Packet injection on 5GHz is probably not working on mt76x0u devices, while 2.4GHz injection is working fine. kernel: 5.7.7-arch1-1 tested devices: Bus 005 Device 006: ID 0b05:17d1 ASUSTek Computer, Inc. AC51 802.11a/b/g/n/ac Wireless Adapter [Mediatek MT7610U] Bus 005 Device 007: ID 148f:761a Ralink Technology, Corp. MT7610U ("Archer T2U" 2.4G+5G WLAN Adapter 2.4GHz injection test: channels: 1,2,3,4,5,6,7,8,9,10,11,12,13 $ sudo hcxdumptool -i wlp39s0f3u1u1u2 -s 1 --check_injection initialization... starting packet injection test (that can take up to two minutes)... packet injection is working! ratio: 38 to 18 terminating... 5GHz injection test: channels: 36,40,44,48,52,56,60,64,100,104,108,112,116,120,124,128,132,136,140,149,153,157,161,165 $ sudo hcxdumptool -i wlp39s0f3u1u1u2 -s 2 --check_injection initialization... starting packet injection test (that can take up to two minutes)... warning: no PROBERESPONSE received - packet injection is probably not working! terminating... dmesg doesn't show an error: [ 7778.671642] usb 5-1.1.2: USB disconnect, device number 8 [ 7782.506462] usb 5-1.1.2: new high-speed USB device number 9 using xhci_hcd [ 7782.711427] usb 5-1.1.2: New USB device found, idVendor=0b05, idProduct=17d1, bcdDevice= 1.00 [ 7782.711429] usb 5-1.1.2: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 7782.711430] usb 5-1.1.2: Product: WiFi [ 7782.711431] usb 5-1.1.2: Manufacturer: MediaTek [ 7782.711432] usb 5-1.1.2: SerialNumber: 1.0 [ 7782.899864] usb 5-1.1.2: reset high-speed USB device number 9 using xhci_hcd [ 7783.094384] mt76x0u 5-1.1.2:1.0: ASIC revision: 76100002 MAC revision: 76502000 [ 7783.803449] audit: type=1131 audit(1594108631.465:369): pid=1 uid=0 auid=4294967295 ses=4294967295 msg='unit=systemd-rfkill comm="systemd" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' [ 7784.121190] mt76x0u 5-1.1.2:1.0: EEPROM ver:02 fae:01 [ 7784.152801] ieee80211 phy11: Selected rate control algorithm 'minstrel_ht' [ 7784.172411] mt76x0u 5-1.1.2:1.0 wlp39s0f3u1u1u2: renamed from wlan0 ... hcxdumptool start: [ 7791.943188] device wlp39s0f3u1u1u2 entered promiscuous mode ... hcxdumptool stop: [ 7797.627678] device wlp39s0f3u1u1u2 left promiscuous mode ... Wireshark showing outgoing 5GHz packets, but they are not transmitted over the air by the interface. Devices are connected to an USB2 hub, due to xhci issue on USB3 as reported here: https://bugzilla.kernel.org/show_bug.cgi?id=202541 hcxdumptool is available here (latest version): https://github.com/ZerBea/hcxdumptool or via distribution packet manager.
This is the standard Radiotap Header used by hcxdumptool: static const uint8_t hdradiotap[] = { 0x00, 0x00, /* radiotap version and padding */ 0x0e, 0x00, /* radiotap header length */ 0x06, 0x8c, 0x00, 0x00, /* bitmap */ 0x02, /* flags */ 0x02, /* rate */ 0x14, /* tx power */ 0x01, /* antenna */ 0x08, 0x00 /* tx flags */ }; #define HDRRT_SIZE sizeof(hdradiotap) All ioctl() system calls (SIOCGIFFLAGS, SIOCSIFFLAGS, SIOCGIWMODE, SIOCSIWMODE, SIOCGIWFREQ, SIOCSIWFREQ) are working as expected. hcxdumptool is running an PF_PACKET - SOCK_RAW socket.
