Page 1 of 2

Wrongly reacting to and sending 802.11 beacons with Channel Switch Announcement

Posted: Thu Jun 04, 2020 7:42 am
by st0ff3r
ESP's appear to honour 802.11 beacons containing CSA even if they are not connected to the AP sending the beacon.

Here is a simple command that sends out beacons containing CSA's
https://github.com/nabovarme/beacon_spammer

I am using an esp8266 with non-os sdk latest from master git.

The app is here: https://github.com/nabovarme/MeterLogger it is running as an AP and periodically scanning for wireless networks.

This is a severe error in the 802.11 implementation. Both the sending of CSA's and reacting on them while scanning should not happen I guess.

Re: Wrongly reacting to and sending 802.11 beacons with Channel Switch Announcement

Posted: Mon Dec 28, 2020 7:41 am
by st0ff3r
Espressif, anyone having time to check it?

:)

Re: Wrongly reacting to and sending 802.11 beacons with Channel Switch Announcement

Posted: Tue Dec 29, 2020 11:10 am
by ESP_Faye
Hi,

So sorry that we missed this topic before. We have arranged an engineer to check with this issue. But due to the isolation caused by COVID-19, it may need some time to check and debug this issue. I will feedback to you as soon as there is any update. Sorry again for the inconvenience.

Thanks.

Re: Wrongly reacting to and sending 802.11 beacons with Channel Switch Announcement

Posted: Tue Jan 05, 2021 9:07 am
by st0ff3r
Cool, thanks a lot :)

Re: Wrongly reacting to and sending 802.11 beacons with Channel Switch Announcement

Posted: Fri Jan 15, 2021 4:10 pm
by Her Mary
Does ESP8266 RTOS also have the same issue?

Re: Wrongly reacting to and sending 802.11 beacons with Channel Switch Announcement

Posted: Wed Feb 03, 2021 12:39 am
by st0ff3r
Have not tried

Re: Wrongly reacting to and sending 802.11 beacons with Channel Switch Announcement

Posted: Thu Feb 18, 2021 2:24 pm
by ESP_Faye
Hi st0ff3r,

Sorry that we cannot reproduce the issue you reported.
As the picture showed, the captured beacon after scanning does not contain CSA.
captured-beacon.png


Maybe you can try to debug this issue with the attached libnet80211.a, we added some logs into it.
If you can reproduce the issue with this debug lib, could you provide the logs for analyzing?

Thanks.

Re: Wrongly reacting to and sending 802.11 beacons with Channel Switch Announcement

Posted: Sun Feb 28, 2021 5:50 am
by st0ff3r
Thank you. I will try it asap :)

Re: Wrongly reacting to and sending 802.11 beacons with Channel Switch Announcement

Posted: Sun Feb 28, 2021 8:09 am
by st0ff3r
just tried it, the log gives the following when scanning and then looses internet connectivity and wifi_station_scan-callback handler returns either 1 or 4 (showed in the log as the second parameter to "-> wifi_scan_done_cb(...)"

"-> wifi_scan_timer_func()" is starting the scan by calling wifi_station_scan()


MQTT: received MQTT_MSG_TYPE_PUBCOMP for id: 6
-> MQTT_Task()
event sig: 0, par: 1073685192, conn state: 17
-> MQTT_Task()
event sig: 0, par: 1073685192, conn state: 17
TCP: data received 102 bytes
topic_len: 34, data_len: 64
-> MQTT_Task()
event sig: 0, par: 1073685192, conn state: 17
-> wifi_scan_timer_func()
RSSI: -61
@@ set csa state to CSA start 2
@@ add csa 3
@@ add csa 1
@@ add csa 3
@@ add csa 1
@@ add csa 3
@@ add csa 1
@@ add csa 3
@@ add csa 1
@@ add csa 1
switch to channel 2
scandone
-> wifi_scan_done_cb(3fff7500, 1)
-> wifi_start_scan(WIFI_SCAN_INTERVAL)
@@ set csa state to CSA done
-> wifi_scan_timer_func()
RSSI: -61
@@ set csa state to CSA start 2
@@ add csa 3
@@ add csa 1
@@ add csa 3
@@ add csa 1
@@ add csa 3
@@ add csa 1
switch to channel 2
scandone
-> wifi_scan_done_cb(3fff7500, 1)
-> wifi_start_scan(WIFI_SCAN_INTERVAL)
@@ set csa state to CSA done
-> wifi_scan_timer_func()
RSSI: -63
@@ set csa state to CSA start 2
@@ add csa 3
@@ add csa 1
switch to channel 2
scandone
-> wifi_scan_done_cb(3fff7500, 1)
-> wifi_start_scan(WIFI_SCAN_INTERVAL)
@@ set csa state to CSA done
-> wifi_scan_timer_func()
RSSI: -63
@@ set csa state to CSA start 2
@@ add csa 3
@@ add csa 1
@@ add csa 3
@@ add csa 1
@@ add csa 3
@@ add csa 1
switch to channel 2
scandone
-> wifi_scan_done_cb(3fff7500, 1)
-> wifi_start_scan(WIFI_SCAN_INTERVAL)
@@ set csa state to CSA done
-> wifi_scan_timer_func()
RSSI: -63
@@ set csa state to CSA start 2
@@ add csa 3
@@ add csa 1
switch to channel 2
scandone
-> wifi_scan_done_cb(3fff7500, 1)
-> wifi_start_scan(WIFI_SCAN_INTERVAL)
@@ set csa state to CSA done
-> MQTT_Task()
event sig: 0, par: 1073685192, conn state: 18

