Bug 208483

This is the standard Radiotap Header used by hcxdumptool:

static const uint8_t hdradiotap[] =
{
0x00, 0x00, /* radiotap version and padding */
0x0e, 0x00, /* radiotap header length */
0x06, 0x8c, 0x00, 0x00, /* bitmap */
0x02, /* flags */
0x02, /* rate */
0x14, /* tx power */
0x01, /* antenna */
0x08, 0x00 /* tx flags */
};
#define HDRRT_SIZE sizeof(hdradiotap)

All ioctl() system calls (SIOCGIFFLAGS, SIOCSIFFLAGS, SIOCGIWMODE, SIOCSIWMODE, SIOCGIWFREQ, SIOCSIWFREQ) are working as expected. hcxdumptool is running an PF_PACKET - SOCK_RAW socket.

(In reply to Michael from comment #0)
> Packet injection on 5GHz is probably not working on mt76x0u devices, while
> 2.4GHz injection is working fine.
> 
> kernel:
> 5.7.7-arch1-1
> 
> tested devices:
> Bus 005 Device 006: ID 0b05:17d1 ASUSTek Computer, Inc. AC51
> 802.11a/b/g/n/ac Wireless Adapter [Mediatek MT7610U]
> 
> Bus 005 Device 007: ID 148f:761a Ralink Technology, Corp. MT7610U ("Archer
> T2U" 2.4G+5G WLAN Adapter
> 
> 2.4GHz injection test:
> channels: 1,2,3,4,5,6,7,8,9,10,11,12,13
> $ sudo hcxdumptool -i wlp39s0f3u1u1u2 -s 1 --check_injection
> initialization...
> starting packet injection test (that can take up to two minutes)...
> packet injection is working!
> ratio: 38 to 18 
> 
> terminating...
> 
> 
> 5GHz injection test:
> channels:
> 36,40,44,48,52,56,60,64,100,104,108,112,116,120,124,128,132,136,140,149,153,
> 157,161,165
> $ sudo hcxdumptool -i wlp39s0f3u1u1u2 -s 2 --check_injection
> initialization...
> starting packet injection test (that can take up to two minutes)...
> warning: no PROBERESPONSE received - packet injection is probably not
> working!
> 
> terminating...
> 
> dmesg doesn't show an error:
> [ 7778.671642] usb 5-1.1.2: USB disconnect, device number 8
> [ 7782.506462] usb 5-1.1.2: new high-speed USB device number 9 using xhci_hcd
> [ 7782.711427] usb 5-1.1.2: New USB device found, idVendor=0b05,
> idProduct=17d1, bcdDevice= 1.00
> [ 7782.711429] usb 5-1.1.2: New USB device strings: Mfr=1, Product=2,
> SerialNumber=3
> [ 7782.711430] usb 5-1.1.2: Product: WiFi
> [ 7782.711431] usb 5-1.1.2: Manufacturer: MediaTek
> [ 7782.711432] usb 5-1.1.2: SerialNumber: 1.0
> [ 7782.899864] usb 5-1.1.2: reset high-speed USB device number 9 using
> xhci_hcd
> [ 7783.094384] mt76x0u 5-1.1.2:1.0: ASIC revision: 76100002 MAC revision:
> 76502000
> [ 7783.803449] audit: type=1131 audit(1594108631.465:369): pid=1 uid=0
> auid=4294967295 ses=4294967295 msg='unit=systemd-rfkill comm="systemd"
> exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
> [ 7784.121190] mt76x0u 5-1.1.2:1.0: EEPROM ver:02 fae:01
> [ 7784.152801] ieee80211 phy11: Selected rate control algorithm 'minstrel_ht'
> [ 7784.172411] mt76x0u 5-1.1.2:1.0 wlp39s0f3u1u1u2: renamed from wlan0
> ...
> hcxdumptool start:
> [ 7791.943188] device wlp39s0f3u1u1u2 entered promiscuous mode
> ...
> hcxdumptool stop:
> [ 7797.627678] device wlp39s0f3u1u1u2 left promiscuous mode
> ...
> 
> Wireshark showing outgoing 5GHz packets, but they are not transmitted over
> the air by the interface.
> 
> 
> Devices are connected to an USB2 hub, due to xhci issue on USB3 as reported
> here:
> https://bugzilla.kernel.org/show_bug.cgi?id=202541
> 
> hcxdumptool is available here (latest version):
> https://github.com/ZerBea/hcxdumptool
> or via distribution Hi packet manager.