(In reply to Michael from comment #0) > Packet injection on 5GHz is probably not working on mt76x0u devices, while > 2.4GHz injection is working fine. > > kernel: > 5.7.7-arch1-1 > > tested devices: > Bus 005 Device 006: ID 0b05:17d1 ASUSTek Computer, Inc. AC51 > 802.11a/b/g/n/ac Wireless Adapter [Mediatek MT7610U] > > Bus 005 Device 007: ID 148f:761a Ralink Technology, Corp. MT7610U ("Archer > T2U" 2.4G+5G WLAN Adapter > > 2.4GHz injection test: > channels: 1,2,3,4,5,6,7,8,9,10,11,12,13 > $ sudo hcxdumptool -i wlp39s0f3u1u1u2 -s 1 --check_injection > initialization... > starting packet injection test (that can take up to two minutes)... > packet injection is working! > ratio: 38 to 18 > > terminating... > > > 5GHz injection test: > channels: > 36,40,44,48,52,56,60,64,100,104,108,112,116,120,124,128,132,136,140,149,153, > 157,161,165 > $ sudo hcxdumptool -i wlp39s0f3u1u1u2 -s 2 --check_injection > initialization... > starting packet injection test (that can take up to two minutes)... > warning: no PROBERESPONSE received - packet injection is probably not > working! > > terminating... > > dmesg doesn't show an error: > [ 7778.671642] usb 5-1.1.2: USB disconnect, device number 8 > [ 7782.506462] usb 5-1.1.2: new high-speed USB device number 9 using xhci_hcd > [ 7782.711427] usb 5-1.1.2: New USB device found, idVendor=0b05, > idProduct=17d1, bcdDevice= 1.00 > [ 7782.711429] usb 5-1.1.2: New USB device strings: Mfr=1, Product=2, > SerialNumber=3 > [ 7782.711430] usb 5-1.1.2: Product: WiFi > [ 7782.711431] usb 5-1.1.2: Manufacturer: MediaTek > [ 7782.711432] usb 5-1.1.2: SerialNumber: 1.0 > [ 7782.899864] usb 5-1.1.2: reset high-speed USB device number 9 using > xhci_hcd > [ 7783.094384] mt76x0u 5-1.1.2:1.0: ASIC revision: 76100002 MAC revision: > 76502000 > [ 7783.803449] audit: type=1131 audit(1594108631.465:369): pid=1 uid=0 > auid=4294967295 ses=4294967295 msg='unit=systemd-rfkill comm="systemd" > exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success' > [ 7784.121190] mt76x0u 5-1.1.2:1.0: EEPROM ver:02 fae:01 > [ 7784.152801] ieee80211 phy11: Selected rate control algorithm 'minstrel_ht' > [ 7784.172411] mt76x0u 5-1.1.2:1.0 wlp39s0f3u1u1u2: renamed from wlan0 > ... > hcxdumptool start: > [ 7791.943188] device wlp39s0f3u1u1u2 entered promiscuous mode > ... > hcxdumptool stop: > [ 7797.627678] device wlp39s0f3u1u1u2 left promiscuous mode > ... > > Wireshark showing outgoing 5GHz packets, but they are not transmitted over > the air by the interface. > > > Devices are connected to an USB2 hub, due to xhci issue on USB3 as reported > here: > https://bugzilla.kernel.org/show_bug.cgi?id=202541 > > hcxdumptool is available here (latest version): > https://github.com/ZerBea/hcxdumptool > or via distribution Hi packet manager. Hi Michael, can you please double check you have configured a regdomain that allows active scanning @ 5GHz? [~/workspace/hcxdumptool]$ sudo iw reg set US [~/workspace/hcxdumptool]$ sudo iw reg get global country US: DFS-FCC (2402 - 2472 @ 40), (N/A, 30), (N/A) (5170 - 5250 @ 