Wrongly reacting to and sending 802.11 beacons with Channel Switch Announcement

st0ff3r
Posts: 21
Joined: Sun Sep 13, 2015 11:52 pm

Wrongly reacting to and sending 802.11 beacons with Channel Switch Announcement

Postby st0ff3r » Thu Jun 04, 2020 7:42 am

ESP's appear to honour 802.11 beacons containing CSA even if they are not connected to the AP sending the beacon.

Here is a simple command that sends out beacons containing CSA's
https://github.com/nabovarme/beacon_spammer

I am using an esp8266 with non-os sdk latest from master git.

The app is here: https://github.com/nabovarme/MeterLogger it is running as an AP and periodically scanning for wireless networks.

This is a severe error in the 802.11 implementation. Both the sending of CSA's and reacting on them while scanning should not happen I guess.

st0ff3r
Posts: 21
Joined: Sun Sep 13, 2015 11:52 pm

Re: Wrongly reacting to and sending 802.11 beacons with Channel Switch Announcement

Postby st0ff3r » Mon Dec 28, 2020 7:41 am

Espressif, anyone having time to check it?

:)

ESP_Faye
Posts: 1646
Joined: Mon Oct 27, 2014 11:08 am

Re: Wrongly reacting to and sending 802.11 beacons with Channel Switch Announcement

Postby ESP_Faye » Tue Dec 29, 2020 11:10 am

Hi,

So sorry that we missed this topic before. We have arranged an engineer to check with this issue. But due to the isolation caused by COVID-19, it may need some time to check and debug this issue. I will feedback to you as soon as there is any update. Sorry again for the inconvenience.

Thanks.

st0ff3r
Posts: 21
Joined: Sun Sep 13, 2015 11:52 pm

Re: Wrongly reacting to and sending 802.11 beacons with Channel Switch Announcement

Postby st0ff3r » Tue Jan 05, 2021 9:07 am

Cool, thanks a lot :)

Her Mary
Posts: 488
Joined: Mon Oct 27, 2014 11:09 am

Re: Wrongly reacting to and sending 802.11 beacons with Channel Switch Announcement

Postby Her Mary » Fri Jan 15, 2021 4:10 pm

Does ESP8266 RTOS also have the same issue?

st0ff3r
Posts: 21
Joined: Sun Sep 13, 2015 11:52 pm

Re: Wrongly reacting to and sending 802.11 beacons with Channel Switch Announcement

Postby st0ff3r » Wed Feb 03, 2021 12:39 am

Have not tried

ESP_Faye
Posts: 1646
Joined: Mon Oct 27, 2014 11:08 am

Re: Wrongly reacting to and sending 802.11 beacons with Channel Switch Announcement

Postby ESP_Faye » Thu Feb 18, 2021 2:24 pm

Hi st0ff3r,

Sorry that we cannot reproduce the issue you reported.
As the picture showed, the captured beacon after scanning does not contain CSA.
captured-beacon.png


Maybe you can try to debug this issue with the attached libnet80211.a, we added some logs into it.
If you can reproduce the issue with this debug lib, could you provide the logs for analyzing?

Thanks.
Attachments
libnet80211.a.zip
(113 KiB) Downloaded 1035 times

st0ff3r
Posts: 21
Joined: Sun Sep 13, 2015 11:52 pm

Re: Wrongly reacting to and sending 802.11 beacons with Channel Switch Announcement

Postby st0ff3r » Sun Feb 28, 2021 5:50 am

Thank you. I will try it asap :)

st0ff3r
Posts: 21
Joined: Sun Sep 13, 2015 11:52 pm

Re: Wrongly reacting to and sending 802.11 beacons with Channel Switch Announcement

Postby st0ff3r » Sun Feb 28, 2021 8:09 am

just tried it, the log gives the following when scanning and then looses internet connectivity and wifi_station_scan-callback handler returns either 1 or 4 (showed in the log as the second parameter to "-> wifi_scan_done_cb(...)"

"-> wifi_scan_timer_func()" is starting the scan by calling wifi_station_scan()


MQTT: received MQTT_MSG_TYPE_PUBCOMP for id: 6
-> MQTT_Task()
event sig: 0, par: 1073685192, conn state: 17
-> MQTT_Task()
event sig: 0, par: 1073685192, conn state: 17
TCP: data received 102 bytes
topic_len: 34, data_len: 64
-> MQTT_Task()
event sig: 0, par: 1073685192, conn state: 17
-> wifi_scan_timer_func()
RSSI: -61
@@ set csa state to CSA start 2
@@ add csa 3
@@ add csa 1
@@ add csa 3
@@ add csa 1
@@ add csa 3
@@ add csa 1
@@ add csa 3
@@ add csa 1
@@ add csa 1
switch to channel 2
scandone
-> wifi_scan_done_cb(3fff7500, 1)
-> wifi_start_scan(WIFI_SCAN_INTERVAL)
@@ set csa state to CSA done
-> wifi_scan_timer_func()
RSSI: -61
@@ set csa state to CSA start 2
@@ add csa 3
@@ add csa 1
@@ add csa 3
@@ add csa 1
@@ add csa 3
@@ add csa 1
switch to channel 2
scandone
-> wifi_scan_done_cb(3fff7500, 1)
-> wifi_start_scan(WIFI_SCAN_INTERVAL)
@@ set csa state to CSA done
-> wifi_scan_timer_func()
RSSI: -63
@@ set csa state to CSA start 2
@@ add csa 3
@@ add csa 1
switch to channel 2
scandone
-> wifi_scan_done_cb(3fff7500, 1)
-> wifi_start_scan(WIFI_SCAN_INTERVAL)
@@ set csa state to CSA done
-> wifi_scan_timer_func()
RSSI: -63
@@ set csa state to CSA start 2
@@ add csa 3
@@ add csa 1
@@ add csa 3
@@ add csa 1
@@ add csa 3
@@ add csa 1
switch to channel 2
scandone
-> wifi_scan_done_cb(3fff7500, 1)
-> wifi_start_scan(WIFI_SCAN_INTERVAL)
@@ set csa state to CSA done
-> wifi_scan_timer_func()
RSSI: -63
@@ set csa state to CSA start 2
@@ add csa 3
@@ add csa 1
switch to channel 2
scandone
-> wifi_scan_done_cb(3fff7500, 1)
-> wifi_start_scan(WIFI_SCAN_INTERVAL)
@@ set csa state to CSA done
-> MQTT_Task()
event sig: 0, par: 1073685192, conn state: 18

