12044 – Connections to N-mode wireless AP not working with iwl4965 AGN driver: no data transferred

Bug 12044 - Connections to N-mode wireless AP not working with iwl4965 AGN driver: no data transferred

Summary: Connections to N-mode wireless AP not working with iwl4965 AGN driver: no dat...

Status:	RESOLVED UNREPRODUCIBLE

Alias:	None

Product:	Drivers
Classification:	Unclassified
Component:	network-wireless (show other bugs)
Hardware:	All Linux

Importance:	P1 normal
Assignee:	networking_wireless@kernel-bugs.osdl.org

URL:
Keywords:

Depends on:
Blocks:

Reported:	2008-11-16 03:25 UTC by Sjoerd Hardeman
Modified:	2009-08-17 17:37 UTC (History)
CC List:	1 user (show)

See Also:
Kernel Version:	2.6.28-rc4
Subsystem:
Regression:	Yes
Bisected commit-id:

Attachments
Iwlwifi debugging output in syslog (55 bytes, text/plain) 2009-03-12 07:21 UTC, Sjoerd Hardeman	Details
tarred gzip of captured debugging info and tcpdump (109.71 KB, application/x-gzip) 2009-04-15 20:49 UTC, Sjoerd Hardeman	Details
Add an attachment (proposed patch, testcase, etc.)

Description Sjoerd Hardeman 2008-11-16 03:25:06 UTC

Latest working kernel version: 2.6.24
Earliest failing kernel version: 2.6.26
Distribution: Debian
Hardware Environment: Intel centrino, with "Intel Corporation PRO/Wireless 4965 AG or AGN [Kedron] Network Connection (rev 61)" wireless
Software Environment: network-manager, but also directly with iwconfig/wpa_supplicant. I have also tested unencrypted connections, they also don't work.
Problem Description: When connecting to my home AP (a lynksys WRT350N, with N-mode wireless support) I cannot send any data after connecting to this network. The DHCP-request times out. Other AP do not pose a problem.
Below you find a wpa_supplicant log. This log might probably not be too useful, but I don't know how to obtain more debugging info.
I reproduced this bug with the mainline 2.6.28-rc4, compiled using debians make-kpkg. I have filed this report in the debian bugtracking system, where they asked me to file it upstream.
Thanks in advance for your efforts.

Cheers,
Sjoerd Hardeman

Steps to reproduce: Connect to N-mode wireless (at least the linksys wrt350N) and try to send data. Encryption negotiation seems to work, but requesting an IP fails due to timeouts.

