How to use the debugging tools athdebug and 80211debug
MadWifi contains quite extensive debugging facilities, which are hidden to most people. The tools/ directory contains two programs which are also installed by default, called athdebug and 80211debug. These two programs can be used to control the amount of debugging output which appears in the kernel log (dmesg and /var/log/messages or /var/log/kern.log depending on the distribution).
The reason why there are two separate programs is that one controls the debugging output from the device (ath) specific part and the other one for the generic (80211) part. Remember: The 802.11 stack used by MadWifi (net80211) is derived from FreeBSD where it supports more wireless devices than just Atheros based.
Both programs have the same user interface and basically work by setting a bitmap in the driver enabling or disabling debugging output from various subsystems. Both also take an optional parameter -i device (e.g. -i wifi1) which can be omitted if you use wifi0.
So we have the basic usage:
athdebug [-i interface] bitmap 80211debug [-i interface] bitmap
You can enable all debugging output from the ath (device) specific subsystems (same for 80211) by typing
And disable it with
Since it's quite tedious to remember the bitmaps, fortunately there is a user friendlier interface which can be used to enable (+) or disable (-) debugging output by giving the name of the component or subsystem
athdebug [-i interface] [+|-]name [[+|-]name] 80211debug [-i interface] [+|-]name [[+|-]name]
athdebug controls the debugging output from the atheros device specific parts, or the parts closer to the hardware. It has the following flags:
xmit - transmit of packets, just before they go out to the HW xmit_desc - transmit descriptors recv - received packets, directly from the HW recv_desc - receive descriptors rate - the rate control modules reset - reset processing and inititalization mode - mode changes beacon - beacon handling watchdog - watchdog timeout intr - interrupt processing xmit_proc - processing of transmit descriptors recv_proc - processing of receive descriptors beacon_proc - beacon processing calibrate - periodic re-calibration keycache - key cache management state - 802.11 state transitions node - node management ff - fast frame handling fatal - fatal errors
80211debug controls the debugging output from the 802.11 stack. It has the following flags:
debug - IFF_DEBUG equivalent (?) dumppkts - dump packets crypto - crypto modules input - packet input xrate - rate set handling elemid - element id parsing node - node management assoc - association handling auth - authentication handling scan - scanning output - packet output state - 802.11 state machine power - power save functions dotx1 - 802.1x authenticator dot1xsm - 802.1x state machine radius - 802.1x radius client raddump - 802.1x radius packet dump radkeys - 802.1x key dump wpa - WPA/RSN protocol acl - ACL handling wme - WME protocol superg - super g turbo mode doth - 802.11h (DFS/TPC) handling inact - timeout of inactive nodes roam - station mode roaming
UserDocs/Tools/ath+802_debug-wrapper provides a shell script that implements a dialog interface to the debug tools, making it a lot easier for users to work with the debug tools.
Examples and Tips
Example 1: Dump received packets
For example we can enable output from the xmit (transmit) functions with
You will see dev.wifi0.debug: 0x0 => 0x1<xmit> - the 0x... stuff showing the bitmap which you could also use (especially interresting when you combine more flags). Then you will see every packet which is passed by the driver to the hardware in the kernel log. In this case:
ath_tx_start: Q1: (ds)a3110ea0 (lk)00000000 (d)033f95c0 (c0)033f0058 (c1)07000054 000b0000 0000001b ath_tx_txqaddbuf: link (a3110e40)=3110ea0 (a3110ea0) ath_tx_start: skb0 8329bcc0 [data 833f9490 len 105] skbaddr 33f9490 NODS 00:02:6f:22:0a:87->00:60:1d:f0:b1:61(00:02:6f:22:0a:87) probe_resp 1M 50 00 3a 01 00 60 1d f0 b1 61 00 02 6f 22 0a 87 00 02 6f 22 0a 87 a0 01 00 00 00 00 00 00 00 00 64 00 01 00 00 07 62 72 31 74 65 73 74 01 04 82 84 8b 96 03 01 02 07 06 4e 41 49 01 0b 1b 20 01 00 2a 01 07 dd 18 00 50 f2 02 01 01 84 00 02 a3 40 00 27 a4 00 00 42 43 5e 00 62 32 2f 00 dd 09 00 03 7f 01 01 00 24 00 00
The lower part with the hex numbers is a full packet dump similar to the one you would get with tcpdump -x or ethereal.
Example 2: Show Special Input Packets
Another useful information is often to see which packets come in and which of them are discarded:
This results for example in:
[ath0:00:60:b3:13:0c:56] discard frame, not to bss [ath0:00:02:6f:09:51:90] discard frame, not to bss
Which is quite a normal condition when there are other WLAN networks in the same area.
Example 3: Show Associations
Now let's print information about associating stations (on the AP side)
ath0: [00:02:6f:2f:02:65] station associated at aid 1: short preamble, short slot time, QoS, fast-frames
Attention: Enabling all debugging output on smaller systems can make them very slow and sometimes unresponsive. So it's usually better to only enable the output from the part you are interested in.
But sometimes you don't know in advance. So it might sometimes be useful to use a script or write all commands in one line to enable debugging output, issue a short command and disable it again. E.g:
athdebug 0xffffffff; iwpriv ath0 mode 1; athdebug 0x0;
80211debug 0xffffffff; athdebug 0xffffffff; \ ping -c 1 10.0.0.1; \ athdebug 0x0; 80211debug 0x0;