TP-Link TL-WN8200ND v3

[ZerBea]

I started to add support of TP-Link TL-WN8200ND V3

https://www.tp-link.com/en/home-networking/high-gain-adapter/tl-wn8200nd/

$ lsusb
ID 2357:0126 TP-Link 802.11n NIC

added device to rtl8xxxu_core.c

{USB_DEVICE_AND_INTERFACE_INFO(0x2357, 0x0126, 0xff, 0xff, 0xff),
	.driver_info = (unsigned long)&rtl8192eu_fops},

$ sudo dmesg

$ sudo dmesg
[118089.218716] usb 5-2.3: new high-speed USB device number 13 using xhci_hcd
[118089.311953] usb 5-2.3: New USB device found, idVendor=2357, idProduct=0126, bcdDevice= 2.00
[118089.311957] usb 5-2.3: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[118089.311960] usb 5-2.3: Product: 802.11n NIC
[118089.311962] usb 5-2.3: Manufacturer: Realtek
[118089.311963] usb 5-2.3: SerialNumber: 5091E3C3A656
[118089.923705] usb 5-2.3: RTL8192EU rev B (SMIC) romver 0, 2T2R, TX queues 3, WiFi=1, BT=0, GPS=0, HI PA=0
[118089.923710] usb 5-2.3: RTL8192EU MAC: 50:91:e3:c3:a6:56
[118089.923713] usb 5-2.3: rtl8xxxu: Loading firmware rtlwifi/rtl8192eu_nic.bin
[118089.923908] usb 5-2.3: Firmware revision 35.7 (signature 0x92e1)
[118091.679945] rtl8xxxu 5-2.3:1.0 wlp48s0f4u2u3: renamed from wlan0

$ iw dev
phy#7
	Interface wlp48s0f4u2u3
		ifindex 10
		wdev 0x700000001
		addr 50:91:e3:c3:a6:56
		type managed
		txpower 0.00 dBm
		multicast TXQ:
			qsz-byt	qsz-pkt	flows	drops	marks	overlmt	hashcol	tx-bytes	tx-packets
			0	0	0	0	0	0	0	0		0