WPA-supplicant log:
# wpa_supplicant -dd -iwlan0 -c temp.wpa -Dwext
Initializing interface 'wlan0' conf 'temp.wpa' driver 'wext' ctrl_interface 'N/A' bridge 'N/A'
Configuration file 'temp.wpa' -> '/home/sjoerd/temp.wpa'
Reading configuration file '/home/sjoerd/temp.wpa'
Line: 1 - start of a new network block
ssid - hexdump_ascii(len=6):
     73 6a 6f 65 72 64                                 sjoerd
PSK - hexdump(len=32): [REMOVED]
Priority group 0
   id=0 ssid='sjoerd'
Initializing interface (2) 'wlan0'
SIOCGIWRANGE: WE(compiled)=22 WE(source)=21 enc_capa=0xf
  capabilities: key_mgmt 0xf enc 0xf flags 0x0
WEXT: Operstate: linkmode=1, operstate=5
Own MAC address: 00:1f:3b:89:52:9b
wpa_driver_wext_set_wpa
wpa_driver_wext_set_key: alg=0 key_idx=0 set_tx=0 seq_len=0 key_len=0
wpa_driver_wext_set_key: alg=0 key_idx=1 set_tx=0 seq_len=0 key_len=0
wpa_driver_wext_set_key: alg=0 key_idx=2 set_tx=0 seq_len=0 key_len=0
wpa_driver_wext_set_key: alg=0 key_idx=3 set_tx=0 seq_len=0 key_len=0
wpa_driver_wext_set_countermeasures
wpa_driver_wext_set_drop_unencrypted
RSN: flushing PMKID list in the driver
Setting scan request: 0 sec 100000 usec
EAPOL: SUPP_PAE entering state DISCONNECTED
EAPOL: KEY_RX entering state NO_KEY_RECEIVE
EAPOL: SUPP_BE entering state INITIALIZE
EAP: EAP entering state DISABLED
Added interface wlan0
RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
Wireless event: cmd=0x8b06 len=12
State: DISCONNECTED -> SCANNING
Starting AP scan (broadcast SSID)
Trying to get current scan results first without requesting a new scan to speed up initial association
Received 0 bytes of scan results (0 BSSes)
CTRL-EVENT-SCAN-RESULTS
Selecting BSS from priority group 0
Try to find WPA-enabled AP
Try to find non-WPA AP
No suitable AP found.
Setting scan request: 0 sec 0 usec
Starting AP scan (broadcast SSID)
Scan requested (ret=0) - scan timeout 5 seconds
EAPOL: disable timer tick
RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
Wireless event: cmd=0x8b19 len=16
Received 3179 bytes of scan results (11 BSSes)
CTRL-EVENT-SCAN-RESULTS
Selecting BSS from priority group 0
Try to find WPA-enabled AP
0: 00:1d:7e:ab:ac:66 ssid='sjoerd' wpa_ie_len=0 rsn_ie_len=20 caps=0x11
   selected based on RSN IE
   selected WPA AP 00:1d:7e:ab:ac:66 ssid='sjoerd'
Try to find non-WPA AP
Trying to associate with 00:1d:7e:ab:ac:66 (SSID='sjoerd' freq=2427 MHz)
Cancelling scan request
WPA: clearing own WPA/RSN IE
Automatic auth_alg selection: 0x1
RSN: using IEEE 802.11i/D9.0
WPA: Selected cipher suites: group 16 pairwise 16 key_mgmt 2 proto 2
WPA: clearing AP WPA IE
WPA: set AP RSN IE - hexdump(len=22): 30 14 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f ac 02 00 00
WPA: using GTK CCMP
WPA: using PTK CCMP
WPA: using KEY_MGMT WPA-PSK
WPA: not using MGMT group cipher
WPA: Set own WPA IE default - hexdump(len=22): 30 14 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f ac 02 00 00
No keys have been configured - skip key clearing
wpa_driver_wext_set_drop_unencrypted
State: SCANNING -> ASSOCIATING
wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT)
WEXT: Operstate: linkmode=-1, operstate=5
wpa_driver_wext_associate
wpa_driver_wext_set_psk
Setting authentication timeout: 10 sec 0 usec
EAPOL: External notification - EAP success=0
EAPOL: External notification - EAP fail=0
EAPOL: External notification - portControl=Auto
RSN: Ignored PMKID candidate without preauth flag
RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
Wireless event: cmd=0x8b06 len=12
RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
Wireless event: cmd=0x8b04 len=16
RTM_NEWLINK: operstate=0 ifi_flags=0x1003 ([UP])
Wireless event: cmd=0x8b1a len=22
RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP])
Wireless event: cmd=0x8b15 len=24
Wireless event: new AP: 00:1d:7e:ab:ac:66
State: ASSOCIATING -> ASSOCIATED
wpa_driver_wext_set_operstate: operstate 0->0 (DORMANT)
WEXT: Operstate: linkmode=-1, operstate=5
Associated to a new BSS: BSSID=00:1d:7e:ab:ac:66
No keys have been configured - skip key clearing
Associated with 00:1d:7e:ab:ac:66
WPA: Association event - clear replay counter
WPA: Clear old PTK
EAPOL: External notification - portEnabled=0
EAPOL: External notification - portValid=0
EAPOL: External notification - EAP success=0
EAPOL: External notification - portEnabled=1
EAPOL: SUPP_PAE entering state CONNECTING
EAPOL: enable timer tick
EAPOL: SUPP_BE entering state IDLE
Setting authentication timeout: 10 sec 0 usec
Cancelling scan request
RTM_NEWLINK: operstate=0 ifi_flags=0x11003 ([UP][LOWER_UP])
RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added
RX EAPOL from 00:1d:7e:ab:ac:66
RX EAPOL - hexdump(len=99): 01 03 00 5f 02 00 8a 00 10 00 00 00 00 00 00 00 01 d7 09 36 92 39 b2 75 96 03 15 ef 99 41 e0 1a 40 0f 8d 48 72 d8 32 b9 4b ad dd 98 1f 2e 48 48 ab 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Setting authentication timeout: 10 sec 0 usec
IEEE 802.1X RX: version=1 type=3 length=95
  EAPOL-Key type=2
  key_info 0x8a (ver=2 keyidx=0 rsvd=0 Pairwise Ack)
  key_length=16 key_data_length=0
  replay_counter - hexdump(len=8): 00 00 00 00 00 00 00 01
