resubmit failed -11

[olijf]

Hi there, I'm on debian trying to get your WPAN kernel module up and running, but It seems I cant get it to work. Using iwpan list I see the adapter etc, but as soon as I try to do something with it nothing happens. In dmesg I found these reports:

[ 7868.825519] usb 1-1: new full-speed USB device number 22 using xhci_hcd
[ 7868.976417] usb 1-1: New USB device found, idVendor=1608, idProduct=154f, bcdDevice= 0.02
[ 7868.976422] usb 1-1: New USB device strings: Mfr=2, Product=3, SerialNumber=1
[ 7868.976424] usb 1-1: Product: CC2531 USB WPAN Adapter
[ 7868.976426] usb 1-1: Manufacturer: Andreas Rosvall
[ 7868.976427] usb 1-1: SerialNumber: 00124B001CCC9ECA
[ 7868.984308] cc2531 1-1:1.0: read permanent extended address: 00124b001ccc9eca
[ 7868.984547] cc2531 1-1:1.0: CC2531 firmware version: 0.2-next-ff9876f-20240225
[ 7869.083040] cc2531 1-1:1.0: resubmit failed: -11
[ 7870.109509] cc2531 1-1:1.0: resubmit failed: -11
[ 7871.133497] cc2531 1-1:1.0: resubmit failed: -11
[ 7872.157515] cc2531 1-1:1.0: resubmit failed: -11
[ 7873.133741] xhci_hcd 0000:00:14.0: dma_pool_free buffer-128, 0000000038f50651/0xffffffffffffffff (bad dma)
[ 7873.133748] xhci_hcd 0000:00:14.0: dma_pool_free buffer-128, 00000000f7394a86/0xffffffffffffffff (bad dma)
[ 7873.133750] xhci_hcd 0000:00:14.0: dma_pool_free buffer-128, 000000002c964d15/0xffffffffffffffff (bad dma)
[ 7873.133752] xhci_hcd 0000:00:14.0: dma_pool_free buffer-128, 0000000065b3ed29/0xffffffffffffffff (bad dma)
[ 7873.373783] usb 1-1: reset full-speed USB device number 22 using xhci_hcd
[ 7873.801741] usb 1-1: reset full-speed USB device number 22 using xhci_hcd
[ 8063.217749] usb 1-1: reset full-speed USB device number 22 using xhci_hcd
[ 8069.169723] usb 1-1: reset full-speed USB device number 22 using xhci_hcd
[ 8069.893872] usb 1-1: reset full-speed USB device number 22 using xhci_hcd
[ 8120.405882] usb 1-1: reset full-speed USB device number 22 using xhci_hcd
[ 8120.555602] cc2531 1-1:1.0: read permanent extended address: 00124b001ccc9eca
[ 8120.555943] cc2531 1-1:1.0: CC2531 firmware version: 0.2-next-ff9876f-20240225
[ 8120.584828] cc2531 1-1:1.0: resubmit failed: -11
[ 8121.601482] cc2531 1-1:1.0: resubmit failed: -11
[ 8122.625439] cc2531 1-1:1.0: resubmit failed: -11
[ 8123.417756] xhci_hcd 0000:00:14.0: dma_pool_free buffer-128, 000000006d5d9de9/0xffffffffffffffff (bad dma)
[ 8123.417762] xhci_hcd 0000:00:14.0: dma_pool_free buffer-128, 00000000c19cf191/0xffffffffffffffff (bad dma)
[ 8123.417764] xhci_hcd 0000:00:14.0: dma_pool_free buffer-128, 00000000d4459b45/0xffffffffffffffff (bad dma)
[ 8123.653874] usb 1-1: reset full-speed USB device number 22 using xhci_hcd
[ 8124.065873] usb 1-1: reset full-speed USB device number 22 using xhci_hcd
[ 8241.169811] usb 1-1: reset full-speed USB device number 22 using xhci_hcd

So maybe its something wrong with the kernel module?

