[arch-general] network WTF
Got a bit of network weirdness going on here. 2 different Arch laptops, an old one and a new one, with completely different hardware (and also i686 vs. x86_64), but both are completely up to date with the latest repos. On the old (i686) one, "iwlist scan" works fine from the command line, as a non-root user. On the new one, no dice - I need to be root to get back results. What makes this even more annoying is that apparently some of the wireless tools I'm using suffer from this restriction as well. So on the old laptop, kwifimanager and knemo show accurate info about the current connection (bit rate, link quality, etc.) while on the new laptop these come up empty. Anyone have any idea what's causing this and/or how to work around it? Surely I don't need to run kwifimanager and knemo as root to do it. I'm guessing there's some obscure setting that's different between the 2 machines that's controlling this, but I have no clue what it could be. TIA, DR
David Rosenstrauch wrote:
Got a bit of network weirdness going on here. 2 different Arch laptops, an old one and a new one, with completely different hardware (and also i686 vs. x86_64), but both are completely up to date with the latest repos. On the old (i686) one, "iwlist scan" works fine from the command line, as a non-root user. On the new one, no dice - I need to be root to get back results.
Normally 'iwlist wlanX scan' as user just reads a previous scan, and with root privileges it does actually scan for networks.
What makes this even more annoying is that apparently some of the wireless tools I'm using suffer from this restriction as well. So on the old laptop, kwifimanager and knemo show accurate info about the current connection (bit rate, link quality, etc.) while on the new laptop these come up empty.
Maybe it's a group issue? Are the users in the 'network' group? Can you associate manually to an access point?
Anyone have any idea what's causing this and/or how to work around it? Surely I don't need to run kwifimanager and knemo as root to do it.
I'm guessing there's some obscure setting that's different between the 2 machines that's controlling this, but I have no clue what it could be.
If it's not a permission issue, my guess is that the wireless cards send different results (assuming they're different cards). Maybe you should start the 'broken' machine with a LiveCD from another distro or ArchLinux i686 LiveCD to see if it's Arch failing or your hardware. I hope it helps. -- mitoyarzun http://www.archlinux.cl/
I know this isn't of great help, but in the forum there are lots of people complaining that iwlist isn't working as non-root user with the new kernel (2.6.29) On Wed, Apr 15, 2009 at 5:48 AM, Jaime Oyarzun Knittel <joyarzun@alumnos.inf.utfsm.cl> wrote:
David Rosenstrauch wrote:
Got a bit of network weirdness going on here. 2 different Arch laptops, an old one and a new one, with completely different hardware (and also i686 vs. x86_64), but both are completely up to date with the latest repos. On the old (i686) one, "iwlist scan" works fine from the command line, as a non-root user. On the new one, no dice - I need to be root to get back results.
Normally 'iwlist wlanX scan' as user just reads a previous scan, and with root privileges it does actually scan for networks.
What makes this even more annoying is that apparently some of the wireless tools I'm using suffer from this restriction as well. So on the old laptop, kwifimanager and knemo show accurate info about the current connection (bit rate, link quality, etc.) while on the new laptop these come up empty.
Maybe it's a group issue? Are the users in the 'network' group? Can you associate manually to an access point?
Anyone have any idea what's causing this and/or how to work around it? Surely I don't need to run kwifimanager and knemo as root to do it.
I'm guessing there's some obscure setting that's different between the 2 machines that's controlling this, but I have no clue what it could be.
If it's not a permission issue, my guess is that the wireless cards send different results (assuming they're different cards).
Maybe you should start the 'broken' machine with a LiveCD from another distro or ArchLinux i686 LiveCD to see if it's Arch failing or your hardware.
I hope it helps.
-- mitoyarzun http://www.archlinux.cl/
André Ramaciotti wrote:
I know this isn't of great help, but in the forum there are lots of people complaining that iwlist isn't working as non-root user with the new kernel (2.6.29)
I'll take a look, thanks. That said, not sure why it would be working on one laptop but not the other. Maybe there's an answer in one of those threads. Thanks, DR
David Rosenstrauch schrieb:
I'll take a look, thanks.
That said, not sure why it would be working on one laptop but not the other. Maybe there's an answer in one of those threads.
I was never able to scan as unprivileged user and I think you are not supposed to be able to do it! I don't understand this fuss about it at all.
