Bug 198680

Summary: [ath] Specifying "mode 11ng" breaks client connectivity with ath(4)
Product: Base System Reporter: cmb
Component: wirelessAssignee: freebsd-wireless (Nobody) <wireless>
Status: New ---    
Severity: Affects Many People CC: adrian, avos
Priority: ---    
Version: CURRENT   
Hardware: Any   
OS: Any   

Description cmb 2015-03-18 07:00:43 UTC 
Version: 11.0-CURRENT FreeBSD 11.0-CURRENT #0 r279813: Mon Mar  9 16:31:08 UTC 2015

Configure an ath card as a client with "mode 11ng" specified, and it doesn't work. For instance, this rc.conf: 

wlans_ath0="ath0_wlan0"
ifconfig_ath0_wlan0="mode 11ng ssid test_network DHCP"

The interface ends up endlessly stuck at "no carrier". 
ath0_wlan0: flags=8c43<UP,BROADCAST,RUNNING,OACTIVE,SIMPLEX,MULTICAST> metric 0 mtu 1500
	ether 00:80:48:79:99:f2
	inet6 fe80::280:48ff:fe79:99f2%ath0_wlan0 prefixlen 64 scopeid 0x6 
	nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
	media: IEEE 802.11 Wireless Ethernet autoselect mode 11ng (autoselect)
	status: no carrier
	ssid test_network channel 1 (2412 MHz 11b)
	country US ecm authmode OPEN privacy OFF txpower 27 bmiss 7
	scanvalid 60 wme burst bintval 0
	groups: wlan 


Run ifconfig more, and you'll see the channel continues to change over and over. A small sampling: 

	ssid test_network channel 1 (2412 MHz 11g)
	ssid test_network channel 3 (2422 MHz 11g)
	ssid test_network channel 44 (5220 MHz 11a)
	ssid test_network channel 9 (2452 MHz 11g)

It ends up stuck in that state indefinitely. Remove "mode 11ng" from the ifconfig line in rc.conf, 'service netif restart', and it works.
Comment 1 cmb 2015-03-18 07:03:17 UTC 
Forgot to add, this is specific to 11ng only. 11na, 11a, 11g, 11b all seem fine.
Comment 2 Adrian Chadd freebsd_committer freebsd_triage 2015-03-18 07:08:18 UTC 
Ugh, 11g is "special". It's likely something busted in the scan code I "fixed" to fix some other bug.

Ok, thanks. This is more than enough for me to replicate it and figure out what's going on.
Comment 3 cmb 2015-03-18 07:41:39 UTC 
It seems it's not specific to 11ng only, though I think with 11g it only happens if you specify channel "any" (so that's more PR 198556 than this).
Comment 4 Adrian Chadd freebsd_committer freebsd_triage 2015-03-21 07:01:49 UTC 
ok, compile in IEEE80211_DEBUG, then do this with:

wlandebug +scan +assoc

I bet what we'll see is:

Mar 20 23:57:16 lucy-11i386 kernel: - c4:3d:c7:6c:5f:14 c4:3d:c7:6c:5f:14    6!   16  11M!  ess   no  "Sridhar 2.4G (Netgear2)"

.. the SSID is what I'm trying to associate to here.

I bet the scan code is mis-comparing the channels. (ie, the 6!)

What I see is:

Mar 20 23:57:12 lucy-11i386 kernel: wlan1: scan_task: chan   1b ->   6b [active, dwell min 20ms max 200ms]
Mar 20 23:57:12 lucy-11i386 kernel: wlan1: scan_curchan: calling; maxdwell=200
Mar 20 23:57:12 lucy-11i386 kernel: wlan1: scan_task: waiting
Mar 20 23:57:12 lucy-11i386 kernel: [b2:ca:b5:aa:b2:00] new beacon on chan 6 (bss chan 6) "" rssi 16
Mar 20 23:57:12 lucy-11i386 kernel: [b2:ca:b5:aa:b2:00] caps 0x411 bintval 100 erp 0x104 country [US  1-11,20]
Mar 20 23:57:12 lucy-11i386 kernel: [b6:ca:b5:aa:b2:00] new beacon on chan 6 (bss chan 6) "xfinitywifi" rssi 15
Mar 20 23:57:12 lucy-11i386 kernel: [b6:ca:b5:aa:b2:00] caps 0x401 bintval 100 erp 0x104 country [US  1-11,20]
Mar 20 23:57:12 lucy-11i386 kernel: [c4:3d:c7:6c:5f:14] new beacon on chan 6 (bss chan 6) "Sridhar 2.4G (Netgear2)" rssi 15
Mar 20 23:57:12 lucy-11i386 kernel: [c4:3d:c7:6c:5f:14] caps 0x401 bintval 100 erp 0x100
Mar 20 23:57:12 lucy-11i386 kernel: wlan1: ieee80211_swscan_add_scan: chan   6b min dwell met (2401585927 > 2401585885)
Mar 20 23:57:12 lucy-11i386 kernel: wlan1: scan_mindwell: called
Mar 20 23:57:12 lucy-11i386 kernel: wlan1: scan_task: loop start; scandone=0
Mar 20 23:57:12 lucy-11i386 kernel: wlan1: scan_task: chan   6b ->  11b [active, dwell min 20ms max 200ms]

.. ok, so now let's try without the mode:

Mar 20 23:59:09 lucy-11i386 kernel: + c4:3d:c7:6c:5f:14 c4:3d:c7:6c:5f:14    6    14  54M   ess   no  "Sridhar 2.4G (Netgear2)"

.. and it associated.