MQTT: Send keepalive packet to mqtt-host:1883!
MQTT: Sending, type: 12, id: 0000
-> MQTT_Task()
event sig: 0, par: 1073685192, conn state: 17
-> wifi_scan_timer_func()
RSSI: -63
@@ set csa state to CSA start 2
@@ add csa 3
@@ add csa 1
@@ add csa 3
@@ add csa 1
@@ add csa 3
@@ add csa 1
@@ add csa 3
@@ add csa 1
switch to channel 2
scandone
-> wifi_scan_done_cb(3fff7a10, 4)
-> wifi_start_scan(WIFI_SCAN_INTERVAL)
@@ set csa state to CSA done
scandone
-> wifi_scan_timer_func()
RSSI: -64
@@ set csa state to CSA start 2
@@ add csa 3
@@ add csa 1
switch to channel 2
scandone
-> wifi_scan_done_cb(3fff4338, 1)
-> wifi_start_scan(WIFI_SCAN_INTERVAL)
@@ set csa state to CSA done
-> wifi_scan_timer_func()
RSSI: -64
@@ set csa state to CSA start 2
@@ add csa 3
@@ add csa 1
@@ add csa 3
@@ add csa 1
switch to channel 2
scandone
-> wifi_scan_done_cb(3fff4338, 4)
-> wifi_start_scan(WIFI_SCAN_INTERVAL)
@@ set csa state to CSA done
scandone
-> wifi_scan_timer_func()
RSSI: -64
@@ set csa state to CSA start 2
@@ add csa 3
@@ add csa 1
@@ add csa 1
@@ add csa 3
@@ add csa 1
@@ add csa 1
@@ add csa 3
@@ add csa 1
switch to channel 2
scandone
-> wifi_scan_done_cb(3fff4338, 1)
-> wifi_start_scan(WIFI_SCAN_INTERVAL)
@@ set csa state to CSA done
-> wifi_scan_timer_func()
RSSI: -63
@@ set csa state to CSA start 2
@@ add csa 3
@@ add csa 1
@@ add csa 1
@@ add csa 3
@@ add csa 1
switch to channel 2
scandone
-> wifi_scan_done_cb(3fff4338, 4)
-> wifi_start_scan(WIFI_SCAN_INTERVAL)
@@ set csa state to CSA done
scandone
MQTT: queuing publish, length: 196, queue size(0/12288)
€?5é -> MQTT_Task()
event sig: 0, par: 1073685192, conn state: 17
MQTT: Sending, type: 3, id: 0007
MQTT: espconn_send() returned an error, re-queueing
-> wifi_scan_timer_func()
RSSI: -63
@@ set csa state to CSA start 2
@@ add csa 3
@@ add csa 1
switch to channel 2
scandone
-> wifi_scan_done_cb(3fff4338, 1)
-> wifi_start_scan(WIFI_SCAN_INTERVAL)
@@ set csa state to CSA done
-> wifi_scan_timer_func()
RSSI: -63
@@ set csa state to CSA start 2
@@ add csa 3
@@ add csa 1
@@ add csa 3
@@ add csa 1
switch to channel 2
scandone
-> wifi_scan_done_cb(3fff4338, 4)
-> wifi_start_scan(WIFI_SCAN_INTERVAL)
@@ set csa state to CSA done
scandone
-> wifi_scan_timer_func()
RSSI: -63
@@ set csa state to CSA start 2
@@ add csa 1
@@ add csa 3
@@ add csa 1
@@ add csa 3
@@ add csa 1
switch to channel 2
scandone
-> wifi_scan_done_cb(3fff4338, 1)
-> wifi_start_scan(WIFI_SCAN_INTERVAL)
@@ set csa state to CSA done
-> wifi_scan_timer_func()
RSSI: -63
@@ set csa state to CSA start 2
@@ add csa 3
@@ add csa 1
@@ add csa 1
@@ add csa 3
@@ add csa 1
@@ add csa 1
@@ add csa 3
@@ add csa 1
@@ add csa 3
@@ add csa 1
@@ add csa 1
switch to channel 2
scandone
-> wifi_scan_done_cb(3fff4338, 1)
-> wifi_start_scan(WIFI_SCAN_INTERVAL)
@@ set csa state to CSA done
-> wifi_scan_timer_func()
RSSI: -63
@@ set csa state to CSA start 2
@@ add csa 3
@@ add csa 1
switch to channel 2
scandone
-> wifi_scan_done_cb(3fff4338, 1)
-> wifi_start_scan(WIFI_SCAN_INTERVAL)
@@ set csa state to CSA done
-> wifi_scan_timer_func()
RSSI: -62
@@ set csa state to CSA start 2
@@ add csa 3
@@ add csa 1
switch to channel 2
scandone
-> wifi_scan_done_cb(3fff4338, 1)
-> wifi_start_scan(WIFI_SCAN_INTERVAL)
@@ set csa state to CSA done
-> MQTT_Task()
event sig: 0, par: 1073685192, conn state: 18