Thomas Bächler wrote:
David Rosenstrauch schrieb:
I'll take a look, thanks.
That said, not sure why it would be working on one laptop but not the other. Maybe there's an answer in one of those threads.
I was never able to scan as unprivileged user and I think you are not supposed to be able to do it! I don't understand this fuss about it at all.
What makes this even more annoying is that apparently some of the wireless tools I'm using suffer from this restriction as well. So on
The fuss is the resulting consequence that I mentioned in the 2nd part of my email: the old laptop, kwifimanager and knemo show accurate info about the current connection (bit rate, link quality, etc.) while on the new laptop these come up empty. Those tools, which work great on one laptop, are pretty much useless on the other one if they're not able to perform a scan. DR
David Rosenstrauch wrote:
Thomas Bächler wrote:
David Rosenstrauch schrieb:
I'll take a look, thanks.
That said, not sure why it would be working on one laptop but not the other. Maybe there's an answer in one of those threads.
I was never able to scan as unprivileged user and I think you are not supposed to be able to do it! I don't understand this fuss about it at all.
The fuss is the resulting consequence that I mentioned in the 2nd part of my email:
What makes this even more annoying is that apparently some of the wireless tools I'm using suffer from this restriction as well. So on the old laptop, kwifimanager and knemo show accurate info about the current connection (bit rate, link quality, etc.) while on the new laptop these come up empty.
Those tools, which work great on one laptop, are pretty much useless on the other one if they're not able to perform a scan.
DR
Looks like scanning is just a symptom. This appears to be more the crux of the issue: [darose@daroselin ~]$ iwconfig lo no wireless extensions. eth0 no wireless extensions. eth1 IEEE 802.11 Nickname:"" Access Point: Not-Associated Link Quality:5 Signal level:213 Noise level:169 Rx invalid nwid:0 invalid crypt:0 invalid misc:0 tun0 no wireless extensions. [darose@daroselin ~]$ sudo iwconfig lo no wireless extensions. eth0 no wireless extensions. eth1 IEEE 802.11bg ESSID:"<our ap name>" Nickname:"" Mode:Managed Frequency:2.462 GHz Access Point: 00:1B:2F:0C:BD:9E Bit Rate=54 Mb/s Tx-Power:32 dBm Retry min limit:7 RTS thr:off Fragment thr:off Power Managementmode:All packets received Link Quality=5/5 Signal level=-41 dBm Noise level=-87 dBm Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 Tx excessive retries:2506 Invalid misc:0 Missed beacon:0 tun0 no wireless extensions. Not sure what's causing the discrepancy here. Something in my driver? (Broadcom wl.) Have to look into this more ... DR
David Rosenstrauch wrote:
Looks like scanning is just a symptom. This appears to be more the crux of the issue:
[darose@daroselin ~]$ iwconfig lo no wireless extensions.
eth0 no wireless extensions.
eth1 IEEE 802.11 Nickname:"" Access Point: Not-Associated Link Quality:5 Signal level:213 Noise level:169 Rx invalid nwid:0 invalid crypt:0 invalid misc:0
tun0 no wireless extensions.
[darose@daroselin ~]$ sudo iwconfig lo no wireless extensions.
eth0 no wireless extensions.
eth1 IEEE 802.11bg ESSID:"<our ap name>" Nickname:"" Mode:Managed Frequency:2.462 GHz Access Point: 00:1B:2F:0C:BD:9E Bit Rate=54 Mb/s Tx-Power:32 dBm Retry min limit:7 RTS thr:off Fragment thr:off Power Managementmode:All packets received Link Quality=5/5 Signal level=-41 dBm Noise level=-87 dBm Rx invalid nwid:0 Rx invalid crypt:0 Rx invalid frag:0 Tx excessive retries:2506 Invalid misc:0 Missed beacon:0
tun0 no wireless extensions.
Not sure what's causing the discrepancy here. Something in my driver? (Broadcom wl.) Have to look into this more ...
