Search Linux Wireless

Re: PROBLEM: mac80211 and 802.11a does not associate with ap [PATCH]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mon, Aug 25, 2008 at 5:53 PM, Dan Williams <dcbw@xxxxxxxxxx> wrote:
> On Mon, 2008-08-25 at 01:32 +0200, Jan-Espen Pettersen wrote:
>> Hello,
>>
>> Short problem description:
>> mac80211 framework sends a possibly invalid assoc request (802.11a)
>>
>> Patch url download (if the attachment is unusable or stripped):
>> http://www.radiotube.org/mac80211_emptyext.diff
>>
>> PROBLEM DESCRIPTION
>> The association request includes a list of supported data rates.
>>
>> 802.11b: 4 supported rates.
>> 802.11g: 12 (8 + 4) supported rates.
>> 802.11a: 8 supported rates.
>>
>> The rates tag of the assoc request has room for only 8 rates. In case of
>> 802.11g an extended rate tag is appended. However in net/wireless/mlme.c
>> an extended (empty) rate tag is also appended if the number of rates is
>> exact 8.
>
> That seems wrong; shouldn't be sending out an empty IE.
>
> Can you post the patch inline in email, which is the preferred method of
> sending kernel patches?  Also, please include a short description of the
> patch as the subject, a longer explanation at the start of the mail, and
> include your Signed-off-by: with your email address to indicate that you
> are legally able to contribute the patch (ie that its not covered under
> some NDA, obtained illegally, etc).  Even though your patch is one line,
> everyone needs to do this.  Please see:
>
> http://linux.yyz.us/patch-format.html
>
> Your subject should be something like:
>
> mac80211: don't send empty extended rates IE
>
> Thanks!
> Dan
>
This mostly affects Cisco APs, we just hit it as well 2 weeks ago.
Tomas

>> Pseudo-code of current mlme.c implementation:
>>
>> for (i = 0; i < num_rates && i < 8; i++)
>>     ... append_rate ...;
>> if (i == 8) { /* <-- problem */
>>     length = num_rates - i;
>>     ... append ext rate ...;
>> }
>>
>> The correct way to do this should be more like:
>>
>> for (i = 0; i < num_rates && i < 8; i++)
>>     ... append_rate ...;
>> if (i < num_rates) { /* <--note this */
>>     length = num_rates - i;
>>     ... append ext rate ...
>> }
>>
>> A ZyXEL G-570U access point does not accept this empty extended rates
>> tag. It responds with a 'association denied' with code 18 (unsupported
>> rates). I do not know if this is correct behaviour, but as far as I can
>> see it would be wise to not send an empty extended rates tag anyway.
>>
>> Kernel version:
>> Linux version 2.6.27-rc4 (sigsegv@challenger) (gcc version 4.3.1 (Debian
>> 4.3.1-9) ) #9 SMP Sun Aug 24 22:24:27 CEST 2008
>>
>> Wireless card (dmesg):
>> iwl3945: Intel(R) PRO/Wireless 3945ABG/BG Network Connection driver for
>> Linux, 1.2.26kds
>> iwl3945: Copyright(c) 2003-2008 Intel Corporation
>> iwl3945 0000:03:00.0: PCI INT A -> GSI 17 (level, low) -> IRQ 17
>> iwl3945 0000:03:00.0: setting latency timer to 64
>> iwl3945: Detected Intel Wireless WiFi Link 3945ABG
>> iwl3945: Tunable channels: 13 802.11bg, 23 802.11a channels
>>
>> Debug output from mac80211 and iwl3945:
>> phy0: HW CONFIG: freq=5180
>> phy0: HW CONFIG: freq=5180
>> wlan0_rename: Initial auth_alg=0
>> wlan0_rename: authenticate with AP 00:19:cb:2f:4b:95
>> phy0: TX to low-level driver (len=30) FC=0x00b0 DUR=0x003c
>> A1=00:19:cb:2f:4b:95 A2=00:1b:77:40:82:46 A3=00:19:cb:2f:4b:95
>> phy0: HW CONFIG: freq=5180
>> wlan0_rename: Initial auth_alg=0
>> wlan0_rename: authenticate with AP 00:19:cb:2f:4b:95
>> phy0: TX to low-level driver (len=30) FC=0x00b0 DUR=0x003c
>> A1=00:19:cb:2f:4b:95 A2=00:1b:77:40:82:46 A3=00:19:cb:2f:4b:95
>> wlan0_rename: RX authentication from 00:19:cb:2f:4b:95 (alg=0
>> transaction=2 status=0)
>> wlan0_rename: authenticated
>> wlan0_rename: associate with AP 00:19:cb:2f:4b:95
>> phy0: TX to low-level driver (len=46) FC=0x0000 DUR=0x003c
>> A1=00:19:cb:2f:4b:95 A2=00:1b:77:40:82:46 A3=00:19:cb:2f:4b:95
>> wlan0_rename: authentication frame received from 00:19:cb:2f:4b:95, but
>> not in authenticate state - ignored
>> wlan0_rename: authentication frame received from 00:19:cb:2f:4b:95, but
>> not in authenticate state - ignored
>> wlan0_rename: RX AssocResp from 00:19:cb:2f:4b:95 (capab=0x421 status=18
>> aid=0)
>> wlan0_rename: AP denied association (code=18)
>> wlan0_rename: associate with AP 00:19:cb:2f:4b:95
>> phy0: TX to low-level driver (len=46) FC=0x0000 DUR=0x003c
>> A1=00:19:cb:2f:4b:95 A2=00:1b:77:40:82:46 A3=00:19:cb:2f:4b:95
>> wlan0_rename: RX AssocResp from 00:19:cb:2f:4b:95 (capab=0x421 status=18
>> aid=0)
>> wlan0_rename: AP denied association (code=18)
>> wlan0_rename: associate with AP 00:19:cb:2f:4b:95
>> phy0: TX to low-level driver (len=46) FC=0x0000 DUR=0x003c
>> A1=00:19:cb:2f:4b:95 A2=00:1b:77:40:82:46 A3=00:19:cb:2f:4b:95
>> wlan0_rename: RX AssocResp from 00:19:cb:2f:4b:95 (capab=0x421 status=18
>> aid=0)
>> wlan0_rename: AP denied association (code=18)
>> wlan0_rename: association with AP 00:19:cb:2f:4b:95 timed out
>>
>> Regards
>> Jan-Espen Pettersen
>>
>> Patch url download (if the attachment is unusable or stripped):
>> http://www.radiotube.org/mac80211_emptyext.diff
>>
>
> --
> To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
> the body of a message to majordomo@xxxxxxxxxxxxxxx
> More majordomo info at  http://vger.kernel.org/majordomo-info.html
>
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html

[Index of Archives]     [Linux Host AP]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Linux Kernel]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]
  Powered by Linux