You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
MAC Header | Category Code | Organization Identifier | Vendor Specific Content | FCS
But in reality, things are a bit different. There is no FCS (checksum) in the frame, according to the header flags, and there are four "random" (probably not really random, but they change a lot) bytes immediately before the vendor payload. (Did the FCS acidentally make its way into the middle of the packet somehow?)
Here's a frame I snagged with tcpdump from a wlan-interface, running a small ESP-NOW example program:
The vendor data should start at offset 0x002e (immediately after the [0x7f 0x18 0xfe 0x34] bytes, which is the category and organization id), but there you'll find four "random" bytes, and then, at offset 0x0032, the actual vendor frame [0xdd 0x0e + org + esp-now data].
The result is the same both with an ESP8266 running the Arduino libraries and a freshly updated ESP-IDF and a ESP32-WROOM
I assume most of the ESP devices already implement what I'm seeing, since they appear to communicate with each other just fine, but it's a shame the frames aren't according to the specs, nor are they actually valid 802.11 vendor specific frames. Wireshark quite correctly complains about "Malformed Packet" as well.
For backwards compatibility this might not be trivial to fix, but at least the documentation should reflect what's really going on, I think.
The text was updated successfully, but these errors were encountered:
Alvin1Zhang
changed the title
Observed ESP-NOW frames are not according to the docs, and are actually not valid 802.11 "vendor" frames.
[TW#27951] Observed ESP-NOW frames are not according to the docs, and are actually not valid 802.11 "vendor" frames.
Dec 14, 2018
projectgus
changed the title
[TW#27951] Observed ESP-NOW frames are not according to the docs, and are actually not valid 802.11 "vendor" frames.
Observed ESP-NOW frames are not according to the docs, and are actually not valid 802.11 "vendor" fr (IDFGH-503)
Mar 12, 2019
@vidarino Sorry to reply you too late. The purpose of the four "random" bytes is to prevent replay attacks. And we will update the documentation as soon as possible.
Fix following WiFi issues:
1. Fix WiFi buffer reload issue
2. Fix AMSDU decrypt issue
3. Fix some WiFi timer issues
4. Fix the crash caused by too big of association request RSN information
5. Fix the crash caused by block scan
6. Fix the bug for getting channel and bandwidth
7. Fix some Sniffer bugs
8. Fix some ESP-NOW issues
1> fix the bug when modifying the channel info of peer node
2> fix the crash when modifying peer node between unencrypted and encrypted
3> fix the bug for fetch peer
4> modify the esp_wifi_set_channel() function
5> fix the bug that the channel parameter doesn't work when adding peer node
Closes#2833Closes#4311
Environment
Problem Description
I've been playing with ESP-NOW a bit lately (on both ESP32 and ESP8266), and I've noticed that the frames being exchanged aren't actually according to the documentation found at https://docs.espressif.com/projects/esp-idf/en/latest/api-reference/wifi/esp_now.html
The docs claim that frames contain:
MAC Header | Category Code | Organization Identifier | Vendor Specific Content | FCS
But in reality, things are a bit different. There is no FCS (checksum) in the frame, according to the header flags, and there are four "random" (probably not really random, but they change a lot) bytes immediately before the vendor payload. (Did the FCS acidentally make its way into the middle of the packet somehow?)
Here's a frame I snagged with tcpdump from a wlan-interface, running a small ESP-NOW example program:
The same is seen in a frame captured from the IDF ESP-NOW example (esp-idf/examples/wifi/espnow/):
The vendor data should start at offset 0x002e (immediately after the [0x7f 0x18 0xfe 0x34] bytes, which is the category and organization id), but there you'll find four "random" bytes, and then, at offset 0x0032, the actual vendor frame [0xdd 0x0e + org + esp-now data].
The result is the same both with an ESP8266 running the Arduino libraries and a freshly updated ESP-IDF and a ESP32-WROOM
I assume most of the ESP devices already implement what I'm seeing, since they appear to communicate with each other just fine, but it's a shame the frames aren't according to the specs, nor are they actually valid 802.11 vendor specific frames. Wireshark quite correctly complains about "Malformed Packet" as well.
For backwards compatibility this might not be trivial to fix, but at least the documentation should reflect what's really going on, I think.
The text was updated successfully, but these errors were encountered: