1571.216096] rtl8192cu: MAC auto ON okay! Dec 6 15:43:35 rothor kernel: [ 1571.248809] rtl8192cu: Tx queue select: 0x05 </snip> Any help being appreciated, thank you in advance for your time.
Attachment:
wpa_clients.pcap-08.cap
Description: Binary data