ath(4) sends duplicate multicast frames with AR5212 chipset

Stefan Sperling Sat, 01 Oct 2011 16:06:46 -0700

I am running the following ath(4) card in hostap mode with WPA:

ath0 at pci0 dev 12 function 0 "Atheros AR5212 (IBM MiniPCI)" rev 0x01: irq 9
ath0: AR5213A 5.9 phy 4.3 rf5112a 3.6, WOR01W, address 00:0e:9b:d7:36:f8


STAs can connect fine. However, multicast frames cause a lot of RX errors
at the STA side. The "tkip replays" counter in netstat -W keeps increasing.
This results in occasional stutter in the wireless connection.
It is small, but noticable when typing into an ssh session to the STA.

Note that I have a carp setup running in this network which creates a lot
of multicast frames. With few multicast frames the problem is probably not
noticable. (TKIP is used for multicast frames, other traffic is using CCMP.)

This only happens with ath(4).
A ral(4) card I have doesn't show this problem at all.

Modyfing the code on the STA side as follows shows the problem:

Index: ieee80211_crypto_tkip.c
===================================================================
RCS file: /cvs/src/sys/net80211/ieee80211_crypto_tkip.c,v
retrieving revision 1.19
diff -u -p -r1.19 ieee80211_crypto_tkip.c
--- ieee80211_crypto_tkip.c     5 Apr 2011 11:48:28 -0000       1.19
+++ ieee80211_crypto_tkip.c     1 Oct 2011 21:51:46 -0000
@@ -362,7 +362,10 @@ ieee80211_tkip_decrypt(struct ieee80211c
                /* replayed frame, discard */
                ic->ic_stats.is_tkip_replays++;
                m_freem(m0);
+               printf("TKIP: replayed frame (tsc=%llu <= *prsc=%llu\n", tsc, 
*prsc);
                return NULL;
+       } else {
+               printf("TKIP: non-replayed frame (tsc=%llu > *prsc=%llu\n", 
tsc, *prsc);
        }
 
        MGET(n0, M_DONTWAIT, m0->m_type);


Oct  1 19:11:40 jack /bsd: TKIP: non-replayed frame (tsc=4375 > *prsc=4222)
Oct  1 19:11:40 jack /bsd: TKIP: replayed frame (tsc=4375 <= *prsc=4375)
Oct  1 19:11:40 jack /bsd: TKIP: replayed frame (tsc=4375 <= *prsc=4375)
Oct  1 19:11:40 jack /bsd: TKIP: replayed frame (tsc=4375 <= *prsc=4375)
Oct  1 19:11:40 jack /bsd: TKIP: replayed frame (tsc=4375 <= *prsc=4375)
Oct  1 19:11:40 jack /bsd: TKIP: replayed frame (tsc=4375 <= *prsc=4375)
Oct  1 19:11:40 jack /bsd: TKIP: replayed frame (tsc=4375 <= *prsc=4375)
Oct  1 19:11:40 jack /bsd: TKIP: replayed frame (tsc=4375 <= *prsc=4375)
Oct  1 19:11:40 jack /bsd: TKIP: replayed frame (tsc=4375 <= *prsc=4375)
Oct  1 19:11:40 jack /bsd: TKIP: non-replayed frame (tsc=4376 > *prsc=4375)
Oct  1 19:11:40 jack /bsd: TKIP: replayed frame (tsc=4376 <= *prsc=4376)
Oct  1 19:11:40 jack /bsd: TKIP: replayed frame (tsc=4376 <= *prsc=4376)
Oct  1 19:11:40 jack /bsd: TKIP: replayed frame (tsc=4376 <= *prsc=4376)
Oct  1 19:11:40 jack /bsd: TKIP: replayed frame (tsc=4376 <= *prsc=4376)
Oct  1 19:11:40 jack /bsd: TKIP: replayed frame (tsc=4376 <= *prsc=4376)
Oct  1 19:11:40 jack /bsd: TKIP: replayed frame (tsc=4376 <= *prsc=4376)
Oct  1 19:11:40 jack /bsd: TKIP: replayed frame (tsc=4376 <= *prsc=4376)
Oct  1 19:11:40 jack /bsd: TKIP: replayed frame (tsc=4376 <= *prsc=4376)

At the AP side the net80211 stack injects the multicast frame once.
But the card ends up sending the frame multiple times.

