Hostap - WEP - Bridge problem?

Jeff Omick jomick at users.sourceforge.net
Sat Apr 26 20:49:05 EDT 2003



Hi,

Not sure how to present this but I have been looking at  this for 
acouple of days now on and
off.

Configuration:
Wireless PC (kauai) ---- 802.11 w/Wep key ----- wlan0- Hostap 
bridging-eth0 ----- Linux machine (Molokai)

I also replaced Kauai with a different pc and an imbedded wireless card 
same fingerprint as below.

The issue is I cannot do a ftp from my wireless PC (kauai) to the Linux 
machine (Molokai) and do a put
or i cannot FTP from molokai to the PC and do a get. (The FTP hangs - 
packet get corrupted)

I think it has to do with buffer allocation or a MTU gets broken because 
if I reduce the MTU the problem goes away.
If you notice the Packet size on the AP it is bigger than 1514 it is 
1522 but only 96 gets captured.
And if you look at the packet traces (Attached below) the payload gets 
truncated at the AP side.
The length of the ftp payload leaving kauai is 1448 bytes and the 
payload on the AP side is only
30 bytes (Rest of packet is lost). Molokai never sees this packet on 
it's ethereal capture.

This issue only occurs when I have the combination of WEP key, 
Hostap(DWL-650), and Bridging.
This issue goes away if I do ANY of the following:
- I turn off WEP (iwconfig wlan0 enc off on ap and turn off wep security 
on kauai)
- I remove bridging and do routing though the hostap machine.
- reduce my MTU (this is why I think it is overloading a buffer somewhere)
- use Hermes_ap (with Orinoco card of course)

I have to tell you that I think the work done here has been fabulous you 
have put
together a great package and I love it.. I am getting by because I 
lowered my MTU
and things work great in that mode, but I thought i would put out this 
finding to help the
cause. 
Software:
hostap-0.0.1.tar.gz
Redhat kernel - 2.4.20
pcmcia-cs-3.2.4.tar.gz
wireless_tools.25.tar.gz

Hardware:
Socket 0:
 product info: "D", "Link DWL-650 11Mbps WLAN Card", "Version 01.02", ""
 manfid: 0x0156, 0x0002
 function: 6 (network)
Socket 1:
 product info: "NETGEAR", "FA410TX", "Fast Ethernet"
 manfid: 0x0149, 0x0230
 function: 6 (network)

Gateway Solo 75Mhz Pentuim

[root at solo wlan]# iwconfig wlan0
wlan0     IEEE 802.11b  ESSID:"OmsNet"  Nickname:"solo"
         Mode:Master  Frequency:2.422GHz  Access Point: 
00:05:5D:EE:73:0F          Bit Rate:2Mb/s   Tx-Power:-1 dBm   
Sensitivity=1/3          Retry min limit:8   RTS thr:off   Fragment thr:off
         Encryption key:3131-3131-31   Encryption mode:restricted
         Power Management:off
         Link Quality:0  Signal level:0  Noise level:0
         Rx invalid nwid:0  Rx invalid crypt:838  Rx invalid frag:0
         Tx excessive retries:915  Invalid misc:208   Missed beacon:0


Thanks for listening
Let me know if there is any other data you would like to see of have me 
test
if you think it would help.

Jeff Omick
jomick at users.sourceforge.net


--------------------------------------------
Packet trace at Kauai side.