To test if it is my os I created a VM with Ubuntu 24.04 and everything seems to work fine in there by doing the following:

sudo apt update
sudo apt install dfu-util wpan-tools git binutils 
uname -r
sudo apt install linux-headers-$(uname -r)
git clone https://github.com/rosvall/cc2531_linux.git
cd cc2531_linux/
make
sudo make modules_install
ls /lib/modules/6.8.0-38-generic/updates/cc2531.ko 
modinfo /lib/modules/6.8.0-38-generic/updates/cc2531.ko
sudo su
echo cc2531 > /etc/modules-load.d/cc2531.conf

after which I rebooted, and forwarded the dongle to the VM. Using Wireshark I was able to sniff after putting it in monitor mode.

What am I doing wrong on my host os? Why can I not get it to work there?

HOST Specifics: OS: Debian bookworm uname -r: 6.1.0-23-amd64 Secure boot enabled (signed the module using this)

Guest: OS: Ubuntu 2404 uname -r: 6.8.0-38-generic no secure boot

Could it be the secure boot? Or the older version of my kernel?

Thank you in advance.

[rosvall]

I don't think secure boot has much to do with it. FWIW, I think I've used both linux 6.1 and 6.8 without problems. Most likely, I'm just doing something wrong in this kernel module, and I'd like to fix that.

If you enable additional debug output from the kernel module with

# After the cc2531 module is loaded, as root
echo module cc2531 +p > /sys/kernel/debug/dynamic_debug/control

then dmesg might give us another clue as to what goes wrong.

[rosvall]

It's pretty weird that it works in a VM with USB pass-through but not on the host.

[olijf]

Is there some other way to enable the debug messages since I am on secure boot I cant enable the debug that way... debugfs access is restricted; see man kernel_lockdown.7

[olijf]

