berlin-open-wireless-lab / dawn Goto Github PK

That line is wrong:
https://github.com/berlin-open-wireless-lab/DAWN/blob/master/src/utils/ubus.c#L1307

Does not have any negative behavior. Mark that as ToDo.

Add ubus calls for

• get hearing map (sorted by client)
• get network overview (sorted by aps)
• set metric

The disassoc events are now contained in hostapd ubus.
Use them to delete the client entries instead of using a timer.

I'm currently not sure what DAWN does. I installed it to 5 APs in our hackerspace and I can confirm the APs are talking to each other. It's currently hard to tell what actually happens, partially because all I see logged is devices lacking passive beacon support (cf #67).

DAWN should actually log actions taken, so I can evaluate its usefulness and reason about its decisions. Even more interesting would be integration into prometheus-node-exporter-lua.

In case of the dumb APs the issue I currently have is that I don't have LuCi on those, since their configuration is not managed interactively anyway.

Currently that makes me unable to check out the hearing map and the network overview.

The hostapd connection handling has to be improved.
Make it more robust to changing interfaces.

Right now I'm working on this issue

I think it would be better to switch back to probe request denying instead of auth request.
With this we "hide" the bad APs from the driver. Unexpected driver behaviour could cause problems and a connection lost by the client...

Libiwinfo is not working properly with the ath10k driver.
It is not possible to calculate the channel utilization.
Furthermore, I believe that I found some bugs!
I assume that the iwinfo [device] info call with the ath10k driver is just working because somehow it fetches the information from the channel above and this works.
If you want to see my attempts you can look at this branch.

Usock fails to bind to port...

Wed Dec 12 15:34:03 2018 daemon.err dawn[961]: usock: Network unreachable

related to #48

every blob_buf_init in src/utils/ubus.c is not followed by blob_buf_free.

according to https://lxr.openwrt.org/source/libubox/blob.c#L89

88 int
89 blob_buf_init(struct blob_buf *buf, int id)
90 {
91 if (!buf->grow)
92 buf->grow = blob_buffer_grow;
93
94 buf->head = buf->buf;
95 if (blob_add(buf, buf->buf, id, 0) == NULL)
96 return -ENOMEM;
97
98 return 0;
99 }
and
101 void
102 blob_buf_free(struct blob_buf *buf)
103 {
104 free(buf->buf);
105 buf->buf = NULL;
106 buf->buflen = 0;
107 }
blob_buf_init did not reset structure before setup.

as a result, dawn might have serious memory leak.

After I installed DAWN, it creates 2 empty files named "Hearing Map" and "Network Overview" in /etc/config, what are they for?

Logread/syslog is currently full of log messages like this:

hostapd: Beacon request: 08:60:6e:a5:0c:e9 does not support passive beacon report

There are lots of ESP8266 in this network which apparently do not support beacon reports, so it would be great if they wouldn't be queried all the time.

Maybe ignore them if enough reports fail per $duration? That's if you have easy access to that information.

Trying DAWN for the first time.
Testing it on 2 Xiaomi Redmi AC2100 running latest master snapshot as of last week.

logread is flooded with these messages: daemon.err dawn[1612]: Neigbor-Report is null!
I tried changing some settings but that didn't help.

here is my config:

root@OpenWrt_RM2100_MBR:~# cat /etc/config/wireless

config wifi-device 'radio0'
	option type 'mac80211'
	option hwmode '11g'
	option path '1e140000.pcie/pci0000:00/0000:00:01.0/0000:02:00.0'
	option htmode 'HT20'
	option channel 'auto'
	option country 'IL'
	option legacy_rates '0'

config wifi-iface 'default_radio0'
	option device 'radio0'
	option network 'lan'
	option mode 'ap'
	option ft_over_ds '1'
	option ssid '****'
	option encryption 'psk2'
	option ft_psk_generate_local '1'
	option key '****'
	option ieee80211r '1'
	option nasid '88C3973DE85A'
	option ieee80211k '1'
	option bss_transition '1'
	option time_advertisement '2'
	option time_zone 'IST-2IDT,M3.4.4/26,M10.5.0'
	option ieee80211v '0'
	option wnm_sleep_mode '0'

config wifi-device 'radio1'
	option type 'mac80211'
	option hwmode '11a'
	option path '1e140000.pcie/pci0000:00/0000:00:00.0/0000:01:00.0'
	option htmode 'VHT80'
	option country 'IL'
	option legacy_rates '0'
	option channel 'auto'