  key_nonce - hexdump(len=32): d7 09 36 92 39 b2 75 96 03 15 ef 99 41 e0 1a 40 0f 8d 48 72 d8 32 b9 4b ad dd 98 1f 2e 48 48 ab
  key_iv - hexdump(len=16): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  key_rsc - hexdump(len=8): 00 00 00 00 00 00 00 00
  key_id (reserved) - hexdump(len=8): 00 00 00 00 00 00 00 00
  key_mic - hexdump(len=16): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
WPA: RX EAPOL-Key - hexdump(len=99): 01 03 00 5f 02 00 8a 00 10 00 00 00 00 00 00 00 01 d7 09 36 92 39 b2 75 96 03 15 ef 99 41 e0 1a 40 0f 8d 48 72 d8 32 b9 4b ad dd 98 1f 2e 48 48 ab 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
State: ASSOCIATED -> 4WAY_HANDSHAKE
WPA: RX message 1 of 4-Way Handshake from 00:1d:7e:ab:ac:66 (ver=2)
RSN: msg 1/4 key data - hexdump(len=0):
WPA: Renewed SNonce - hexdump(len=32): 08 d0 2b 0f f0 98 bf a8 13 26 94 20 39 c9 c2 99 5c e8 c6 46 72 5f ff 42 fc 84 1f 71 9f 94 53 2b
WPA: PTK derivation - A1=00:1f:3b:89:52:9b A2=00:1d:7e:ab:ac:66
WPA: PMK - hexdump(len=32): [REMOVED]
WPA: PTK - hexdump(len=64): [REMOVED]
WPA: WPA IE for msg 2/4 - hexdump(len=22): 30 14 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f ac 02 00 00
WPA: Sending EAPOL-Key 2/4
WPA: TX EAPOL-Key - hexdump(len=121): 01 03 00 75 02 01 0a 00 00 00 00 00 00 00 00 00 01 08 d0 2b 0f f0 98 bf a8 13 26 94 20 39 c9 c2 99 5c e8 c6 46 72 5f ff 42 fc 84 1f 71 9f 94 53 2b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 84 30 74 ef e1 35 f4 bf 30 cf 4f ae 6f 1b f3 64 00 16 30 14 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f ac 02 00 00
RX EAPOL from 00:1d:7e:ab:ac:66
RX EAPOL - hexdump(len=155): 01 03 00 97 02 13 ca 00 10 00 00 00 00 00 00 00 02 d7 09 36 92 39 b2 75 96 03 15 ef 99 41 e0 1a 40 0f 8d 48 72 d8 32 b9 4b ad dd 98 1f 2e 48 48 ab 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 cb 2c 5e 66 69 8a 31 e8 90 ad e0 32 9d ae db 1b 00 38 cc a8 3d e5 26 06 d4 65 ab f2 30 2a 62 55 95 c0 f3 47 bf cf 9e cb 8c 7f ad fc eb b0 18 77 76 2f 5a 95 ec 5b ee f2 bb 1c 5a f7 cf 95 2a 7b 79 5a a5 c6 6e 99 ab fa be ef
IEEE 802.1X RX: version=1 type=3 length=151
  EAPOL-Key type=2
  key_info 0x13ca (ver=2 keyidx=0 rsvd=0 Pairwise Install Ack MIC Secure Encr)
  key_length=16 key_data_length=56
  replay_counter - hexdump(len=8): 00 00 00 00 00 00 00 02
  key_nonce - hexdump(len=32): d7 09 36 92 39 b2 75 96 03 15 ef 99 41 e0 1a 40 0f 8d 48 72 d8 32 b9 4b ad dd 98 1f 2e 48 48 ab
  key_iv - hexdump(len=16): 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
  key_rsc - hexdump(len=8): ff 00 00 00 00 00 00 00
  key_id (reserved) - hexdump(len=8): 00 00 00 00 00 00 00 00
  key_mic - hexdump(len=16): cb 2c 5e 66 69 8a 31 e8 90 ad e0 32 9d ae db 1b
WPA: RX EAPOL-Key - hexdump(len=155): 01 03 00 97 02 13 ca 00 10 00 00 00 00 00 00 00 02 d7 09 36 92 39 b2 75 96 03 15 ef 99 41 e0 1a 40 0f 8d 48 72 d8 32 b9 4b ad dd 98 1f 2e 48 48 ab 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 cb 2c 5e 66 69 8a 31 e8 90 ad e0 32 9d ae db 1b 00 38 cc a8 3d e5 26 06 d4 65 ab f2 30 2a 62 55 95 c0 f3 47 bf cf 9e cb 8c 7f ad fc eb b0 18 77 76 2f 5a 95 ec 5b ee f2 bb 1c 5a f7 cf 95 2a 7b 79 5a a5 c6 6e 99 ab fa be ef
RSN: encrypted key data - hexdump(len=56): cc a8 3d e5 26 06 d4 65 ab f2 30 2a 62 55 95 c0 f3 47 bf cf 9e cb 8c 7f ad fc eb b0 18 77 76 2f 5a 95 ec 5b ee f2 bb 1c 5a f7 cf 95 2a 7b 79 5a a5 c6 6e 99 ab fa be ef
WPA: decrypted EAPOL-Key key data - hexdump(len=48): [REMOVED]
State: 4WAY_HANDSHAKE -> 4WAY_HANDSHAKE
WPA: RX message 3 of 4-Way Handshake from 00:1d:7e:ab:ac:66 (ver=2)
WPA: IE KeyData - hexdump(len=48): 30 14 01 00 00 0f ac 04 01 00 00 0f ac 04 01 00 00 0f ac 02 00 00 dd 16 00 0f ac 01 02 00 c6 c9 72 d2 c1 e7 79 be cd 21 88 35 ea a4 6d 4c dd 00
WPA: Sending EAPOL-Key 4/4
WPA: TX EAPOL-Key - hexdump(len=99): 01 03 00 5f 02 03 0a 00 00 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ad 8f 28 3e 60 c5 2e 39 73 87 2b b1 02 c7 47 6e 00 00
WPA: Installing PTK to the driver.
wpa_driver_wext_set_key: alg=3 key_idx=0 set_tx=1 seq_len=6 key_len=16
EAPOL: External notification - portValid=1
State: 4WAY_HANDSHAKE -> GROUP_HANDSHAKE
RSN: received GTK in pairwise handshake - hexdump(len=18): [REMOVED]
WPA: Group Key - hexdump(len=16): [REMOVED]
WPA: Installing GTK to the driver (keyidx=2 tx=0 len=16).
WPA: RSC - hexdump(len=6): ff 00 00 00 00 00
wpa_driver_wext_set_key: alg=3 key_idx=2 set_tx=0 seq_len=6 key_len=16
WPA: Key negotiation completed with 00:1d:7e:ab:ac:66 [PTK=CCMP GTK=CCMP]
Cancelling authentication timeout
State: GROUP_HANDSHAKE -> COMPLETED
CTRL-EVENT-CONNECTED - Connection to 00:1d:7e:ab:ac:66 completed (auth) [id=0 id_str=]
wpa_driver_wext_set_operstate: operstate 0->1 (UP)
WEXT: Operstate: linkmode=-1, operstate=6
EAPOL: External notification - portValid=1
EAPOL: External notification - EAP success=1
EAPOL: SUPP_PAE entering state AUTHENTICATING
EAPOL: SUPP_BE entering state SUCCESS
EAP: EAP entering state DISABLED
EAPOL: SUPP_PAE entering state AUTHENTICATED
EAPOL: SUPP_BE entering state IDLE
EAPOL authentication completed successfully
RTM_NEWLINK: operstate=1 ifi_flags=0x11043 ([UP][RUNNING][LOWER_UP])
RTM_NEWLINK, IFLA_IFNAME: Interface 'wlan0' added
EAPOL: startWhen --> 0
EAPOL: disable timer tick

