Closed jules1j closed 6 months ago
Hm. Itβs supposed to be getting that list of frequencies from the interface.
Iβll look into this today and see what might be causing it.
Thank you for the detailed report!
What does iw list show for this interface, including disabled freqs? Iβm traveling but a quick review tells me this may be related to not validating the channels available against channels that are disabled by regulation settings.
After some testing I am almost positive that was the issue and it is resolved in the dev branch, which will become 0.8.4.
Hello, I was getting the same error as OP and saw you recently updated the dev branch. I tried the new version, but it's still crashing. I set up backtrace, but it doesn't seem like it's working. The wireless nic is the only spare one I had that supported 5GHz, but it works fine using the 2.4 band. I have an Alfa AWUS036ACHM coming shortly to test with as well. I posted the image below
Hardware: Raspberry Pi 4
OS: Distributor ID: Kali Description: Kali GNU/Linux Rolling Release: 2023.4 Codename: kali-rolling
Device: Startech USB867WAC22 Chipset: RTL8812AU
Certainly something very wrong happening. Iβll continue to dig into this and hopefully I can reproduce on my end. It able, can you show me the output of band 2 on iw list so I can check which channels are disabled on your system as well?
Is the screenshot below what you are looking for? The screenshot in my previous post shows all supported channels in the 2 band as well. If not let me know how you would like me to run the iw command to give you the proper info you are looking for. Thanks
Sorry! Here's what I mean:
iw phy$(iw wlan1 info | grep wiphy | awk '{print $2}') info
Then the frequencies block associated with Band 2, which shows power and whether it is disabled by the regulatory domain. I'm trying to chase down if this bug is related to disabled channels so it's useful to compare the output of AO with what channels are reporting as disabled. Mine looks like:
also, your regulatory domain doesn't happen to be Japan, does it? Those freqs seem to be from 802.11j and your issue is probably because I'm not handling them well in nl80211-ng yet. I can rush this out if it is the case for you though.
Thanks! for the info. No, my regulatory domain is not Japan. If you need any more info please let me know, Thanks.
Here are the screenshots you requested.
Band 2
Band 5
Thanks! Lookin further into this now; but I think the fix will be a heavier refactor of the underlying library so Iβll push it to AO as soon as Iβm confident in it. Iβll post here to let you know when the dev branch is ready for testing.
I would expect less than a day but Iβm traveling so we will see.
What does iw list show for this interface, including disabled freqs? Iβm traveling but a quick review tells me this may be related to not validating the channels available against channels that are disabled by regulation settings.
$ iw list
Wiphy phy0
wiphy index: 0
max # scan SSIDs: 20
max scan IEs length: 422 bytes
max # sched scan SSIDs: 20
max # match sets: 8
Retry short limit: 7
Retry long limit: 4
Coverage class: 0 (up to 0m)
Device supports RSN-IBSS.
Device supports AP-side u-APSD.
Device supports T-DLS.
Supported Ciphers:
* WEP40 (00-0f-ac:1)
* WEP104 (00-0f-ac:5)
* TKIP (00-0f-ac:2)
* CCMP-128 (00-0f-ac:4)
* GCMP-128 (00-0f-ac:8)
* GCMP-256 (00-0f-ac:9)
* CMAC (00-0f-ac:6)
* GMAC-128 (00-0f-ac:11)
* GMAC-256 (00-0f-ac:12)
Available Antennas: TX 0x1 RX 0x1
Configured Antennas: TX 0x1 RX 0x1
Supported interface modes:
* IBSS
* managed
* AP
* AP/VLAN
* monitor
* P2P-client
* P2P-GO
* P2P-device
Band 1:
Capabilities: 0x196f
RX LDPC
HT20/HT40
SM Power Save disabled
RX HT20 SGI
RX HT40 SGI
RX STBC 1-stream
Max AMSDU length: 7935 bytes
DSSS/CCK HT40
Maximum RX AMPDU length 65535 bytes (exponent: 0x003)
Minimum RX AMPDU time spacing: 4 usec (0x05)
HT Max RX data rate: 150 Mbps
HT TX/RX MCS rate indexes supported: 0-7
Bitrates (non-HT):
* 1.0 Mbps
* 2.0 Mbps (short preamble supported)
* 5.5 Mbps (short preamble supported)
* 11.0 Mbps (short preamble supported)
* 6.0 Mbps
* 9.0 Mbps
* 12.0 Mbps
* 18.0 Mbps
* 24.0 Mbps
* 36.0 Mbps
* 48.0 Mbps
* 54.0 Mbps
Frequencies:
* 2412 MHz [1] (22.0 dBm)
* 2417 MHz [2] (22.0 dBm)