I did this

modprobe cc2531 dyndbg==pmf 
dmesg -w

produces

[30686.282245] usbcore: deregistering interface driver cc2531
[30686.357548] xhci_hcd 0000:00:14.0: dma_pool_free buffer-32, 00000000ad7dc920/0xffffffffffffffff (bad dma)
[30686.357555] xhci_hcd 0000:00:14.0: dma_pool_free buffer-32, 00000000bd3a16ab/0xffffffffffffffff (bad dma)
[30686.357558] xhci_hcd 0000:00:14.0: dma_pool_free buffer-32, 00000000f0214bee/0xffffffffffffffff (bad dma)
[30686.357560] xhci_hcd 0000:00:14.0: dma_pool_free buffer-128, 000000003bc10b3f/0xffffffffffffffff (bad dma)
[30686.357562] xhci_hcd 0000:00:14.0: dma_pool_free buffer-128, 00000000ee4597fa/0xffffffffffffffff (bad dma)
[30686.357564] xhci_hcd 0000:00:14.0: dma_pool_free buffer-128, 000000007d96042d/0xffffffffffffffff (bad dma)
[30686.357566] xhci_hcd 0000:00:14.0: dma_pool_free buffer-128, 0000000076287281/0xffffffffffffffff (bad dma)
[30686.357568] xhci_hcd 0000:00:14.0: dma_pool_free buffer-32, 000000005c4394a9/0xffffffffffffffff (bad dma)
[30713.239076] cc2531 1-1:1.0: read permanent extended address: 00124b001ccc9eca
[30713.239287] cc2531 1-1:1.0: CC2531 firmware version: 0.2-next-ff9876f-20240225
[30713.239401] cc2531:cc2531_configure_chip: cc2531 1-1:1.0: current channel: 11
[30713.239484] cc2531:cc2531_configure_chip: cc2531 1-1:1.0: current TX power: 450 mBm
[30713.239568] cc2531:cc2531_configure_chip: cc2531 1-1:1.0: current CCA energy: -8400 mBm
[30713.239688] cc2531:cc2531_configure_chip: cc2531 1-1:1.0: current CCA mode: 3
[30713.240400] usbcore: registered new interface driver cc2531
[30713.269222] cc2531:cc2531_set_promiscuous_mode: cc2531 1-1:1.0: promiscous mode: 0
[30713.269502] cc2531:cc2531_set_hw_addr_filt: cc2531 1-1:1.0: hw filter: PAN: 0xffff
[30713.269628] cc2531:cc2531_set_hw_addr_filt: cc2531 1-1:1.0: hw filter: Extended address: 00124b001ccc9eca
[30713.269748] cc2531:cc2531_set_hw_addr_filt: cc2531 1-1:1.0: hw filter: Address: 0xffff
[30713.269862] cc2531:cc2531_set_csma_params: cc2531 1-1:1.0: CSMA params: min_be: 3 max_be: 5 be_retries: 4
[30713.269946] cc2531:cc2531_set_frame_retries: cc2531 1-1:1.0: setting frame retries: 3
[30713.269951] cc2531:cc2531_start: cc2531 1-1:1.0: START
[30713.269959] cc2531:cc2531_resubmit_idle_urbs: cc2531 1-1:1.0: resubmitting later...
[30713.269962] cc2531 1-1:1.0: resubmit failed: -11
[30714.297113] cc2531:cc2531_resubmit_idle_urbs: cc2531 1-1:1.0: resubmitting later...
[30714.297120] cc2531 1-1:1.0: resubmit failed: -11
[30715.317374] cc2531:cc2531_resubmit_idle_urbs: cc2531 1-1:1.0: resubmitting later...
[30715.317389] cc2531 1-1:1.0: resubmit failed: -11
[30716.345164] cc2531:cc2531_resubmit_idle_urbs: cc2531 1-1:1.0: resubmitting later...
[30716.345180] cc2531 1-1:1.0: resubmit failed: -11
[30717.365169] cc2531:cc2531_resubmit_idle_urbs: cc2531 1-1:1.0: resubmitting later...
[30717.365188] cc2531 1-1:1.0: resubmit failed: -11
[30718.389362] cc2531:cc2531_resubmit_idle_urbs: cc2531 1-1:1.0: resubmitting later...
[30718.389378] cc2531 1-1:1.0: resubmit failed: -11
[30719.413402] cc2531:cc2531_resubmit_idle_urbs: cc2531 1-1:1.0: resubmitting later...
[30719.413419] cc2531 1-1:1.0: resubmit failed: -11
[30720.437122] cc2531:cc2531_resubmit_idle_urbs: cc2531 1-1:1.0: resubmitting later...
[30720.437143] cc2531 1-1:1.0: resubmit failed: -11
....
etc

[rosvall]

Neat trick, i didn't know you could specify dyndbg as a module parm.

I think I've traced the -11 (-EAGAIN) back to

// in drivers/usb/core/hcd.c:1420 int usb_hcd_map_urb_for_dma(struct usb_hcd *hcd, struct urb *urb, gfp_t mem_flags)
            if (dma_mapping_error(hcd->self.sysdev,
                        urb->setup_dma))
                return -EAGAIN;

which also seems relevant to your

[30686.357548] xhci_hcd 0000:00:14.0: dma_pool_free buffer-32, 00000000ad7dc920/0xffffffffffffffff (bad dma)

So i guess I'll have to look into how I'm causing a DMA error...

[rosvall]

Do you have a warning like transfer buffer is on stack in your dmesg somewhere?

[olijf]

Would it help to try it on different USB ports?

I guess not...

32370.642570] usb 1-1: USB disconnect, device number 56
[32370.643094] cc2531:cc2531_stop: cc2531 1-1:1.0: STOP
[32370.643105] cc2531 1-1:1.0: usb_control_msg_send error -19
[32370.718147] cc2531:cc2531_delete: cc2531 1-1:1.0: cc2531_delete
[32370.718155] xhci_hcd 0000:00:14.0: dma_pool_free buffer-128, 00000000798c558d/0xffffffffffffffff (bad dma)
[32370.718164] cc2531:cc2531_delete: cc2531 1-1:1.0: freed urb 00000000b450d7c8
[32370.718168] xhci_hcd 0000:00:14.0: dma_pool_free buffer-32, 000000009797f233/0xffffffffffffffff (bad dma)
[32370.718174] cc2531:cc2531_delete: cc2531 1-1:1.0: freed urb 000000004896938e
[32370.718177] xhci_hcd 0000:00:14.0: dma_pool_free buffer-32, 000000008af65397/0xffffffffffffffff (bad dma)
[32370.718181] cc2531:cc2531_delete: cc2531 1-1:1.0: freed urb 0000000001177bca
[32370.718184] xhci_hcd 0000:00:14.0: dma_pool_free buffer-32, 000000009edb77f9/0xffffffffffffffff (bad dma)
[32370.718189] cc2531:cc2531_delete: cc2531 1-1:1.0: freed urb 000000000be0ea07
[32370.718192] xhci_hcd 0000:00:14.0: dma_pool_free buffer-32, 000000008f1260b4/0xffffffffffffffff (bad dma)
[32370.718196] cc2531:cc2531_delete: cc2531 1-1:1.0: freed urb 000000002103c586
[32370.718199] xhci_hcd 0000:00:14.0: dma_pool_free buffer-128, 0000000060b9ba9d/0xffffffffffffffff (bad dma)
[32370.718203] cc2531:cc2531_delete: cc2531 1-1:1.0: freed urb 0000000070de994b
[32370.718205] xhci_hcd 0000:00:14.0: dma_pool_free buffer-128, 0000000087982540/0xffffffffffffffff (bad dma)
[32370.718210] cc2531:cc2531_delete: cc2531 1-1:1.0: freed urb 00000000f03cd02f
[32370.718212] xhci_hcd 0000:00:14.0: dma_pool_free buffer-128, 00000000ae0085aa/0xffffffffffffffff (bad dma)
[32370.718216] cc2531:cc2531_delete: cc2531 1-1:1.0: freed urb 00000000704b20e5
[32370.718223] cc2531:cc2531_delete: cc2531 1-1:1.0: cc2531_delete done
[32370.718225] cc2531:cc2531_disconnect: cc2531 1-1:1.0: cc2531_disconnect done
[32373.710385] usb 1-4.3: new full-speed USB device number 59 using xhci_hcd
[32373.814532] usb 1-4.3: New USB device found, idVendor=1608, idProduct=154f, bcdDevice= 0.02
[32373.814549] usb 1-4.3: New USB device strings: Mfr=2, Product=3, SerialNumber=1
[32373.814557] usb 1-4.3: Product: CC2531 USB WPAN Adapter
[32373.814562] usb 1-4.3: Manufacturer: Andreas Rosvall
[32373.814567] usb 1-4.3: SerialNumber: 00124B001CCC9ECA
[32373.820984] cc2531 1-4.3:1.0: read permanent extended address: 00124b001ccc9eca