Mar 20 23:59:05 lucy-11i386 kernel: wlan1: scan_task: chan   1g ->   6g [active, dwell min 20ms max 200ms]
Mar 20 23:59:05 lucy-11i386 kernel: wlan1: scan_curchan: calling; maxdwell=200
Mar 20 23:59:05 lucy-11i386 kernel: wlan1: scan_task: waiting
Mar 20 23:59:05 lucy-11i386 kernel: [c4:3d:c7:6c:5f:14] new probe_resp on chan 6 (bss chan 6) "Sridhar 2.4G (Netgear2)" rssi 14
Mar 20 23:59:05 lucy-11i386 kernel: [c4:3d:c7:6c:5f:14] caps 0x401 bintval 100 erp 0x100
Mar 20 23:59:05 lucy-11i386 kernel: [00:1d:d3:45:f3:f0] new beacon on chan 6 (bss chan 6) "HOME-F3F2" rssi 7
Mar 20 23:59:05 lucy-11i386 kernel: [00:1d:d3:45:f3:f0] caps 0x411 bintval 100 erp 0x104 country [US  1-11,20]
Mar 20 23:59:05 lucy-11i386 kernel: [d8:97:ba:cf:f5:b8] new beacon on chan 6 (bss chan 6) "HOME-72F7-2.4" rssi 20
Mar 20 23:59:05 lucy-11i386 kernel: [d8:97:ba:cf:f5:b8] caps 0x431 bintval 100 erp 0x100 country [US  1-11,30]
Mar 20 23:59:05 lucy-11i386 kernel: [92:87:7c:3b:b5:90] new beacon on chan 6 (bss chan 6) "" rssi 5
Mar 20 23:59:05 lucy-11i386 kernel: [92:87:7c:3b:b5:90] caps 0x411 bintval 100 erp 0x104 country [US  1-11,20]
Mar 20 23:59:05 lucy-11i386 kernel: wlan1: ieee80211_swscan_add_scan: chan   6g min dwell met (2401699610 > 2401699579)
Mar 20 23:59:05 lucy-11i386 kernel: wlan1: scan_mindwell: called
Mar 20 23:59:05 lucy-11i386 kernel: wlan1: scan_task: loop start; scandone=0
Mar 20 23:59:05 lucy-11i386 kernel: wlan1: scan_task: chan   6g ->  11g [active, dwell min 20ms max 200ms]

.. note that it's scanning as 6g now, not 6b.

Mar 21 00:00:40 lucy-11i386 kernel: + c4:3d:c7:6c:5f:14 c4:3d:c7:6c:5f:14    6    15  11M   ess   no  "Sridhar 2.4G (Netgear2)"

with:

Mar 21 00:00:36 lucy-11i386 kernel: wlan1: scan_task: chan   1b ->   6b [active, dwell min 20ms max 200ms]
Mar 21 00:00:36 lucy-11i386 kernel: wlan1: scan_curchan: calling; maxdwell=200
Mar 21 00:00:36 lucy-11i386 kernel: wlan1: scan_task: waiting
Mar 21 00:00:36 lucy-11i386 kernel: [c4:3d:c7:6c:5f:14] new beacon on chan 6 (bss chan 6) "Sridhar 2.4G (Netgear2)" rssi 15
Mar 21 00:00:36 lucy-11i386 kernel: [c4:3d:c7:6c:5f:14] caps 0x401 bintval 100 erp 0x100
Mar 21 00:00:36 lucy-11i386 kernel: wlan1: ieee80211_swscan_add_scan: chan   6b min dwell met (2401789910 > 2401789866)
Mar 21 00:00:36 lucy-11i386 kernel: wlan1: scan_mindwell: called
Mar 21 00:00:36 lucy-11i386 kernel: wlan1: scan_task: loop start; scandone=0
Mar 21 00:00:36 lucy-11i386 kernel: wlan1: scan_task: chan   6b ->  11b [active, dwell min 20ms max 200ms]

.. and that's odd. It's 6b, but it doesn't work this time.

I'll have to go digging into the scan code to see how it's comparing and what flags it's using. Ugh.
Comment 5 cmb 2015-03-24 03:34:57 UTC 
*** Bug 198556 has been marked as a duplicate of this bug. ***
Comment 6 Andriy Voskoboinyk freebsd_committer freebsd_triage 2019-01-27 23:16:51 UTC 
Is it still reproducible after base r343340?