MQTT: Send keepalive packet to mqtt-host:1883!
MQTT: Sending, type: 12, id: 0000
-> MQTT_Task()
event sig: 0, par: 1073685192, conn state: 7
TCP: Disconnected callback
mqtt_disconnected_cb
TCP: Free memory
TCP: Connect to domain mqtt-host:1883
dns_gethostbyname() returned ERR_OK
-> mqtt_dns_found()
DNS: found ip 193.89.248.25
TCP: connecting...
-> MQTT_Task()
event sig: 0, par: 1073685192, conn state: 10
-> MQTT_Task()
event sig: 0, par: 1073685192, conn state: 10
-> wifi_scan_timer_func()
RSSI: -62
@@ set csa state to CSA start 2
@@ add csa 3
@@ add csa 1
switch to channel 2
scandone
-> wifi_scan_done_cb(3fff75c0, 1)
-> wifi_start_scan(WIFI_SCAN_INTERVAL)
@@ set csa state to CSA done
mqtt_timeout_cb
-> MQTT_Task()
event sig: 0, par: 1073685192, conn state: 9
TCP: Free memory
TCP: Connect to domain mqtt-host:1883
dns_gethostbyname() returned ERR_OK
-> mqtt_dns_found()
DNS: found ip 193.89.248.25
TCP: connecting...
TCP: Reconnect to: mqtt-host:1883
TCP: Reconnect to mqtt-host:1883
-> MQTT_Task()
event sig: 0, par: 1073685192, conn state: 8
-> MQTT_Task()
event sig: 0, par: 1073685192, conn state: 8
-> wifi_scan_timer_func()
RSSI: -62
@@ set csa state to CSA start 2
@@ add csa 1
@@ add csa 3
@@ add csa 1
switch to channel 2
scandone
-> wifi_scan_done_cb(3fff43b8, 1)
-> wifi_start_scan(WIFI_SCAN_INTERVAL)
@@ set csa state to CSA done
mqtt_timeout_cb
-> MQTT_Task()
event sig: 0, par: 1073685192, conn state: 9
TCP: Free memory
TCP: Connect to domain mqtt-host:1883
dns_gethostbyname() returned ERR_OK
-> mqtt_dns_found()
DNS: found ip 193.89.248.25
TCP: connecting...
TCP: Reconnect to: mqtt-host:1883
-> MQTT_Task()
event sig: 0, par: 1073685192, conn state: 10
-> wifi_scan_timer_func()
RSSI: -62
@@ set csa state to CSA start 2
@@ add csa 3
@@ add csa 1
@@ add csa 1
@@ add csa 1
@@ add csa 3
@@ add csa 1
@@ add csa 1
@@ add csa 3
@@ add csa 1
switch to channel 2
scandone
-> wifi_scan_done_cb(3fff75c0, 1)
-> wifi_start_scan(WIFI_SCAN_INTERVAL)
@@ set csa state to CSA done
mqtt_timeout_cb
-> MQTT_Task()
event sig: 0, par: 1073685192, conn state: 9
TCP: Free memory
TCP: Connect to domain mqtt-host:1883
dns_gethostbyname() returned ERR_OK
-> mqtt_dns_found()
DNS: found ip 193.89.248.25
TCP: connecting...
TCP: Reconnect to: mqtt-host:1883
TCP: Reconnect to mqtt-host:1883
-> MQTT_Task()
event sig: 0, par: 1073685192, conn state: 8
-> MQTT_Task()
event sig: 0, par: 1073685192, conn state: 8
-> wifi_scan_timer_func()
RSSI: -66
@@ set csa state to CSA start 2
@@ add csa 3
@@ add csa 1
switch to channel 2
scandone
-> wifi_scan_done_cb(3fff43b8, 1)
-> wifi_start_scan(WIFI_SCAN_INTERVAL)
@@ set csa state to CSA done
mqtt_timeout_cb
-> MQTT_Task()
event sig: 0, par: 1073685192, conn state: 9
TCP: Free memory
TCP: Connect to domain mqtt-host:1883
dns_gethostbyname() returned ERR_OK
-> mqtt_dns_found()
DNS: found ip 193.89.248.25
TCP: connecting...
TCP: Reconnect to: mqtt-host:1883
-> MQTT_Task()
event sig: 0, par: 1073685192, conn state: 10

ESP_Faye
Posts: 1646
Joined: Mon Oct 27, 2014 11:08 am

Re: Wrongly reacting to and sending 802.11 beacons with Channel Switch Announcement

Postby ESP_Faye » Thu Mar 04, 2021 10:04 am

Could you have a try that change `wifi_station_set_reconnect_policy(1);` to `wifi_station_set_reconnect_policy(0);`, to see if the issue persists?
https://github.com/nabovarme/MeterLogge ... in.c#L1188

Who is online

Users browsing this forum: No registered users and 3 guests