[32373.826973] cc2531 1-4.3:1.0: CC2531 firmware version: 0.2-next-ff9876f-20240225
[32373.827244] cc2531:cc2531_configure_chip: cc2531 1-4.3:1.0: current channel: 11
[32373.827454] cc2531:cc2531_configure_chip: cc2531 1-4.3:1.0: current TX power: 450 mBm
[32373.827714] cc2531:cc2531_configure_chip: cc2531 1-4.3:1.0: current CCA energy: -8400 mBm
[32373.827971] cc2531:cc2531_configure_chip: cc2531 1-4.3:1.0: current CCA mode: 3
[32373.916573] cc2531:cc2531_set_promiscuous_mode: cc2531 1-4.3:1.0: promiscous mode: 0
[32373.916751] cc2531:cc2531_set_hw_addr_filt: cc2531 1-4.3:1.0: hw filter: PAN: 0xffff
[32373.916906] cc2531:cc2531_set_hw_addr_filt: cc2531 1-4.3:1.0: hw filter: Extended address: 00124b001ccc9eca
[32373.917058] cc2531:cc2531_set_hw_addr_filt: cc2531 1-4.3:1.0: hw filter: Address: 0xffff
[32373.917211] cc2531:cc2531_set_csma_params: cc2531 1-4.3:1.0: CSMA params: min_be: 3 max_be: 5 be_retries: 4
[32373.917357] cc2531:cc2531_set_frame_retries: cc2531 1-4.3:1.0: setting frame retries: 3
[32373.917361] cc2531:cc2531_start: cc2531 1-4.3:1.0: START
[32373.917367] cc2531:cc2531_resubmit_idle_urbs: cc2531 1-4.3:1.0: resubmitting later...
[32373.917371] cc2531 1-4.3:1.0: resubmit failed: -11
[32374.938165] cc2531:cc2531_resubmit_idle_urbs: cc2531 1-4.3:1.0: resubmitting later...
[32374.938180] cc2531 1-4.3:1.0: resubmit failed: -11
[32375.962182] cc2531:cc2531_resubmit_idle_urbs: cc2531 1-4.3:1.0: resubmitting later...
[32375.962196] cc2531 1-4.3:1.0: resubmit failed: -11
[32376.986120] cc2531:cc2531_resubmit_idle_urbs: cc2531 1-4.3:1.0: resubmitting later...
[32376.986125] cc2531 1-4.3:1.0: resubmit failed: -11
[32378.014134] cc2531:cc2531_resubmit_idle_urbs: cc2531 1-4.3:1.0: resubmitting later...
[32378.014157] cc2531 1-4.3:1.0: resubmit failed: -11
[32379.034333] cc2531:cc2531_resubmit_idle_urbs: cc2531 1-4.3:1.0: resubmitting later...
[32379.034350] cc2531 1-4.3:1.0: resubmit failed: -11
[32380.058121] cc2531:cc2531_resubmit_idle_urbs: cc2531 1-4.3:1.0: resubmitting later...
[32380.058142] cc2531 1-4.3:1.0: resubmit failed: -11
[32381.082367] cc2531:cc2531_resubmit_idle_urbs: cc2531 1-4.3:1.0: resubmitting later...
[32381.082384] cc2531 1-4.3:1.0: resubmit failed: -11
[32382.106362] cc2531:cc2531_resubmit_idle_urbs: cc2531 1-4.3:1.0: resubmitting later...
[32382.106376] cc2531 1-4.3:1.0: resubmit failed: -11