* 2422 MHz [3] (22.0 dBm)
* 2427 MHz [4] (22.0 dBm)
* 2432 MHz [5] (22.0 dBm)
* 2437 MHz [6] (22.0 dBm)
* 2442 MHz [7] (22.0 dBm)
* 2447 MHz [8] (22.0 dBm)
* 2452 MHz [9] (22.0 dBm)
* 2457 MHz [10] (22.0 dBm)
* 2462 MHz [11] (22.0 dBm)
* 2467 MHz [12] (22.0 dBm)
* 2472 MHz [13] (22.0 dBm)
* 2484 MHz [14] (disabled)
Band 2:
Capabilities: 0x196f
RX LDPC
HT20/HT40
SM Power Save disabled
RX HT20 SGI
RX HT40 SGI
RX STBC 1-stream
Max AMSDU length: 7935 bytes
DSSS/CCK HT40
Maximum RX AMPDU length 65535 bytes (exponent: 0x003)
Minimum RX AMPDU time spacing: 4 usec (0x05)
HT Max RX data rate: 150 Mbps
HT TX/RX MCS rate indexes supported: 0-7
VHT Capabilities (0x33907132):
Max MPDU length: 11454
Supported Channel Width: neither 160 nor 80+80
RX LDPC
short GI (80 MHz)
SU Beamformee
MU Beamformee
RX antenna pattern consistency
TX antenna pattern consistency
VHT RX MCS set:
1 streams: MCS 0-9
2 streams: not supported
3 streams: not supported
4 streams: not supported
5 streams: not supported
6 streams: not supported
7 streams: not supported
8 streams: not supported
VHT RX highest supported: 0 Mbps
VHT TX MCS set:
1 streams: MCS 0-9
2 streams: not supported
3 streams: not supported
4 streams: not supported
5 streams: not supported
6 streams: not supported
7 streams: not supported
8 streams: not supported
VHT TX highest supported: 0 Mbps
Bitrates (non-HT):
* 6.0 Mbps
* 9.0 Mbps
* 12.0 Mbps
* 18.0 Mbps
* 24.0 Mbps
* 36.0 Mbps
* 48.0 Mbps
* 54.0 Mbps
Frequencies:
* 5180 MHz [36] (22.0 dBm) (no IR)
* 5200 MHz [40] (22.0 dBm) (no IR)
* 5220 MHz [44] (22.0 dBm) (no IR)
* 5240 MHz [48] (22.0 dBm) (no IR)
* 5260 MHz [52] (22.0 dBm) (no IR, radar detection)
* 5280 MHz [56] (22.0 dBm) (no IR, radar detection)
* 5300 MHz [60] (22.0 dBm) (no IR, radar detection)
* 5320 MHz [64] (22.0 dBm) (no IR, radar detection)
* 5340 MHz [68] (disabled)
* 5360 MHz [72] (disabled)
* 5380 MHz [76] (disabled)
* 5400 MHz [80] (disabled)
* 5420 MHz [84] (disabled)
* 5440 MHz [88] (disabled)
* 5460 MHz [92] (disabled)
* 5480 MHz [96] (disabled)
* 5500 MHz [100] (22.0 dBm) (no IR, radar detection)
* 5520 MHz [104] (22.0 dBm) (no IR, radar detection)
* 5540 MHz [108] (22.0 dBm) (no IR, radar detection)
* 5560 MHz [112] (22.0 dBm) (no IR, radar detection)
* 5580 MHz [116] (22.0 dBm) (no IR, radar detection)
* 5600 MHz [120] (22.0 dBm) (no IR, radar detection)
* 5620 MHz [124] (22.0 dBm) (no IR, radar detection)
* 5640 MHz [128] (22.0 dBm) (no IR, radar detection)
* 5660 MHz [132] (22.0 dBm) (no IR, radar detection)
* 5680 MHz [136] (22.0 dBm) (no IR, radar detection)
* 5700 MHz [140] (22.0 dBm) (no IR, radar detection)
* 5720 MHz [144] (22.0 dBm) (no IR, radar detection)
* 5745 MHz [149] (22.0 dBm)
* 5765 MHz [153] (22.0 dBm)
* 5785 MHz [157] (22.0 dBm)
* 5805 MHz [161] (22.0 dBm)
* 5825 MHz [165] (22.0 dBm)
* 5845 MHz [169] (disabled)
* 5865 MHz [173] (disabled)
* 5885 MHz [177] (disabled)
* 5905 MHz [181] (disabled)
Supported commands:
* new_interface
* set_interface
* new_key
* start_ap
* new_station
* new_mpath
* set_mesh_config
* set_bss
* authenticate
* associate
* deauthenticate
* disassociate
* join_ibss
* join_mesh
* remain_on_channel
* set_tx_bitrate_mask
* frame
* frame_wait_cancel
* set_wiphy_netns
* set_channel
* tdls_mgmt
* tdls_oper
* start_sched_scan
* probe_client
* set_noack_map
* register_beacons
* start_p2p_device
* set_mcast_rate
* connect
* disconnect
* channel_switch
* set_qos_map
* add_tx_ts
* set_multicast_to_unicast
WoWLAN support:
* wake up on disconnect
* wake up on magic packet
* wake up on pattern match, up to 20 patterns of 16-128 bytes,
maximum packet offset 0 bytes
* can do GTK rekeying
* wake up on GTK rekey failure
* wake up on EAP identity request
* wake up on 4-way handshake
* wake up on rfkill release
* wake up on network detection, up to 8 match sets
software interface modes (can always be added):
* AP/VLAN
* monitor
valid interface combinations:
* #{ managed } <= 1, #{ AP, P2P-client, P2P-GO } <= 1, #{ P2P-device } <= 1,
total <= 3, #channels <= 2
HT Capability overrides:
* MCS: ff ff ff ff ff ff ff ff ff ff
* maximum A-MSDU length
* supported channel width
* short GI for 40 MHz
* max A-MPDU length exponent
* min MPDU start spacing
Device supports TX status socket option.