$ iw list
Wiphy phy7
	wiphy index: 7
	max # scan SSIDs: 4
	max scan IEs length: 2257 bytes
	max # sched scan SSIDs: 0
	max # match sets: 0
	RTS threshold: 2347
	Retry short limit: 7
	Retry long limit: 4
	Coverage class: 0 (up to 0m)
	Supported Ciphers:
		* WEP40 (00-0f-ac:1)
		* WEP104 (00-0f-ac:5)
		* TKIP (00-0f-ac:2)
		* CCMP-128 (00-0f-ac:4)
		* CCMP-256 (00-0f-ac:10)
		* GCMP-128 (00-0f-ac:8)
		* GCMP-256 (00-0f-ac:9)
	Available Antennas: TX 0x3 RX 0x3
	Configured Antennas: TX 0x3 RX 0x3
	Supported interface modes:
		 * managed
		 * monitor
	Band 1:
		Capabilities: 0x6c
			HT20
			SM Power Save disabled
			RX HT20 SGI
			RX HT40 SGI
			No RX STBC
			Max AMSDU length: 3839 bytes
			No DSSS/CCK HT40
		Maximum RX AMPDU length 65535 bytes (exponent: 0x003)
		Minimum RX AMPDU time spacing: 16 usec (0x07)
		HT TX/RX MCS rate indexes supported: 0-15, 32
		Bitrates (non-HT):
			* 1.0 Mbps
			* 2.0 Mbps
			* 5.5 Mbps
			* 11.0 Mbps
			* 6.0 Mbps
			* 9.0 Mbps
			* 12.0 Mbps
			* 18.0 Mbps
			* 24.0 Mbps
			* 36.0 Mbps
			* 48.0 Mbps
			* 54.0 Mbps
		Frequencies:
			* 2412.0 MHz [1] (20.0 dBm)
			* 2417.0 MHz [2] (20.0 dBm)
			* 2422.0 MHz [3] (20.0 dBm)
			* 2427.0 MHz [4] (20.0 dBm)
			* 2432.0 MHz [5] (20.0 dBm)
			* 2437.0 MHz [6] (20.0 dBm)
			* 2442.0 MHz [7] (20.0 dBm)
			* 2447.0 MHz [8] (20.0 dBm)
			* 2452.0 MHz [9] (20.0 dBm)
			* 2457.0 MHz [10] (20.0 dBm)
			* 2462.0 MHz [11] (20.0 dBm)
			* 2467.0 MHz [12] (20.0 dBm)
			* 2472.0 MHz [13] (20.0 dBm)
			* 2484.0 MHz [14] (disabled)
	Supported commands:
		 * new_interface
		 * set_interface
		 * new_key
		 * start_ap
		 * new_station
		 * new_mpath
		 * set_mesh_config
		 * set_bss
		 * authenticate
		 * associate
		 * deauthenticate
		 * disassociate
		 * join_ibss
		 * join_mesh
		 * remain_on_channel
		 * set_tx_bitrate_mask
		 * frame
		 * frame_wait_cancel
		 * set_wiphy_netns
		 * set_channel
		 * probe_client
		 * set_noack_map
		 * register_beacons
		 * start_p2p_device
		 * set_mcast_rate
		 * connect
		 * disconnect
		 * set_qos_map
		 * set_multicast_to_unicast
	software interface modes (can always be added):
		 * monitor
	interface combinations are not supported
	HT Capability overrides:
		 * MCS: ff ff ff ff ff ff ff ff ff ff
		 * maximum A-MSDU length
		 * supported channel width
		 * short GI for 40 MHz
		 * max A-MPDU length exponent
		 * min MPDU start spacing
	Device supports TX status socket option.
	Device supports HT-IBSS.
	Device supports SAE with AUTHENTICATE command
	Device supports low priority scan.
	Device supports scan flush.
	Device supports AP scan.
	Device supports per-vif TX power setting
	Driver supports full state transitions for AP/GO clients
	Driver supports a userspace MPM
	Device supports configuring vdev MAC-addr on create.
	max # scan plans: 1
	max scan plan interval: -1
	max scan plan iterations: 0
	Supported TX frame types:
		 * IBSS: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
		 * managed: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
		 * AP: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
		 * AP/VLAN: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
		 * mesh point: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
		 * P2P-client: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
		 * P2P-GO: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
		 * P2P-device: 0x00 0x10 0x20 0x30 0x40 0x50 0x60 0x70 0x80 0x90 0xa0 0xb0 0xc0 0xd0 0xe0 0xf0
	Supported RX frame types:
		 * IBSS: 0x40 0xb0 0xc0 0xd0
		 * managed: 0x40 0xb0 0xd0
		 * AP: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
		 * AP/VLAN: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
		 * mesh point: 0xb0 0xc0 0xd0
		 * P2P-client: 0x40 0xd0
		 * P2P-GO: 0x00 0x20 0x40 0xa0 0xb0 0xc0 0xd0
		 * P2P-device: 0x40 0xd0
	Supported extended features:
		* [ RRM ]: RRM
		* [ FILS_STA ]: STA FILS (Fast Initial Link Setup)
		* [ CQM_RSSI_LIST ]: multiple CQM_RSSI_THOLD records
		* [ CONTROL_PORT_OVER_NL80211 ]: control port over nl80211
		* [ TXQS ]: FQ-CoDel-enabled intermediate TXQs
		* [ SCAN_RANDOM_SN ]: use random sequence numbers in scans
		* [ SCAN_MIN_PREQ_CONTENT ]: use probe request with only rate IEs in scans
		* [ CONTROL_PORT_NO_PREAUTH ]: disable pre-auth over nl80211 control port support
		* [ SCAN_FREQ_KHZ ]: scan on kHz frequency support
		* [ CONTROL_PORT_OVER_NL80211_TX_STATUS ]: tx status for nl80211 control port support
		* [ POWERED_ADDR_CHANGE ]: can change MAC address while up

So far so good, everything is looking fine and hcxdumptool is able to set monitor mode and channels:

$ hcxdumptool -L

Requesting physical interface capabilities. This may take some time.
Please be patient...