Could those DMA error come from the fact that I removed (modprobe -r cc2531) the module (line 1)

[olijf]

Anyway, from within the VM there is also some warning:

[13866.790313] usbcore: deregistering interface driver cc2531
[13876.874113] cc2531 1-2:1.0: read permanent extended address: 00124b001ccc9eca
[13876.878564] cc2531 1-2:1.0: CC2531 firmware version: 0.2-next-ff9876f-20240225
[13876.886693] cc2531:cc2531_configure_chip: cc2531 1-2:1.0: current channel: 11
[13876.891298] cc2531:cc2531_configure_chip: cc2531 1-2:1.0: current TX power: 450 mBm
[13876.895846] cc2531:cc2531_configure_chip: cc2531 1-2:1.0: current CCA energy: -8400 mBm
[13876.900285] cc2531:cc2531_configure_chip: cc2531 1-2:1.0: current CCA mode: 3
[13876.901125] usbcore: registered new interface driver cc2531
[13876.937990] cc2531:cc2531_set_csma_params: cc2531 1-2:1.0: CSMA params: min_be: 3 max_be: 5 be_retries: 4
[13876.946583] cc2531:cc2531_set_frame_retries: cc2531 1-2:1.0: setting frame retries: 3
[13876.946591] cc2531:cc2531_set_hw_addr_filt: cc2531 1-2:1.0: hw filter: PAN: 0xffff
[13876.950917] cc2531:cc2531_set_hw_addr_filt: cc2531 1-2:1.0: hw filter: Address: 0xffff
[13876.955427] cc2531:cc2531_set_hw_addr_filt: cc2531 1-2:1.0: hw filter: Extended address: 00124b001ccc9eca
[13876.960485] cc2531:cc2531_set_promiscuous_mode: cc2531 1-2:1.0: promiscous mode: 0
[13876.965309] cc2531:cc2531_start: cc2531 1-2:1.0: START
[13876.965317] cc2531:cc2531_resubmit_idle_urbs: cc2531 1-2:1.0: resubmitting later...
[13907.048799] cc2531:cc2531_stop: cc2531 1-2:1.0: STOP
[13907.060363] cc2531:cc2531_urb_done: cc2531 1-2:1.0: urb dead: -2
[13907.061514] cc2531:cc2531_urb_done: cc2531 1-2:1.0: urb dead: -2
[13907.062538] cc2531:cc2531_urb_done: cc2531 1-2:1.0: urb dead: -2
[13907.064812] cc2531:cc2531_urb_done: cc2531 1-2:1.0: urb dead: -2
[13907.066803] cc2531:cc2531_urb_done: cc2531 1-2:1.0: urb dead: -2
[13907.068898] cc2531:cc2531_urb_done: cc2531 1-2:1.0: urb dead: -2
[13907.070885] cc2531:cc2531_urb_done: cc2531 1-2:1.0: urb dead: -2
[13907.073008] cc2531:cc2531_urb_done: cc2531 1-2:1.0: urb dead: -2
[13907.108462] cc2531:cc2531_set_csma_params: cc2531 1-2:1.0: CSMA params: min_be: 3 max_be: 5 be_retries: 4
[13907.114000] cc2531:cc2531_set_frame_retries: cc2531 1-2:1.0: setting frame retries: 3
[13907.114006] cc2531:cc2531_set_hw_addr_filt: cc2531 1-2:1.0: hw filter: PAN: 0xffff
[13907.122993] cc2531:cc2531_set_hw_addr_filt: cc2531 1-2:1.0: hw filter: Address: 0xffff
[13907.125695] cc2531:cc2531_set_hw_addr_filt: cc2531 1-2:1.0: hw filter: Extended address: 00124b001cdd273d
[13907.130169] cc2531:cc2531_set_promiscuous_mode: cc2531 1-2:1.0: promiscous mode: 0
[13907.134327] cc2531:cc2531_start: cc2531 1-2:1.0: START
[13907.134360] cc2531:cc2531_resubmit_idle_urbs: cc2531 1-2:1.0: resubmitting later...
[13907.151500] ieee802154 phy7 wpan0: entered promiscuous mode
[13907.159072] cc2531:cc2531_xmit: cc2531 1-2:1.0: xmit tx_skb: 00000000dbc81166
[13907.159087] cc2531:cc2531_do_tx_work: cc2531 1-2:1.0: do_tx_work tx_skb: 00000000dbc81166
[13907.159090] cc2531:cc2531_send_pkt: cc2531 1-2:1.0: sending pkt
[13907.172532] cc2531:cc2531_int_received: cc2531 1-2:1.0: int status: 0
[13907.172742] cc2531:cc2531_transmit_once: cc2531 1-2:1.0: transmitted ok
[13907.172911] cc2531:cc2531_do_tx_work: cc2531 1-2:1.0: tx complete
[13909.164364] ieee802154 phy7 wpan0: left promiscuous mode
[13909.287351] ieee802154 phy7 wpan0: entered promiscuous mode
[13909.298901] cc2531:cc2531_xmit: cc2531 1-2:1.0: xmit tx_skb: 000000005155270c
[13909.298964] cc2531:cc2531_do_tx_work: cc2531 1-2:1.0: do_tx_work tx_skb: 000000005155270c
[13909.298978] cc2531:cc2531_send_pkt: cc2531 1-2:1.0: sending pkt
[13909.318115] cc2531:cc2531_int_received: cc2531 1-2:1.0: int status: 0
[13909.318938] cc2531:cc2531_transmit_once: cc2531 1-2:1.0: transmitted ok
[13909.318955] cc2531:cc2531_do_tx_work: cc2531 1-2:1.0: tx complete
[13911.330626] ieee802154 phy7 wpan0: left promiscuous mode

but that could be due to USB forwarding.

Those URB dead come way more often btw.

[rosvall]

The urb dead: -2 after STOP isn't an error.

I suspect that the coherent dma buffer stuff i did might have been a premature optimization that I'll have to undo... I'll get back to it a bit later.

[rosvall]

Glancing at the kernel docs, it seems i missed setting a transfer_buffer flag. I've pushed a commit that seems to fix it, if you'd like to try.

It fixed a problem that looked very much like yours on an ARM based machine.

[olijf]

Seems to be working now :+1:

Thanks for the quick fix!

[34766.367114] usb 1-1: new full-speed USB device number 64 using xhci_hcd
[34766.519011] usb 1-1: New USB device found, idVendor=1608, idProduct=154f, bcdDevice= 0.02
[34766.519026] usb 1-1: New USB device strings: Mfr=2, Product=3, SerialNumber=1
[34766.519033] usb 1-1: Product: CC2531 USB WPAN Adapter
[34766.519038] usb 1-1: Manufacturer: Andreas Rosvall
[34766.519042] usb 1-1: SerialNumber: 00124B001CCC9ECA
[34766.521553] cc2531 1-1:1.0: read permanent extended address: 00124b001ccc9eca
[34766.521780] cc2531 1-1:1.0: CC2531 firmware version: 0.2-next-ff9876f-20240225
[34766.521978] cc2531:cc2531_configure_chip: cc2531 1-1:1.0: current channel: 11
[34766.522165] cc2531:cc2531_configure_chip: cc2531 1-1:1.0: current TX power: 450 mBm
[34766.522353] cc2531:cc2531_configure_chip: cc2531 1-1:1.0: current CCA energy: -8400 mBm
[34766.522471] cc2531:cc2531_configure_chip: cc2531 1-1:1.0: current CCA mode: 3
[34766.601210] cc2531:cc2531_set_promiscuous_mode: cc2531 1-1:1.0: promiscous mode: 0
[34766.601307] cc2531:cc2531_set_hw_addr_filt: cc2531 1-1:1.0: hw filter: PAN: 0xffff
[34766.601480] cc2531:cc2531_set_hw_addr_filt: cc2531 1-1:1.0: hw filter: Extended address: 00124b001ccc9eca
[34766.601595] cc2531:cc2531_set_hw_addr_filt: cc2531 1-1:1.0: hw filter: Address: 0xffff
[34766.601706] cc2531:cc2531_set_csma_params: cc2531 1-1:1.0: CSMA params: min_be: 3 max_be: 5 be_retries: 4
[34766.601774] cc2531:cc2531_set_frame_retries: cc2531 1-1:1.0: setting frame retries: 3
[34766.601778] cc2531:cc2531_start: cc2531 1-1:1.0: START
[34766.601785] cc2531:cc2531_resubmit_idle_urbs: cc2531 1-1:1.0: resubmitting later...
[34779.703411] cc2531:cc2531_pkt_received: cc2531 1-1:1.0: pkt_received 00000000ec0fb9f1 10
[34789.753838] cc2531:cc2531_pkt_received: cc2531 1-1:1.0: pkt_received 0000000081178b9f 10

On another note, I am trying to send Zigbee over the iface using Scapy. I want to do packet fuzzing. Is there any other way that might be recommended?

Tnx.

[olijf]

One more question: When I run it in monitor mode to sniff traffic into wireshark I get it to work...