DR
Yeah, that's definitely the issue. strace shows this as non-root user: ioctl(3, SIOCGIWNAME, 0x7fff32cf97f0) = 0 ioctl(3, SIOCGIWNWID, 0x7fff32cf97f0) = -1 EOPNOTSUPP (Operation not supported) ioctl(3, SIOCGIWFREQ, 0x7fff32cf97f0) = -1 EPERM (Operation not permitted) ioctl(3, SIOCGIWENCODE, 0x7fff32cf97f0) = -1 EPERM (Operation not permitted) ioctl(3, SIOCGIWESSID, 0x7fff32cf97f0) = -1 EPERM (Operation not permitted) ioctl(3, SIOCGIWMODE, 0x7fff32cf97f0) = -1 EPERM (Operation not permitted) ioctl(3, SIOCGIWRANGE, 0x7fff32cf97f0) = -1 EPERM (Operation not permitted) ioctl(3, SIOCGIWAP, 0x7fff32cf9ce0) = 0 ioctl(3, SIOCGIWRATE, 0x7fff32cf9ce0) = -1 EPERM (Operation not permitted) ioctl(3, SIOCGIWPOWER, 0x7fff32cf9ce0) = -1 EPERM (Operation not permitted) vs. this for root: ioctl(3, SIOCGIWNAME, 0x7fffa84a1690) = 0 ioctl(3, SIOCGIWNWID, 0x7fffa84a1690) = -1 EOPNOTSUPP (Operation not supported) ioctl(3, SIOCGIWFREQ, 0x7fffa84a1690) = 0 ioctl(3, SIOCGIWENCODE, 0x7fffa84a1690) = -1 EOPNOTSUPP (Operation not supported) ioctl(3, SIOCGIWESSID, 0x7fffa84a1690) = 0 ioctl(3, SIOCGIWMODE, 0x7fffa84a1690) = 0 ioctl(3, SIOCGIWRANGE, 0x7fffa84a1690) = 0 ioctl(3, SIOCGIWAP, 0x7fffa84a1b80) = 0 ioctl(3, SIOCGIWRATE, 0x7fffa84a1b80) = 0 ioctl(3, SIOCGIWPOWER, 0x7fffa84a1b80) = 0 ioctl(3, SIOCGIWSTATS, 0x7fffa84a1670) = 0 ioctl(3, SIOCGIWNICKN, 0x7fffa84a1b80) = 0 ioctl(3, SIOCGIWTXPOW, 0x7fffa84a1b80) = 0 ioctl(3, SIOCGIWSENS, 0x7fffa84a1b80) = -1 EOPNOTSUPP (Operation not supported) ioctl(3, SIOCGIWRETRY, 0x7fffa84a1b80) = 0 ioctl(3, SIOCGIWRTS, 0x7fffa84a1b80) = 0 ioctl(3, SIOCGIWFRAG, 0x7fffa84a1b80) = 0 Not sure what's causing the permission errors, though. (Don't know enough about linux wireless.) Off to do more digging ... DR
Thomas Bächler wrote:
David Rosenstrauch schrieb:
I'll take a look, thanks.
That said, not sure why it would be working on one laptop but not the other. Maybe there's an answer in one of those threads.
I was never able to scan as unprivileged user and I think you are not supposed to be able to do it! I don't understand this fuss about it at all.
Works for me [user@desktop core]$ iwlist scan lo Interface doesn't support scanning. eth0 Interface doesn't support scanning. wmaster0 Interface doesn't support scanning. wlan0 Scan completed : Cell 01 - Address: 00:18:39:C1:E2:7E ESSID:"Bildanet" Mode:Master Channel:11 Frequency:2.462 GHz (Channel 11) Quality=70/100 Signal level:-40 dBm Noise level=-70 dBm Encryption key:on IE: Unknown: 000842696C64616E6574 IE: Unknown: 010882848B962430486C IE: Unknown: 03010B IE: Unknown: 2A0104 IE: Unknown: 2F0104 IE: Unknown: 32040C121860 IE: Unknown: DD06001018020014 Bit Rates:1 Mb/s; 2 Mb/s; 5.5 Mb/s; 11 Mb/s; 18 Mb/s 24 Mb/s; 36 Mb/s; 54 Mb/s; 6 Mb/s; 9 Mb/s 12 Mb/s; 48 Mb/s Extra:tsf=000000672fcee185 Extra: Last beacon: 90ms ago [user@desktop core]$
Jaime Oyarzun Knittel wrote:
David Rosenstrauch wrote:
What makes this even more annoying is that apparently some of the wireless tools I'm using suffer from this restriction as well. So on the old laptop, kwifimanager and knemo show accurate info about the current connection (bit rate, link quality, etc.) while on the new laptop these come up empty.
