* [PATCH] iwlwifi: Fix packet injection in iwl3945 and iwl4965
@ 2008-05-20 17:01 Stefanik Gábor
2008-05-20 21:41 ` Tomas Winkler
2008-05-21 15:19 ` [PATCH V2] " Stefanik Gábor
0 siblings, 2 replies; 15+ messages in thread
From: Stefanik Gábor @ 2008-05-20 17:01 UTC (permalink / raw)
To: John Linville
Cc: Tomas Winkler, Zhu Yi, linux-wireless, Andy Green, Johannes Berg
[-- Attachment #1: Type: text/plain, Size: 6587 bytes --]
This patch fixes packet injection on iwlwifi devices (iwl3945 and
iwl4965). Tested with packetspammer and aireplay-ng, also works in
monitor-while-associated mode. If possible, please apply to 2.6.26,
else to 2.6.27. The patch is also available as an attachment, in case
Gmail decides to word-wrap or whitespace-damage the inline version.
Signed-off-by: Gábor Stefanik <netrolller.3d@gmail.com>
---
diff -rp -U 8 compat-wireless-2008-05-20.orig/drivers/net/wireless/iwlwifi/iwl3945-base.c
compat-wireless-2008-05-20/drivers/net/wireless/iwlwifi/iwl3945-base.c
--- compat-wireless-2008-05-20.orig/drivers/net/wireless/iwlwifi/iwl3945-base.c 2008-05-20
05:05:29.000000000 -0400
+++ compat-wireless-2008-05-20/drivers/net/wireless/iwlwifi/iwl3945-base.c 2008-05-20
11:31:15.513173847 -0400
@@ -2542,16 +2542,19 @@ static int iwl3945_get_sta_id(struct iwl
return sta_id;
IWL_DEBUG_DROP("Station %s not in station map. "
"Defaulting to broadcast...\n",
print_mac(mac, hdr->addr1));
iwl3945_print_hex_dump(IWL_DL_DROP, (u8 *) hdr, sizeof(*hdr));
return priv->hw_setting.bcast_sta_id;
}
+ /* If we are in monitor mode, use BCAST */
+ case IEEE80211_IF_TYPE_MNTR:
+ return priv->hw_setting.bcast_sta_id;
default:
IWL_WARNING("Unknown mode of operation: %d", priv->iw_mode);
return priv->hw_setting.bcast_sta_id;
}
}
/*
* start REPLY_TX command process
@@ -2579,21 +2582,16 @@ static int iwl3945_tx_skb(struct iwl3945
int rc;
spin_lock_irqsave(&priv->lock, flags);
if (iwl3945_is_rfkill(priv)) {
IWL_DEBUG_DROP("Dropping - RF KILL\n");
goto drop_unlock;
}
- if (!priv->vif) {
- IWL_DEBUG_DROP("Dropping - !priv->vif\n");
- goto drop_unlock;
- }
-
if ((ctl->tx_rate->hw_value & 0xFF) == IWL_INVALID_RATE) {
IWL_ERROR("ERROR: No TX rate available.\n");
goto drop_unlock;
}
unicast = !is_multicast_ether_addr(hdr->addr1);
id = 0;
@@ -2603,24 +2601,16 @@ static int iwl3945_tx_skb(struct iwl3945
if (ieee80211_is_auth(fc))
IWL_DEBUG_TX("Sending AUTH frame\n");
else if (ieee80211_is_assoc_request(fc))
IWL_DEBUG_TX("Sending ASSOC frame\n");
else if (ieee80211_is_reassoc_request(fc))
IWL_DEBUG_TX("Sending REASSOC frame\n");
#endif
- /* drop all data frame if we are not associated */
- if ((!iwl3945_is_associated(priv) ||
- ((priv->iw_mode == IEEE80211_IF_TYPE_STA) && !priv->assoc_id)) &&
- ((fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA)) {
- IWL_DEBUG_DROP("Dropping - !iwl3945_is_associated\n");
- goto drop_unlock;
- }
-
spin_unlock_irqrestore(&priv->lock, flags);
hdr_len = ieee80211_get_hdrlen(fc);
/* Find (or create) index into station table for destination station */
sta_id = iwl3945_get_sta_id(priv, hdr);
if (sta_id == IWL_INVALID_STATION) {
DECLARE_MAC_BUF(mac);
@@ -6692,21 +6682,16 @@ static void iwl3945_mac_stop(struct ieee
static int iwl3945_mac_tx(struct ieee80211_hw *hw, struct sk_buff *skb,
struct ieee80211_tx_control *ctl)
{
struct iwl3945_priv *priv = hw->priv;
IWL_DEBUG_MAC80211("enter\n");
- if (priv->iw_mode == IEEE80211_IF_TYPE_MNTR) {
- IWL_DEBUG_MAC80211("leave - monitor\n");
- return -1;
- }
-
IWL_DEBUG_TX("dev->xmit(%d bytes) at rate 0x%02x\n", skb->len,
ctl->tx_rate->bitrate);
if (iwl3945_tx_skb(priv, skb, ctl))
dev_kfree_skb_any(skb);
IWL_DEBUG_MAC80211("leave\n");
return 0;
diff -rp -U 8 compat-wireless-2008-05-20.orig/drivers/net/wireless/iwlwifi/iwl4965-base.c
compat-wireless-2008-05-20/drivers/net/wireless/iwlwifi/iwl4965-base.c
--- compat-wireless-2008-05-20.orig/drivers/net/wireless/iwlwifi/iwl4965-base.c 2008-05-20
05:05:29.000000000 -0400
+++ compat-wireless-2008-05-20/drivers/net/wireless/iwlwifi/iwl4965-base.c 2008-05-20
11:31:54.278205087 -0400
@@ -1746,16 +1746,19 @@ static int iwl4965_get_sta_id(struct iwl
return sta_id;
IWL_DEBUG_DROP("Station %s not in station map. "
"Defaulting to broadcast...\n",
print_mac(mac, hdr->addr1));
iwl_print_hex_dump(priv, IWL_DL_DROP, (u8 *) hdr, sizeof(*hdr));
return priv->hw_params.bcast_sta_id;
+ /* If we are in monitor mode, use BCAST */
+ case IEEE80211_IF_TYPE_MNTR:
+ return priv->hw_params.bcast_sta_id;
default:
IWL_WARNING("Unknown mode of operation: %d", priv->iw_mode);
return priv->hw_params.bcast_sta_id;
}
}
/*
* start REPLY_TX command process
@@ -1784,21 +1787,16 @@ static int iwl4965_tx_skb(struct iwl_pri
int rc;
spin_lock_irqsave(&priv->lock, flags);
if (iwl_is_rfkill(priv)) {
IWL_DEBUG_DROP("Dropping - RF KILL\n");
goto drop_unlock;
}
- if (!priv->vif) {
- IWL_DEBUG_DROP("Dropping - !priv->vif\n");
- goto drop_unlock;
- }
-
if ((ctl->tx_rate->hw_value & 0xFF) == IWL_INVALID_RATE) {
IWL_ERROR("ERROR: No TX rate available.\n");
goto drop_unlock;
}
unicast = !is_multicast_ether_addr(hdr->addr1);
id = 0;
@@ -1808,25 +1806,16 @@ static int iwl4965_tx_skb(struct iwl_pri
if (ieee80211_is_auth(fc))
IWL_DEBUG_TX("Sending AUTH frame\n");
else if (ieee80211_is_assoc_request(fc))
IWL_DEBUG_TX("Sending ASSOC frame\n");
else if (ieee80211_is_reassoc_request(fc))
IWL_DEBUG_TX("Sending REASSOC frame\n");
#endif
- /* drop all data frame if we are not associated */
- if (((fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA) &&
- (!iwl_is_associated(priv) ||
- ((priv->iw_mode == IEEE80211_IF_TYPE_STA) && !priv->assoc_id) ||
- !priv->assoc_station_added)) {
- IWL_DEBUG_DROP("Dropping - !iwl_is_associated\n");
- goto drop_unlock;
- }
-
spin_unlock_irqrestore(&priv->lock, flags);
hdr_len = ieee80211_get_hdrlen(fc);
/* Find (or create) index into station table for destination station */
sta_id = iwl4965_get_sta_id(priv, hdr);
if (sta_id == IWL_INVALID_STATION) {
DECLARE_MAC_BUF(mac);
@@ -5110,21 +5099,16 @@ static void iwl4965_mac_stop(struct ieee
static int iwl4965_mac_tx(struct ieee80211_hw *hw, struct sk_buff *skb,
struct ieee80211_tx_control *ctl)
{
struct iwl_priv *priv = hw->priv;
IWL_DEBUG_MAC80211("enter\n");
- if (priv->iw_mode == IEEE80211_IF_TYPE_MNTR) {
- IWL_DEBUG_MAC80211("leave - monitor\n");
- return -1;
- }
-
IWL_DEBUG_TX("dev->xmit(%d bytes) at rate 0x%02x\n", skb->len,
ctl->tx_rate->bitrate);
if (iwl4965_tx_skb(priv, skb, ctl))
dev_kfree_skb_any(skb);
IWL_DEBUG_MAC80211("leave\n");
return 0;
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: iwlinject2.diff --]
[-- Type: text/x-diff; name=iwlinject2.diff, Size: 6015 bytes --]