MQTT: Send keepalive packet to mqtt-host:1883!
MQTT: Sending, type: 12, id: 0000
-> MQTT_Task()
event sig: 0, par: 1073685192, conn state: 17
-> wifi_scan_timer_func()
RSSI: -63
@@ set csa state to CSA start 2
@@ add csa 3
@@ add csa 1
@@ add csa 3
@@ add csa 1
@@ add csa 3
@@ add csa 1
@@ add csa 3
@@ add csa 1
switch to channel 2
scandone
-> wifi_scan_done_cb(3fff7a10, 4)
-> wifi_start_scan(WIFI_SCAN_INTERVAL)
@@ set csa state to CSA done
scandone
-> wifi_scan_timer_func()
RSSI: -64
@@ set csa state to CSA start 2
@@ add csa 3
@@ add csa 1
switch to channel 2
scandone
-> wifi_scan_done_cb(3fff4338, 1)
-> wifi_start_scan(WIFI_SCAN_INTERVAL)
@@ set csa state to CSA done
-> wifi_scan_timer_func()
RSSI: -64
@@ set csa state to CSA start 2
@@ add csa 3
@@ add csa 1
@@ add csa 3
@@ add csa 1
switch to channel 2
scandone
-> wifi_scan_done_cb(3fff4338, 4)
-> wifi_start_scan(WIFI_SCAN_INTERVAL)
@@ set csa state to CSA done
scandone
-> wifi_scan_timer_func()
RSSI: -64
@@ set csa state to CSA start 2
@@ add csa 3
@@ add csa 1
@@ add csa 1
@@ add csa 3
@@ add csa 1
@@ add csa 1
@@ add csa 3
@@ add csa 1
switch to channel 2
scandone
-> wifi_scan_done_cb(3fff4338, 1)
-> wifi_start_scan(WIFI_SCAN_INTERVAL)
@@ set csa state to CSA done
-> wifi_scan_timer_func()
RSSI: -63
@@ set csa state to CSA start 2
@@ add csa 3
@@ add csa 1
@@ add csa 1
@@ add csa 3
@@ add csa 1
switch to channel 2
scandone
-> wifi_scan_done_cb(3fff4338, 4)
-> wifi_start_scan(WIFI_SCAN_INTERVAL)
@@ set csa state to CSA done
scandone
MQTT: queuing publish, length: 196, queue size(0/12288)
€?5é -> MQTT_Task()
event sig: 0, par: 1073685192, conn state: 17
MQTT: Sending, type: 3, id: 0007
MQTT: espconn_send() returned an error, re-queueing
-> wifi_scan_timer_func()
RSSI: -63
@@ set csa state to CSA start 2
@@ add csa 3
@@ add csa 1
switch to channel 2
scandone
-> wifi_scan_done_cb(3fff4338, 1)
-> wifi_start_scan(WIFI_SCAN_INTERVAL)
@@ set csa state to CSA done
-> wifi_scan_timer_func()
RSSI: -63
@@ set csa state to CSA start 2
@@ add csa 3
@@ add csa 1
@@ add csa 3
@@ add csa 1
switch to channel 2
scandone
-> wifi_scan_done_cb(3fff4338, 4)
-> wifi_start_scan(WIFI_SCAN_INTERVAL)
@@ set csa state to CSA done
scandone
-> wifi_scan_timer_func()
RSSI: -63
@@ set csa state to CSA start 2
@@ add csa 1
@@ add csa 3
@@ add csa 1
@@ add csa 3
@@ add csa 1
switch to channel 2
scandone
-> wifi_scan_done_cb(3fff4338, 1)
-> wifi_start_scan(WIFI_SCAN_INTERVAL)
@@ set csa state to CSA done
-> wifi_scan_timer_func()
RSSI: -63
@@ set csa state to CSA start 2
@@ add csa 3
@@ add csa 1
@@ add csa 1
@@ add csa 3
@@ add csa 1
@@ add csa 1
@@ add csa 3
@@ add csa 1
@@ add csa 3
@@ add csa 1
@@ add csa 1
switch to channel 2
scandone
-> wifi_scan_done_cb(3fff4338, 1)
-> wifi_start_scan(WIFI_SCAN_INTERVAL)
@@ set csa state to CSA done
-> wifi_scan_timer_func()
RSSI: -63
@@ set csa state to CSA start 2
@@ add csa 3
@@ add csa 1
switch to channel 2
scandone
-> wifi_scan_done_cb(3fff4338, 1)
-> wifi_start_scan(WIFI_SCAN_INTERVAL)
@@ set csa state to CSA done
-> wifi_scan_timer_func()
RSSI: -62
@@ set csa state to CSA start 2
@@ add csa 3
@@ add csa 1
switch to channel 2
scandone
-> wifi_scan_done_cb(3fff4338, 1)
-> wifi_start_scan(WIFI_SCAN_INTERVAL)
@@ set csa state to CSA done
-> MQTT_Task()
event sig: 0, par: 1073685192, conn state: 18

MQTT: Send keepalive packet to mqtt-host:1883!
MQTT: Sending, type: 12, id: 0000
-> MQTT_Task()
event sig: 0, par: 1073685192, conn state: 7
TCP: Disconnected callback
mqtt_disconnected_cb
TCP: Free memory
TCP: Connect to domain mqtt-host:1883
dns_gethostbyname() returned ERR_OK
-> mqtt_dns_found()
DNS: found ip 193.89.248.25
TCP: connecting...
-> MQTT_Task()
event sig: 0, par: 1073685192, conn state: 10
-> MQTT_Task()
event sig: 0, par: 1073685192, conn state: 10
-> wifi_scan_timer_func()
RSSI: -62
@@ set csa state to CSA start 2
@@ add csa 3
@@ add csa 1
switch to channel 2
scandone
-> wifi_scan_done_cb(3fff75c0, 1)
-> wifi_start_scan(WIFI_SCAN_INTERVAL)
@@ set csa state to CSA done
mqtt_timeout_cb
-> MQTT_Task()
event sig: 0, par: 1073685192, conn state: 9
TCP: Free memory
TCP: Connect to domain mqtt-host:1883
dns_gethostbyname() returned ERR_OK
-> mqtt_dns_found()
DNS: found ip 193.89.248.25
TCP: connecting...
TCP: Reconnect to: mqtt-host:1883
TCP: Reconnect to mqtt-host:1883
-> MQTT_Task()
event sig: 0, par: 1073685192, conn state: 8
-> MQTT_Task()
event sig: 0, par: 1073685192, conn state: 8
-> wifi_scan_timer_func()
RSSI: -62
@@ set csa state to CSA start 2
@@ add csa 1
@@ add csa 3
@@ add csa 1
switch to channel 2
scandone
-> wifi_scan_done_cb(3fff43b8, 1)
-> wifi_start_scan(WIFI_SCAN_INTERVAL)
@@ set csa state to CSA done
mqtt_timeout_cb
-> MQTT_Task()
event sig: 0, par: 1073685192, conn state: 9
TCP: Free memory
TCP: Connect to domain mqtt-host:1883
dns_gethostbyname() returned ERR_OK
-> mqtt_dns_found()
DNS: found ip 193.89.248.25
TCP: connecting...
TCP: Reconnect to: mqtt-host:1883
-> MQTT_Task()
event sig: 0, par: 1073685192, conn state: 10
-> wifi_scan_timer_func()
RSSI: -62
@@ set csa state to CSA start 2
@@ add csa 3
@@ add csa 1
@@ add csa 1
@@ add csa 1
@@ add csa 3
@@ add csa 1
@@ add csa 1
@@ add csa 3
@@ add csa 1
switch to channel 2
scandone
-> wifi_scan_done_cb(3fff75c0, 1)
-> wifi_start_scan(WIFI_SCAN_INTERVAL)
@@ set csa state to CSA done
mqtt_timeout_cb
-> MQTT_Task()
event sig: 0, par: 1073685192, conn state: 9
TCP: Free memory
TCP: Connect to domain mqtt-host:1883
dns_gethostbyname() returned ERR_OK
-> mqtt_dns_found()
DNS: found ip 193.89.248.25
TCP: connecting...
TCP: Reconnect to: mqtt-host:1883
TCP: Reconnect to mqtt-host:1883
-> MQTT_Task()
event sig: 0, par: 1073685192, conn state: 8
-> MQTT_Task()
event sig: 0, par: 1073685192, conn state: 8
-> wifi_scan_timer_func()
RSSI: -66
@@ set csa state to CSA start 2
@@ add csa 3
@@ add csa 1
switch to channel 2
scandone
-> wifi_scan_done_cb(3fff43b8, 1)
-> wifi_start_scan(WIFI_SCAN_INTERVAL)
@@ set csa state to CSA done
mqtt_timeout_cb
-> MQTT_Task()
event sig: 0, par: 1073685192, conn state: 9
TCP: Free memory
TCP: Connect to domain mqtt-host:1883
dns_gethostbyname() returned ERR_OK
-> mqtt_dns_found()
DNS: found ip 193.89.248.25
TCP: connecting...
TCP: Reconnect to: mqtt-host:1883
-> MQTT_Task()
event sig: 0, par: 1073685192, conn state: 10

Re: Wrongly reacting to and sending 802.11 beacons with Channel Switch Announcement

Posted: Thu Mar 04, 2021 10:04 am
by ESP_Faye
Could you have a try that change `wifi_station_set_reconnect_policy(1);` to `wifi_station_set_reconnect_policy(0);`, to see if the issue persists?
https://github.com/nabovarme/MeterLogge ... in.c#L1188