Frame 27 (1514 on wire, 1514 captured)
   Arrival Time: Apr 25, 2003 19:00:38.125355000
   Time delta from previous packet: 0.004764000 seconds
   Time relative to first packet: 13.465361000 seconds
   Frame Number: 27
   Packet Length: 1514 bytes
   Capture Length: 1514 bytes
Ethernet II
   Destination: 00:04:5a:72:e0:62 (The_72:e0:62)
   Source: 00:60:1d:04:78:54 (Lucent_04:78:54)
   Type: IP (0x0800)
Internet Protocol, Src Addr: 192.168.0.14 (192.168.0.14), Dst Addr: 
192.168.0.1 (192.168.0.1)
   Version: 4
   Header length: 20 bytes
   Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
       0000 00.. = Differentiated Services Codepoint: Default (0x00)
       .... ..0. = ECN-Capable Transport (ECT): 0
       .... ...0 = ECN-CE: 0
   Total Length: 1500
   Identification: 0x2274
   Flags: 0x04
       .1.. = Don't fragment: Set
       ..0. = More fragments: Not set
   Fragment offset: 0
   Time to live: 128
   Protocol: TCP (0x06)
   Header checksum: 0x5148 (correct)
   Source: 192.168.0.14 (192.168.0.14)
   Destination: 192.168.0.1 (192.168.0.1)
Transmission Control Protocol, Src Port: 1059 (1059), Dst Port: ftp-data 
(20), Seq: 3897295803, Ack: 3505752771
   Source port: 1059 (1059)
   Destination port: ftp-data (20)
   Sequence number: 3897295803
   Next sequence number: 3897297251
   Acknowledgement number: 3505752771
   Header length: 32 bytes
   Flags: 0x0010 (ACK)
       0... .... = Congestion Window Reduced (CWR): Not set
       .0.. .... = ECN-Echo: Not set
       ..0. .... = Urgent: Not set
       ...1 .... = Acknowledgment: Set
       .... 0... = Push: Not set
       .... .0.. = Reset: Not set
       .... ..0. = Syn: Not set
       .... ...0 = Fin: Not set
   Window size: 17520
   Checksum: 0x5ee6 (correct)
   Options: (12 bytes)
       NOP
       NOP
       Time stamp: tsval 117138, tsecr 68369212
FTP Data
   FTP Data: 6/14/2002\t6:06 PM\t\tAdministrator\tKAUAI\tExtracting Zip 
file from stub file, 
C:\DOCUME~1\ADMINI~1\LOCALS~1\TEMP\~SDAT4UP.tmp\DATS\cdex4207.exe.\r\r\n6/14/2002\t6:06 
PM\t\tAdministrator\tKAUAI\tPerforming self validation ...\r\ (it goes 
on when viewing raw data...)

( I Think the print statement of Ethereal did not correctly print the 
data but if you look at ethereal
capture of the raw data you see the hole payload)

-------------------------------------------------------------

Trace of Packet on AP side.

Frame 43 (1522 on wire, 96 captured)
   Arrival Time: Apr 25, 2003 17:58:48.306638000
   Time delta from previous packet: 0.017794000 seconds
   Time relative to first packet: 16.075410000 seconds
   Frame Number: 43
   Packet Length: 1522 bytes
   Capture Length: 96 bytes
Ethernet II
   Destination: 00:04:5a:72:e0:62 (The_72:e0:62)
   Source: 00:60:1d:04:78:54 (Lucent_04:78:54)
   Type: IP (0x0800)
Internet Protocol, Src Addr: 192.168.0.14 (192.168.0.14), Dst Addr: 
192.168.0.1 (192.168.0.1)
   Version: 4
   Header length: 20 bytes
   Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
       0000 00.. = Differentiated Services Codepoint: Default (0x00)
       .... ..0. = ECN-Capable Transport (ECT): 0
       .... ...0 = ECN-CE: 0
   Total Length: 1500
   Identification: 0x2274
   Flags: 0x04
       .1.. = Don't fragment: Set
       ..0. = More fragments: Not set
   Fragment offset: 0
   Time to live: 128
   Protocol: TCP (0x06)
   Header checksum: 0x5148 (correct)
   Source: 192.168.0.14 (192.168.0.14)
   Destination: 192.168.0.1 (192.168.0.1)
Transmission Control Protocol, Src Port: 1059 (1059), Dst Port: ftp-data 
(20), Seq: 3897295803, Ack: 3505752771
   Source port: 1059 (1059)
   Destination port: ftp-data (20)
   Sequence number: 3897295803
   Next sequence number: 3897297251
   Acknowledgement number: 3505752771
   Header length: 32 bytes
   Flags: 0x0010 (ACK)
       0... .... = Congestion Window Reduced (CWR): Not set
       .0.. .... = ECN-Echo: Not set
       ..0. .... = Urgent: Not set
       ...1 .... = Acknowledgment: Set
       .... 0... = Push: Not set
       .... .0.. = Reset: Not set
       .... ..0. = Syn: Not set
       .... ...0 = Fin: Not set
   Window size: 17520
   Checksum: 0x5ee6
   Options: (12 bytes)
       NOP
       NOP
       Time stamp: tsval 117138, tsecr 68369212
FTP Data
   FTP Data: 6/14/2002\t6:06 PM\t\tAdministrat

(Notice the payload is cut off at 30 bytes - that is it looking at the 
print format or raw format)




-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.shmoo.com/pipermail/hostap/attachments/20030426/69d044a9/attachment.htm 


More information about the HostAP mailing list