User Tools

Site Tools


This page lists some common methods of obtaining extra debugging information.

Enabling iwd debug output

By default, iwd suppresses all debug output. However, sometimes it is advantageous to enable this and can be easily accomplished by passing the '-d' command line option when starting iwd, as follows:

denkenz@iwd-test ~ $ sudo iwd -d

One can also selectively enable debug output if only a certain subset of debug messages are interesting. This is done by passing a filter (glob match rules apply) after the -d commannd line option, as follows:

denkenz@iwd-test ~ $ sudo iwd -d'station*'

The above would only print debug messages from the station module.

Sometimes users or developers will want to share debug logs with other developers to help in debugging. Some, who considered the SSIDs or MAC addresses (BSSIDs) in their debug logs sensitive, have used the following commands to filter the logs. IWD will eventually support doing this internally.

$ sed -E "s/([0-9a-fA-F]{2}:?){6}/11:22:33:44:55:66/" iwd.log | sed -e "s/SSID:\ .*, f/SSID: xxx f/" | sed 's/Added new Network .* security/Added new Network "xxx" security/'

Enabling TLS Debugging

If you are having issues with WPA-Enterprise authentication methods based on TLS (e.g. EAP-TLS, EAP-TTLS, EAP-PEAP) then you can also enable much more verbose TLS debug output by setting the IWD_TLS_DEBUG environment variable. For example:

denkenz@iwd-test ~ $ export IWD_TLS_DEBUG=1
denkenz@iwd-test ~ $ sudo iwd -d


One can also spy on the netlink (NL80211) between iwd and the kernel using the 'iwmon' utility. To start it, simply issue the iwmon command as root prior to starting iwd, as follows:

denkenz@iwd-test ~ $ sudo iwmon

The above command will start iwmon and will dump out (to stdout) all NL80211, RTNL and EAPoL traffic ongoing between the kernel and iwd. If you're not interested in the contents of certain messages, you can filter these with iwmon command line options. For example, if you're trying to debug WPA-Enterprise authentication issues, then you can issue the following command to filter RTNL, scanning and wiphy capability related messages:

denkenz@iwd-test ~ $ sudo iwmon --nortnl --nowiphy --noscan

One can also have iwmon save all packets in PCAP format for later examination (e.g. in wireshark) as follows:

denkenz@iwd-test ~ $ sudo iwmon --write /path/to/file.pcap

Debug environment variables summary

Here are the environment variables you can set to enable specific debug output in addition to the -d switch.

IWD_TLS_DEBUG Debug output for TLS tunnels used by EAP methods
IWD_GENL_DEBUG Debug output for Generic Netlink communication with the kernel
IWD_RTNL_DEBUG Debug output for Route Netlink communication with the kernel
IWD_DHCP_DEBUG Debug output for the ell DHCP client (station) and server (AP)
IWD_ACD_DEBUG Debug output for the ell ACD client
IWD_WSC_DEBUG_KEYS (requires -d) Print out credentials obtained through WSC
debugging.txt · Last modified: 2021/11/07 02:53 by Andrew Zaborowski