WLAN: Traps and Surprises

Werner Almesberger werner at openmoko.org
Tue Sep 16 23:17:54 CEST 2008 

Since quite a lot of WLAN problems have been reported, we decided to
start a more systematic search for them, and any usability exceptions
we may hit on the way.

The approach is to make tries in a controlled environment and to
work bottom-up, i.e., we begin with completely unprotected networks
and then work our way up to WEP and finally WPA.

The controlled environment means that we won't catch every freak
interoperability accident (e.g., bug #1250), but we'll at least be
able to establish a known to be good setup process, and thus in a
far better position to investigate other problems.

This effort is still very much in progress, but there are already a
few results that may be useful.


Unprotected, WEP, or WPA:

- ESSID must be either zero-length, or 2 bytes or longer
  Effect: iwconfig rejects the configuration request
  Reason: AR6k driver assumed old API
  Work-around: replace ESSIDs with length 1 with longer ESSIDs
  Status: fix is on its way through the build process

- ESSID must be 31 bytes or shorter
  Effect: iwconfig rejects the configuration request
  Reason: buffer overflow in kernel or AR6001 firmware
  Work-around: replace ESSIDs with length 32 with shorter ESSIDs
  Status: further analysis required

- WLAN setup through the Om2008 GUI doesn't work
  Effect: device does not obtain an IP address
  Reason: API incompatibility between ConnMan and DHCP
  Work-around: use command-line tools (iwconfig and udhcpc)
  Status: being fixed


If using WEP:

- Must set ESSID after WEP key
  Effect: ESSID is cleared
  Reason: setting the WEP key resets the ESSID
  Work-around: set WEP key first, then ESSID
  Status: design limitation, no action required

- Setting the WEP key as a string yields incompatible result
  Effect: iwconfig ... key s:password ... either fails or succeeds
    but traffic on top of 802.11 is rejected
  Reason: iwconfig sets the key to literally "password", and not the
    binary pattern (hash ?) almost everybody else uses. See also:
    http://www.powerdog.com/wepkey.cgi
  Work-around: only set the key in numeric form
  Status: design limitation, no action required

- Bad WEP key lingers and stays until traffic stops for a while
  Effect: traffic on top of 802.11 is rejected if an incorrect WEP
    key has been set, even if the key is changed on the device later
  Reason: new keys are apparently only considered after the device
    has been idle for about 30-80 seconds
  Work-around: stop all traffic, including DHCP, set the correct
    WEP key, wait at least one minute, then DHCP
  Status: further analysis required


We'll post updates as we progress.

- Werner

More information about the devel mailing list