A similar problem as been reported in the past with an AR5213 chipset
in hostap mode with WPA on OpenBSD and an STA running Linux, see
http://old.nabble.com/Wireless-host-ap-wpa-problems-td19473573.html
(the dropped-connection symptoms described there are probably a different
problem which may have been fixed since).

Comparing our AR5212 code to the FreeBSD driver I found that we're
using different values telling the card how many TX retries to do.

FreeBSD re-transmits multicast data frames only once.
See ath_tx_start() in
http://svnweb.freebsd.org/base/head/sys/dev/ath/if_ath_tx.c?revision=220098&view=markup
where try0 is set to 1 in case of sending a data frame to a multicast address.
The HAL does not modify this value, see ar5212SetupTxDesc() in
http://svnweb.freebsd.org/base/head/sys/dev/ath/ath_hal/ar5212/ar5212_xmit.c?revision=225820&view=markup

Our AR5212 code retries 15 times, whether or not the frame is multicast.
The tx retries value passed to the HAL is 11 and the HAL always adds 4
(not sure what's the point -- only the AR5212 HAL changes the value
passed in, the other HALs don't).

The following patch sets the amount of TX attempts for multicast frames
to 1 which fixes the problem for me. ssh to the STA stays responsive and
no replays are reported.

Is this right?

(AR5K_TUNE_HWTXTRIES isn't used anywhere else so I removed it.)

Index: ar5212.c
===================================================================
RCS file: /cvs/src/sys/dev/ic/ar5212.c,v
retrieving revision 1.51
diff -u -p -r1.51 ar5212.c
--- ar5212.c    2 Jun 2009 12:39:02 -0000       1.51
+++ ar5212.c    1 Oct 2011 21:41:47 -0000
@@ -1353,8 +1353,7 @@ ar5k_ar5212_setup_tx_desc(struct ath_hal
        tx_desc->tx_control_1 =
            AR5K_REG_SM(type, AR5K_AR5212_DESC_TX_CTL1_FRAME_TYPE);
        tx_desc->tx_control_2 =
-           AR5K_REG_SM(tx_tries0 + AR5K_TUNE_HWTXTRIES,
-           AR5K_AR5212_DESC_TX_CTL2_XMIT_TRIES0);
+           AR5K_REG_SM(tx_tries0, AR5K_AR5212_DESC_TX_CTL2_XMIT_TRIES0);
        tx_desc->tx_control_3 =
            tx_rate0 & AR5K_AR5212_DESC_TX_CTL3_XMIT_RATE0;
 
Index: ar5xxx.h
===================================================================
RCS file: /cvs/src/sys/dev/ic/ar5xxx.h,v
retrieving revision 1.48
diff -u -p -r1.48 ar5xxx.h
--- ar5xxx.h    20 Apr 2010 22:05:41 -0000      1.48
+++ ar5xxx.h    1 Oct 2011 21:42:02 -0000
@@ -1328,7 +1328,6 @@ typedef HAL_BOOL (ar5k_rfgain_t)
 #define AR5K_TUNE_DEFAULT_TXPOWER              30
 #define AR5K_TUNE_TPC_TXPOWER                  AH_TRUE
 #define AR5K_TUNE_ANT_DIVERSITY                        AH_TRUE
-#define AR5K_TUNE_HWTXTRIES                    4
 