80), (N/A, 23), (N/A), AUTO-BW (5250 - 5330 @ 80), (N/A, 23), (0 ms), DFS, AUTO-BW (5490 - 5730 @ 160), (N/A, 23), (0 ms), DFS (5735 - 5835 @ 80), (N/A, 30), (N/A) (57240 - 71000 @ 2160), (N/A, 40), (N/A) [~/workspace/hcxdumptool]$ sudo ./hcxdumptool -i wlp0s4u1 -s 2 --check_injection initialization... [ 851.926217] IPv6: ADDRCONF(NETDEV_CHANGE): wlp0s4u1: link becomes ready [ 851.961037] device wlp0s4u1 entered promiscuous mode starting packet injection test (that can take up to two minutes)... packet injection is working! ratio: 24 to 13 terminating... [ 858.457865] device wlp0s4u1 left promiscuous mode [~/workspace/hcxdumptool]$ sudo iw reg set 00 [~/workspace/hcxdumptool]$ sudo iw reg get global country 00: DFS-UNSET (2402 - 2472 @ 40), (N/A, 20), (N/A) (2457 - 2482 @ 20), (N/A, 20), (N/A), AUTO-BW, PASSIVE-SCAN (2474 - 2494 @ 20), (N/A, 20), (N/A), NO-OFDM, PASSIVE-SCAN (5170 - 5250 @ 80), (N/A, 20), (N/A), AUTO-BW, PASSIVE-SCAN (5250 - 5330 @ 80), (N/A, 20), (0 ms), DFS, AUTO-BW, PASSIVE-SCAN (5490 - 5730 @ 160), (N/A, 20), (0 ms), DFS, PASSIVE-SCAN (5735 - 5835 @ 80), (N/A, 20), (N/A), PASSIVE-SCAN (57240 - 63720 @ 2160), (N/A, 0), (N/A) [~/workspace/hcxdumptool]$ sudo ./hcxdumptool -i wlp0s4u1 -s 2 --check_injection initialization... [ 908.610232] IPv6: ADDRCONF(NETDEV_CHANGE): wlp0s4u1: link becomes ready [ 908.650314] device wlp0s4u1 entered promiscuous mode starting packet injection test (that can take up to two minutes)... warning: no PROBERESPONSE received - packet injection is probably not working! terminating... [ 915.588560] device wlp0s4u1 left promiscuous mode [~/workspace/hcxdumptool]$ lsusb Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub Bus 001 Device 002: ID 0b05:17d1 ASUSTek Computer, Inc. AC51 802.11a/b/g/n/ac Wireless Adapter [Mediatek MT7610U] Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub Regards, Lorenzo
Hi Lorenzo. Thanks for your reply and test. $ iw reg get global country US: DFS-FCC (2400 - 2483 @ 40), (N/A, 30), (N/A) (5150 - 5250 @ 80), (N/A, 23), (N/A), AUTO-BW (5250 - 5350 @ 80), (N/A, 23), (0 ms), DFS, AUTO-BW (5470 - 5730 @ 160), (N/A, 23), (0 ms), DFS (5730 - 5850 @ 80), (N/A, 30), (N/A) (57240 - 71000 @ 2160), (N/A, 40), (N/A) $ sudo hcxdumptool -i wlp3s0f0u2 --check_injection -s 2 initialization... starting packet injection test (that can take up to two minutes)... warning: no PROBERESPONSE received - packet injection is probably not working! terminating... Now it looks more like a CRDA issue, than a driver issue $ cat /sys/module/cfg80211/parameters/ieee80211_regdom 00 Please close this issue report, I'l do some more investigations. Thanks. Regards Mike
@lorenzo At least you pointed me into the right direction. Regulatory domain is no longer ignored and everything is working as expected. Now, I think about it to set regulatory domain by hcxdumptool (not by iw and without using NETLINK messages). BTW: The mt76 driver code is amazing and impressive. Everything is working like a charm. You're doing a great job, maintaining this driver. Regards Mike