From: Jouni Malinen (jkmaline_at_cc.hut.fi)
Date: 2002-07-25 17:42:10 UTC
On Sun, Jul 14, 2002 at 10:05:12AM -0400, Gerald Britton wrote:
> > "Jul 14 19:00:54 linux kernel: wlan0: Rx: len(24576) > MAX(2304)"
> I see this a lot when I'm in monitor mode, i don't think i ever have
> otherwise though.
I did some tests with monitor mode today and there seems to be interesting "features" in the firmware code.. When I configured the sniffing host to use "incorrect" channel (e.g., channel 2 when sending stations was on channel 3), the firmware reported frames with data_len=65522 (possibly signed -14, though I have though that it would always be unsigned val between 0 and max frame len). This was an ACK frame (i.e., it has only addr1), so it was missing addr2, addr3, and seq_ctrl, i.e., 14 bytes..
If this proves to be a feature, I will change the monitor mode to also let through frames with lengths -14 .. -1 (and remove this many bytes from the IEEE 802.11 header).
However, values like 24576 should not really happen and I would first guess that it could be a driver bug (i.e., trying to read two different things using the same BAP or something similar). I think that the latest driver changes could have fixed some problem cases.
-- Jouni Malinen PGP id EFC895FA