Crash when running in promiscuous mode

philip
Posts: 12
Joined: Thu Jan 14, 2016 11:47 am

Crash when running in promiscuous mode

Postby philip » Sat Nov 25, 2017 6:03 am

I'm working on using the promiscous mode apis in the nonos sdk V2.1.0, and I *sometimes* get a crash as soon as the callback is registered. From looking at the dump, it appears that this is deep in the sdk and that it is trying to find one of the 128 byte buffers to put the received packet into. However, there is no buffer and the system traps.

What is strange is that when the system restarts, it will typically work the next time.

I'm working with the Nodemcu LUA firmware (I'm one of the contributors) so there isn't a simple reproduction. The particular code that sets up the promiscuous mode is

Code: Select all

    wifi_station_set_auto_connect(0);
    os_delay_us(1000);
    wifi_set_opmode_current(1);
    os_delay_us(1000);
    wifi_promiscuous_enable(0);
    os_delay_us(1000);
    wifi_station_disconnect();
    os_delay_us(1000);
    wifi_set_promiscuous_rx_cb(wifi_rx_cb);
    wifi_set_channel(1);
    wifi_promiscuous_enable(1);


I added the os_delay_us calls just in case it would help, but it didn't seem to make any difference.

Two questions:

1) Has anybody else seen this failure?

2) Does the above look like a reasonable sequence to get into promiscuous monitor mode?

Thanks

Philip

Her Majesty
Posts: 231
Joined: Mon Oct 27, 2014 11:09 am

Re: Crash when running in promiscuous mode

Postby Her Majesty » Wed Nov 29, 2017 3:03 pm


philip
Posts: 12
Joined: Thu Jan 14, 2016 11:47 am

Re: Crash when running in promiscuous mode

Postby philip » Wed Nov 29, 2017 9:00 pm

Thanks for this pointer -- I'll convert it over to the nonos sdk and give it a try. I think that the crash happens when the ESP is actually associated to an AP an you try and go through the steps to disconnect and then enable promiscuous mode.....

philip
Posts: 12
Joined: Thu Jan 14, 2016 11:47 am

Re: Crash when running in promiscuous mode (with reproducible test case)

Postby philip » Thu Dec 07, 2017 9:52 am

I now have a reproducible test case. It requires the user/sniffer.c file be edited (near the bottom) to include the ssid/password of a local network. It will then crash after a couple of iterations (taking roughly 30 seconds). I'm running this on a stock Wemos D1 Mini (i.e. 8266 with 4MB flash).

The code is a slightly hacked up version of the 03Wifi/Sniffer_Demo code from Espressif. It does include the wifi event_handler callback from the docs.

The attached file is a compressed tar file of the build tree.

The symbol just before the crash is

4010529c T wDevDisableRx

Output is

Code: Select all

mode : sta(5c:cf:7f:80:0b:01)
add if0
Sniffer testing mode ....: 2.1.0(116b762)
event   8
event   2
mode:   0   ->   3
scandone
state: 0 -> 2 (b0)
state: 2 -> 3 (0)
state: 3 -> 5 (10)
add 0
aid 4
cnt

connected with Chateau Gladstone, channel 6
dhcp client start...
event   0
connect   to   ssid   Chateau Gladstone,   channel   6
ip:192.168.1.217,mask:255.255.255.0,gw:192.168.1.254
event   3
ip:192.168.1.217,mask:255.255.255.0,gw:192.168.1.254
wifi_station_scan ok
scandone
ssid Chateau Gladstone, channel 1, authmode 3, rssi -84
ssid Gladstone IPv6, channel 1, authmode 3, rssi -84
ssid Chateau Gladstone Guest, channel 1, authmode 3, rssi -83
ssid Chateau Gladstone, channel 6, authmode 3, rssi -72
ssid Chateau Gladstone, channel 2, authmode 3, rssi -64
ssid Chateau Gladstone Guest, channel 6, authmode 3, rssi -90
ssid Chateau Gladstone, channel 11, authmode 3, rssi -87
current channel1 1--------------------------------------------13581574
state: 5 -> 0 (0)
rm 0
event   8
event   1
disconnect   from   ssid   Chateau Gladstone,   reason   8
current channel 2--------------------------------------------14754846
[len] 552, rssi -59
[len] 28, rssi -86
[len] 28, rssi -85
current channel 6--------------------------------------------15755863
[len] 30, rssi -62
current channel 11--------------------------------------------16756946
[len] 28, rssi -94
[len] 28, rssi -93
[len] 28, rssi -92
Switch out of promiscuous mode
turn off sniffer:52824
event   8
scandone
state: 0 -> 2 (b0)
state: 2 -> 3 (0)
state: 3 -> 5 (10)
add 0
aid 4
cnt

connected with Chateau Gladstone, channel 2
dhcp client start...
event   0
connect   to   ssid   Chateau Gladstone,   channel   2
ip:192.168.1.217,mask:255.255.255.0,gw:192.168.1.254
event   3
ip:192.168.1.217,mask:255.255.255.0,gw:192.168.1.254
wifi_station_scan ok
scandone
ssid Chateau Gladstone, channel 1, authmode 3, rssi -85
ssid Gladstone IPv6, channel 1, authmode 3, rssi -85
ssid Chateau Gladstone Guest, channel 1, authmode 3, rssi -86
ssid Chateau Gladstone, channel 2, authmode 3, rssi -62
ssid Chateau Gladstone Guest, channel 6, authmode 3, rssi -88
ssid Chateau Gladstone, channel 6, authmode 3, rssi -65
ssid Chateau Gladstone, channel 11, authmode 3, rssi -89
current channel1 1--------------------------------------------30270076
state: 5 -> 0 (0)
rm 0
Fatal exception 28(LoadProhibitedCause):
epc1=0x40105300, epc2=0x00000000, epc3=0x00000000, excvaddr=0x00000004, depc=0x00000000

Attachments
sniffer.tgz
(442.69 KiB) Downloaded 123 times

Who is online

Users browsing this forum: No registered users and 12 guests