-
Notifications
You must be signed in to change notification settings - Fork 823
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Kernel Panic on macOS 10.15 when using pcap_inject #922
Comments
I managed to get a symbolicated crash log, which I will attach below. In the end this looks like a macOS bug caused by Apple that is difficult to fix from the outside. I am open for other recommendations though.
|
If the stack traces valid, it's panicking in a routine for which the comment is /* Synchronize a thread's x86_kernel_state (if any) with the given
The call is from kernel_trap(), for which the comment is /*
The recoverable page fault errors may be ones where the kernel is copying data from or to userland and is taking a page fault because a userland page is paged out (or zero-fill-on-demand or copy-on-write or...), or is not readable/writable. The packet should already have been copied into userland from bpfwrite() calling bpf_movein(), assuming that the code path in xnu-6153.81.5~1 is the same as in xnu-6153.11.26, so it's probably a page fault other than a copy-from-userland fault. Unfortunately, IO80211Family isn't in the open-source part of macOS, so I don't know what's going wrong, but you should probably submit a bug report at http://feedbackassistant.apple.com. You may have to sign up from an Apple developer account. |
Apple seem to have screwed up many aspects of the interaction between BPF and the Wi-Fi driver in newer MacBook Pros; monitor mode now requires some Special Magic to be done - the sniffer in Wireless Diagnostics does some form of Special Magic before running tcpdump (yes, it's tcpdump that does the sniffing work there). I think the AirPort group needs some more adult supervision by the networking group. |
I sent feedback to Apple about this issue with the number I attached the project to this message. Be aware, it will lead to a kernel panic on any Mac with a T2 chip. |
Hi,
we are using libpcap in the owl project that uses it to inject frames into the WiFi chip.
General Info:
libpcap version is 1.9.1
macOS 10.15.3
Darwin 19.3.0 Darwin Kernel Version 19.3.0: Thu Jan 9 20:58:23 PST 2020; root:xnu-6153.81.5~1/RELEASE_X86_64 x86_64
Statement of the problem
Our recent build seems to work fine on Linux, but we get a Kernel panic on macOS.
We discovered that the kernel Panic originates after we call the function
pcap_inject
.I tried it with the most recent release and the the master branch.
The code for this function can be found here:
libpcap/pcap.c
Line 4030 in 028ce66
Steps to reproduce
Install owl as described on a Mac.
Run it with
sudo owl -i en0
Right after the setup of putting the WiFi chip into monitor mode the first packet should be sent in the function
wlan_send
located in daemon/io.c.It's possible to set a breakpoint and check that the kernel panic happens when calling pcap_inject.
Crash Logs
If there is more information that I can submit to help discovering the issue I am willing to do so.
The text was updated successfully, but these errors were encountered: