Bug 267947

Summary:	Can't decode ssid - duplicate SSID Element in Beacon
Product:	Base System	Reporter:	Tom Jones <thj>
Component:	wireless	Assignee:	Bjoern A. Zeeb <bz>
Status:	Closed Not A Bug
Severity:	Affects Only Me	CC:	bz
Priority:	---
Version:	CURRENT
Hardware:	Any
OS:	Any

Description Tom Jones freebsd_committer

2022-11-23 15:44:03 UTC

After some power outages and maybe an isp update iwlwifi in my Framework (12th Gen) is unable to decode the ssid of my home network. Oddly it is able to decode other ssids, verified by connecting to other networks including my phone.

Instead the ifconfig and wpa_supplicant output contains a hex string.

This doesn't appear to be an 80211 issue as a usb rtwn device in the same machine is able to see the network and connect. I have a pcap of beacons from the device and I can clearly see the ssid in the hexdump so the traffic is arriving.

The pcap is in my home directory on freefall (/home/thj/iwlwifi-beacons.pcap), but for reasons that are hopefully obvious I don't want to attach it here.

Some facts from the system:

$ ifconfig wlan0
wlan0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	ether 04:cf:4b:1e:ca:e9
	groups: wlan
	ssid "" channel 1 (2412 MHz 11g)
	regdomain FCC country US authmode WPA1+WPA2/802.11i privacy MIXED
	deftxkey UNDEF txpower 30 bmiss 7 scanvalid 60 protmode CTS wme
	roaming MANUAL
	parent interface: iwlwifi0
	media: IEEE 802.11 Wireless Ethernet autoselect (autoselect)
	status: no carrier
	nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
$ ifconfig wlan1
wlan1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
	ether 74:da:38:8b:bf:34
	groups: wlan
	ssid BTWi-fi channel 6 (2437 MHz 11g ht/20)
	regdomain FCC country US authmode OPEN privacy OFF txpower 30 bmiss 7
	scanvalid 60 protmode CTS ht20 ampdulimit 8k ampdudensity 16 shortgi
	-stbc -ldpc -uapsd wme
	parent interface: rtwn0
	media: IEEE 802.11 Wireless Ethernet autoselect (autoselect)
	status: no carrier
	nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>



$ sudo ifconfig wlan0 scan
SSID/MESH ID                      BSSID              CHAN RATE    S:N     INT CAPS
BTHub6-XXXX                       78:65:59:b7:63:32    6   54M  -79:-96   100 EP   RSN BSSLOAD HTCAP WPS WME
BTWi-fi                           7a:65:59:b7:65:33    6   54M  -87:-96   100 E    BSSLOAD HTCAP WME
0x00e0fca0000000010003            1c:43:63:1e:e6:10    4   54M  -54:-96   100 EPS  HTCAP WME ATH WPS RSN
0x00e0fca0000000010003            1c:43:63:1e:e6:14   36   54M  -57:-96   100 EP   HTCAP VHTCAP VHTOPMODE VHTPWRENV WME ATH WPS RSN

$ sudo ifconfig wlan1 scan
SSID/MESH ID                      BSSID              CHAN RATE    S:N     INT CAPS
BTHub6-XXXX                       78:65:59:b7:63:32    6   54M  -90:-95   100 EP   RSN BSSLOAD HTCAP WPS WME
BTWi-fi                           7a:65:59:b7:65:33    6   54M  -91:-95   100 E    BSSLOAD HTCAP WME
TALKTALKXXXXXX                    1c:43:63:1e:e6:10    4   54M  -78:-95   100 EPS  HTCAP WME ATH WPS RSN


iwlwifi0: <iwlwifi> mem 0x7a200000-0x7a203fff at device 0.0 on pci2
iwlwifi0: successfully loaded firmware image 'iwlwifi-ty-a0-gf-a0-73.ucode'
iwlwifi0: api flags index 2 larger than supported by driver
iwlwifi0: TLV_FW_FSEQ_VERSION: FSEQ Version: 0.0.2.36
iwlwifi0: loaded firmware version 73.35c0a2c6.0 ty-a0-gf-a0-73.ucode op_mode iwlmvm
iwlwifi0: Detected Intel(R) Wi-Fi 6 AX210 160MHz, REV=0x420
iwlwifi0: successfully loaded firmware image 'iwlwifi-ty-a0-gf-a0.pnvm'
iwlwifi0: loaded PNVM version 881c99e1
iwlwifi0: Detected RF GF, rfid=0x10d000
iwlwifi0: base HW address: 04:cf:4b:1e:ca:e9

Comment 1 Bjoern A. Zeeb freebsd_committer

2022-11-23 16:01:01 UTC

Sorry I cannot follow you yet.

wlan1 says ssid BTWi-fi Chan 6.

wlan0 list scan says:

BTWi-fi                           7a:65:59:b7:65:33    6   54M  -87:-96   100 E    BSSLOAD HTCAP WME

wlan1 list scan says:

BTWi-fi                           7a:65:59:b7:65:33    6   54M  -91:-95   100 E    BSSLOAD HTCAP WME

So I assume the problematic one is the TALKTALKXXXXXX ?

Are you running any of the patches for ifconfig to decode UTF-8 or any other changes?

Also why is sharing a pcap with just beacons a problem or does it contain other traffic as well?

Can you drop me an off-list email to clarify details to avoid sharing them publicly and we can work through it?

Comment 2 Bjoern A. Zeeb freebsd_committer

2022-11-23 21:21:37 UTC

This is not iwlwifi specific.

The beacon information from the AP has a Qualcomm Vendor information followed by a second SSID Element at the end which likely is a firmware bug in the AP.  Could be that it turns out that way by accident but is all speculation.  The remaining data did not look like a particular other element with an unset element id.

A quick hack filtering out any second SSID made things work again but that is not a sustainable solution;  in fact we probably want to make sure in the future to drop these kind of beacons.

--- sys/net80211/ieee80211_input.c
+++ sys/net80211/ieee80211_input.c
@@ -565,8 +565,15 @@ ieee80211_parse_beacon(struct ieee80211_node *ni, struct mbuf *m,
                    return (scan->status = IEEE80211_BPARSE_BADIELEN));
                switch (*frm) {
                case IEEE80211_ELEMID_SSID:
-                       scan->ssid = frm;
+               {
+                       if (scan->ssid != 0) {
+                               IEEE80211_DPRINTF(vap, IEEE80211_MSG_ELEMID,
+                                   "%s: duplicate ELEMID_SSID orig %p new %p (ignoring)\n",
+                                   __func__, scan->ssid, frm);
+                       } else
+                               scan->ssid = frm;
                        break;
+               }
                case IEEE80211_ELEMID_RATES:
                        scan->rates = frm;
                        break;


I haven't looked at rtwn yet as-to why they pass the first SSID up and thj sees the right one only there.  Possibly some magic elsewhere?  Would be interesting to write test cases with raw frames and try some others but this would mean access to more wifi or the AP DUT.