config wifi-iface 'default_radio1'
	option device 'radio1'
	option network 'lan'
	option mode 'ap'
	option ft_over_ds '1'
	option ssid '****'
	option encryption 'psk2'
	option ft_psk_generate_local '1'
	option key '****'
	option ieee80211r '1'
	option nasid '88C3973DE85B'
	option ieee80211k '1'
	option bss_transition '1'
	option time_advertisement '2'
	option time_zone 'IST-2IDT,M3.4.4/26,M10.5.0'
	option ieee80211v '0'
	option wnm_sleep_mode '0'

root@OpenWrt_RM2100_MBR:~# cat /etc/config/dawn

config network
	option broadcast_ip '10.0.0.255'
	option broadcast_port '1025'
	option tcp_port '1026'
	option network_option '2'
	option shared_key 'Niiiiiiiiiiiiiik'
	option iv 'Niiiiiiiiiiiiiik'
	option use_symm_enc '1'
	option collision_domain '-1'
	option bandwidth '-1'

config ordering
	option sort_order 'cbfs'

config hostapd
	option hostapd_dir '/var/run/hostapd'

config times
	option denied_req_threshold '30'
	option remove_client '15'
	option remove_probe '30'
	option remove_ap '460'
	option update_hostapd '10'
	option update_chan_util '5'
	option update_beacon_reports '120'
	option update_tcp_con '60'
	option update_client '60'

config metric
	option ap_weight '0'
	option ht_support '0'
	option vht_support '0'
	option no_ht_support '0'
	option no_vht_support '0'
	option rssi '10'
	option low_rssi '-500'
	option freq '100'
	option chan_util '0'
	option max_chan_util '-500'
	option rssi_val '-60'
	option low_rssi_val '-80'
	option chan_util_val '140'
	option max_chan_util_val '170'
	option min_probe_count '0'
	option bandwidth_threshold '6'
	option use_station_count '1'
	option max_station_diff '1'
	option deny_auth_reason '1'
	option deny_assoc_reason '17'
	option use_driver_recog '1'
	option min_number_to_kick '3'
	option chan_util_avg_period '3'
	option set_hostapd_nr '1'
	option op_class '0'
	option duration '0'
	option mode '0'
	option scan_channel '0'
	option eval_probe_req '1'
	option eval_auth_req '1'
	option evalcd_assoc_req '1'
	option kicking '1'
	option eval_assoc_req '1'

during my daily usage, dawn got killed by kernel sometimes.

I dig into such issue with gdb and finally found the cause.

here is the gdb report:
Program received signal SIGSEGV, Segmentation fault.
get_rssi (ifname=0x77e0e3cb "global",
client_addr=0x41c87e <client_array+1074> "xxxxx"...) at dawn-2020-04-17-b78a01bf/src/utils/dawn_iwinfo.c:172

and I inserted fprintf(stderr) before this line and found that if ifname was "global" the iwinfo_backend would return a null pointer.

the temporal solution is to delete this file "/var/run/hostapd/global" before dawn startup.

I am not familiar with openwrt and hostapd and have no idea why would hostapd automatically add this interface.

after such workaround, the dawn has been running for several hours without being terminated by kernel.

It can happen that devices do not exchange probe requests. Probe entrys are important so craft some dummy probe request and put it into the database.

I've just discovered DAWN, and it's great for seeing the clients connected to the APs in my home network. Thanks.

However, I'm not very good at remembering the MAC addresses of all the APs. They have names which I would recognise though.

Would it be possible to use the hostname and wifi interface name (e.g. wlan0) to create a user-readable name which can be displayed in addition to the AP MAC address in the display?