 /* Default regulation domain if stored value EEPROM value is invalid */
 #define AR5K_TUNE_REGDOMAIN    DMN_FCC2_FCCA   /* Canada */
Index: ath.c
===================================================================
RCS file: /cvs/src/sys/dev/ic/ath.c,v
retrieving revision 1.92
diff -u -p -r1.92 ath.c
--- ath.c       17 Apr 2011 20:38:10 -0000      1.92
+++ ath.c       1 Oct 2011 21:42:53 -0000
@@ -2068,7 +2068,7 @@ ath_tx_start(struct ath_softc *sc, struc
        struct ieee80211com *ic = &sc->sc_ic;
        struct ath_hal *ah = sc->sc_ah;
        struct ifnet *ifp = &sc->sc_ic.ic_if;
-       int i, error, iswep, hdrlen, pktlen, len, s;
+       int i, error, iswep, hdrlen, pktlen, len, s, tries;
        u_int8_t rix, cix, txrate, ctsrate;
        struct ath_desc *ds;
        struct ieee80211_frame *wh;
@@ -2376,13 +2376,14 @@ ath_tx_start(struct ath_softc *sc, struc
        /*
         * Formulate first tx descriptor with tx controls.
         */
+       tries = IEEE80211_IS_MULTICAST(wh->i_addr1) ? 1 : 15;
        /* XXX check return value? */
        ath_hal_setup_tx_desc(ah, ds
                , pktlen                /* packet length */
                , hdrlen                /* header length */
                , atype                 /* Atheros packet type */
                , 60                    /* txpower XXX */
-               , txrate, 1+10          /* series 0 rate/tries */
+               , txrate, tries         /* series 0 rate/tries */
                , iswep ? sc->sc_ic.ic_wep_txkey : HAL_TXKEYIX_INVALID
                , antenna               /* antenna mode */
                , flags                 /* flags */

        
Oct  2 00:04:28 jack /bsd: TKIP: non-replayed frame (tsc=257 > *prsc=253
Oct  2 00:04:35 jack /bsd: TKIP: non-replayed frame (tsc=259 > *prsc=257
Oct  2 00:04:35 jack /bsd: TKIP: non-replayed frame (tsc=260 > *prsc=259
Oct  2 00:04:36 jack /bsd: TKIP: non-replayed frame (tsc=261 > *prsc=260
Oct  2 00:04:36 jack /bsd: TKIP: non-replayed frame (tsc=262 > *prsc=261
Oct  2 00:04:36 jack /bsd: TKIP: non-replayed frame (tsc=263 > *prsc=262
Oct  2 00:04:36 jack /bsd: TKIP: non-replayed frame (tsc=264 > *prsc=263
Oct  2 00:04:36 jack /bsd: TKIP: non-replayed frame (tsc=265 > *prsc=264
Oct  2 00:04:36 jack /bsd: TKIP: non-replayed frame (tsc=266 > *prsc=265
Oct  2 00:04:45 jack /bsd: TKIP: non-replayed frame (tsc=267 > *prsc=266
Oct  2 00:04:46 jack /bsd: TKIP: non-replayed frame (tsc=269 > *prsc=267
Oct  2 00:04:49 jack /bsd: TKIP: non-replayed frame (tsc=271 > *prsc=269
Oct  2 00:04:52 jack /bsd: TKIP: non-replayed frame (tsc=273 > *prsc=271
Oct  2 00:04:55 jack /bsd: TKIP: non-replayed frame (tsc=274 > *prsc=273
Oct  2 00:04:55 jack /bsd: TKIP: non-replayed frame (tsc=275 > *prsc=274
Oct  2 00:05:05 jack /bsd: TKIP: non-replayed frame (tsc=276 > *prsc=275
Oct  2 00:05:05 jack /bsd: TKIP: non-replayed frame (tsc=277 > *prsc=276
Oct  2 00:05:05 jack /bsd: TKIP: non-replayed frame (tsc=278 > *prsc=277
Oct  2 00:05:15 jack /bsd: TKIP: non-replayed frame (tsc=279 > *prsc=278
Oct  2 00:05:15 jack /bsd: TKIP: non-replayed frame (tsc=280 > *prsc=279
Oct  2 00:05:16 jack /bsd: TKIP: non-replayed frame (tsc=281 > *prsc=280
Oct  2 00:05:16 jack /bsd: TKIP: non-replayed frame (tsc=282 > *prsc=281
Oct  2 00:05:16 jack /bsd: TKIP: non-replayed frame (tsc=283 > *prsc=282
Oct  2 00:05:16 jack /bsd: TKIP: non-replayed frame (tsc=284 > *prsc=283
Oct  2 00:05:16 jack /bsd: TKIP: non-replayed frame (tsc=285 > *prsc=284
Oct  2 00:05:16 jack /bsd: TKIP: non-replayed frame (tsc=286 > *prsc=285

ath(4) sends duplicate multicast frames with AR5212 chipset

Reply via email to