available wlan devices:

phy idx hw-mac       virtual-mac  m ifname           driver (protocol)
---------------------------------------------------------------------------------------------
  7  10 5091e3c3a656 5091e3c3a656 + wlp48s0f4u2u3    rtl8xxxu (NETLINK)

* active monitor mode available (reported by driver - do not trust it)
+ monitor mode available (reported by driver)
- no monitor mode available

$ hcxdumptool -I wlp48s0f4u2u3

Requesting physical interface capabilities. This may take some time.
Please be patient...

interface information:

phy idx hw-mac       virtual-mac  m ifname           driver (protocol)
---------------------------------------------------------------------------------------------
  7  10 5091e3c3a656 5091e3c3a656 + wlp48s0f4u2u3    rtl8xxxu (NETLINK)

available frequencies: frequency [channel] tx-power of Regulatory Domain: DE

  2412 [  1] 20.0 dBm	  2417 [  2] 20.0 dBm	  2422 [  3] 20.0 dBm	  2427 [  4] 20.0 dBm
  2432 [  5] 20.0 dBm	  2437 [  6] 20.0 dBm	  2442 [  7] 20.0 dBm	  2447 [  8] 20.0 dBm
  2452 [  9] 20.0 dBm	  2457 [ 10] 20.0 dBm	  2462 [ 11] 20.0 dBm	  2467 [ 12] 20.0 dBm
  2472 [ 13] 20.0 dBm	  2484 [ 14] disabled

$ sudo hcxdumptool -m wlp48s0f4u2u3 -c 6a

Requesting physical interface capabilities. This may take some time.
Please be patient...

interface information:

phy idx hw-mac       virtual-mac  m ifname           driver (protocol)
---------------------------------------------------------------------------------------------
  7  10 5091e3c3a656 5091e3c3a656 + wlp48s0f4u2u3    rtl8xxxu (NETLINK)

available frequencies: frequency [channel] tx-power of Regulatory Domain: DE

  2412 [  1] 20.0 dBm	  2417 [  2] 20.0 dBm	  2422 [  3] 20.0 dBm	  2427 [  4] 20.0 dBm
  2432 [  5] 20.0 dBm	  2437 [  6] 20.0 dBm	  2442 [  7] 20.0 dBm	  2447 [  8] 20.0 dBm
  2452 [  9] 20.0 dBm	  2457 [ 10] 20.0 dBm	  2462 [ 11] 20.0 dBm	  2467 [ 12] 20.0 dBm
  2472 [ 13] 20.0 dBm	  2484 [ 14] disabled

monitor mode is active...

Up to here, everything is still fine.
We can set monitor mode and we can set a channel.

$ iw dev
phy#7
	Interface wlp48s0f4u2u3
		ifindex 10
		wdev 0x700000001
		addr b0:fe:bd:19:e3:71
		type monitor
		channel 6 (2437 MHz), width: 20 MHz (no HT), center1: 2437 MHz
		txpower 20.00 dBm
		multicast TXQ:
			qsz-byt	qsz-pkt	flows	drops	marks	overlmt	hashcol	tx-bytes	tx-packets
			0	0	0	0	0	0	0	0		0

Unfortunately the device doesn't receive packets.
Neither in monitor mode, nor by iw scan

$ sudo ip link set wlp48s0f4u2u3 up
$ sudo iw dev wlp48s0f4u2u3 scan
$ 

The green LED flashes during scan, but that's all.

I'm sure I'm missing something, but I don't know what.

Any ideas to point me to the right direction?

[dubhater]

If you plug it in and scan with iw, is it the same? I mean, without using hcxdumptool first.

[ZerBea]

Yes iw first, hcxdmptool second orhcxdumtool first and iw second, both results in the same problem.

First I thought the problem is related to this:
https://bugzilla.kernel.org/show_bug.cgi?id=217205#c77
But that isn't the case.

[dubhater]

That patch will only affect the RTL8188EU.

If the LED blinks, the chip thinks it's transmitting something.

I wonder if this device needs different initialisation tables because it's „high power”.

