Bug 32124

Summary: Cannot set 128 bit wep key on prism2 (wi0) cards
Product: Base System Reporter: Nick Sayer <nsayer>
Component: kernAssignee: Warner Losh <imp>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: 4.4-RELEASE   
Hardware: Any   
OS: Any   

Description Nick Sayer 2001-11-20 08:00:02 UTC 
Attempting to set a 128 bit WEP key does not result in the correct key being
set. The exact same sequence of operations with a (Dell OEM) Lucent gold card
works correctly. The equivalent sequence of operations under Windows 2000
with the Netgear card works correctly. I can only conclude that the code to
set a 128 bit WEP key on Prism2 cards under FreeBSD is incorrect.

wicontrol reports the correct value for the key, so the ioctls to read and
write the keys at least are reading and writing the same bit of data.

Traffic snooped off the Ethernet segment connected to the access point show
corrupted frames that seem to match up in length and time to transmissions
from the machine under test. That tells me the key is not being set properly.

How-To-Repeat: 
ifconfig wi0 wepmode on weptxkey 1 wepkey 1:0x00112233445566778899aabbcc

on a prism2 card (with your access point similarly configured, of course).
Comment 1 Brooks Davis freebsd_committer freebsd_triage 2002-03-04 20:05:46 UTC 
State Changed
From-To: open->feedback

I've just MFC'd a set of changes including a possiable fix for this bug. 
Please test with 4.5-STABLE after "Mon, 4 Mar 2002 12:03:57 -0800 (PST)" 
and report success or failure. 

Thanks, 
Brooks
Comment 2 phiber 2002-03-08 23:46:29 UTC 
I have the exact same problem, and was about to file a report when I found
this one.  I'm using an SMC2632W on a Sony VAIO with a 2655 access point.
The setup works fine in Windows on the same machine with WEP enabled, etc.
After applying the aforementioned changes to if_wi.c, etc., that you merged
in from CURRENT, things SORT OF work.  Now, I can ping my access point, which
I couldn't do before at all with WEP enabled, with 0% loss.  However, if I
try to ping, connect, etc., to any machines on my ethernet (or beyond) on the
other side of the access point, maybe one out of fifty packets actually gets
through (as tcpdump on the other side shows).  The same goes for ethernet
traffic bound for my laptop.  I'm guessing that something about the packets
that the wi driver is generating is confusing the access point (maybe) with
respect to WEP-128 being enabled.  I still find it terribly odd though that
I can ping the access point itself from the laptop with no problem, but
packets are just barely getting back and forth to the ethernet on the other
side (almost not at all).
Any further suggestions?

-Mark
Comment 3 Brooks Davis freebsd_committer freebsd_triage 2002-03-18 17:51:06 UTC 
State Changed
From-To: feedback->closed

Fixed in current and stable.
Comment 4 phiber 2002-03-19 02:51:56 UTC 
Not sure why you closed this problem without so much as a response to my
comments, but I just cvs updated to STABLE, and the exact problem as I just
described persists still.  So it isn't fixed in STABLE.
Can you offer any comments/suggestions?

-Mark Abene
Comment 5 Brooks Davis freebsd_committer freebsd_triage 2002-03-19 07:12:08 UTC 
State Changed
From-To: closed->open

Apparently this isn't fixed for at least one person.
Comment 6 brooks 2002-03-19 07:12:58 UTC 
On Mon, Mar 18, 2002 at 09:51:56PM -0500, phiber@radicalmedia.com wrote:
> Not sure why you closed this problem without so much as a response to my
> comments, but I just cvs updated to STABLE, and the exact problem as I just
> described persists still.  So it isn't fixed in STABLE.
> Can you offer any comments/suggestions?

Sorry, I'll heard from someone else that it was fixed.  Apparently not.
I'll reopen it.

-- Brooks
Comment 7 phiber 2002-05-09 07:05:28 UTC 
I recently had some time to experiment with this problem again, and I've
tracked it down: the problem host will totally ignore its response packets
UNLESS the "wi" card (in my case an SMC 2632W) is put into promiscuous-mode.
I found this out by accident, when I ran tcpdump on the problem machine and
noticed that the card magically started working.  So, something is still odd
with the driver, though this is a temporary work around.
The only options I'm setting with wicontrol are -n, -k (with a 128-bit value),
and -e.  In promiscuous-mode, the card now appears to function properly.
Also, I uncovered two more bugs in the driver, which are semi-related:
attempting to use WEP key 2, 3, or 4 results in TOTALLY corrupted packets being
transmitted by the card.  Only key 1 works properly.  The second bug appears
to be improper bounds checking on the value of the "transmit WEP key" setting.
For example, "wicontrol -T 0" will panic the machine, which for some reason
I found humorous at this late hour.  :)
In any event, I hope we can track down the cause of the promiscuous-mode
oddity.

Cheers,
-Mark
Comment 8 phiber 2002-05-12 01:15:35 UTC 
Regarding my last message, now that I've been using my card in FreeBSD for a
few days, I'm noticing pretty awful performance.  Ping flood testing (with 
ping -f) to machines on my local LAN show a near PERFECT 50% packet loss every
single time.  Something definitely wrong in driver land...

Cheers,
-Mark
Comment 9 Warner Losh freebsd_committer freebsd_triage 2003-04-05 08:36:41 UTC 
Responsible Changed
From-To: freebsd-bugs->imp

I'll verify that this is a problem (I have one of the SMC cards 
listed), but if I can't reproduce the problem, I'll need more 
information about cards that have this problem.  I've used wep with 
prism based cards before w/o any problems at all.
Comment 10 Warner Losh freebsd_committer freebsd_triage 2005-01-11 00:54:24 UTC 
State Changed
From-To: open->closed

I'm able to use prism2 based wi cards with 128-bit WEP.  To move 
forward, I'll need more specific information on reproducing the 
problem.