"Error Wrote 39 out of 30" error message from wesside-ng

[aircrack-ng]

Reported by darkAudax on 15 Aug 2007 23:22 UTC

See thread: http://tinyshell.be/aircrackng/forum/index.php?topic=2270.0

aircrack-ng 1.0dev aircrack-ng/aircrack-ng@

wesside-ng -i wlan0 -v 00:14:6C:7E:40:80
[Using mac 00:C0:CA:17:DB:6A
[19:25:10](19:25:10]) Looking for a victim...
[Found SSID(teddy) BSS=(00:14:6C:7E:40:80) chan=9
[19:25:10](19:25:10]) Error Wrote 39 out of 30

This is specific to mac80211 drivers. It does work correctly with madwifi-ng drivers.

[aircrack-ng]

Comment by misterx on 15 Aug 2007 23:22 UTC

cosmetic changes

[aircrack-ng]

Comment by Induktanzia on 15 Aug 2007 23:22 UTC

I've got the same error on Ubuntu. Similar problem running BackTrack 3.
MSI PC60G Wireless PCI Card

[aircrack-ng]

Comment by monotek on 15 Aug 2007 23:22 UTC

Same error with Kernel 2.6.24.3 and rt73usb

[aircrack-ng]

Comment by Eric on 15 Aug 2007 23:22 UTC

I am getting it, too.
version: 1.0beta2
kernel: 2.6.23.15-80.fc7
card: BCM4311 (b43)

[aircrack-ng]

Comment by arch on 15 Aug 2007 23:22 UTC

I have an Ubuntu (kernel 2.6.24) with ipwraw(iwl3945), using ipwraw i got the same thing.

[aircrack-ng]

Comment by arch on 15 Aug 2007 23:22 UTC

Sorry it is not exactely the same

[14:55:45] ERROR Max retransmists for (30 bytes):

[aircrack-ng]

Comment by arch on 15 Aug 2007 23:22 UTC

Finally i found the troube there aircrack-ng/aircrack-ng@, sorry for spamming comments.

[aircrack-ng]

Comment by long double on 15 Aug 2007 23:22 UTC

This error appears in osdep/linux.c:587 in linux_write (1.0-beta2), when we reach case DT_MAC80211_RT. A packet to be sent is padded with 9 bytes from u8aRadiotap. After execution returns to src/wesside-ng.c:415 if(rc != len) does not take into account that padding could have been done and breaks with the error.

[aircrack-ng]

Comment by NetRolller 3D on 15 Aug 2007 23:22 UTC

Is the Radiotap header guaranteed to be always 9 bits wide? If it is, then a simple fix is "if(rc != len && rc != len + 9)".
Also, this needs to be done for both wesside-ng and easside-ng, as that also suffers from this bug.

[aircrack-ng]

Comment by NetRolller 3D on 15 Aug 2007 23:22 UTC

This patch should fix it, as long as the Radiotap header is always 9 bits wide. This condition appears to be true, as we are getting no reports with "wrote 42 out of 30", "wrote 36 out of 30" or "wrote 57 out of 30". For me at least, it definitely fixed it.

Note to devs: please comment here if you check this in, as I don't want to incorrectly recommend "apply this patch to the latest SVN" instead of "update to the latest SVN" to people woth this problem, as it happened to me with the nl80211/iw fix.

[aircrack-ng]

Comment by hirte on 15 Aug 2007 23:22 UTC

Should be fixed as of 5fd577a.

[aircrack-ng]

Comment by netrolller3d on 15 Aug 2007 23:22 UTC

Should we leave this open until 1.0-rc1 is released? It does appear to be fixed, yes.

[aircrack-ng]

Modified by misterx on 15 Aug 2007 23:22 UTC

[aircrack-ng]

Comment by anonymous on 15 Aug 2007 23:22 UTC

ok, b43 driver work fine with this patch...

[aircrack-ng]

Comment by anonymous on 15 Aug 2007 23:22 UTC

I get this same garbage still in 1.0 RC2.

[Looking for a victim...
00:37:47 Found SSID() BSS=(00:1C:xx:xx:xx:xx) chan=1
[Error Wrote 33 out of 30

Network controller: Intel Corporation PRO/Wireless 3945ABG Golan Network Connection (rev 02)

[aircrack-ng]

Comment by anonymous on 15 Aug 2007 23:22 UTC

I'm also getting that error with RC2 on Gentoo (Linux 2.6.28.4) with iwl3945...

[Using mac 00:1B:77:45:93:C7

20:51:34 Looking for a victim...