Can you compile this driver: https://github.com/Mange/rtl8192eu-linux-driver/
with a patch:

diff --git a/Makefile b/Makefile
index 8ecdb72..9548b64 100644
--- a/Makefile
+++ b/Makefile
@@ -92,10 +92,10 @@ CONFIG_ICMP_VOQ = n
 CONFIG_IP_R_MONITOR = n #arp VOQ and high rate
 ########################## Debug ###########################
 # Say "y" here to have the driver output debugging messages. Not intended for normal use.
-CONFIG_RTW_DEBUG = n
+CONFIG_RTW_DEBUG = y
 # Default log level is 2, which only displays errors.
 # Available levels = none(0), always(1), error(2), warning(3), info(4), debug(5), max(6)
-CONFIG_RTW_LOG_LEVEL = 2
+CONFIG_RTW_LOG_LEVEL = 4
 ######################## Wake On Lan ##########################
 CONFIG_WOWLAN = n
 #bit2: deauth, bit1: unicast, bit0: magic pkt.

And show what it prints? Let's say everything up to „RTW: rtw_hal_read_chip_info in 317 ms”.

[ZerBea]

The good old hal driver.

[ZerBea]

Here we go debug level 4:

[127890.483193] RTW: module init start
[127890.483201] RTW: rtl8192eu v5.6.4_35685.20191108_COEX20171113-0047
[127890.483203] RTW: rtl8192eu BT-Coex version = COEX20171113-0047
[127890.483223] RTW: rtw_inetaddr_notifier_register
[127890.483264] usbcore: registered new interface driver rtl8192eu
[127890.483265] RTW: module init ret=0
[127892.933790] usb 5-2.3: new high-speed USB device number 21 using xhci_hcd
[127893.027315] usb 5-2.3: New USB device found, idVendor=2357, idProduct=0126, bcdDevice= 2.00
[127893.027321] usb 5-2.3: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[127893.027324] usb 5-2.3: Product: 802.11n NIC
[127893.027325] usb 5-2.3: Manufacturer: Realtek
[127893.027327] usb 5-2.3: SerialNumber: 5091E3C3A656
[127893.079359] RTW: 
                usb_endpoint_descriptor(0):
[127893.079362] RTW: bLength=7
[127893.079364] RTW: bDescriptorType=5
[127893.079364] RTW: bEndpointAddress=84
[127893.079365] RTW: wMaxPacketSize=512
[127893.079366] RTW: bInterval=0
[127893.079367] RTW: RT_usb_endpoint_is_bulk_in = 4
[127893.079368] RTW: 
                usb_endpoint_descriptor(1):
[127893.079369] RTW: bLength=7
[127893.079370] RTW: bDescriptorType=5
[127893.079371] RTW: bEndpointAddress=5
[127893.079372] RTW: wMaxPacketSize=512
[127893.079372] RTW: bInterval=0
[127893.079373] RTW: RT_usb_endpoint_is_bulk_out = 5
[127893.079374] RTW: 
                usb_endpoint_descriptor(2):
[127893.079375] RTW: bLength=7
[127893.079375] RTW: bDescriptorType=5
[127893.079376] RTW: bEndpointAddress=6
[127893.079377] RTW: wMaxPacketSize=512
[127893.079378] RTW: bInterval=0
[127893.079378] RTW: RT_usb_endpoint_is_bulk_out = 6
[127893.079379] RTW: 
                usb_endpoint_descriptor(3):
[127893.079380] RTW: bLength=7
[127893.079381] RTW: bDescriptorType=5
[127893.079381] RTW: bEndpointAddress=87
[127893.079382] RTW: wMaxPacketSize=64
[127893.079383] RTW: bInterval=3
[127893.079384] RTW: RT_usb_endpoint_is_int_in = 7, Interval = 3
[127893.079385] RTW: 
                usb_endpoint_descriptor(4):
[127893.079385] RTW: bLength=7
[127893.079386] RTW: bDescriptorType=5
[127893.079387] RTW: bEndpointAddress=8
[127893.079388] RTW: wMaxPacketSize=512
[127893.079389] RTW: bInterval=0
[127893.079389] RTW: RT_usb_endpoint_is_bulk_out = 8
[127893.079390] RTW: nr_endpoint=5, in_num=2, out_num=3