When trying GCC 10 ( it was enabled today on OpenWRT master ) it fails to build with the following error:~
make[6]: Entering directory '/home/finas/OpenWRT.WPA8630/build_dir/target-mips_24kc_musl/umdns-2020-06-08-d13290b4' [ 11%] Building C object CMakeFiles/umdns.dir/service.c.o /home/finas/OpenWRT.WPA8630/build_dir/target-mips_24kc_musl/umdns-2020-06-08-d13290b4/service.c: In function 'service_load_blob': /home/finas/OpenWRT.WPA8630/build_dir/target-mips_24kc_musl/umdns-2020-06-08-d13290b4/service.c:240:10: error: 'strcpy' offset 6 from the object at 'b' is out of the bounds of referenced subobject 'name' with type 'uint8_t[]' {aka 'unsigned char[]'} at offset 6 [-Werror=array-bounds] 240 | s->id = strcpy(d_id, blobmsg_name(b)); | ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~ In file included from /home/finas/OpenWRT.WPA8630/staging_dir/target-mips_24kc_musl/usr/include/libubus.h:23, from /home/finas/OpenWRT.WPA8630/build_dir/target-mips_24kc_musl/umdns-2020-06-08-d13290b4/service.c:23: /home/finas/OpenWRT.WPA8630/staging_dir/target-mips_24kc_musl/usr/include/libubox/blobmsg.h:42:10: note: subobject 'name' declared here 42 | uint8_t name[]; | ^~~~ cc1: all warnings being treated as errors CMakeFiles/umdns.dir/build.make:131: recipe for target 'CMakeFiles/umdns.dir/service.c.o' failed make[6]: *** [CMakeFiles/umdns.dir/service.c.o] Error 1 make[6]: Leaving directory '/home/finas/OpenWRT.WPA8630/build_dir/target-mips_24kc_musl/umdns-2020-06-08-d13290b4' CMakeFiles/Makefile2:92: recipe for target 'CMakeFiles/umdns.dir/all' failed make[5]: *** [CMakeFiles/umdns.dir/all] Error 2

I have no idea on how to configure this.
I have a router with a 2.4 and 5GHZ radios.
I have an AP with a 2.4 and 5GHZ radios.
All the radios are broadcasting the same SSID in different channels with the same authentication and password.
Both are running master OpenWRT with DAWN and Luci DAWN app.
When I open both DAWN pages in Luci they seem to not be aware of one another.
I haven't found any documentation on how to configure this.

When the metric gives the same score for 2 APs go for station count.

In the current version clients get kicked if they have no value in the probe entry database (code).

We have "two magic numbers"

• -1: no entry found -> kick
• -2: very bad ap

Solution?

• don't kick
• craft probe entry

I discussed with @Ian-Clowes that we will remove that "magic numbers" so all socres will be > 0.
Further, I prefer the solution to craft a probe entry.

802.11k is currently broken. Will fix soon.

Maybe it would be a better alternative to still block the probe request until a number of probe requests is received -> Hearing Map.
After counter is fullfilled allow!
Let the automatic kick task kick the client again.

Improrvements:

• Client gets reasoncode and we can define a ban time
• Hope that reasoncode let's the client driver behave better...

Dawn doesn't seem to work over IPv6. This December will mark the 25th anniversary of the publication of RFC1883; the IPv6 standard. That's a full quarter of a century :)

Currently, I collect all nr reports from all APs. I could feed the hostapd with it.

There is some bug.

--- more information will follow ---

Luci App only shows dhcp hotsnames or just mac...
Add WiFi singature database calls for identifying actual device.

Visualize Macs that are not controlable

It would be nice to save the hearing map for a client if its connected.
I suppose if the rssi is not changing significantly (maybe doing some averaging?) the client stays at the same place and hearing map still will be valid.

As of today(2020/05/06), the umdns in openwrt trunk need fix to run normally.

it could not get this script working
ubus call umdns set_config '{ "interfaces": [ "br-lan" ] }'
but output Command failed: Invalid argument.

According to this bug report, https://www.mail-archive.com/[email protected]/msg50768.html, we should make interface name of lan longer than 6 letters.

Thus, a temporary workaround is to change interface 'lan' in /etc/config/network to 'mylan' or some word longer. As openwrt would add "br-" prefix to this name, and results in "br-mylan" name.

It is necessary to change /etc/config/wireless and /etc/config/dawn accordingly.

In addition, seccomp and jail in openwrt might block umdns working as well. It would be better to remove related lines in /etc/init.d/umdns file.

After these workaround, the dawn and umdns works.

The luci-app-dawn causes somtimes a crash if you want to open the hearing map.

Maybe it would be better to use a maximal counter and if the probe requeest is over this threshold nothing is sent more...

Maybe it's a better idea to kick the client with WLAN_REASON_ACTIVE_ROAM.

Any reason not to port DAWN? I'd like to use it but hesitate to compile stuff myself (if not needed for development).