[Found SSID(XXXXXXXXXXXXXXXXXXXX) BSS=(XX:XX:XX:XX:XX:XX) chan=1

20:51:34 Error Wrote 33 out of 30

[aircrack-ng]

Comment by anonymous on 15 Aug 2007 23:22 UTC

same error here on debian sid with atheros and madwifi-ng:
[16:53:05] ERROR: Packet length changed while transmitting (33 instead of 30).

[aircrack-ng]

Comment by misterx on 15 Aug 2007 23:22 UTC

Patch committed (4afe5a2)

[aircrack-ng]

Comment by anonymous on 15 Aug 2007 23:22 UTC

Could someone pls tell me HOW TO PATCH wesside-ng?? I tried patch -p0 wesside-easside-wrote-33-out-of-30-fix-v2.patch in the normal consol but nothing happened. thx for you help.

[aircrack-ng]

Comment by misterx on 15 Aug 2007 23:22 UTC

This patch is already applied on trunk so no need to patch again.

[aircrack-ng]

Comment by anonymous on 15 Aug 2007 23:22 UTC

hmm so why do i still get Error Wrote 33 out of 30 ??? shouldn't that be solved?

PS: thanks for you quick answer

[aircrack-ng]

Comment by anonymous on 15 Aug 2007 23:22 UTC

ohh i may also say that i forgot to open the consol in the folder where the patch is located. after i now succesfully opened the patch now it asks for the directory of the orgiginal wesside-ng. which i can't find out. I'm using backtrack 4 beta run from a usb-stick.

[aircrack-ng]

Comment by ovelkan on 15 Aug 2007 23:22 UTC

Same here with Prism54 and BT4Beta. Any ideas?

[aircrack-ng]

Comment by anonymous on 15 Aug 2007 23:22 UTC

I still get Error Wrote 33 out of 30 with my ALFA AWUS036H on BT4 beta. Checked out latest svn version today.

[aircrack-ng]

Comment by anonymous on 15 Aug 2007 23:22 UTC

Would somebody with enough permissions reopen the ticket? Please?!

[aircrack-ng]

Comment by twat on 15 Aug 2007 23:22 UTC

I still get:

Error Wrote 33 out of 30 

Fresh install of BT4 on USB with Aircrack 1.0 rc3 49df79c

[aircrack-ng]

Comment by dalem50 on 15 Aug 2007 23:22 UTC

I'm still getting this:

ERROR: Packet length changed while transmitting (42 instead of 30).

[aircrack-ng]

Comment by anonymous on 15 Aug 2007 23:22 UTC

Replying to dalem50@:

I'm still getting this:

ERROR: Packet length changed while transmitting (42 instead of 30).

Maybe allow packet length+ 12 : http://dpaste.com/hold/67196

[aircrack-ng]

Comment by anonymous on 15 Aug 2007 23:22 UTC

I attached a patch to fix the wrote 42 of 30 error message. It seems that in linux_write() the wrong offset into the radiotap header was being subtracted from the return value. I removed the special cases from wesside and easside at the same time. I'm unsure if these are still needed or not, however. Perhaps someone more familiar with the code can answer. Could someone reopen plz.

[aircrack-ng]

Comment by anonymous on 15 Aug 2007 23:22 UTC

Actually, that's still technically wrong. It'll work, but the header length field is 16-bit little endian. I'll get a corrected patch up tomorrow.

[aircrack-ng]

Modified by misterx on 15 Aug 2007 23:22 UTC

[aircrack-ng]

Comment by anonymous on 15 Aug 2007 23:22 UTC

Thanks for reopening. I've attached an updated fix (same name) that should handle the length correctly now. If the people that were getting the '33 of 30' errors could test if this patch breaks that (as I said I removed the special case from wesside and easside).

[aircrack-ng]

Comment by anonymous on 15 Aug 2007 23:22 UTC

@misterx, would it be possible to get this committed without the modifications to wesside and easside? Or would you like more people to test it first?

[aircrack-ng]

Comment by misterx on 15 Aug 2007 23:22 UTC

If possible, yes, I would prefer to have more people testing it (ppl who have issues with the current version).

Btw, in the patch, isn't that a bit dangerous to use a short int (I think about 64bit systems)?

[aircrack-ng]

Comment by misterx on 15 Aug 2007 23:22 UTC

I'm also surprised by

p_rtlen = (short int*)(u8aRadiotap+2);
...
ret-=letoh16(*p_rtlen);

because the previous thing was:

ret-=u8aRadiotap[3];

you're using '+2' and the index of the array was previously 3. Is that normal?