[127893.079391] RTW: USB_SPEED_HIGH
[127893.079392] RTW: CHIP TYPE: RTL8192E
[127893.079700] RTW: read_chip_version_8192e 0xF0 = 0xc441135
[127893.079703] RTW: rtw_hal_config_rftype RF_Type is 2 TotalTxPath is 2
[127893.079706] RTW: Chip Version Info: CHIP_8192E_Normal_Chip_SMIC_B_CUT_2T2R_RomVer(0)
[127893.079707] RTW: _ConfigChipOutEP_8192E OutEpQueueSel(0x07), OutEpNumber(3)
[127893.080073] RTW: Boot from EFUSE, Autoload OK !
[127893.559321] RTW: HW EFUSE
[127893.559328] RTW: 0x000: 29 81 00 7C  01 40 03 00  70 34 04 50  14 00 00 00  
[127893.559341] RTW: 0x010: 21 21 21 22  22 22 28 28  28 29 29 F0  00 EF FF FF  
[127893.559354] RTW: 0x020: FF FF FF FF  FF FF FF FF  FF FF FF FF  FF FF FF FF  
[127893.559366] RTW: 0x030: FF FF FF FF  FF FF FF FF  FF FF 2D 2D  2D 2D 2D 2D  
[127893.559378] RTW: 0x040: 2D 2D 2D 2D  2D F0 EF EF  FF FF FF FF  FF FF FF FF  
[127893.559390] RTW: 0x050: FF FF FF FF  FF FF FF FF  FF FF FF FF  FF FF FF FF  
[127893.559402] RTW: 0x060: FF FF FF FF  FF FF FF FF  FF FF FF FF  FF FF FF FF  
[127893.559415] RTW: 0x070: FF FF FF FF  FF FF FF FF  FF FF FF FF  FF FF FF FF  
[127893.559427] RTW: 0x080: FF FF FF FF  FF FF FF FF  FF FF FF FF  FF FF FF FF  
[127893.559439] RTW: 0x090: FF FF FF FF  FF FF FF FF  FF FF FF FF  FF FF FF FF  
[127893.559451] RTW: 0x0A0: FF FF FF FF  FF FF FF FF  FF FF FF FF  FF FF FF FF  
[127893.559463] RTW: 0x0B0: FF FF FF FF  FF FF FF FF  A1 2F 1B 00  00 00 FF FF  
[127893.559475] RTW: 0x0C0: FF 01 00 10  00 00 00 FF  00 00 31 FF  FF FF FF FF  
[127893.559488] RTW: 0x0D0: 57 23 26 01  E6 47 02 50  91 E3 C3 A6  56 09 03 52  
[127893.559500] RTW: 0x0E0: 65 61 6C 74  65 6B 0D 03  38 30 32 2E  31 31 6E 20  
[127893.559512] RTW: 0x0F0: 4E 49 43 00  FF FF FF FF  FF FF FF FF  FF FF FF FF  
[127893.559524] RTW: 0x100: FF FF FF FF  FF FF FF FF  FF FF FF FF  FF FF FF FF  
[127893.559536] RTW: 0x110: FF FF FF FF  FF FF FF 0D  03 00 05 00  30 00 00 00  
[127893.559549] RTW: 0x120: 00 93 FF FF  FF FF FF FF  FF FF FF FF  FF FF FF FF  
[127893.559561] RTW: 0x130: FF FF FF FF  FF FF FF FF  FF FF FF FF  FF FF FF FF  
[127893.559573] RTW: 0x140: FF FF FF FF  FF FF FF FF  FF FF FF FF  FF FF FF FF  
[127893.559585] RTW: 0x150: FF FF FF FF  FF FF FF FF  FF FF FF FF  FF FF FF FF  
[127893.559597] RTW: 0x160: FF FF FF FF  FF FF FF FF  FF FF FF FF  FF FF FF FF  
[127893.559609] RTW: 0x170: FF FF FF FF  FF FF FF FF  FF FF FF FF  FF FF FF FF  
[127893.559622] RTW: 0x180: FF FF FF FF  FF FF FF FF  FF FF FF FF  FF FF FF FF  
[127893.559634] RTW: 0x190: FF FF FF FF  FF FF FF FF  FF FF FF FF  FF FF FF FF  
[127893.559646] RTW: 0x1A0: FF FF FF FF  FF FF FF FF  FF FF FF FF  FF FF FF FF  
[127893.559658] RTW: 0x1B0: FF FF FF FF  FF FF FF FF  FF FF FF FF  FF FF FF FF  
[127893.559670] RTW: 0x1C0: FF FF FF FF  FF FF FF FF  FF FF FF FF  FF FF FF FF  
[127893.559682] RTW: 0x1D0: FF FF FF FF  FF FF FF FF  FF FF FF FF  FF FF FF FF  
[127893.559695] RTW: 0x1E0: FF FF FF FF  FF FF FF FF  FF FF FF FF  FF FF FF FF  
[127893.559707] RTW: 0x1F0: FF FF FF FF  FF FF FF FF  FF FF FF FF  FF FF FF FF  
[127893.559720] RTW: EEPROM ID=0x8129
[127893.559721] RTW: VID = 0x2357, PID = 0x0126
[127893.559723] RTW: Customer ID: 0x00, SubCustomer ID: 0xCD
[127893.559725] RTW: Hal_ReadPowerSavingMode8192E...bHWPwrPindetect(0)-bHWPowerdown(0) ,bSupportRemoteWakeup(1)
[127893.559727] RTW: ### PS params=>  power_mgnt(2),usbss_enable(0) ###
[127893.559730] RTW: EEPROMRegulatory = 0x1
[127893.559731] RTW: Board Type: Dongle or WIFI only Module
[127893.559732] RTW: Hal_EfuseParseBTCoexistInfo8192E: Disable BT-coex, wifi ant_num=2
[127893.559734] RTW: hal_com_config_channel_plan chplan:0x21
[127893.559735] RTW: crystal_cap: 0x2f
[127893.559737] RTW: ThermalMeter = 0x1b
[127893.559737] RTW: SWAS: bHwAntDiv = 0, TRxAntDivType = 0
[127893.559738] RTW: pHalData->ExternalPA_2G = 1 , pHalData->ExternalLNA_2G = 1
[127893.559739] RTW: pHalData->TypeGLNA is 0xa
[127893.559740] RTW: pHalData->rfe_type is 0x1
[127893.566313] RTW: kfree flag:0
[127893.566316] RTW: rtw_hal_read_chip_info in 487 ms
[127893.566322] RTW: init_channel_set((null)) ChannelPlan ID:0x21, ch num:13
[127893.566355] RTW: init_mlme_default_rate_set: support CCK
[127893.566356] RTW: init_mlme_default_rate_set: support OFDM
[127893.566469] RTW: NR_RECVBUFF: 8
[127893.566470] RTW: MAX_RECVBUF_SZ: 32768
[127893.566472] RTW: NR_PREALLOC_RECV_SKB: 8
[127893.566536] RTW: rtw_alloc_macid((null)) if1, mac_addr:ff:ff:ff:ff:ff:ff macid:1
[127893.566542] RTW: IQK FW offload:disable
[127893.566546] RTW: rtw_regsty_chk_target_tx_power_valid return _FALSE for band:0, path:0, rs:0, t:-1
[127893.566608] RTW: pwrctrlpriv.bSupportRemoteWakeup~~~~~~
[127893.566609] RTW: pwrctrlpriv.bSupportRemoteWakeup~~~[1]~~~
[127893.566611] RTW: can't get autopm:
[127893.566612] RTW: rtw_macaddr_cfg mac addr:50:91:e3:c3:a6:56
[127893.566614] RTW: bDriverStopped:True, bSurpriseRemoved:False, bup:0, hw_init_completed:0
[127893.566631] RTW: rtw_wiphy_alloc(phy10)
[127893.566632] RTW: rtw_wdev_alloc(padapter=000000007915ad04)
[127893.566638] RTW: rtw_wiphy_register(phy10)
[127893.566639] RTW: Register RTW cfg80211 vendor cmd(0x67) interface
[127893.566702] RTW: rtw_reg_notifier: NL80211_REGDOM_SET_BY_USER alpha2:DE
[127893.566704] RTW: rtw_set_country(): not applied
[127893.566751] RTW: rtw_ndev_init(wlan0) if1 mac_addr=50:91:e3:c3:a6:56
[127893.566814] RTW: rtw_ndev_notifier_call(wlan0) state:17
[127893.566996] RTW: cfg80211_rtw_get_txpower
[127893.567000] RTW: rtw_ndev_notifier_call(wlan0) state:5
[127893.567358] RTW: cfg80211_rtw_get_txpower
[127893.575092] rtl8192eu 5-2.3:1.0 wlp48s0f4u2u3: renamed from wlan0
[127893.624355] RTW: rtw_ndev_notifier_call(wlp48s0f4u2u3) state:11
[127896.836864] RTW: cfg80211_rtw_get_txpower

[ZerBea]

The idea to debug the (working) hal driver is great.

[dubhater]

It prints useful information. rtl8xxxu is a bit lacking in that area.

This device definitely needs different initialisation tables:

[127893.559738] RTW: pHalData->ExternalPA_2G = 1 , pHalData->ExternalLNA_2G = 1
[127893.559739] RTW: pHalData->TypeGLNA is 0xa
[127893.559740] RTW: pHalData->rfe_type is 0x1

My cheap, small dongle from Aliexpress:

RTW: pHalData->ExternalPA_2G = 0 , pHalData->ExternalLNA_2G = 0                                                                            
RTW: pHalData->TypeGLNA is 0x0                                                                                                             
RTW: pHalData->rfe_type is 0xff  

rtl8xxxu may already have all the code it needs for this device, but it's not enabled. You could try this simple patch:

diff --git a/rtl8xxxu_8192e.c b/rtl8xxxu_8192e.c
index 82c1365..0d5802f 100644
--- a/rtl8xxxu_8192e.c
+++ b/rtl8xxxu_8192e.c
@@ -32,6 +32,8 @@
 #include "rtl8xxxu.h"
 #include "rtl8xxxu_regs.h"
 
+#define EXT_PA_8192EU
+
 static const struct rtl8xxxu_reg8val rtl8192e_mac_init_table[] = {
 	{0x011, 0xeb}, {0x012, 0x07}, {0x014, 0x75}, {0x303, 0xa7},
 	{0x428, 0x0a}, {0x429, 0x10}, {0x430, 0x00}, {0x431, 0x00},
@@ -521,6 +523,10 @@ static int rtl8192eu_identify_chip(struct rtl8xxxu_priv *priv)
 	if (!priv->ep_tx_count)
 		ret = rtl8xxxu_config_endpoints_no_sie(priv);
 
+#ifdef EXT_PA_8192EU
+	priv->hi_pa = 1;
+#endif
+
 out:
 	return ret;
 }

Unfortunately, this patch will break the „normal power” RTL8192EU devices.

[ZerBea]

Working like a charm - good starting point.
Thanks

[kimocoder]

I've got a few of those rtl8192eu adapters ⭐ but lack of time atm

[ZerBea]

Good price-performance ratio.
Good sensitivity.
Working fine in combination with hcxdumptool.

[kimocoder]

All devices collected in rtl8xxxu is cheap, portable sized chips, affordable one..

TL-WN722n v1 was the well-known ath9k_htc. Downgrade

[ZerBea]

And the TP-Link TL-WN722N (v2) is impressive, too:
ZerBea/hcxdumptool#361 (comment)

out of scope:
Due to this feature request:
ZerBea/hcxdumptool#382
and you issue report:
ZerBea/hcxdumptool#421

I decided to dive into the world of QpenWRT (on Raspberry Pi Zero).

[kimocoder]

So, I've run it down. The adapters must be set enabled in web gui btw, that was the block. I just finished flashing and run down now, great results 👍

So, I put the 1 chip in AP mode and number 2 chip in monitor, in gui. Fetching PMKIDs like a pro

[dubhater]

Working like a charm - good starting point. Thanks

That's great. I will prepare a better patch „soon”. Wanna buy me a present? 😁 https://www.amazon.de/hz/wishlist/ls/1OCIJV31AAT9O/ref=nav_wishlist_lists_1

[kimocoder]

[dubhater]

@kimocoder What's that? I guess the picture didn't upload.