Maybe it's a group issue? Are the users in the 'network' group?
Yep.
Can you associate manually to an access point?
Not sure what you mean by "manually". I usually use either networkmanager/knetworkmanager or netcfg for networking, both of which require root privs. DR
David Rosenstrauch wrote:
Jaime Oyarzun Knittel wrote: [...]
Can you associate manually to an access point?
Not sure what you mean by "manually". I usually use either networkmanager/knetworkmanager or netcfg for networking, both of which require root privs.
I mean using iwconfig directly from a terminal (with networkmanager down). Are you able to bring the interface up? (does "ifconfig wlanX up" throw any error?) You should give more details of your hardware specs (Is it a firmware issue?), and try using an external wireless device (USB or PCMCIA). -- mitoyarzun http://www.archlinux.cl/
Jaime Oyarzun Knittel wrote:
David Rosenstrauch wrote:
Jaime Oyarzun Knittel wrote: [...]
Can you associate manually to an access point? Not sure what you mean by "manually". I usually use either networkmanager/knetworkmanager or netcfg for networking, both of which require root privs.
I mean using iwconfig directly from a terminal (with networkmanager down).
Are you able to bring the interface up? (does "ifconfig wlanX up" throw any error?)
Ah; I understand now. It's a moot issue now, though. I finally got my hands dirty and dug into the broadcom wl driver code and I see what's causing this behavior. The driver is checking for capability CAP_NET_ADMIN, and if that's not set then it's returning a EPERM permission error on every ioctl wireless call. So all the driver connection info calls done by non-root users fail with permissioning errors. Not sure if that's what the driver should be doing, though I expect not, since the other laptop (which is using the ipw2200 driver) seems to be allowing these calls through. But when I rebuilt and ran the wl driver with that code commented out, my machine started to behave a bit weird a few times after that, so I put everything back the way it was. Not a good idea to mess with kernel module code if you don't know what you're doing, methinks. Also I'm not sure if/how it might be possible to set CAP_NET_ADMIN for a non-root user. But I'm kinda at the limits of my tech knowledge here, and wasn't able to google up more info, so I think I'm just going to have to leave this unfixed unfortunately. One other annoying thing about this issue is the fact that the wl driver isn't a proper open source driver, integrated into the kernel source and maintained by kernel developers. So although I'd love to report this issue and have it get fixed, there doesn't seem to be any forum/mailing list/bug tracker/etc. that I could find via the driver's page at Broadcom's site. Very irritating. I usually avoid buying non-open-source-friendly hardware exactly because of situations like this, but this is a laptop I got from work so I didn't have a choice, unfortunately. DR
2009/4/16 David Rosenstrauch <darose@darose.net>:
Jaime Oyarzun Knittel wrote: [...] I finally got my hands dirty and dug into the broadcom wl driver code and I see what's causing this behavior. The driver is checking for capability CAP_NET_ADMIN, and if that's not set then it's returning a EPERM permission error on every ioctl wireless call. So all the driver connection info calls done by non-root users fail with permissioning errors. [...] Also I'm not sure if/how it might be possible to set CAP_NET_ADMIN for a non-root user. But I'm kinda at the limits of my tech knowledge here, and wasn't able to google up more info, so I think I'm just going to have to leave this unfixed unfortunately.
It looks like there is a pam module pam_cap which can be used to set roles on users, but i havent checked if Arch has it. Some info i found: man 7 capabilities http://blog.flameeyes.eu/2008/02/18/capabilties-and-pam http://www.friedhoff.org/posixfilecaps.html Especially second URL above seems to give quite good info on capabilities. HTH, HAND. mvg, Guus
Guus Snijders wrote:
It looks like there is a pam module pam_cap which can be used to set roles on users, but i havent checked if Arch has it.
Some info i found: man 7 capabilities http://blog.flameeyes.eu/2008/02/18/capabilties-and-pam http://www.friedhoff.org/posixfilecaps.html
Especially second URL above seems to give quite good info on capabilities.
HTH, HAND.
mvg, Guus
Thanks much for the pointers! I'll read them through when I get a moment. DR
participants (6)
-
André Ramaciotti
-
Baho Utot
-
David Rosenstrauch
-
Guus Snijders
-
Jaime Oyarzun Knittel
-
Thomas Bächler