Device supports HT-IBSS.
Device supports SAE with AUTHENTICATE command
Device supports low priority scan.
Device supports scan flush.
Device supports per-vif TX power setting
P2P GO supports CT window setting
P2P GO supports opportunistic powersave setting
Driver supports full state transitions for AP/GO clients
Driver supports a userspace MPM
Driver/device bandwidth changes during BSS lifetime (AP/GO mode)
Device adds DS IE to probe requests
Device can update TPC Report IE
Device supports static SMPS
Device supports dynamic SMPS
Device supports WMM-AC admission (TSPECs)
Device supports configuring vdev MAC-addr on create.
Device supports randomizing MAC-addr in scans.
Device supports randomizing MAC-addr in sched scans.
Device supports randomizing MAC-addr in net-detect scans.
max # scan plans: 2
max scan plan interval: 65535
max scan plan iterations: 254
Supported TX frame types:
* IBSS: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
* managed: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
* AP: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
* AP/VLAN: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
* mesh point: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
* P2P-client: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
* P2P-GO: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
* P2P-device: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
Supported RX frame types:
* IBSS: 0x40 0xb0 0xc0 0xd0
* managed: 0x40 0xb0 0xd0
* AP: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
* AP/VLAN: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
* mesh point: 0xb0 0xc0 0xd0
* P2P-client: 0x40 0xd0
* P2P-GO: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
* P2P-device: 0x40 0xd0
Supported extended features:
* [ VHT_IBSS ]: VHT-IBSS
* [ RRM ]: RRM
* [ MU_MIMO_AIR_SNIFFER ]: MU-MIMO sniffer
* [ SCAN_START_TIME ]: scan start timestamp
* [ BSS_PARENT_TSF ]: BSS last beacon/probe TSF
* [ BEACON_RATE_LEGACY ]: legacy beacon rate setting
* [ FILS_STA ]: STA FILS (Fast Initial Link Setup)
* [ FILS_MAX_CHANNEL_TIME ]: FILS max channel attribute override with dwell time
* [ ACCEPT_BCAST_PROBE_RESP ]: accepts broadcast probe response
* [ OCE_PROBE_REQ_HIGH_TX_RATE ]: probe request TX at high rate (at least 5.5Mbps)
* [ CONTROL_PORT_OVER_NL80211 ]: control port over nl80211
* [ TXQS ]: FQ-CoDel-enabled intermediate TXQs
* [ SCAN_MIN_PREQ_CONTENT ]: use probe request with only rate IEs in scans
* [ ENABLE_FTM_RESPONDER ]: enable FTM (Fine Time Measurement) responder
* [ CONTROL_PORT_NO_PREAUTH ]: disable pre-auth over nl80211 control port support
* [ PROTECTED_TWT ]: protected Target Wake Time (TWT) support
* [ DEL_IBSS_STA ]: deletion of IBSS station support
* [ SCAN_FREQ_KHZ ]: scan on kHz frequency support
* [ CONTROL_PORT_OVER_NL80211_TX_STATUS ]: tx status for nl80211 control port support
@sincere360 It's an early fix and there may be issues but I have rewritten the channel system to be mostly dynamic, based on how iw is doing it.
It's been pushed to the dev branch, I'm hoping it will fix this for good. Let me know how it reacts to those weird channels.
@jules1j I can't say for sure obviously but I am almost positive your issue was fixed when I started checking for disabled channels before adding them. I was able to recreate it locally by messing with my regulatory settings and the fix already implemented on the dev branch fixed it on my end.
I just compiled the latest and it's up and running currently. Will let you know if I run into any bugs. Thank you for looking into it and fixing it.
Sure thing! Let me know.
Describe the bug Program crashes when using --band 5, probably because the interface does not support all channels used by AngryOxide . To Reproduce
Expected behavior Use only channels supported by the interface
Screenshots
Hardware:
Additional context Supported Frequency list from adapter:
Channels that AngryOxide tries to use when --band 5 option is provided: