I catched the bug position:
in mac80211 ieee80211_sta_manage_reorder_buf function:
/* frame with out of date sequence number */
if (ieee80211_sn_less(mpdu_seq_num, head_seq_num)) {
ieee80211_sn_less will check seq_num. But in ath9k wds mode, I found
some time mpdu_seq_num will less than head_seq_num. Then all recvieve
data packet will drop.
my log:
[ 8137.201050] mac80211 with out of date seq number: 3843 3890
On Sat, Jun 24, 2017 at 10:55 AM, 孙建希 <ycsunjane@xxxxxxxxx> wrote:
> Hi,
>
> Why ap send deauth packet?
>
> I grep the source find deauth in ieee80211_rx_mgmt_deauth.
>
> On Sat, Jun 24, 2017 at 10:40 AM, 孙建希 <ycsunjane@xxxxxxxxx> wrote:
>> All:
>>
>> Add some debug info in mac80211, i can get data packet in
>> __ieee80211_rx_handle_packet
>>
>> 4053 if (ieee80211_is_mgmt(fc)) {
>> 4054 mac80211_dbg(local, RX, "mac80211 mgmt
>> packet\n");
>> 4055 /* drop frame if too short for header */
>>
>> 4083 } else if (ieee80211_is_data(fc)) {
>> 4084 mac80211_dbg(local, RX, "mac80211 data
>> packet\n");
>> 4085 struct sta_info *sta, *prev_sta;
>>
>> with ping packet log:
>>
>> [ 8996.617367] mac80211 data packet
>> [ 8996.622783] mac80211 mgmt packet
>> [ 8996.725036] mac80211 mgmt packet
>> [ 8996.820829] mac80211 data packet
>> [ 8996.829383] mac80211 mgmt packet
>> [ 8996.931682] mac80211 mgmt packet
>> [ 8997.033052] mac80211 mgmt packet
>> [ 8997.135956] mac80211 mgmt packet
>>
>>
>> And station will deauth from ap with PRE_AUTH_NOT_VALID:
>>
>> [ 8998.621385] wlan0: deauthenticated from c8:ee:a6:2d:cc:6c (Reason:
>> 2=PREV_AUTH_NOT_VALID)
>> [ 8998.629537] br-lan: port 2(wlan0) entered disabled state
>> [ 9003.635631] wlan0: authenticate with c8:ee:a6:2d:cc:6c
>> [ 9003.651230] wlan0: send auth to c8:ee:a6:2d:cc:6c (try 1/3)
>> [ 9003.670365] wlan0: associate with c8:ee:a6:2d:cc:6c (try 1/3)
>> [ 9003.681735] wlan0: RX AssocResp from c8:ee:a6:2d:cc:6c (capab=0x431
>> status=0 aid=1)
>> [ 9003.815829] br-lan: port 2(wlan0) entered forwarding state
>>
>>
>> I think some bug in auth cause data packet drop.
>>
>> On Sat, Jun 3, 2017 at 4:09 PM, 孙建希 <ycsunjane@xxxxxxxxx> wrote:
>>> wds ap:
>>>
>>> config wifi-device 'radio0'
>>> option type 'mac80211'
>>> option hwmode '11g'
>>> option path 'platform/ar933x_wmac'
>>> option distance '3000'
>>> option txpower '18'
>>> option country '00'
>>> option channel '1'
>>> option htmode 'HT40'
>>>
>>> config wifi-iface
>>> option device 'radio0'
>>> option network 'lan'
>>> option mode 'ap'
>>> option encryption 'psk2'
>>> option key '12345600'
>>> option max_inactivity '20'
>>> option wds '1'
>>> option ssid 'LK-M2-Jianxi'
>>>
>>> wds station:
>>>
>>> config wifi-device 'radio0'
>>> option type 'mac80211'
>>> option channel '1'
>>> option hwmode '11g'
>>> option path 'platform/ar933x_wmac'
>>> option htmode 'HT20'
>>> option distance '3000'
>>> option txpower '19'
>>> option country '00'
>>>
>>> config wifi-iface
>>> option device 'radio0'
>>> option network 'lan'
>>> option encryption 'psk2'
>>> option key '12345600'
>>> option max_inactivity '20'
>>> option wds '1'
>>> option mode 'sta'
>>> option ssid 'LK-M2-Jianxi'
>>>
>>> When the station break off, ping can not reach ap. wifi still
>>> connect. kernel have no error info. iwinfo signal still change.
>>>
>>> ap with the other station still alive.
>>>
>>> Use wpa_cli scan command, will awake station, and ping alive.
>>> wifi command also work.
>>>
>>> /proc/interrupts ath9k still alive.