Another question, did you test airodump-ng and aireplay-ng (and maybe others) with this patch?

[aircrack-ng]

Comment by anonymous on 15 Aug 2007 23:22 UTC

Replying to misterx:

If possible, yes, I would prefer to have more people testing it (ppl who have issues with the current version).

Btw, in the patch, isn't that a bit dangerous to use a short int (I think about 64bit systems)?

The header length field in the radiotap struct itself is only 16-bit (not sure if it's supposed to be signed or unsigned, however. Probably unsigned). That's why I used a short int. I don't imagine it ever being larger than 8-bit anyway. Currently the whole header is 12 bytes, would need to add a lot of fields to it in order to have it be larger than 256 bytes. So 65kB seems a little far-fetched.

[aircrack-ng]

Comment by anonymous on 15 Aug 2007 23:22 UTC

Replying to misterx:

you're using '+2' and the index of the array was previously 3. Is that normal?

Yes that is correct. That was the original bug, the array index was incorrect. It was pointing to the second byte of the header length field (0x00), instead of the first byte (0x0c). The header length field starts at u8aRadiotap[2].

Another question, did you test airodump-ng and aireplay-ng (and maybe others) with this patch?

No, I didn't, they only check that the return value of wi_write isn't -1, so this bug (or the fix) won't affect them. I'll check them just-in-case, though.

[aircrack-ng]

Comment by misterx on 15 Aug 2007 23:22 UTC

Latest patch committed in ca40632 with a slight modification: unsigned short int instead of short int.

[aircrack-ng]

Modified by misterx on 15 Aug 2007 23:22 UTC

[aircrack-ng]

Comment by ideesnoires on 15 Aug 2007 23:22 UTC

I'm also getting the "ERROR: Packet length changed while transmitting (42 instead of 30)."
this is with aicrack-ng 1.0-rc4 an iwl3945 chip and ubuntu 9.04 with kernel: 2.6.28-14.
there is no driver output via debug messages (iwlagn debug50=0x43fff) other than:
device mon0 entered promiscuous mode

i hope that helps

[aircrack-ng]

Comment by anonymous on 15 Aug 2007 23:22 UTC

I'm also getting the "ERROR: Packet length changed while transmitting (42 instead of 30)." even with the patch settings. on rc3

IDK how to setup rc4 but fromt he look of the comments i doubit it will work

[aircrack-ng]

Comment by jim on 15 Aug 2007 23:22 UTC

I'm also getting the "ERROR: Packet length changed while transmitting (42 instead of 30)."

[aircrack-ng]

Comment by leionmarry on 15 Aug 2007 23:22 UTC

Packet length changed while transmitting (42 instead of 30)."

BT4-PRE FINAL

ALPHA AWUSO36H

AC-NG RC3

[aircrack-ng]

Comment by anonymous on 15 Aug 2007 23:22 UTC

Guys, this was fixed in rc4, so just install rc4 and try again.

[aircrack-ng]

Comment by ideesnoires on 15 Aug 2007 23:22 UTC

it's working now. i accidentaly built the wrong version from svn. with Wesside-ng 1.0 rc4 b54d588 everything is going fine

[aircrack-ng]

Comment by anonymous on 15 Aug 2007 23:22 UTC

how do you properly install rc4 ?

[aircrack-ng]

Comment by anonymous on 15 Aug 2007 23:22 UTC

Replying to anonymous:

Guys, this was fixed in rc4, so just install rc4 and try again.

nope i installed rc4 and i still get the same error. rebooted still get the same error. everything is install correctly cuz i checked the version by opening the wesside-ng console.

rtl8187 - ALPHA AWUSO36H

[aircrack-ng]

Comment by Prezz on 15 Aug 2007 23:22 UTC

nope i installed rc4 and i still get the same error. rebooted still get the same error. everything is install correctly cuz i checked the version by opening the wesside-ng console.

rtl8187 - ALPHA AWUSO36H

[aircrack-ng]

Comment by anonymous on 15 Aug 2007 23:22 UTC

can i stil update to 1.0 rc4 on bt3 ?

[aircrack-ng]

Comment by misterx on 15 Aug 2007 23:22 UTC

yes

[aircrack-ng]

Comment by anonymous on 15 Aug 2007 23:22 UTC

im afraid to update to rc4, cuz i updated rc4 on bt4 and i was still geting the same error as prezz and wesside-ng works on bt3 but not fully, but it works.

[aircrack-ng]

Comment by misterx on 15 Aug 2007 23:22 UTC

Just FYI, use the forum for such question, this is a bug tracker.