Hi Michael,

can you please double check you have configured a regdomain that allows active scanning @ 5GHz?

[~/workspace/hcxdumptool]$ sudo iw reg set US
[~/workspace/hcxdumptool]$ sudo iw reg get
global
country US: DFS-FCC
        (2402 - 2472 @ 40), (N/A, 30), (N/A)
        (5170 - 5250 @ 80), (N/A, 23), (N/A), AUTO-BW
        (5250 - 5330 @ 80), (N/A, 23), (0 ms), DFS, AUTO-BW
        (5490 - 5730 @ 160), (N/A, 23), (0 ms), DFS
        (5735 - 5835 @ 80), (N/A, 30), (N/A)
        (57240 - 71000 @ 2160), (N/A, 40), (N/A)

[~/workspace/hcxdumptool]$ sudo ./hcxdumptool -i wlp0s4u1 -s 2 --check_injection
initialization...
[  851.926217] IPv6: ADDRCONF(NETDEV_CHANGE): wlp0s4u1: link becomes ready
[  851.961037] device wlp0s4u1 entered promiscuous mode
starting packet injection test (that can take up to two minutes)...
packet injection is working!
ratio: 24 to 13 

terminating...
[  858.457865] device wlp0s4u1 left promiscuous mode

[~/workspace/hcxdumptool]$ sudo iw reg set 00
[~/workspace/hcxdumptool]$ sudo iw reg get
global
country 00: DFS-UNSET
        (2402 - 2472 @ 40), (N/A, 20), (N/A)
        (2457 - 2482 @ 20), (N/A, 20), (N/A), AUTO-BW, PASSIVE-SCAN
        (2474 - 2494 @ 20), (N/A, 20), (N/A), NO-OFDM, PASSIVE-SCAN
        (5170 - 5250 @ 80), (N/A, 20), (N/A), AUTO-BW, PASSIVE-SCAN
        (5250 - 5330 @ 80), (N/A, 20), (0 ms), DFS, AUTO-BW, PASSIVE-SCAN
        (5490 - 5730 @ 160), (N/A, 20), (0 ms), DFS, PASSIVE-SCAN
        (5735 - 5835 @ 80), (N/A, 20), (N/A), PASSIVE-SCAN
        (57240 - 63720 @ 2160), (N/A, 0), (N/A)

[~/workspace/hcxdumptool]$ sudo ./hcxdumptool -i wlp0s4u1 -s 2 --check_injection
initialization...
[  908.610232] IPv6: ADDRCONF(NETDEV_CHANGE): wlp0s4u1: link becomes ready
[  908.650314] device wlp0s4u1 entered promiscuous mode
starting packet injection test (that can take up to two minutes)...
warning: no PROBERESPONSE received - packet injection is probably not working!

terminating...
[  915.588560] device wlp0s4u1 left promiscuous mode
[~/workspace/hcxdumptool]$ lsusb
Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 001 Device 002: ID 0b05:17d1 ASUSTek Computer, Inc. AC51 802.11a/b/g/n/ac Wireless Adapter [Mediatek MT7610U]
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub


Regards,
Lorenzo

Hi Lorenzo.
Thanks for your reply and test. 


$ iw reg get
global
country US: DFS-FCC
	(2400 - 2483 @ 40), (N/A, 30), (N/A)
	(5150 - 5250 @ 80), (N/A, 23), (N/A), AUTO-BW
	(5250 - 5350 @ 80), (N/A, 23), (0 ms), DFS, AUTO-BW
	(5470 - 5730 @ 160), (N/A, 23), (0 ms), DFS
	(5730 - 5850 @ 80), (N/A, 30), (N/A)
	(57240 - 71000 @ 2160), (N/A, 40), (N/A)

$ sudo hcxdumptool -i wlp3s0f0u2 --check_injection -s 2
initialization...
starting packet injection test (that can take up to two minutes)...
warning: no PROBERESPONSE received - packet injection is probably not working!

terminating...

Now it looks more like a CRDA issue, than a driver issue
$ cat /sys/module/cfg80211/parameters/ieee80211_regdom
00

Please close this issue report, I'l do some more investigations.

Thanks.
Regards
Mike

@lorenzo
At least you pointed me into the right direction. Regulatory domain is no longer ignored and everything is working as expected.
Now, I think about it to set regulatory domain by hcxdumptool (not by iw and without using NETLINK messages).

BTW:
The mt76 driver code is amazing and impressive. Everything is working like a charm. You're doing a great job, maintaining this driver.

Regards
Mike