Scanning problem for hidden SSIDs

Dan Williams dcbw at redhat.com
Thu Jun 21 11:32:44 EDT 2007 

On Thu, 2007-06-21 at 17:14 +0200, Holger Schurig wrote:
> > Please note that in the 0x0006 command above there was just an
> > SSID TLV and an CHANLIST TLV, but no OPRATES TLV. On page 139
> > of the v5.1 firmware spec, they wrote that for the manual for
> > v5.1 made the OPRATES TLV optional. So I guess for an older
> > firmware it was mandatory.
> >
> > So I guess I have an angle of attack :-)
> 
> This turned out to be true. I hand-crafted a SCAN_CMD and sent it
> down, the CF card did an active probe and got a result:
> 
> libertas enter: DownloadcommandToStation():944
> libertas cmd: DNLD_CMD: before download, size 54
> libertas cmd: DNLD_CMD: sent command 0x0006, jiffies 4294909826
> libertas CMD: 06 00 36 00 0d 00 00 00 03 00 00 00 00 00 00 00
> libertas CMD: 00 06 00 4d 4e 54 45 53 54 01 01 07 00 00 01 00
> libertas CMD: 00 00 64 00 01 00 0e 00 82 84 8b 96 0c 12 18 24
> libertas CMD: 30 48 60 6c 00 00
> 
> This is just scanning on channel 1 (where the AP is).
> 
> libertas leave: DownloadcommandToStation():1009, ret 0
> libertas leave: libertas_execute_next_command():1764
> libertas enter: libertas_process_rx_command():743
> libertas cmd: CMD_RESP: 0x8006 result: 0 length: 116, jiffies 4294909855
> libertas CMD_RESP: 06 80 6c 00 0d 00 00 00 61 00 01 5f 00 00 1b 53
> libertas CMD_RESP: 11 e2 b0 1c ed ba fb 0a 00 00 00 00 64 00 11 00
> libertas CMD_RESP: 00 06 4d 4e 54 45 53 54 01 04 82 84 8b 96 03 01
> libertas CMD_RESP: 01 2a 01 00 96 06 00 40 96 00 0a 00 dd 06 00 40
> libertas CMD_RESP: 96 01 01 00 dd 05 00 40 96 03 04 dd 05 00 40 96
> libertas CMD_RESP: 0b 01 dd 18 00 50 f2 02 01 01 81 00 03 a5 00 00
> libertas CMD_RESP: 27 a5 00 00 42 54 5e 00 62 43 2f 00 00 00 00 00
> libertas CMD_RESP: 00 00 00 00
> 
> So I got something back.
> 
> libertas enter: libertas_ret_80211_scan():1949
> libertas scan: SCAN_RESP: bssdescriptsize 97
> libertas scan: SCAN_RESP: returned 1 AP before parsing
> libertas enter: wlan_ret_802_11_scan_get_tlv_ptrs():1071
> libertas scan: SCAN_RESP: tlvbufsize = 0
> libertas leave: wlan_ret_802_11_scan_get_tlv_ptrs():1101
> libertas enter: libertas_process_bss():1128
> libertas scan: process_bss: AP BSSID 00:1b:53:11:e2:b0
> libertas scan: process_bss: RSSI=1C
> libertas scan: process_bss: capabilities = 0x  11
> libertas scan: process_bss: AP WEP enabled
> libertas scan: process_bss: IE length for this AP = 76
> libertas scan: ssid 'MNTEST', ssid length 6
> 
> and this actually makes sense :-)

Ok, that's good.  So now we make sure we know the firmware version that
the card has loaded, and then we start down the path of version-specific
codepaths, which is fine.

Dan

More information about the libertas-dev mailing list