(python-venv) olaf@olaf-werkomgeving:~/wpan/wpan-testerij$ sudo iwpan phy0 interface add monitor0 type monitor
(python-venv) olaf@olaf-werkomgeving:~/wpan/wpan-testerij$ sudo iwpan dev
phy#0
    Interface monitor0
        ifindex 8
        wpan_dev 0x2
        extended_addr 0x0000000000000000
        short_addr 0xffff
        pan_id 0xffff
        type monitor
        max_frame_retries 3
        min_be 3
        max_be 5
        max_csma_backoffs 4
        lbt 0
        ackreq_default 0
(python-venv) olaf@olaf-werkomgeving:~/wpan/wpan-testerij$ sudo ip link set monitor0 up

Why can I not add a coordinator? Am I missing some module?

(python-venv) olaf@olaf-werkomgeving:~/wpan/wpan-testerij$ sudo iwpan dev wpan0 del
(python-venv) olaf@olaf-werkomgeving:~/wpan/wpan-testerij$ sudo iwpan dev
(python-venv) olaf@olaf-werkomgeving:~/wpan/wpan-testerij$ sudo iwpan phy phy1 interface add wpan0 type coordinator 00:12:4b:00:1c:cc:9e:ca
command failed: Invalid argument (-22)

But a node works!

(python-venv) olaf@olaf-werkomgeving:~/wpan/wpan-testerij$ sudo iwpan phy phy1 interface add wpan0 type node 00:12:4b:00:1c:cc:9e:ca

What is going on here?

Also, what other use cases does linux wpan bring us?

[rosvall]

On another note, I am trying to send Zigbee over the iface using Scapy. I want to do packet fuzzing. Is there any other way that might be recommended?

Funny you should ask... I started writing this thing exactly because i couldn't find any nice, cheap off-the-shelf stuff for messing with zigbee networks from a linux box. Like, you know, a basic network adapter. And I got the thing sort of working, but it's still just a pain, because all the rest of the infrastructure is lacking.

Last I tried, python did not support IEEE802.15.4 sockets at all.

And the linux ieee802154 subsystem is surprisingly incomplete, even for basic stuff like forming a network with a coordinator, etc. I hope they've fixed it, but half a year ago the mainline kernel ieee802154 stuff would break if you tried sending a raw (non-data) packet.

Before I gave in to how linux ieee802154 wants to do asynchronous transfers, I actually had a working libusb based userspace driver with a bunch of zigbee stuff on top. After reworking the usb protocol to be async, I found out that libusb does not support that.

I have a lot of unfinished code for hacking on zigbee, but I just sort of gave up. I should probably go file some bug reports...

[rosvall]

Why can I not add a coordinator? Am I missing some module?

I'm not sure the ieee802154 kernel guys got that working yet.

As I found out, the ieee802154 subsystem is missing a lot of stuff...

Also, what other use cases does linux wpan bring us?

Well, you can do 6lowpan and browse the web over IEEE 802.15.4 ;)

Even if I might come across as slightly frustrated, it is actually possible have fun while being limited to sending/receiving data-packets. You can't do network mgmt stuff like pairing or be a zigbee router or whatnot, but as soon as you get a key (listen in on a pairing with wireshark and monitor mode), you're only limited by your ability to, uh, pretend to be a zigbee stack. Which isn't as hard as it sounds.

[rosvall]

I've been meaning to write up a small demo of how to get a network key and send a simple command to a zigbee light bulb, because that is possible with things in their current state.

[olijf]

Could you add DKMS support so the module is automatically rebuild during kernel upgrades?

I think it is something along the lines of this: https://github.com/clearlinux/clear-linux-documentation/blob/master/source/guides/kernel/kernel-modules-dkms.rst

But I do not have experience with it.

[rosvall]

I don't have experience with DKMS either. It looks simple enough though.

Feel free to send me a PR, otherwise I might try myself at some point :)

[rosvall]

I think I'll close this issue, as we got that fixed.

I don't mind helping with other stuff, so just open another issue if you like.