I installed dawn and it;s not working. I found the following error message.
Tue Apr 7 04:16:19 2020 daemon.notice procd: /etc/rc.d/S50dawn: Starting Service...
Tue Apr 7 04:16:19 2020 daemon.notice procd: /etc/rc.d/S50dawn: Dawn instance started!
Tue Apr 7 04:16:19 2020 daemon.notice procd: /etc/rc.d/S50dawn: UMDNS with port 1026
Tue Apr 7 04:16:22 2020 daemon.err dawn[1606]: Failed to look up test object for umdns
Tue Apr 7 04:16:22 2020 daemon.err dawn[1606]: Failed to look up test object for umdns
Tue Apr 7 04:19:52 2020 kern.info kernel: [ 275.708560] do_page_fault(): sending SIGSEGV to dawn for invalid read access from 77d97004
Tue Apr 7 04:19:52 2020 kern.info kernel: [ 275.720406] ra = 0040569d in dawn[400000+b000]
Tue Apr 7 04:47:24 2020 daemon.err uhttpd[1695]: ...usr/lib/lua/luci/model/cbi/dawn/dawn_hearing_map.lua:8: in function 'render'
Tue Apr 7 04:47:37 2020 daemon.err uhttpd[1695]: /usr/lib/lua/luci/model/cbi/dawn/dawn_network.lua:10: in function 'render'
Tue Apr 7 04:48:23 2020 daemon.err uhttpd[1695]: ...usr/lib/lua/luci/model/cbi/dawn/dawn_hearing_map.lua:8: in function 'render'

Latest git head (and earlier versions) are segfaulting (on ath79 only?).

Last messages from logread:

Fri Jun 12 12:18:07 2020 daemon.err dawn[2319]: Neigbor-Report is null!
Fri Jun 12 12:18:07 2020 daemon.err dawn[2319]: Neigbor-Report is null!
Fri Jun 12 12:18:15 2020 daemon.err dawn[2319]: not complete msg, len:1444, expected len:2016
Fri Jun 12 12:18:15 2020 kern.info kernel: [ 2924.963455] do_page_fault(): sending SIGSEGV to dawn for invalid write access to 00000000
Fri Jun 12 12:18:15 2020 kern.info kernel: [ 2924.971938] epc = 77e86a98 in libc.so[77e14000+97000]
Fri Jun 12 12:18:15 2020 kern.info kernel: [ 2924.977197] ra = 77dfef4d in libubox.so[77dfa000+17000]

I set up DAWN on a couple APs on my local network, but they don't see each other's data. Logs show:

Mon Jun  8 10:49:12 2020 daemon.err dawn[19742]: not complete msg, len:308, expected len:872480768
Mon Jun  8 10:49:12 2020 daemon.err dawn[19742]: not complete msg, len:708, expected len:3288465408

I note 872480768 is 0x34010000 while 308 is 0x134. The hosts are expecting the network traffic to be in their own endianness. Looking at the code I see it's worse than that; even the size of this variable is host-dependent as it's a size_t not a fixed-size type.

I need full hostapd installation,with CONFIG_WNM_AP config flag.
Often openwrt has only wpad-basic installation.

Workaround:

opkg update
opkg remove wpad-basic
opkg install wpad

And then reboot router.

Can dawn get an option to set one metric field per device. So one can un/prefer specific APs? Have one AP connected as 802.11s mesh and it would be nice if my clients would avoid this AP unless there is no other option for the client.

Is the file /etc/dawn/mac_list rewritten on to the flash often when dawn runs?

My devices needs a /etc/init.d/umdns restart to see the dawn service running. Using OpenWrt SNAPSHOT r8484.
After that dawn sees the other router but known APs are only exchanged randomly. Sometimes it works sometimes it does not.
Great program btw.

I started tracking the memory usage on the main AP (one that has around 14 clients connected, regularly) and noticed a RSS increase from 12MB to around 18MB in ~18 hours. The AP then rebooted (I'm still not sure why that happened), the logs don't show any errors.

What's weird is that I have 2 other APs running the same version of dawn, with the same configuration and I don't see any memory increase. The difference is those APs don't have almost any clients connected.

...

There are more intersting statis codes like

• REJECTED_WITH_SUGGESTED_BSS_TRANSITION

The multicast socket has to be fixed.

Wed Aug 12 19:19:39 2020 kern.info kernel: [190163.211805] do_page_fault(): sending SIGSEGV to dawn for invalid read access from 646c6f64
Wed Aug 12 19:19:39 2020 kern.info kernel: [190163.227958] epc = 77e36f24 in libc.so[77e09000+9c000]
Wed Aug 12 19:19:39 2020 kern.info kernel: [190163.233163] ra  = 77d956df in libuci.so[77d94000+16000]

Activating/deactivating kicking in luci-app-dawn seems to trigger this on the other dawn instance running on a different router, requiring a restart of dawn on the affected nodes.