Comment 1 Reinette Chatre 2008-11-19 16:24:32 UTC

This appears to be a duplicate of http://bugzilla.kernel.org/show_bug.cgi?id=11596 ... from the commit log of patch "iwlagn: fix RX skb alignment"[1] this bug (11596) is fixed. Could you please check if this patch fixes the problem for you also?

[1] commit e777fa4a467e0649929b28ee120510dc2bf87a29 in wireless-testing 
http://git.kernel.org/?p=linux/kernel/git/linville/wireless-testing.git;a=commit;h=e777fa4a467e0649929b28ee120510dc2bf87a29

Comment 2 Sjoerd Hardeman 2008-11-21 13:37:45 UTC

I tried the wireless-testing kernel including the patches, but that doesn't solve the problem.

Comment 3 Reinette Chatre 2008-12-08 16:26:47 UTC

You mention that the problem occurs in unencrypted tests also. Could you please repeat that test (without wpa_supplicant) with the driver loaded with the following debug parameter: debug=0x40841000

Comment 4 Sjoerd Hardeman 2008-12-09 13:46:03 UTC

Of course I forgot to check if the device worked unencrypted with the new kernel. Well, I do get a ip address, even without the debug parameter, and am also able to send data over the line. Yet, the connection seems to be rather buggy, at one point not pinging my access point and filling the syslog with:
Dec  9 22:27:57 laptop kernel: [  815.699549] martian source 192.168.2.102 from 192.168.2.1, on dev wlan0
Dec  9 22:27:57 laptop kernel: [  815.699555] ll header: ff:ff:ff:ff:ff:ff:00:1d:7e:ab:ac:66:08:06

In order to use the debug parameter, I did a "modprobe -v iwlagn debug=0x40841000". Is that what I am supposed to do? Furthermore, where can I find the additional debugging info?
Anyway, thanks a lot for your time.

Sjoerd

Comment 5 Sjoerd Hardeman 2008-12-09 13:51:04 UTC

My apologies for this double message, but to be sure I made myself clear: WPA and WPA2 still do not work.

Comment 6 Reinette Chatre 2009-01-29 15:14:15 UTC

Sjoerd,

Is this bug still open?

To obtain the debugging the driver needs to be compiled with debugging enabled - you can check this in your logs - the driver will have a "d" in the version number if debugging is compiled in.

With debugging enabled you can see debug output when you run "dmesg" - for this debugging it may be better if you configure syslog to send debug output to a file because it may generate a lot of data.

If you still need to obtain debug information - could you please try to debug flags 0x41843fff instead? You can do this at runtime when you run:

echo 0x41843fff > /sys/class/net/wlan0/device/debug_level

Comment 7 Reinette Chatre 2009-03-02 10:45:06 UTC

John,

Could this bug be closed? We have not heard from the reported in more than a month.

Thanks

Reinette

Comment 8 Sjoerd Hardeman 2009-03-12 07:21:09 UTC

Created attachment 20502 [details]
Iwlwifi debugging output in syslog

Hi Reinette,

I was away for some time, my apologies. 
Anyway, here's a dump of the debugging info, done with the newest kernel (2.6.29-rc7-wl).
I connected using wpa_supplicant, tried to get a dhcp lease, and also manually set an address and tried to ping the router.
If you need me to check anything else, I am available again.

Sjoerd

Comment 9 Reinette Chatre 2009-03-24 14:39:54 UTC

Could you please check the setup of your AP? The log shows that the DHCPREQUEST go out successfully, but that the AP responds with a DHCPNAK. The source address used by the AP when it sends its response is also strange as it uses the broadcast address as its source. The networking code caught this as you can see from message:

Mar 12 15:01:00 laptop kernel: [  599.518745] martian source 255.255.255.255 from 192.168.2.1, on dev wlan0
Mar 12 15:01:00 laptop kernel: [  599.518749] ll header: ff:ff:ff:ff:ff:ff:00:1d:7e:ab:ac:66:08:00

Comment 10 Sjoerd Hardeman 2009-03-30 10:35:54 UTC

Strange, my AP is setup up as provided by linksys. I have tried a new firmware with similar results. I will check more thoroughly what going on next weekend.
Anyway, it is thus probably not a bug in the kernel? Then I have to bug Linksys with this issue. Thanks a lot for your time.

Comment 11 Reinette Chatre 2009-03-30 16:35:56 UTC

I do not see how this can be a problem with the driver. The problem is that you are not getting an IP address via dhcp. This is because the DHCP server (your AP) responds with a DHCPNAK when asked for an IP address. Also, the source IP address used by the AP when responding to the request is not correct.

Comment 12 Sjoerd Hardeman 2009-04-12 10:41:41 UTC

It can't be a DHCP problem, as setting the ip address manually also does not work.

Sjoerd

Comment 13 Reinette Chatre 2009-04-13 17:08:38 UTC

Were you able to check the AP's network setup? The fact that it sends a DHCPNAK and also that it uses a broadcast address as its source is a problem.

When you do set an IP address manually, can you capture some network traffic for us to look at when you try to ping ? (something like "tcpdump -i wlan0  -n -s0 -w my.cap")

Also, you provided the debugging for the DHCP case ... can you provide debugging for the case where you set IP manually?

Comment 14 Sjoerd Hardeman 2009-04-15 20:49:06 UTC

Created attachment 21000 [details]
tarred gzip of captured debugging info and tcpdump

The atatchment is a gzipped tar of the tcpdump and the captured debugging info. I connected with wpa_supplicant, set my ip to 192.168.2.151, bcast 192.168.2.255, netmask 255.255.255.0 (the AP is 192.168.2.1, so it should be reachable). and pinged 12 times. A similar setup with my eth card (of course) works, so it is not related to my AP not accepting addresses not set by dhcp or something similar.
Hopefully the information is useful. Thanks for your time.

Sjoerd

Comment 15 Sjoerd Hardeman 2009-08-17 17:36:36 UTC

Just tested if I could still find the bug in the current kernel release, and the answer is no. So apparently it is fixed in 2.6.31.

Sjoerd

Note You need to log in before you can comment on or make changes to this bug.