This is an old revision of the document!
Table of Contents
This page lists some common methods of obtaining extra debugging information.
Enabling iwd debug output
By default, iwd suppresses all debug output. However, sometimes it is advantageous to enable this and can be easily accomplished by passing the '-d' command line option when starting iwd, as follows:
denkenz@iwd-test ~ $ sudo iwd -d
One can also selectively enable debug output if only a certain subset of debug messages are interesting. This is done by passing a filter (glob match rules apply) after the -d commannd line option, as follows:
denkenz@iwd-test ~ $ sudo iwd -d'station*'
The above would only print debug messages from the station module.
Sometimes users or developers will want to share debug logs with other developers to help in debugging. Some, who considered the SSIDs or MAC addresses (BSSIDs) in their debug logs sensitive, have used the following commands to filter the logs. IWD will eventually support doing this internally.
$ sed -E "s/([0-9a-fA-F]{2}:?){6}/11:22:33:44:55:66/" iwd.log | sed -e "s/SSID:\ .*, f/SSID: xxx f/" | sed 's/Added new Network .* security/Added new Network "xxx" security/'
Enabling TLS Debugging
If you are having issues with WPA-Enterprise authentication methods based on TLS (e.g. EAP-TLS, EAP-TTLS, EAP-PEAP) then you can also enable much more verbose TLS debug output by setting the IWD_TLS_DEBUG environment variable. For example:
denkenz@iwd-test ~ $ export IWD_TLS_DEBUG=1 denkenz@iwd-test ~ $ sudo iwd -d
iwmon
One can also spy on the netlink (NL80211) between iwd and the kernel using the 'iwmon' utility. To start it, simply issue the iwmon command as root prior to starting iwd, as follows:
denkenz@iwd-test ~ $ sudo iwmon
The above command will start iwmon and will dump out (to stdout) all NL80211, RTNL and EAPoL traffic ongoing between the kernel and iwd. If you're not interested in the contents of certain messages, you can filter these with iwmon command line options. For example, if you're trying to debug WPA-Enterprise authentication issues, then you can issue the following command to filter RTNL, scanning and wiphy capability related messages:
denkenz@iwd-test ~ $ sudo iwmon --nortnl --nowiphy --noscan
One can also have iwmon save all packets in PCAP format for later examination (e.g. in wireshark) as follows:
denkenz@iwd-test ~ $ sudo iwmon --write /path/to/file.pcap
Debug environment variables summary
Here are the environment variables you can set to enable specific debug output in addition to the -d switch.
IWD_TLS_DEBUG | Debug output for TLS tunnels used by EAP methods |
IWD_GENL_DEBUG | Debug output for Generic Netlink communication with the kernel |
IWD_RTNL_DEBUG | Debug output for Route Netlink communication with the kernel |
IWD_DHCP_DEBUG | Debug output for the internal DHCP client |
IWD_WSC_DEBUG_KEYS | (requires -d) Print out credentials obtained through WSC |