Using commit 50d54a6. (So up to date with master at the moment)

Think about adding service triggers as discussed in
openwrt/packages#11841 (comment)

after one day running, these lines appears in system log:

daemon.err dawn[6538]: [RSSI INFO] No hostapd sockets!
daemon.err dawn[6538]: [RSSI INFO] Failed to open dir:freq
daemon.err dawn[6538]: [RSSI INFO] No hostapd sockets!
daemon.err dawn[6538]: [RSSI INFO] Failed to open dir:freq
daemon.err dawn[6538]: [SUBSCRIBING] No hostapd sockets!

it seems dawn get wrong option hostapd_dir from /etc/config/dawn.

thus, variable "hostapd_dir_glob" became "freq".

no idea why such issue could happen.

It would be better to totally disable reload_config function and manually restart dawn with command "/etc/init.d/dawn restart"

35 static inline char *blobmsg_format_json(struct blob_attr *attr, bool list)
36 {
37 return blobmsg_format_json_with_cb(attr, list, NULL, NULL, -1);
38 }

from https://lxr.openwrt.org/source/libubox/blobmsg_json.h#L31

322 char *blobmsg_format_json_with_cb(struct blob_attr *attr, bool list, blobmsg_json_format_t cb, void *priv, int indent)
323 {
324 struct strbuf s = {0};
325 bool array;
326 char *ret;
327
328 setup_strbuf(&s, attr, cb, priv, indent);
329 if (!s.buf)
330 return NULL;
331
332 array = blob_is_extended(attr) &&
333 blobmsg_type(attr) == BLOBMSG_TYPE_ARRAY;
334
335 if (list)
336 blobmsg_format_json_list(&s, blobmsg_data(attr), blobmsg_data_len(attr), array);
337 else
338 blobmsg_format_element(&s, attr, false, false);
339
340 if (!s.len) {
341 free(s.buf);
342 return NULL;
343 }
344
345 ret = realloc(s.buf, s.pos + 1);
346 if (!ret) {
347 free(s.buf);
348 return NULL;
349 }
350
351 ret[s.pos] = 0;
352
353 return ret;
354 }

from https://lxr.openwrt.org/source/libubox/blobmsg_json.c

the actual processing function is blobmsg_format_element

225 static void blobmsg_format_element(struct strbuf *s, struct blob_attr *attr, bool without_name, bool head)
226 {
227 const char *data_str;
228 char buf[317];
229 void *data;
230 int len;
231
232 if (!blobmsg_check_attr(attr, false))
233 return;
234
235 if (!without_name && blobmsg_name(attr)[0]) {
236 blobmsg_format_string(s, blobmsg_name(attr));
237 blobmsg_puts(s, ": ", s->indent ? 2 : 1);
238 }
239
240 data = blobmsg_data(attr);
241 len = blobmsg_data_len(attr);
242
243 if (!head && s->custom_format) {
244 data_str = s->custom_format(s->priv, attr);
245 if (data_str)
246 goto out;
247 }
248
249 data_str = buf;
250 switch(blob_id(attr)) {
251 case BLOBMSG_TYPE_UNSPEC:
252 snprintf(buf, sizeof(buf), "null");
253 break;
254 case BLOBMSG_TYPE_BOOL:
255 snprintf(buf, sizeof(buf), "%s", *(uint8_t )data ? "true" : "false");
256 break;
257 case BLOBMSG_TYPE_INT16:
258 snprintf(buf, sizeof(buf), "%" PRId16, (int16_t) be16_to_cpu((uint16_t )data));
259 break;
260 case BLOBMSG_TYPE_INT32:
261 snprintf(buf, sizeof(buf), "%" PRId32, (int32_t) be32_to_cpu((uint32_t )data));
262 break;
263 case BLOBMSG_TYPE_INT64:
264 snprintf(buf, sizeof(buf), "%" PRId64, (int64_t) be64_to_cpu((uint64_t *)data));
265 break;
266 case BLOBMSG_TYPE_DOUBLE:
267 snprintf(buf, sizeof(buf), "%lf", blobmsg_get_double(attr));
268 break;
269 case BLOBMSG_TYPE_STRING:
270 blobmsg_format_string(s, data);
271 return;
272 case BLOBMSG_TYPE_ARRAY:
273 blobmsg_format_json_list(s, data, len, true);
274 return;
275 case BLOBMSG_TYPE_TABLE:
276 blobmsg_format_json_list(s, data, len, false);
277 return;
278 }

from https://lxr.openwrt.org/source/libubox/blobmsg_json.c#L225