Wifi router issues with Fedora installation (turned out to be a DDoS virus)

I’ve set up Fedora Workstation on a computer, and I’ve confirmed that when the wifi is turned on, it breaks the wifi router. The router starts to behave in a strange manner, it keeps dropping the connection roughly every few seconds.

It also breaks the router when connecting to the wifi router directly via ethernet cable, but not as frequently and not noticeable at first that I thought it didn’t affect it, until I carefully observed it.

I’ve earlier ran Windows and Ubuntu on the same device that I installed Fedora on, so I am certain it’s not a network card issue.

Things I tried:

  • Disabling PMF
  • Forgeting the wifi connection and reconnecting.
  • Enabling/disabling NAT-PMP, IGMP snooping, 5G, firewalld, one at a time.

Hardware:

  • Network controller is Intel Wireless-AC 9560.
  • Ethernet controller is Qualcomm Atheros Killer E2400 Gigabit Ethernet Controller.
  • Router is Apple AirportExtreme.

There is a bug that currently creates problems on intel wifi cards, see https://bugzilla.redhat.com/show_bug.cgi?id=1733369

You may be affected by that. The solution is to wait for a couple of days for an update of the module, or downgrade the firmware. What’s your wifi card?

1 Like

Hi @maxfedora! Welcome to the community! Please do take a few minutes to go over the introductory posts in #start-here when you have the time. They contain lots of useful information.

One more possible problem is described in this FedoraMagazine article.

3 Likes

Hi @florian, I’ve edited the post to include hardware and other details.

Thanks, I’ve had a look at the link, yes that seems to a possibilty, even the card model is similar. I guess I’ll wait for it to get patched, prefer not to downgrade and break something else.

Hi nightromantic, thanks, I’ve had a look at the article and tried to disable PMF, but the problem persisted, so I guess it’s not it.

It’s hard to diagnose this issue until we have more information. It is unlikely to be related to the bugzilla issue—that is quite clearly a firmware issue and therefore, should not affect your ethernet hardware.

Can you please look at the output of dmesg to see what it says when you turn on your wifi hardware and so on?

https://docs.fedoraproject.org/en-US/quick-docs/viewing-logs/

Can you please qualify,

  1. Do you have other devices (mobile phones, other computers) connected to the router simultaneously?

  2. If you do, does the problem with the connection you talk about affect other connected devices as well, or only Fedora box?

  3. What do you do to resume normal router operations, do you just disconnect Fedora box, or do you have to restart the router?

I ask this so we understand, if this problem is specific to Fedora connection, or is it affect all the connections of the router?

Also me personally, I’d test more thoroughly if ethernet connection works ok or not.

2 Likes

@FranciscoD Here’s the output of dmesg from Fedora right after I connected to wifi:

[ 7960.935577] iwlwifi 0000:00:14.3: Applying debug destination EXTERNAL_DRAM
[ 7961.050592] iwlwifi 0000:00:14.3: Applying debug destination EXTERNAL_DRAM
[ 7961.114613] iwlwifi 0000:00:14.3: FW already configured (0) - re-configuring
[ 7961.124728] iwlwifi 0000:00:14.3: BIOS contains WGDS but no WRDS
[ 7965.405805] wlo1: authenticate with 6c:70:9f:e9:ad:99
[ 7965.407375] wlo1: send auth to 6c:70:9f:e9:ad:99 (try 1/3)
[ 7965.561544] wlo1: authenticated
[ 7965.561711] wlo1: associate with 6c:70:9f:e9:ad:99 (try 1/3)
[ 7965.562916] wlo1: RX AssocResp from 6c:70:9f:e9:ad:99 (capab=0x1011 status=0 aid=4)
[ 7965.564213] wlo1: associated
[ 7965.568360] wlo1: Limiting TX power to 17 (17 - 0) dBm as advertised by 6c:70:9f:e9:ad:99
[ 7965.582752] IPv6: ADDRCONF(NETDEV_CHANGE): wlo1: link becomes ready

Sometime later:

[    4.955148] iwlwifi 0000:00:14.3: Detected Intel(R) Dual Band Wireless AC 9560, REV=0x318
[    5.008352] iwlwifi 0000:00:14.3: base HW address: 0c:54:15:c4:3f:56
[    5.083191] snd_hda_intel 0000:00:1f.3: enabling device (0000 -> 0002)
[    5.101446] ieee80211 phy0: Selected rate control algorithm 'iwl-mvm-rs'
[    5.101765] thermal thermal_zone2: failed to read out thermal zone (-61)
[    5.213313] intel_rapl: Found RAPL domain package
[    5.213315] intel_rapl: Found RAPL domain core
[    5.213316] intel_rapl: Found RAPL domain uncore
[    5.213318] intel_rapl: Found RAPL domain dram
[    5.225178] iTCO_vendor_support: vendor-support=0
[    5.227914] iTCO_wdt: Intel TCO WatchDog Timer Driver v1.11
[    5.228130] iTCO_wdt iTCO_wdt: can't request region for resource [mem 0x00c5fffc-0x00c5ffff]
[    5.228135] iTCO_wdt: probe of iTCO_wdt failed with error -16
[    5.379779] iwlwifi 0000:00:14.3 wlo1: renamed from wlan0
[    5.430896] kauditd_printk_skb: 43 callbacks suppressed

[  128.179599] Intel(R) Wireless WiFi driver for Linux
[  128.179599] Copyright(c) 2003- 2015 Intel Corporation
[  128.182942] iwlwifi 0000:00:14.3: Found debug destination: EXTERNAL_DRAM
[  128.182944] iwlwifi 0000:00:14.3: Found debug configuration: 0
[  128.183252] iwlwifi 0000:00:14.3: loaded firmware version 46.a41adfe7.0 op_mode iwlmvm
[  128.219729] iwlwifi 0000:00:14.3: Detected Intel(R) Dual Band Wireless AC 9560, REV=0x318
[  128.228242] iwlwifi 0000:00:14.3: Applying debug destination EXTERNAL_DRAM
[  128.228493] iwlwifi 0000:00:14.3: Allocated 0x00400000 bytes for firmware monitor.
[  128.269946] iwlwifi 0000:00:14.3: base HW address: 0c:54:15:c4:3f:56
[  128.340494] ieee80211 phy1: Selected rate control algorithm 'iwl-mvm-rs'
[  128.341668] thermal thermal_zone2: failed to read out thermal zone (-61)
[  128.349862] iwlwifi 0000:00:14.3 wlo1: renamed from wlan0
[ 7747.741744] alx 0000:02:00.0 enp2s0: Link Down
[ 7960.935577] iwlwifi 0000:00:14.3: Applying debug destination EXTERNAL_DRAM
[ 7961.050592] iwlwifi 0000:00:14.3: Applying debug destination EXTERNAL_DRAM
[ 7961.114613] iwlwifi 0000:00:14.3: FW already configured (0) - re-configuring
[ 7961.124728] iwlwifi 0000:00:14.3: BIOS contains WGDS but no WRDS
[ 7965.405805] wlo1: authenticate with 6c:70:9f:e9:ad:99
[ 7965.407375] wlo1: send auth to 6c:70:9f:e9:ad:99 (try 1/3)
[ 7965.561544] wlo1: authenticated
[ 7965.561711] wlo1: associate with 6c:70:9f:e9:ad:99 (try 1/3)
[ 7965.562916] wlo1: RX AssocResp from 6c:70:9f:e9:ad:99 (capab=0x1011 status=0 aid=4)
[ 7965.564213] wlo1: associated
[ 7965.568360] wlo1: Limiting TX power to 17 (17 - 0) dBm as advertised by 6c:70:9f:e9:ad:99
[ 7965.582752] IPv6: ADDRCONF(NETDEV_CHANGE): wlo1: link becomes ready
[ 8095.347781] wlo1: deauthenticating from 6c:70:9f:e9:ad:99 by local choice (Reason: 3=DEAUTH_LEAVING)
[ 8095.516387] iwlwifi 0000:00:14.3: iwl_trans_send_cmd bad state = 0
[ 8096.020419] iwlwifi 0000:00:14.3: iwl_trans_send_cmd bad state = 0
[ 8096.020424] iwlwifi 0000:00:14.3: iwl_trans_send_cmd bad state = 0
[ 8105.463644] alx 0000:02:00.0 enp2s0: NIC Up: 1 Gbps Full
[ 8838.358083] perf: interrupt took too long (2505 > 2500), lowering kernel.perf_event_max_sample_rate to 79000
[ 9058.997448] alx 0000:02:00.0 enp2s0: Link Down
[ 9068.565385] iwlwifi 0000:00:14.3: Applying debug destination EXTERNAL_DRAM
[ 9068.680786] iwlwifi 0000:00:14.3: Applying debug destination EXTERNAL_DRAM
[ 9068.744741] iwlwifi 0000:00:14.3: FW already configured (0) - re-configuring
[ 9068.753675] iwlwifi 0000:00:14.3: BIOS contains WGDS but no WRDS
[ 9073.064854] wlo1: authenticate with 6c:70:9f:e9:ad:99
[ 9073.068120] wlo1: send auth to 6c:70:9f:e9:ad:99 (try 1/3)
[ 9073.107088] wlo1: authenticated
[ 9073.107683] wlo1: associate with 6c:70:9f:e9:ad:99 (try 1/3)
[ 9073.108876] wlo1: RX AssocResp from 6c:70:9f:e9:ad:99 (capab=0x1011 status=0 aid=3)
[ 9073.111230] wlo1: associated
[ 9073.125299] IPv6: ADDRCONF(NETDEV_CHANGE): wlo1: link becomes ready
[ 9073.155544] wlo1: Limiting TX power to 17 (17 - 0) dBm as advertised by 6c:70:9f:e9:ad:99

Ok I’ve updated my original post regarding ethernet, so it does affect it but not as much that at first I thought it didn’t.

To answer your questions:
#1 Yes I have 6 other devices connect to the router via wifi, and 1 switch on ethernet. I even tried to drop the switch from the network, no change. This is not unusual, as I mentioned, before Fedora I had ran Ubuntu and Windows on this same device, same network setup, for about 2 years there were no issues.

#2 It breaks the router, so yes it affects all devices connected to it.

#3 The moment I disconnect this Fedora from either wifi or ethernet, everything goes back to normal, without restarting the router.

@maxfedora, thanks for clarifying. That’s pretty weird)

Also if that’s an issue specific to AirportExtreme, then it would be very hard to debug without at least someone else with the same router.

I’ve tried to search for AirportExtreme with Linux, and haven’t found any trouble reports – or indeed almost no mentions at all.

Also you’ve mentioned disabling 5G. That means you’re using 2,4 GHz on Fedora right?

Once more shooting in the dark here, there were some reports here on Ask Fedora about 5Ghz WiFi not working with F30, and they tracked it down to driver assigning wrong country code to wireless client on Linux. After setting proper county code the connections worked as expected.

The probability of this being your case is almost null, and I don’t have the links ready, but it should be quite easy to check / rule out (and the posts should be very easy to find).

Yes I tried to disable 5G and had the same issue on 2,4. I had since restored dual mode.

Its certainly not an issue with the Apple router, unless you mean compatibility with Fedora. The router ran fine on Ubuntu and Windows, with the same network setup for a long time I’ve never seen anything like this.

And one more thought.

Arch wiki says these routers don’t have Web Interface, and you can set them up only through AirPort desktop application (possibly working with wine) or with the use of iPhone/iPad.

Do you have such an access to your router, and are there any error log for you to check? Knowing Apple, probably, there’s none, but maybe I underestimate them)

I.e. it could be very useful to look at this from the router’s side, so to say.

Yes, it can be some specifics of interactions between F30 and this model of router (or Intel wireless driver with this router, or Network Manager or wpa_supplicant currently used by Fedora with this router, etc.).

We can be pretty sure it isn’t Fedora 30 with all the routers problem :slight_smile:

There are no logs for the router. Yes no interface, I configure it via iPhone or Mac. Here’s what it looks like:
image1
When I connect Fedora to the router the top Internet indicator starts to toggle from green to orange, and if I keep it long enough the bottom AE router disappears, soon after everything disappears and it’d say no router is found, after that they’ll come back and it goes on like this.

I am not 100% sure this issue started from when I installed Fedora, I think it started after I tried to connect to it via VNC remote desktop. I had earlier installed tigervnc-server, xrdp and xrdp-sesman, but I had since reversed everything. The fact that others reported the same issue makes me think it’s not related.

It shouldn’t be related to remote desktop (though weird things happen, of course). It could have worked with freshly installed Fedora, but then brake after some updates – Linux kernel or Network Manager or some other ones.

You can boot your computer from the Fedora Live USB, try to connect to wireless and see if it works ok or you have the same problems.

Are you talking about the link from stackexchange you’ve posted? Actually, it’s quite hard to say, if it’s the same issue or totally different one. )

I’ll try booting from flash.

The MTU issue above accurately describes my problem, I do think it’s the same issue, because of the discrepancy between MTU packet sizes of wifi and ethernet, and the fact that it’s happening on both interfaces, as I and the original post reported.

Booting from USB basic graphics mode the wifi works fine. Logging is as a different user exhibits the same issue.

Hey @maxfedora.
Did you boot the live image downloaded from getfedora.org? If yes, it contains an “old” kernel and “old” packages too.
To test and confirm that and if it is some regression or behaviour related to an update, you could try a Fedora respin.

Fedora Respins are not the same as Fedora Spins: the latter are different flavours of Fedora with specific desktop environments and configurations. The respin is an image of the current Fedora version containing more updated packages, like Ubuntu point releases. In other words, if you boot a live respi you will have for instance the latest (at the date when the image was built) kernel and other packages as you would have updating an installation performed with the image downloaded from getfedora.org

You can find the Respin images here: https://dl.fedoraproject.org/pub/alt/live-respins/

Again, to clarify: logging in as a different user on Fedora Live session, right?

This turned out to be a known DoSS virus, as described here:

I discovered it by watching journalctl -f, and noticed the hourly cron was running every 3 minutes, which looked suspicious, so I looked around and found it was a DoSS infection.

I would certainly recommend watching out for open ports on the router when setting up a Linux OS.

5 Likes