diff -rp -U 8 compat-wireless-2008-05-20.orig/drivers/net/wireless/iwlwifi/iwl3945-base.c compat-wireless-2008-05-20/drivers/net/wireless/iwlwifi/iwl3945-base.c
--- compat-wireless-2008-05-20.orig/drivers/net/wireless/iwlwifi/iwl3945-base.c 2008-05-20 05:05:29.000000000 -0400
+++ compat-wireless-2008-05-20/drivers/net/wireless/iwlwifi/iwl3945-base.c 2008-05-20 11:31:15.513173847 -0400
@@ -2542,16 +2542,19 @@ static int iwl3945_get_sta_id(struct iwl
return sta_id;
IWL_DEBUG_DROP("Station %s not in station map. "
"Defaulting to broadcast...\n",
print_mac(mac, hdr->addr1));
iwl3945_print_hex_dump(IWL_DL_DROP, (u8 *) hdr, sizeof(*hdr));
return priv->hw_setting.bcast_sta_id;
}
+ /* If we are in monitor mode, use BCAST */
+ case IEEE80211_IF_TYPE_MNTR:
+ return priv->hw_setting.bcast_sta_id;
default:
IWL_WARNING("Unknown mode of operation: %d", priv->iw_mode);
return priv->hw_setting.bcast_sta_id;
}
}
/*
* start REPLY_TX command process
@@ -2579,21 +2582,16 @@ static int iwl3945_tx_skb(struct iwl3945
int rc;
spin_lock_irqsave(&priv->lock, flags);
if (iwl3945_is_rfkill(priv)) {
IWL_DEBUG_DROP("Dropping - RF KILL\n");
goto drop_unlock;
}
- if (!priv->vif) {
- IWL_DEBUG_DROP("Dropping - !priv->vif\n");
- goto drop_unlock;
- }
-
if ((ctl->tx_rate->hw_value & 0xFF) == IWL_INVALID_RATE) {
IWL_ERROR("ERROR: No TX rate available.\n");
goto drop_unlock;
}
unicast = !is_multicast_ether_addr(hdr->addr1);
id = 0;
@@ -2603,24 +2601,16 @@ static int iwl3945_tx_skb(struct iwl3945
if (ieee80211_is_auth(fc))
IWL_DEBUG_TX("Sending AUTH frame\n");
else if (ieee80211_is_assoc_request(fc))
IWL_DEBUG_TX("Sending ASSOC frame\n");
else if (ieee80211_is_reassoc_request(fc))
IWL_DEBUG_TX("Sending REASSOC frame\n");
#endif
- /* drop all data frame if we are not associated */
- if ((!iwl3945_is_associated(priv) ||
- ((priv->iw_mode == IEEE80211_IF_TYPE_STA) && !priv->assoc_id)) &&
- ((fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA)) {
- IWL_DEBUG_DROP("Dropping - !iwl3945_is_associated\n");
- goto drop_unlock;
- }
-
spin_unlock_irqrestore(&priv->lock, flags);
hdr_len = ieee80211_get_hdrlen(fc);
/* Find (or create) index into station table for destination station */
sta_id = iwl3945_get_sta_id(priv, hdr);
if (sta_id == IWL_INVALID_STATION) {
DECLARE_MAC_BUF(mac);
@@ -6692,21 +6682,16 @@ static void iwl3945_mac_stop(struct ieee
static int iwl3945_mac_tx(struct ieee80211_hw *hw, struct sk_buff *skb,
struct ieee80211_tx_control *ctl)
{
struct iwl3945_priv *priv = hw->priv;
IWL_DEBUG_MAC80211("enter\n");
- if (priv->iw_mode == IEEE80211_IF_TYPE_MNTR) {
- IWL_DEBUG_MAC80211("leave - monitor\n");
- return -1;
- }
-
IWL_DEBUG_TX("dev->xmit(%d bytes) at rate 0x%02x\n", skb->len,
ctl->tx_rate->bitrate);
if (iwl3945_tx_skb(priv, skb, ctl))
dev_kfree_skb_any(skb);
IWL_DEBUG_MAC80211("leave\n");
return 0;
diff -rp -U 8 compat-wireless-2008-05-20.orig/drivers/net/wireless/iwlwifi/iwl4965-base.c compat-wireless-2008-05-20/drivers/net/wireless/iwlwifi/iwl4965-base.c
--- compat-wireless-2008-05-20.orig/drivers/net/wireless/iwlwifi/iwl4965-base.c 2008-05-20 05:05:29.000000000 -0400
+++ compat-wireless-2008-05-20/drivers/net/wireless/iwlwifi/iwl4965-base.c 2008-05-20 11:31:54.278205087 -0400
@@ -1746,16 +1746,19 @@ static int iwl4965_get_sta_id(struct iwl
return sta_id;
IWL_DEBUG_DROP("Station %s not in station map. "
"Defaulting to broadcast...\n",
print_mac(mac, hdr->addr1));
iwl_print_hex_dump(priv, IWL_DL_DROP, (u8 *) hdr, sizeof(*hdr));
return priv->hw_params.bcast_sta_id;
+ /* If we are in monitor mode, use BCAST */
+ case IEEE80211_IF_TYPE_MNTR:
+ return priv->hw_params.bcast_sta_id;
default:
IWL_WARNING("Unknown mode of operation: %d", priv->iw_mode);
return priv->hw_params.bcast_sta_id;
}
}
/*
* start REPLY_TX command process
@@ -1784,21 +1787,16 @@ static int iwl4965_tx_skb(struct iwl_pri
int rc;
spin_lock_irqsave(&priv->lock, flags);
if (iwl_is_rfkill(priv)) {
IWL_DEBUG_DROP("Dropping - RF KILL\n");
goto drop_unlock;
}
- if (!priv->vif) {
- IWL_DEBUG_DROP("Dropping - !priv->vif\n");
- goto drop_unlock;
- }
-
if ((ctl->tx_rate->hw_value & 0xFF) == IWL_INVALID_RATE) {
IWL_ERROR("ERROR: No TX rate available.\n");
goto drop_unlock;
}
unicast = !is_multicast_ether_addr(hdr->addr1);
id = 0;
@@ -1808,25 +1806,16 @@ static int iwl4965_tx_skb(struct iwl_pri
if (ieee80211_is_auth(fc))
IWL_DEBUG_TX("Sending AUTH frame\n");
else if (ieee80211_is_assoc_request(fc))
IWL_DEBUG_TX("Sending ASSOC frame\n");
else if (ieee80211_is_reassoc_request(fc))
IWL_DEBUG_TX("Sending REASSOC frame\n");
#endif
- /* drop all data frame if we are not associated */
- if (((fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA) &&
- (!iwl_is_associated(priv) ||
- ((priv->iw_mode == IEEE80211_IF_TYPE_STA) && !priv->assoc_id) ||
- !priv->assoc_station_added)) {
- IWL_DEBUG_DROP("Dropping - !iwl_is_associated\n");
- goto drop_unlock;
- }
-
spin_unlock_irqrestore(&priv->lock, flags);
hdr_len = ieee80211_get_hdrlen(fc);
/* Find (or create) index into station table for destination station */
sta_id = iwl4965_get_sta_id(priv, hdr);
if (sta_id == IWL_INVALID_STATION) {
DECLARE_MAC_BUF(mac);
@@ -5110,21 +5099,16 @@ static void iwl4965_mac_stop(struct ieee
static int iwl4965_mac_tx(struct ieee80211_hw *hw, struct sk_buff *skb,
struct ieee80211_tx_control *ctl)
{
struct iwl_priv *priv = hw->priv;
IWL_DEBUG_MAC80211("enter\n");
- if (priv->iw_mode == IEEE80211_IF_TYPE_MNTR) {
- IWL_DEBUG_MAC80211("leave - monitor\n");
- return -1;
- }
-
IWL_DEBUG_TX("dev->xmit(%d bytes) at rate 0x%02x\n", skb->len,
ctl->tx_rate->bitrate);
if (iwl4965_tx_skb(priv, skb, ctl))
dev_kfree_skb_any(skb);
IWL_DEBUG_MAC80211("leave\n");
return 0;
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PATCH] iwlwifi: Fix packet injection in iwl3945 and iwl4965
2008-05-20 17:01 [PATCH] iwlwifi: Fix packet injection in iwl3945 and iwl4965 Stefanik Gábor
@ 2008-05-20 21:41 ` Tomas Winkler
2008-05-20 21:51 ` Stefanik Gábor
2008-05-21 15:19 ` [PATCH V2] " Stefanik Gábor
1 sibling, 1 reply; 15+ messages in thread
From: Tomas Winkler @ 2008-05-20 21:41 UTC (permalink / raw)
To: Stefanik Gábor
Cc: John Linville, Zhu Yi, linux-wireless, Andy Green, Johannes Berg
On Tue, May 20, 2008 at 8:01 PM, Stefanik G=E1bor <netrolller.3d@gmail.=
com> wrote:
> This patch fixes packet injection on iwlwifi devices (iwl3945 and
> iwl4965). Tested with packetspammer and aireplay-ng, also works in
> monitor-while-associated mode. If possible, please apply to 2.6.26,
> else to 2.6.27. The patch is also available as an attachment, in case
> Gmail decides to word-wrap or whitespace-damage the inline version.
>
> Signed-off-by: G=E1bor Stefanik <netrolller.3d@gmail.com>
> ---
>
> diff -rp -U 8 compat-wireless-2008-05-20.orig/drivers/net/wireless/iw=
lwifi/iwl3945-base.c
> compat-wireless-2008-05-20/drivers/net/wireless/iwlwifi/iwl3945-base.=
c
> --- compat-wireless-2008-05-20.orig/drivers/net/wireless/iwlwifi/iwl3=
945-base.c 2008-05-20
> 05:05:29.000000000 -0400
> +++ compat-wireless-2008-05-20/drivers/net/wireless/iwlwifi/iwl3945-b=
ase.c 2008-05-20
> 11:31:15.513173847 -0400
> @@ -2542,16 +2542,19 @@ static int iwl3945_get_sta_id(struct iwl
> return sta_id;
>
> IWL_DEBUG_DROP("Station %s not in station map. "
> "Defaulting to broadcast...\n",
> print_mac(mac, hdr->addr1));
> iwl3945_print_hex_dump(IWL_DL_DROP, (u8 *) hdr, sizeof=
(*hdr));
> return priv->hw_setting.bcast_sta_id;
> }
> + /* If we are in monitor mode, use BCAST */
> + case IEEE80211_IF_TYPE_MNTR:
> + return priv->hw_setting.bcast_sta_id;
> default:
> IWL_WARNING("Unknown mode of operation: %d", priv->iw_=
mode);
> return priv->hw_setting.bcast_sta_id;
> }
> }
>
> /*
> * start REPLY_TX command process
> @@ -2579,21 +2582,16 @@ static int iwl3945_tx_skb(struct iwl3945
> int rc;
>
> spin_lock_irqsave(&priv->lock, flags);
> if (iwl3945_is_rfkill(priv)) {
> IWL_DEBUG_DROP("Dropping - RF KILL\n");
> goto drop_unlock;
> }
>
> - if (!priv->vif) {
> - IWL_DEBUG_DROP("Dropping - !priv->vif\n");
> - goto drop_unlock;
> - }
> -
> if ((ctl->tx_rate->hw_value & 0xFF) =3D=3D IWL_INVALID_RATE) {
> IWL_ERROR("ERROR: No TX rate available.\n");
> goto drop_unlock;
> }
>
> unicast =3D !is_multicast_ether_addr(hdr->addr1);
> id =3D 0;
>
> @@ -2603,24 +2601,16 @@ static int iwl3945_tx_skb(struct iwl3945
> if (ieee80211_is_auth(fc))
> IWL_DEBUG_TX("Sending AUTH frame\n");
> else if (ieee80211_is_assoc_request(fc))
> IWL_DEBUG_TX("Sending ASSOC frame\n");
> else if (ieee80211_is_reassoc_request(fc))
> IWL_DEBUG_TX("Sending REASSOC frame\n");
> #endif
>
> - /* drop all data frame if we are not associated */
> - if ((!iwl3945_is_associated(priv) ||
> - ((priv->iw_mode =3D=3D IEEE80211_IF_TYPE_STA) && !priv->=
assoc_id)) &&
> - ((fc & IEEE80211_FCTL_FTYPE) =3D=3D IEEE80211_FTYPE_DATA)=
) {
> - IWL_DEBUG_DROP("Dropping - !iwl3945_is_associated\n")=
;
> - goto drop_unlock;
> - }
> -
> spin_unlock_irqrestore(&priv->lock, flags);
>
> hdr_len =3D ieee80211_get_hdrlen(fc);
>
> /* Find (or create) index into station table for destination s=
tation */
> sta_id =3D iwl3945_get_sta_id(priv, hdr);
> if (sta_id =3D=3D IWL_INVALID_STATION) {
> DECLARE_MAC_BUF(mac);
> @@ -6692,21 +6682,16 @@ static void iwl3945_mac_stop(struct ieee
>
> static int iwl3945_mac_tx(struct ieee80211_hw *hw, struct sk_buff *s=
kb,
> struct ieee80211_tx_control *ctl)
> {
> struct iwl3945_priv *priv =3D hw->priv;
>
> IWL_DEBUG_MAC80211("enter\n");
>
> - if (priv->iw_mode =3D=3D IEEE80211_IF_TYPE_MNTR) {
> - IWL_DEBUG_MAC80211("leave - monitor\n");
> - return -1;
> - }
> -
> IWL_DEBUG_TX("dev->xmit(%d bytes) at rate 0x%02x\n", skb->len,
> ctl->tx_rate->bitrate);
>
> if (iwl3945_tx_skb(priv, skb, ctl))
> dev_kfree_skb_any(skb);
>
> IWL_DEBUG_MAC80211("leave\n");
> return 0;
> diff -rp -U 8 compat-wireless-2008-05-20.orig/drivers/net/wireless/iw=
lwifi/iwl4965-base.c
> compat-wireless-2008-05-20/drivers/net/wireless/iwlwifi/iwl4965-base.=
c
> --- compat-wireless-2008-05-20.orig/drivers/net/wireless/iwlwifi/iwl4=
965-base.c 2008-05-20
> 05:05:29.000000000 -0400
> +++ compat-wireless-2008-05-20/drivers/net/wireless/iwlwifi/iwl4965-b=
ase.c 2008-05-20
> 11:31:54.278205087 -0400
> @@ -1746,16 +1746,19 @@ static int iwl4965_get_sta_id(struct iwl
> return sta_id;
>
> IWL_DEBUG_DROP("Station %s not in station map. "
> "Defaulting to broadcast...\n",
> print_mac(mac, hdr->addr1));
> iwl_print_hex_dump(priv, IWL_DL_DROP, (u8 *) hdr, size=
of(*hdr));
> return priv->hw_params.bcast_sta_id;
>
> + /* If we are in monitor mode, use BCAST */
> + case IEEE80211_IF_TYPE_MNTR:
> + return priv->hw_params.bcast_sta_id;
> default:
> IWL_WARNING("Unknown mode of operation: %d", priv->iw_=
mode);
> return priv->hw_params.bcast_sta_id;
> }
> }
>
> /*
> * start REPLY_TX command process
> @@ -1784,21 +1787,16 @@ static int iwl4965_tx_skb(struct iwl_pri
> int rc;
>
> spin_lock_irqsave(&priv->lock, flags);
> if (iwl_is_rfkill(priv)) {
> IWL_DEBUG_DROP("Dropping - RF KILL\n");
> goto drop_unlock;
> }
>
> - if (!priv->vif) {
> - IWL_DEBUG_DROP("Dropping - !priv->vif\n");
> - goto drop_unlock;
> - }
> -
> if ((ctl->tx_rate->hw_value & 0xFF) =3D=3D IWL_INVALID_RATE) {
> IWL_ERROR("ERROR: No TX rate available.\n");
> goto drop_unlock;
> }
>
> unicast =3D !is_multicast_ether_addr(hdr->addr1);
> id =3D 0;
>
> @@ -1808,25 +1806,16 @@ static int iwl4965_tx_skb(struct iwl_pri
> if (ieee80211_is_auth(fc))
> IWL_DEBUG_TX("Sending AUTH frame\n");
> else if (ieee80211_is_assoc_request(fc))
> IWL_DEBUG_TX("Sending ASSOC frame\n");
> else if (ieee80211_is_reassoc_request(fc))
> IWL_DEBUG_TX("Sending REASSOC frame\n");
> #endif
>
> - /* drop all data frame if we are not associated */
> - if (((fc & IEEE80211_FCTL_FTYPE) =3D=3D IEEE80211_FTYPE_DATA)=
&&
> - (!iwl_is_associated(priv) ||
> - ((priv->iw_mode =3D=3D IEEE80211_IF_TYPE_STA) && !priv->a=
ssoc_id) ||
> - !priv->assoc_station_added)) {
> - IWL_DEBUG_DROP("Dropping - !iwl_is_associated\n");
> - goto drop_unlock;
> - }
> -
This is certainly no go for 4965. Station must be present in uCode
table. Maybe this work for monitor mode but there is a race in regular
cases, when sta_id !=3D broadcast id at least priv->assoc_station_added
=3D=3D 1 has to be true. Have you tested it with 4965 ?
I suggest to proceed with 3945 part only of this patch.
Tomas
--
To unsubscribe from this list: send the line "unsubscribe linux-wireles=
s" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PATCH] iwlwifi: Fix packet injection in iwl3945 and iwl4965
2008-05-20 21:41 ` Tomas Winkler
@ 2008-05-20 21:51 ` Stefanik Gábor
2008-05-20 22:18 ` Tomas Winkler
0 siblings, 1 reply; 15+ messages in thread
From: Stefanik Gábor @ 2008-05-20 21:51 UTC (permalink / raw)
To: Tomas Winkler
Cc: John Linville, Zhu Yi, linux-wireless, Andy Green, Johannes Berg
On Tue, May 20, 2008 at 5:41 PM, Tomas Winkler <tomasw@gmail.com> wrote=
:
> On Tue, May 20, 2008 at 8:01 PM, Stefanik G=E1bor <netrolller.3d@gmai=
l.com> wrote:
>> This patch fixes packet injection on iwlwifi devices (iwl3945 and
>> iwl4965). Tested with packetspammer and aireplay-ng, also works in
>> monitor-while-associated mode. If possible, please apply to 2.6.26,
>> else to 2.6.27. The patch is also available as an attachment, in cas=
e
>> Gmail decides to word-wrap or whitespace-damage the inline version.
>>
>> Signed-off-by: G=E1bor Stefanik <netrolller.3d@gmail.com>
>> ---
>>
>> <snip>
>
> This is certainly no go for 4965. Station must be present in uCode
> table. Maybe this work for monitor mode but there is a race in regula=
r
> cases, when sta_id !=3D broadcast id at least priv->assoc_station_add=
ed
> =3D=3D 1 has to be true. Have you tested it with 4965 ?
>
> I suggest to proceed with 3945 part only of this patch.
>
> Tomas
Which change does this comment apply to? The "IWL_DEBUG_DROP("Dropping
- !priv->vif\n");" one? Or the "drop all data frame if we are not
associated" one? Also, doesn't the "if (sta_id =3D=3D
IWL_INVALID_STATION)" part protect against such cases? Also, what
happens if we simply pass broadcast in such a case?
Thanks,
G=E1bor
--=20
Vista: [V]iruses, [I]ntruders, [S]pyware, [T]rojans and [A]dware. :-)
--
To unsubscribe from this list: send the line "unsubscribe linux-wireles=
s" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PATCH] iwlwifi: Fix packet injection in iwl3945 and iwl4965
2008-05-20 21:51 ` Stefanik Gábor
@ 2008-05-20 22:18 ` Tomas Winkler
2008-05-20 22:26 ` Stefanik Gábor
0 siblings, 1 reply; 15+ messages in thread
From: Tomas Winkler @ 2008-05-20 22:18 UTC (permalink / raw)
To: Stefanik Gábor
Cc: John Linville, Zhu Yi, linux-wireless, Andy Green, Johannes Berg
On Wed, May 21, 2008 at 12:51 AM, Stefanik G=E1bor
<netrolller.3d@gmail.com> wrote:
> On Tue, May 20, 2008 at 5:41 PM, Tomas Winkler <tomasw@gmail.com> wro=
te:
>> On Tue, May 20, 2008 at 8:01 PM, Stefanik G=E1bor <netrolller.3d@gma=
il.com> wrote:
>>> This patch fixes packet injection on iwlwifi devices (iwl3945 and
>>> iwl4965). Tested with packetspammer and aireplay-ng, also works in
>>> monitor-while-associated mode. If possible, please apply to 2.6.26,
>>> else to 2.6.27. The patch is also available as an attachment, in ca=
se
>>> Gmail decides to word-wrap or whitespace-damage the inline version.
>>>
>>> Signed-off-by: G=E1bor Stefanik <netrolller.3d@gmail.com>
>>> ---
>>>
>>> <snip>
>>
>> This is certainly no go for 4965. Station must be present in uCode
>> table. Maybe this work for monitor mode but there is a race in regul=
ar
>> cases, when sta_id !=3D broadcast id at least priv->assoc_station_ad=
ded
>> =3D=3D 1 has to be true. Have you tested it with 4965 ?
>>
>> I suggest to proceed with 3945 part only of this patch.
>>
>> Tomas
>
> Which change does this comment apply to? The "IWL_DEBUG_DROP("Droppin=
g
> - !priv->vif\n");" one? Or the "drop all data frame if we are not
> associated" one? Also, doesn't the "if (sta_id =3D=3D
> IWL_INVALID_STATION)" part protect against such cases? Also, what
> happens if we simply pass broadcast in such a case?
>
The station can be in driver data structure but it's not guaranties
it's also in the uCode. It will
return correct station id but the table in uCode will be empty.
Retuning to new channel clears the station table in the uCode so it
must to be reapplied also you must have applied rate command (LQ).
Simply currently there is a window big enough for a race. It can be
solved but there is more coding than this patch.
Thanks
Tomas
> --
> Vista: [V]iruses, [I]ntruders, [S]pyware, [T]rojans and [A]dware. :-)
>
--
To unsubscribe from this list: send the line "unsubscribe linux-wireles=
s" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PATCH] iwlwifi: Fix packet injection in iwl3945 and iwl4965
2008-05-20 22:18 ` Tomas Winkler
@ 2008-05-20 22:26 ` Stefanik Gábor
2008-05-20 22:45 ` Tomas Winkler
0 siblings, 1 reply; 15+ messages in thread
From: Stefanik Gábor @ 2008-05-20 22:26 UTC (permalink / raw)
To: Tomas Winkler
Cc: John Linville, Zhu Yi, linux-wireless, Andy Green, Johannes Berg
[-- Attachment #1: Type: text/plain, Size: 7951 bytes --]
On Tue, May 20, 2008 at 6:18 PM, Tomas Winkler <tomasw@gmail.com> wrote:
> On Wed, May 21, 2008 at 12:51 AM, Stefanik Gábor
> <netrolller.3d@gmail.com> wrote:
>> On Tue, May 20, 2008 at 5:41 PM, Tomas Winkler <tomasw@gmail.com> wrote:
>>>
>>> This is certainly no go for 4965. Station must be present in uCode
>>> table. Maybe this work for monitor mode but there is a race in regular
>>> cases, when sta_id != broadcast id at least priv->assoc_station_added
>>> == 1 has to be true. Have you tested it with 4965 ?
>>>
>>> I suggest to proceed with 3945 part only of this patch.
>>>
>>> Tomas
>>
>> Which change does this comment apply to? The "IWL_DEBUG_DROP("Dropping
>> - !priv->vif\n");" one? Or the "drop all data frame if we are not
>> associated" one? Also, doesn't the "if (sta_id ==
>> IWL_INVALID_STATION)" part protect against such cases? Also, what
>> happens if we simply pass broadcast in such a case?
>>
> The station can be in driver data structure but it's not guaranties
> it's also in the uCode. It will
> return correct station id but the table in uCode will be empty.
> Retuning to new channel clears the station table in the uCode so it
> must to be reapplied also you must have applied rate command (LQ).
> Simply currently there is a window big enough for a race. It can be
> solved but there is more coding than this patch.
>
> Thanks
> Tomas
>> --
>> Vista: [V]iruses, [I]ntruders, [S]pyware, [T]rojans and [A]dware. :-)
>>
>
Hmm... wouldn't this patch fix the issue? It limits the condition list
of dropping data packets to just !priv->assoc_station_added. I don't
know if iwl4965 injection still works with this patch though, but I
suspect it does.
---
diff -rp -U 8 compat-wireless-2008-05-20.orig/drivers/net/wireless/iwlwifi/iwl3945-base.c
compat-wireless-2008-05-20/drivers/net/wireless/iwlwifi/iwl3945-base.c
--- compat-wireless-2008-05-20.orig/drivers/net/wireless/iwlwifi/iwl3945-base.c 2008-05-20
05:05:29.000000000 -0400
+++ compat-wireless-2008-05-20/drivers/net/wireless/iwlwifi/iwl3945-base.c 2008-05-20
11:31:15.513173847 -0400
@@ -2542,16 +2542,19 @@ static int iwl3945_get_sta_id(struct iwl
return sta_id;
IWL_DEBUG_DROP("Station %s not in station map. "
"Defaulting to broadcast...\n",
print_mac(mac, hdr->addr1));
iwl3945_print_hex_dump(IWL_DL_DROP, (u8 *) hdr, sizeof(*hdr));
return priv->hw_setting.bcast_sta_id;
}
+ /* If we are in monitor mode, use BCAST */
+ case IEEE80211_IF_TYPE_MNTR:
+ return priv->hw_setting.bcast_sta_id;
default:
IWL_WARNING("Unknown mode of operation: %d", priv->iw_mode);
return priv->hw_setting.bcast_sta_id;
}
}
/*
* start REPLY_TX command process
@@ -2579,21 +2582,16 @@ static int iwl3945_tx_skb(struct iwl3945
int rc;
spin_lock_irqsave(&priv->lock, flags);
if (iwl3945_is_rfkill(priv)) {
IWL_DEBUG_DROP("Dropping - RF KILL\n");
goto drop_unlock;
}
- if (!priv->vif) {
- IWL_DEBUG_DROP("Dropping - !priv->vif\n");
- goto drop_unlock;
- }
-
if ((ctl->tx_rate->hw_value & 0xFF) == IWL_INVALID_RATE) {
IWL_ERROR("ERROR: No TX rate available.\n");
goto drop_unlock;
}
unicast = !is_multicast_ether_addr(hdr->addr1);
id = 0;
@@ -2603,24 +2601,16 @@ static int iwl3945_tx_skb(struct iwl3945
if (ieee80211_is_auth(fc))
IWL_DEBUG_TX("Sending AUTH frame\n");
else if (ieee80211_is_assoc_request(fc))
IWL_DEBUG_TX("Sending ASSOC frame\n");
else if (ieee80211_is_reassoc_request(fc))
IWL_DEBUG_TX("Sending REASSOC frame\n");
#endif
- /* drop all data frame if we are not associated */
- if ((!iwl3945_is_associated(priv) ||
- ((priv->iw_mode == IEEE80211_IF_TYPE_STA) && !priv->assoc_id)) &&
- ((fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA)) {
- IWL_DEBUG_DROP("Dropping - !iwl3945_is_associated\n");
- goto drop_unlock;
- }
-
spin_unlock_irqrestore(&priv->lock, flags);
hdr_len = ieee80211_get_hdrlen(fc);
/* Find (or create) index into station table for destination station */
sta_id = iwl3945_get_sta_id(priv, hdr);
if (sta_id == IWL_INVALID_STATION) {
DECLARE_MAC_BUF(mac);
@@ -6692,21 +6682,16 @@ static void iwl3945_mac_stop(struct ieee
static int iwl3945_mac_tx(struct ieee80211_hw *hw, struct sk_buff *skb,
struct ieee80211_tx_control *ctl)
{
struct iwl3945_priv *priv = hw->priv;
IWL_DEBUG_MAC80211("enter\n");
- if (priv->iw_mode == IEEE80211_IF_TYPE_MNTR) {
- IWL_DEBUG_MAC80211("leave - monitor\n");
- return -1;
- }
-
IWL_DEBUG_TX("dev->xmit(%d bytes) at rate 0x%02x\n", skb->len,
ctl->tx_rate->bitrate);
if (iwl3945_tx_skb(priv, skb, ctl))
dev_kfree_skb_any(skb);
IWL_DEBUG_MAC80211("leave\n");
return 0;
diff -rp -U 8 compat-wireless-2008-05-20.orig/drivers/net/wireless/iwlwifi/iwl4965-base.c
compat-wireless-2008-05-20/drivers/net/wireless/iwlwifi/iwl4965-base.c
--- compat-wireless-2008-05-20.orig/drivers/net/wireless/iwlwifi/iwl4965-base.c 2008-05-20
05:05:29.000000000 -0400
+++ compat-wireless-2008-05-20/drivers/net/wireless/iwlwifi/iwl4965-base.c 2008-05-20
18:18:58.399897940 -0400
@@ -1746,16 +1746,19 @@ static int iwl4965_get_sta_id(struct iwl
return sta_id;
IWL_DEBUG_DROP("Station %s not in station map. "
"Defaulting to broadcast...\n",
print_mac(mac, hdr->addr1));
iwl_print_hex_dump(priv, IWL_DL_DROP, (u8 *) hdr, sizeof(*hdr));
return priv->hw_params.bcast_sta_id;
+ /* If we are in monitor mode, use BCAST */
+ case IEEE80211_IF_TYPE_MNTR:
+ return priv->hw_params.bcast_sta_id;
default:
IWL_WARNING("Unknown mode of operation: %d", priv->iw_mode);
return priv->hw_params.bcast_sta_id;
}
}
/*
* start REPLY_TX command process
@@ -1784,21 +1787,16 @@ static int iwl4965_tx_skb(struct iwl_pri
int rc;
spin_lock_irqsave(&priv->lock, flags);
if (iwl_is_rfkill(priv)) {
IWL_DEBUG_DROP("Dropping - RF KILL\n");
goto drop_unlock;
}
- if (!priv->vif) {
- IWL_DEBUG_DROP("Dropping - !priv->vif\n");
- goto drop_unlock;
- }
-
if ((ctl->tx_rate->hw_value & 0xFF) == IWL_INVALID_RATE) {
IWL_ERROR("ERROR: No TX rate available.\n");
goto drop_unlock;
}
unicast = !is_multicast_ether_addr(hdr->addr1);
id = 0;
@@ -1808,22 +1806,20 @@ static int iwl4965_tx_skb(struct iwl_pri
if (ieee80211_is_auth(fc))
IWL_DEBUG_TX("Sending AUTH frame\n");
else if (ieee80211_is_assoc_request(fc))
IWL_DEBUG_TX("Sending ASSOC frame\n");
else if (ieee80211_is_reassoc_request(fc))
IWL_DEBUG_TX("Sending REASSOC frame\n");
#endif
- /* drop all data frame if we are not associated */
+ /* drop all data frame if !priv->assoc_station_added */
if (((fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA) &&
- (!iwl_is_associated(priv) ||
- ((priv->iw_mode == IEEE80211_IF_TYPE_STA) && !priv->assoc_id) ||
- !priv->assoc_station_added)) {
- IWL_DEBUG_DROP("Dropping - !iwl_is_associated\n");
+ !priv->assoc_station_added) {
+ IWL_DEBUG_DROP("Dropping - !priv->assoc_station_added\n");
goto drop_unlock;
}
spin_unlock_irqrestore(&priv->lock, flags);
hdr_len = ieee80211_get_hdrlen(fc);
/* Find (or create) index into station table for destination station */
@@ -5110,21 +5106,16 @@ static void iwl4965_mac_stop(struct ieee
static int iwl4965_mac_tx(struct ieee80211_hw *hw, struct sk_buff *skb,
struct ieee80211_tx_control *ctl)
{
struct iwl_priv *priv = hw->priv;
IWL_DEBUG_MAC80211("enter\n");
- if (priv->iw_mode == IEEE80211_IF_TYPE_MNTR) {
- IWL_DEBUG_MAC80211("leave - monitor\n");
- return -1;
- }
-
IWL_DEBUG_TX("dev->xmit(%d bytes) at rate 0x%02x\n", skb->len,
ctl->tx_rate->bitrate);
if (iwl4965_tx_skb(priv, skb, ctl))
dev_kfree_skb_any(skb);
IWL_DEBUG_MAC80211("leave\n");
return 0;
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: iwlinject3.diff --]
[-- Type: text/x-diff; name=iwlinject3.diff, Size: 6064 bytes --]
diff -rp -U 8 compat-wireless-2008-05-20.orig/drivers/net/wireless/iwlwifi/iwl3945-base.c compat-wireless-2008-05-20/drivers/net/wireless/iwlwifi/iwl3945-base.c
--- compat-wireless-2008-05-20.orig/drivers/net/wireless/iwlwifi/iwl3945-base.c 2008-05-20 05:05:29.000000000 -0400
+++ compat-wireless-2008-05-20/drivers/net/wireless/iwlwifi/iwl3945-base.c 2008-05-20 11:31:15.513173847 -0400
@@ -2542,16 +2542,19 @@ static int iwl3945_get_sta_id(struct iwl
return sta_id;
IWL_DEBUG_DROP("Station %s not in station map. "
"Defaulting to broadcast...\n",
print_mac(mac, hdr->addr1));
iwl3945_print_hex_dump(IWL_DL_DROP, (u8 *) hdr, sizeof(*hdr));
return priv->hw_setting.bcast_sta_id;
}
+ /* If we are in monitor mode, use BCAST */
+ case IEEE80211_IF_TYPE_MNTR:
+ return priv->hw_setting.bcast_sta_id;
default:
IWL_WARNING("Unknown mode of operation: %d", priv->iw_mode);
return priv->hw_setting.bcast_sta_id;
}
}
/*
* start REPLY_TX command process
@@ -2579,21 +2582,16 @@ static int iwl3945_tx_skb(struct iwl3945
int rc;
spin_lock_irqsave(&priv->lock, flags);
if (iwl3945_is_rfkill(priv)) {
IWL_DEBUG_DROP("Dropping - RF KILL\n");
goto drop_unlock;
}
- if (!priv->vif) {
- IWL_DEBUG_DROP("Dropping - !priv->vif\n");
- goto drop_unlock;
- }
-
if ((ctl->tx_rate->hw_value & 0xFF) == IWL_INVALID_RATE) {
IWL_ERROR("ERROR: No TX rate available.\n");
goto drop_unlock;
}
unicast = !is_multicast_ether_addr(hdr->addr1);
id = 0;
@@ -2603,24 +2601,16 @@ static int iwl3945_tx_skb(struct iwl3945
if (ieee80211_is_auth(fc))
IWL_DEBUG_TX("Sending AUTH frame\n");
else if (ieee80211_is_assoc_request(fc))
IWL_DEBUG_TX("Sending ASSOC frame\n");
else if (ieee80211_is_reassoc_request(fc))
IWL_DEBUG_TX("Sending REASSOC frame\n");
#endif
- /* drop all data frame if we are not associated */
- if ((!iwl3945_is_associated(priv) ||
- ((priv->iw_mode == IEEE80211_IF_TYPE_STA) && !priv->assoc_id)) &&
- ((fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA)) {
- IWL_DEBUG_DROP("Dropping - !iwl3945_is_associated\n");
- goto drop_unlock;
- }
-
spin_unlock_irqrestore(&priv->lock, flags);
hdr_len = ieee80211_get_hdrlen(fc);
/* Find (or create) index into station table for destination station */
sta_id = iwl3945_get_sta_id(priv, hdr);
if (sta_id == IWL_INVALID_STATION) {
DECLARE_MAC_BUF(mac);
@@ -6692,21 +6682,16 @@ static void iwl3945_mac_stop(struct ieee
static int iwl3945_mac_tx(struct ieee80211_hw *hw, struct sk_buff *skb,
struct ieee80211_tx_control *ctl)
{
struct iwl3945_priv *priv = hw->priv;
IWL_DEBUG_MAC80211("enter\n");
- if (priv->iw_mode == IEEE80211_IF_TYPE_MNTR) {
- IWL_DEBUG_MAC80211("leave - monitor\n");
- return -1;
- }
-
IWL_DEBUG_TX("dev->xmit(%d bytes) at rate 0x%02x\n", skb->len,
ctl->tx_rate->bitrate);
if (iwl3945_tx_skb(priv, skb, ctl))
dev_kfree_skb_any(skb);
IWL_DEBUG_MAC80211("leave\n");
return 0;
diff -rp -U 8 compat-wireless-2008-05-20.orig/drivers/net/wireless/iwlwifi/iwl4965-base.c compat-wireless-2008-05-20/drivers/net/wireless/iwlwifi/iwl4965-base.c
--- compat-wireless-2008-05-20.orig/drivers/net/wireless/iwlwifi/iwl4965-base.c 2008-05-20 05:05:29.000000000 -0400
+++ compat-wireless-2008-05-20/drivers/net/wireless/iwlwifi/iwl4965-base.c 2008-05-20 18:18:58.399897940 -0400
@@ -1746,16 +1746,19 @@ static int iwl4965_get_sta_id(struct iwl
return sta_id;
IWL_DEBUG_DROP("Station %s not in station map. "
"Defaulting to broadcast...\n",
print_mac(mac, hdr->addr1));
iwl_print_hex_dump(priv, IWL_DL_DROP, (u8 *) hdr, sizeof(*hdr));
return priv->hw_params.bcast_sta_id;
+ /* If we are in monitor mode, use BCAST */
+ case IEEE80211_IF_TYPE_MNTR:
+ return priv->hw_params.bcast_sta_id;
default:
IWL_WARNING("Unknown mode of operation: %d", priv->iw_mode);
return priv->hw_params.bcast_sta_id;
}
}
/*
* start REPLY_TX command process
@@ -1784,21 +1787,16 @@ static int iwl4965_tx_skb(struct iwl_pri
int rc;
spin_lock_irqsave(&priv->lock, flags);
if (iwl_is_rfkill(priv)) {
IWL_DEBUG_DROP("Dropping - RF KILL\n");
goto drop_unlock;
}
- if (!priv->vif) {
- IWL_DEBUG_DROP("Dropping - !priv->vif\n");
- goto drop_unlock;
- }
-
if ((ctl->tx_rate->hw_value & 0xFF) == IWL_INVALID_RATE) {
IWL_ERROR("ERROR: No TX rate available.\n");
goto drop_unlock;
}
unicast = !is_multicast_ether_addr(hdr->addr1);
id = 0;
@@ -1808,22 +1806,20 @@ static int iwl4965_tx_skb(struct iwl_pri
if (ieee80211_is_auth(fc))
IWL_DEBUG_TX("Sending AUTH frame\n");
else if (ieee80211_is_assoc_request(fc))
IWL_DEBUG_TX("Sending ASSOC frame\n");
else if (ieee80211_is_reassoc_request(fc))
IWL_DEBUG_TX("Sending REASSOC frame\n");
#endif
- /* drop all data frame if we are not associated */
+ /* drop all data frame if !priv->assoc_station_added */
if (((fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA) &&
- (!iwl_is_associated(priv) ||
- ((priv->iw_mode == IEEE80211_IF_TYPE_STA) && !priv->assoc_id) ||
- !priv->assoc_station_added)) {
- IWL_DEBUG_DROP("Dropping - !iwl_is_associated\n");
+ !priv->assoc_station_added) {
+ IWL_DEBUG_DROP("Dropping - !priv->assoc_station_added\n");
goto drop_unlock;
}
spin_unlock_irqrestore(&priv->lock, flags);
hdr_len = ieee80211_get_hdrlen(fc);
/* Find (or create) index into station table for destination station */
@@ -5110,21 +5106,16 @@ static void iwl4965_mac_stop(struct ieee
static int iwl4965_mac_tx(struct ieee80211_hw *hw, struct sk_buff *skb,
struct ieee80211_tx_control *ctl)
{
struct iwl_priv *priv = hw->priv;
IWL_DEBUG_MAC80211("enter\n");
- if (priv->iw_mode == IEEE80211_IF_TYPE_MNTR) {
- IWL_DEBUG_MAC80211("leave - monitor\n");
- return -1;
- }
-
IWL_DEBUG_TX("dev->xmit(%d bytes) at rate 0x%02x\n", skb->len,
ctl->tx_rate->bitrate);
if (iwl4965_tx_skb(priv, skb, ctl))
dev_kfree_skb_any(skb);
IWL_DEBUG_MAC80211("leave\n");
return 0;
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PATCH] iwlwifi: Fix packet injection in iwl3945 and iwl4965
2008-05-20 22:26 ` Stefanik Gábor
@ 2008-05-20 22:45 ` Tomas Winkler
2008-05-20 22:56 ` Stefanik Gábor
0 siblings, 1 reply; 15+ messages in thread
From: Tomas Winkler @ 2008-05-20 22:45 UTC (permalink / raw)
To: Stefanik Gábor
Cc: John Linville, Zhu Yi, linux-wireless, Andy Green, Johannes Berg
On Wed, May 21, 2008 at 1:26 AM, Stefanik G=E1bor <netrolller.3d@gmail.=
com> wrote:
> On Tue, May 20, 2008 at 6:18 PM, Tomas Winkler <tomasw@gmail.com> wro=
te:
>> On Wed, May 21, 2008 at 12:51 AM, Stefanik G=E1bor
>> <netrolller.3d@gmail.com> wrote:
>>> On Tue, May 20, 2008 at 5:41 PM, Tomas Winkler <tomasw@gmail.com> w=
rote:
>>>>
>>>> This is certainly no go for 4965. Station must be present in uCode
>>>> table. Maybe this work for monitor mode but there is a race in reg=
ular
>>>> cases, when sta_id !=3D broadcast id at least priv->assoc_station_=
added
>>>> =3D=3D 1 has to be true. Have you tested it with 4965 ?
>>>>
>>>> I suggest to proceed with 3945 part only of this patch.
>>>>
>>>> Tomas
>>>
>>> Which change does this comment apply to? The "IWL_DEBUG_DROP("Dropp=
ing
>>> - !priv->vif\n");" one? Or the "drop all data frame if we are not
>>> associated" one? Also, doesn't the "if (sta_id =3D=3D
>>> IWL_INVALID_STATION)" part protect against such cases? Also, what
>>> happens if we simply pass broadcast in such a case?
>>>
>> The station can be in driver data structure but it's not guaranties
>> it's also in the uCode. It will
>> return correct station id but the table in uCode will be empty.
>> Retuning to new channel clears the station table in the uCode so it
>> must to be reapplied also you must have applied rate command (LQ).
>> Simply currently there is a window big enough for a race. It can be
>> solved but there is more coding than this patch.
>>
>> Thanks
>> Tomas
>>> --
>>> Vista: [V]iruses, [I]ntruders, [S]pyware, [T]rojans and [A]dware. :=
-)
>>>
>>
>
> Hmm... wouldn't this patch fix the issue? It limits the condition lis=
t
> of dropping data packets to just !priv->assoc_station_added. I don't
> know if iwl4965 injection still works with this patch though, but I
> suspect it does.
>
> ---
>
> diff -rp -U 8 compat-wireless-2008-05-20.orig/drivers/net/wireless/iw=
lwifi/iwl3945-base.c
> compat-wireless-2008-05-20/drivers/net/wireless/iwlwifi/iwl3945-base.=
c
> --- compat-wireless-2008-05-20.orig/drivers/net/wireless/iwlwifi/iwl3=
945-base.c 2008-05-20
> 05:05:29.000000000 -0400
> +++ compat-wireless-2008-05-20/drivers/net/wireless/iwlwifi/iwl3945-b=
ase.c 2008-05-20
> 11:31:15.513173847 -0400
> @@ -2542,16 +2542,19 @@ static int iwl3945_get_sta_id(struct iwl
> return sta_id;
>
> IWL_DEBUG_DROP("Station %s not in station map. "
> "Defaulting to broadcast...\n",
> print_mac(mac, hdr->addr1));
> iwl3945_print_hex_dump(IWL_DL_DROP, (u8 *) hdr, sizeof=
(*hdr));
> return priv->hw_setting.bcast_sta_id;
> }
> + /* If we are in monitor mode, use BCAST */
> + case IEEE80211_IF_TYPE_MNTR:
> + return priv->hw_setting.bcast_sta_id;
> default:
> IWL_WARNING("Unknown mode of operation: %d", priv->iw_=
mode);
> return priv->hw_setting.bcast_sta_id;
> }
> }
>
> /*
> * start REPLY_TX command process
> @@ -2579,21 +2582,16 @@ static int iwl3945_tx_skb(struct iwl3945
> int rc;
>
> spin_lock_irqsave(&priv->lock, flags);
> if (iwl3945_is_rfkill(priv)) {
> IWL_DEBUG_DROP("Dropping - RF KILL\n");
> goto drop_unlock;
> }
>
> - if (!priv->vif) {
> - IWL_DEBUG_DROP("Dropping - !priv->vif\n");
> - goto drop_unlock;
> - }
> -
> if ((ctl->tx_rate->hw_value & 0xFF) =3D=3D IWL_INVALID_RATE) {
> IWL_ERROR("ERROR: No TX rate available.\n");
> goto drop_unlock;
> }
>
> unicast =3D !is_multicast_ether_addr(hdr->addr1);
> id =3D 0;
>
> @@ -2603,24 +2601,16 @@ static int iwl3945_tx_skb(struct iwl3945
> if (ieee80211_is_auth(fc))
> IWL_DEBUG_TX("Sending AUTH frame\n");
> else if (ieee80211_is_assoc_request(fc))
> IWL_DEBUG_TX("Sending ASSOC frame\n");
> else if (ieee80211_is_reassoc_request(fc))
> IWL_DEBUG_TX("Sending REASSOC frame\n");
> #endif
>
> - /* drop all data frame if we are not associated */
> - if ((!iwl3945_is_associated(priv) ||
> - ((priv->iw_mode =3D=3D IEEE80211_IF_TYPE_STA) && !priv->=
assoc_id)) &&
> - ((fc & IEEE80211_FCTL_FTYPE) =3D=3D IEEE80211_FTYPE_DATA)=
) {
> - IWL_DEBUG_DROP("Dropping - !iwl3945_is_associated\n")=
;
> - goto drop_unlock;
> - }
> -
> spin_unlock_irqrestore(&priv->lock, flags);
>
> hdr_len =3D ieee80211_get_hdrlen(fc);
>
> /* Find (or create) index into station table for destination s=
tation */
> sta_id =3D iwl3945_get_sta_id(priv, hdr);
> if (sta_id =3D=3D IWL_INVALID_STATION) {
> DECLARE_MAC_BUF(mac);
> @@ -6692,21 +6682,16 @@ static void iwl3945_mac_stop(struct ieee
>
> static int iwl3945_mac_tx(struct ieee80211_hw *hw, struct sk_buff *s=
kb,
> struct ieee80211_tx_control *ctl)
> {
> struct iwl3945_priv *priv =3D hw->priv;
>
> IWL_DEBUG_MAC80211("enter\n");
>
> - if (priv->iw_mode =3D=3D IEEE80211_IF_TYPE_MNTR) {
> - IWL_DEBUG_MAC80211("leave - monitor\n");
> - return -1;
> - }
> -
> IWL_DEBUG_TX("dev->xmit(%d bytes) at rate 0x%02x\n", skb->len,
> ctl->tx_rate->bitrate);
>
> if (iwl3945_tx_skb(priv, skb, ctl))
> dev_kfree_skb_any(skb);
>
> IWL_DEBUG_MAC80211("leave\n");
> return 0;
> diff -rp -U 8 compat-wireless-2008-05-20.orig/drivers/net/wireless/iw=
lwifi/iwl4965-base.c
> compat-wireless-2008-05-20/drivers/net/wireless/iwlwifi/iwl4965-base.=
c
> --- compat-wireless-2008-05-20.orig/drivers/net/wireless/iwlwifi/iwl4=
965-base.c 2008-05-20
> 05:05:29.000000000 -0400
> +++ compat-wireless-2008-05-20/drivers/net/wireless/iwlwifi/iwl4965-b=
ase.c 2008-05-20
> 18:18:58.399897940 -0400
> @@ -1746,16 +1746,19 @@ static int iwl4965_get_sta_id(struct iwl
> return sta_id;
>
> IWL_DEBUG_DROP("Station %s not in station map. "
> "Defaulting to broadcast...\n",
> print_mac(mac, hdr->addr1));
> iwl_print_hex_dump(priv, IWL_DL_DROP, (u8 *) hdr, size=
of(*hdr));
> return priv->hw_params.bcast_sta_id;
>
> + /* If we are in monitor mode, use BCAST */
> + case IEEE80211_IF_TYPE_MNTR:
> + return priv->hw_params.bcast_sta_id;
> default:
> IWL_WARNING("Unknown mode of operation: %d", priv->iw_=
mode);
> return priv->hw_params.bcast_sta_id;
> }
> }
>
> /*
> * start REPLY_TX command process
> @@ -1784,21 +1787,16 @@ static int iwl4965_tx_skb(struct iwl_pri
> int rc;
>
> spin_lock_irqsave(&priv->lock, flags);
> if (iwl_is_rfkill(priv)) {
> IWL_DEBUG_DROP("Dropping - RF KILL\n");
> goto drop_unlock;
> }
>
> - if (!priv->vif) {
> - IWL_DEBUG_DROP("Dropping - !priv->vif\n");
> - goto drop_unlock;
> - }
> -
> if ((ctl->tx_rate->hw_value & 0xFF) =3D=3D IWL_INVALID_RATE) {
> IWL_ERROR("ERROR: No TX rate available.\n");
> goto drop_unlock;
> }
>
> unicast =3D !is_multicast_ether_addr(hdr->addr1);
> id =3D 0;
>
> @@ -1808,22 +1806,20 @@ static int iwl4965_tx_skb(struct iwl_pri
> if (ieee80211_is_auth(fc))
> IWL_DEBUG_TX("Sending AUTH frame\n");
> else if (ieee80211_is_assoc_request(fc))
> IWL_DEBUG_TX("Sending ASSOC frame\n");
> else if (ieee80211_is_reassoc_request(fc))
> IWL_DEBUG_TX("Sending REASSOC frame\n");
> #endif
>
> - /* drop all data frame if we are not associated */
> + /* drop all data frame if !priv->assoc_station_added */
> if (((fc & IEEE80211_FCTL_FTYPE) =3D=3D IEEE80211_FTYPE_DATA) =
&&
> - (!iwl_is_associated(priv) ||
> - ((priv->iw_mode =3D=3D IEEE80211_IF_TYPE_STA) && !priv->a=
ssoc_id) ||
> - !priv->assoc_station_added)) {
> - IWL_DEBUG_DROP("Dropping - !iwl_is_associated\n");
> + !priv->assoc_station_added) {
> + IWL_DEBUG_DROP("Dropping - !priv->assoc_station_added=
\n");
> goto drop_unlock;
> }
>
Need to add if (sta_is !=3D bcast) otherwise this will drop all your
injected packets.
> hdr_len =3D ieee80211_get_hdrlen(fc);
>
> /* Find (or create) index into station table for destination s=
tation */
> @@ -5110,21 +5106,16 @@ static void iwl4965_mac_stop(struct ieee
>
> static int iwl4965_mac_tx(struct ieee80211_hw *hw, struct sk_buff *s=
kb,
> struct ieee80211_tx_control *ctl)
> {
> struct iwl_priv *priv =3D hw->priv;
>
> IWL_DEBUG_MAC80211("enter\n");
>
> - if (priv->iw_mode =3D=3D IEEE80211_IF_TYPE_MNTR) {
> - IWL_DEBUG_MAC80211("leave - monitor\n");
> - return -1;
> - }
> -
> IWL_DEBUG_TX("dev->xmit(%d bytes) at rate 0x%02x\n", skb->len,
> ctl->tx_rate->bitrate);
>
> if (iwl4965_tx_skb(priv, skb, ctl))
> dev_kfree_skb_any(skb);
>
> IWL_DEBUG_MAC80211("leave\n");
> return 0;
>
--
To unsubscribe from this list: send the line "unsubscribe linux-wireles=
s" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PATCH] iwlwifi: Fix packet injection in iwl3945 and iwl4965
2008-05-20 22:45 ` Tomas Winkler
@ 2008-05-20 22:56 ` Stefanik Gábor
2008-05-20 23:03 ` Stefanik Gábor
2008-05-20 23:13 ` Tomas Winkler
0 siblings, 2 replies; 15+ messages in thread
From: Stefanik Gábor @ 2008-05-20 22:56 UTC (permalink / raw)
To: Tomas Winkler
Cc: John Linville, Zhu Yi, linux-wireless, Andy Green, Johannes Berg
On Tue, May 20, 2008 at 6:45 PM, Tomas Winkler <tomasw@gmail.com> wrote:
> Need to add if (sta_is != bcast) otherwise this will drop all your
> injected packets.
Did you mean if (sta_id != priv->hw_setting.bcast_sta_id)? Because
there is no "sta_is" variable.
--
Vista: [V]iruses, [I]ntruders, [S]pyware, [T]rojans and [A]dware. :-)
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PATCH] iwlwifi: Fix packet injection in iwl3945 and iwl4965
2008-05-20 22:56 ` Stefanik Gábor
@ 2008-05-20 23:03 ` Stefanik Gábor
2008-05-20 23:13 ` Tomas Winkler
1 sibling, 0 replies; 15+ messages in thread
From: Stefanik Gábor @ 2008-05-20 23:03 UTC (permalink / raw)
To: Tomas Winkler
Cc: John Linville, Zhu Yi, linux-wireless, Andy Green, Johannes Berg
On Tue, May 20, 2008 at 6:56 PM, Stefanik G=E1bor <netrolller.3d@gmail.=
com> wrote:
> On Tue, May 20, 2008 at 6:45 PM, Tomas Winkler <tomasw@gmail.com> wro=
te:
>> Need to add if (sta_is !=3D bcast) otherwise this will drop all you=
r
>> injected packets.
>
> Did you mean if (sta_id !=3D priv->hw_setting.bcast_sta_id)? Because
> there is no "sta_is" variable.
Patch with this fixed (also as attachment, in case Gmail damages the
inline patch:
Signed-off by: G=E1bor Stefanik <netrolller.3d@gmail.com>
---
diff -rp -U 8 compat-wireless-2008-05-20.orig/drivers/net/wireless/iwlw=
ifi/iwl3945-base.c
compat-wireless-2008-05-20/drivers/net/wireless/iwlwifi/iwl3945-base.c
--- compat-wireless-2008-05-20.orig/drivers/net/wireless/iwlwifi/iwl394=
5-base.c 2008-05-20
05:05:29.000000000 -0400
+++ compat-wireless-2008-05-20/drivers/net/wireless/iwlwifi/iwl3945-bas=
e.c 2008-05-20
11:31:15.513173847 -0400
@@ -2542,16 +2542,19 @@ static int iwl3945_get_sta_id(struct iwl
return sta_id;
IWL_DEBUG_DROP("Station %s not in station map. "
"Defaulting to broadcast...\n",
print_mac(mac, hdr->addr1));
iwl3945_print_hex_dump(IWL_DL_DROP, (u8 *) hdr, sizeof(*hdr));
return priv->hw_setting.bcast_sta_id;
}
+ /* If we are in monitor mode, use BCAST */
+ case IEEE80211_IF_TYPE_MNTR:
+ return priv->hw_setting.bcast_sta_id;
default:
IWL_WARNING("Unknown mode of operation: %d", priv->iw_mode);
return priv->hw_setting.bcast_sta_id;
}
}
/*
* start REPLY_TX command process
@@ -2579,21 +2582,16 @@ static int iwl3945_tx_skb(struct iwl3945
int rc;
spin_lock_irqsave(&priv->lock, flags);
if (iwl3945_is_rfkill(priv)) {
IWL_DEBUG_DROP("Dropping - RF KILL\n");
goto drop_unlock;
}
- if (!priv->vif) {
- IWL_DEBUG_DROP("Dropping - !priv->vif\n");
- goto drop_unlock;
- }
-
if ((ctl->tx_rate->hw_value & 0xFF) =3D=3D IWL_INVALID_RATE) {
IWL_ERROR("ERROR: No TX rate available.\n");
goto drop_unlock;
}
unicast =3D !is_multicast_ether_addr(hdr->addr1);
id =3D 0;
@@ -2603,24 +2601,16 @@ static int iwl3945_tx_skb(struct iwl3945
if (ieee80211_is_auth(fc))
IWL_DEBUG_TX("Sending AUTH frame\n");
else if (ieee80211_is_assoc_request(fc))
IWL_DEBUG_TX("Sending ASSOC frame\n");
else if (ieee80211_is_reassoc_request(fc))
IWL_DEBUG_TX("Sending REASSOC frame\n");
#endif
- /* drop all data frame if we are not associated */
- if ((!iwl3945_is_associated(priv) ||
- ((priv->iw_mode =3D=3D IEEE80211_IF_TYPE_STA) && !priv->assoc_id=
)) &&
- ((fc & IEEE80211_FCTL_FTYPE) =3D=3D IEEE80211_FTYPE_DATA)) {
- IWL_DEBUG_DROP("Dropping - !iwl3945_is_associated\n");
- goto drop_unlock;
- }
-
spin_unlock_irqrestore(&priv->lock, flags);
hdr_len =3D ieee80211_get_hdrlen(fc);
/* Find (or create) index into station table for destination station =
*/
sta_id =3D iwl3945_get_sta_id(priv, hdr);
if (sta_id =3D=3D IWL_INVALID_STATION) {
DECLARE_MAC_BUF(mac);
@@ -6692,21 +6682,16 @@ static void iwl3945_mac_stop(struct ieee
static int iwl3945_mac_tx(struct ieee80211_hw *hw, struct sk_buff *skb=
,
struct ieee80211_tx_control *ctl)
{
struct iwl3945_priv *priv =3D hw->priv;
IWL_DEBUG_MAC80211("enter\n");
- if (priv->iw_mode =3D=3D IEEE80211_IF_TYPE_MNTR) {
- IWL_DEBUG_MAC80211("leave - monitor\n");
- return -1;
- }
-
IWL_DEBUG_TX("dev->xmit(%d bytes) at rate 0x%02x\n", skb->len,
ctl->tx_rate->bitrate);
if (iwl3945_tx_skb(priv, skb, ctl))
dev_kfree_skb_any(skb);
IWL_DEBUG_MAC80211("leave\n");
return 0;
diff -rp -U 8 compat-wireless-2008-05-20.orig/drivers/net/wireless/iwlw=
ifi/iwl4965-base.c
compat-wireless-2008-05-20/drivers/net/wireless/iwlwifi/iwl4965-base.c
--- compat-wireless-2008-05-20.orig/drivers/net/wireless/iwlwifi/iwl496=
5-base.c 2008-05-20
05:05:29.000000000 -0400
+++ compat-wireless-2008-05-20/drivers/net/wireless/iwlwifi/iwl4965-bas=
e.c 2008-05-20
18:59:39.400975754 -0400
@@ -1746,16 +1746,19 @@ static int iwl4965_get_sta_id(struct iwl
return sta_id;
IWL_DEBUG_DROP("Station %s not in station map. "
"Defaulting to broadcast...\n",
print_mac(mac, hdr->addr1));
iwl_print_hex_dump(priv, IWL_DL_DROP, (u8 *) hdr, sizeof(*hdr));
return priv->hw_params.bcast_sta_id;
+ /* If we are in monitor mode, use BCAST */
+ case IEEE80211_IF_TYPE_MNTR:
+ return priv->hw_params.bcast_sta_id;
default:
IWL_WARNING("Unknown mode of operation: %d", priv->iw_mode);
return priv->hw_params.bcast_sta_id;
}
}
/*
* start REPLY_TX command process
@@ -1784,21 +1787,16 @@ static int iwl4965_tx_skb(struct iwl_pri
int rc;
spin_lock_irqsave(&priv->lock, flags);
if (iwl_is_rfkill(priv)) {
IWL_DEBUG_DROP("Dropping - RF KILL\n");
goto drop_unlock;
}
- if (!priv->vif) {
- IWL_DEBUG_DROP("Dropping - !priv->vif\n");
- goto drop_unlock;
- }
-
if ((ctl->tx_rate->hw_value & 0xFF) =3D=3D IWL_INVALID_RATE) {
IWL_ERROR("ERROR: No TX rate available.\n");
goto drop_unlock;
}
unicast =3D !is_multicast_ether_addr(hdr->addr1);
id =3D 0;
@@ -1808,22 +1806,20 @@ static int iwl4965_tx_skb(struct iwl_pri
if (ieee80211_is_auth(fc))
IWL_DEBUG_TX("Sending AUTH frame\n");
else if (ieee80211_is_assoc_request(fc))
IWL_DEBUG_TX("Sending ASSOC frame\n");
else if (ieee80211_is_reassoc_request(fc))
IWL_DEBUG_TX("Sending REASSOC frame\n");
#endif
- /* drop all data frame if we are not associated */
+ /* drop all non-broadcast data frames if !priv->assoc_station_added *=
/
if (((fc & IEEE80211_FCTL_FTYPE) =3D=3D IEEE80211_FTYPE_DATA) &&
- (!iwl_is_associated(priv) ||
- ((priv->iw_mode =3D=3D IEEE80211_IF_TYPE_STA) && !priv->assoc_id)=
||
- !priv->assoc_station_added)) {
- IWL_DEBUG_DROP("Dropping - !iwl_is_associated\n");
+ !priv->assoc_station_added && sta_id !=3D priv->hw_setting.bcast_s=
ta_id) {
+ IWL_DEBUG_DROP("Dropping - !priv->assoc_station_added\n");
goto drop_unlock;
}
spin_unlock_irqrestore(&priv->lock, flags);
hdr_len =3D ieee80211_get_hdrlen(fc);
/* Find (or create) index into station table for destination station =
*/
@@ -5110,21 +5106,16 @@ static void iwl4965_mac_stop(struct ieee
static int iwl4965_mac_tx(struct ieee80211_hw *hw, struct sk_buff *skb=
,
struct ieee80211_tx_control *ctl)
{
struct iwl_priv *priv =3D hw->priv;
IWL_DEBUG_MAC80211("enter\n");
- if (priv->iw_mode =3D=3D IEEE80211_IF_TYPE_MNTR) {
- IWL_DEBUG_MAC80211("leave - monitor\n");
- return -1;
- }
-
IWL_DEBUG_TX("dev->xmit(%d bytes) at rate 0x%02x\n", skb->len,
ctl->tx_rate->bitrate);
if (iwl4965_tx_skb(priv, skb, ctl))
dev_kfree_skb_any(skb);
IWL_DEBUG_MAC80211("leave\n");
return 0;
--
To unsubscribe from this list: send the line "unsubscribe linux-wireles=
s" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PATCH] iwlwifi: Fix packet injection in iwl3945 and iwl4965
2008-05-20 22:56 ` Stefanik Gábor
2008-05-20 23:03 ` Stefanik Gábor
@ 2008-05-20 23:13 ` Tomas Winkler
2008-05-21 15:02 ` Stefanik Gábor
1 sibling, 1 reply; 15+ messages in thread
From: Tomas Winkler @ 2008-05-20 23:13 UTC (permalink / raw)
To: Stefanik Gábor
Cc: John Linville, Zhu Yi, linux-wireless, Andy Green, Johannes Berg
On Wed, May 21, 2008 at 1:56 AM, Stefanik G=E1bor <netrolller.3d@gmail.=
com> wrote:
> On Tue, May 20, 2008 at 6:45 PM, Tomas Winkler <tomasw@gmail.com> wro=
te:
>> Need to add if (sta_is !=3D bcast) otherwise this will drop all you=
r
>> injected packets.
>
> Did you mean if (sta_id !=3D priv->hw_setting.bcast_sta_id)? Because
> there is no "sta_is" variable.
j=F3 =E9jszak=E1t!
> --
> Vista: [V]iruses, [I]ntruders, [S]pyware, [T]rojans and [A]dware. :-)
>
--
To unsubscribe from this list: send the line "unsubscribe linux-wireles=
s" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PATCH] iwlwifi: Fix packet injection in iwl3945 and iwl4965
2008-05-20 23:13 ` Tomas Winkler
@ 2008-05-21 15:02 ` Stefanik Gábor
0 siblings, 0 replies; 15+ messages in thread
From: Stefanik Gábor @ 2008-05-21 15:02 UTC (permalink / raw)
To: Tomas Winkler
Cc: John Linville, Zhu Yi, linux-wireless, Andy Green, Johannes Berg
[-- Attachment #1: Type: text/plain, Size: 824 bytes --]
On Wed, May 21, 2008 at 1:13 AM, Tomas Winkler <tomasw@gmail.com> wrote:
> On Wed, May 21, 2008 at 1:56 AM, Stefanik Gábor <netrolller.3d@gmail.com> wrote:
>> On Tue, May 20, 2008 at 6:45 PM, Tomas Winkler <tomasw@gmail.com> wrote:
>>> Need to add if (sta_is != bcast) otherwise this will drop all your
>>> injected packets.
>>
>> Did you mean if (sta_id != priv->hw_setting.bcast_sta_id)? Because
>> there is no "sta_is" variable.
>
> jó éjszakát!
>
I guess we should continue using English on this mailing list - we
can't expect our readers to understand Hungarian. (Ezért nem is
magyarul válaszolok.)
BTW I accidentally forgot to attach a usable version of the patch to
my previous mail - this time, it's really attached.
--
Vista: [V]iruses, [I]ntruders, [S]pyware, [T]rojans and [A]dware. :-)
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: iwlinject3.diff --]
[-- Type: text/x-diff; name=iwlinject3.diff, Size: 6203 bytes --]
diff -rp -U 8 compat-wireless-2008-05-20.orig/drivers/net/wireless/iwlwifi/iwl3945-base.c compat-wireless-2008-05-20/drivers/net/wireless/iwlwifi/iwl3945-base.c
--- compat-wireless-2008-05-20.orig/drivers/net/wireless/iwlwifi/iwl3945-base.c 2008-05-20 05:05:29.000000000 -0400
+++ compat-wireless-2008-05-20/drivers/net/wireless/iwlwifi/iwl3945-base.c 2008-05-20 11:31:15.513173847 -0400
@@ -2542,16 +2542,19 @@ static int iwl3945_get_sta_id(struct iwl
return sta_id;
IWL_DEBUG_DROP("Station %s not in station map. "
"Defaulting to broadcast...\n",
print_mac(mac, hdr->addr1));
iwl3945_print_hex_dump(IWL_DL_DROP, (u8 *) hdr, sizeof(*hdr));
return priv->hw_setting.bcast_sta_id;
}
+ /* If we are in monitor mode, use BCAST */
+ case IEEE80211_IF_TYPE_MNTR:
+ return priv->hw_setting.bcast_sta_id;
default:
IWL_WARNING("Unknown mode of operation: %d", priv->iw_mode);
return priv->hw_setting.bcast_sta_id;
}
}
/*
* start REPLY_TX command process
@@ -2579,21 +2582,16 @@ static int iwl3945_tx_skb(struct iwl3945
int rc;
spin_lock_irqsave(&priv->lock, flags);
if (iwl3945_is_rfkill(priv)) {
IWL_DEBUG_DROP("Dropping - RF KILL\n");
goto drop_unlock;
}
- if (!priv->vif) {
- IWL_DEBUG_DROP("Dropping - !priv->vif\n");
- goto drop_unlock;
- }
-
if ((ctl->tx_rate->hw_value & 0xFF) == IWL_INVALID_RATE) {
IWL_ERROR("ERROR: No TX rate available.\n");
goto drop_unlock;
}
unicast = !is_multicast_ether_addr(hdr->addr1);
id = 0;
@@ -2603,24 +2601,16 @@ static int iwl3945_tx_skb(struct iwl3945
if (ieee80211_is_auth(fc))
IWL_DEBUG_TX("Sending AUTH frame\n");
else if (ieee80211_is_assoc_request(fc))
IWL_DEBUG_TX("Sending ASSOC frame\n");
else if (ieee80211_is_reassoc_request(fc))
IWL_DEBUG_TX("Sending REASSOC frame\n");
#endif
- /* drop all data frame if we are not associated */
- if ((!iwl3945_is_associated(priv) ||
- ((priv->iw_mode == IEEE80211_IF_TYPE_STA) && !priv->assoc_id)) &&
- ((fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA)) {
- IWL_DEBUG_DROP("Dropping - !iwl3945_is_associated\n");
- goto drop_unlock;
- }
-
spin_unlock_irqrestore(&priv->lock, flags);
hdr_len = ieee80211_get_hdrlen(fc);
/* Find (or create) index into station table for destination station */
sta_id = iwl3945_get_sta_id(priv, hdr);
if (sta_id == IWL_INVALID_STATION) {
DECLARE_MAC_BUF(mac);
@@ -6692,21 +6682,16 @@ static void iwl3945_mac_stop(struct ieee
static int iwl3945_mac_tx(struct ieee80211_hw *hw, struct sk_buff *skb,
struct ieee80211_tx_control *ctl)
{
struct iwl3945_priv *priv = hw->priv;
IWL_DEBUG_MAC80211("enter\n");
- if (priv->iw_mode == IEEE80211_IF_TYPE_MNTR) {
- IWL_DEBUG_MAC80211("leave - monitor\n");
- return -1;
- }
-
IWL_DEBUG_TX("dev->xmit(%d bytes) at rate 0x%02x\n", skb->len,
ctl->tx_rate->bitrate);
if (iwl3945_tx_skb(priv, skb, ctl))
dev_kfree_skb_any(skb);
IWL_DEBUG_MAC80211("leave\n");
return 0;
diff -rp -U 8 compat-wireless-2008-05-20.orig/drivers/net/wireless/iwlwifi/iwl4965-base.c compat-wireless-2008-05-20/drivers/net/wireless/iwlwifi/iwl4965-base.c
--- compat-wireless-2008-05-20.orig/drivers/net/wireless/iwlwifi/iwl4965-base.c 2008-05-20 05:05:29.000000000 -0400
+++ compat-wireless-2008-05-20/drivers/net/wireless/iwlwifi/iwl4965-base.c 2008-05-20 18:59:39.400975754 -0400
@@ -1746,16 +1746,19 @@ static int iwl4965_get_sta_id(struct iwl
return sta_id;
IWL_DEBUG_DROP("Station %s not in station map. "
"Defaulting to broadcast...\n",
print_mac(mac, hdr->addr1));
iwl_print_hex_dump(priv, IWL_DL_DROP, (u8 *) hdr, sizeof(*hdr));
return priv->hw_params.bcast_sta_id;
+ /* If we are in monitor mode, use BCAST */
+ case IEEE80211_IF_TYPE_MNTR:
+ return priv->hw_params.bcast_sta_id;
default:
IWL_WARNING("Unknown mode of operation: %d", priv->iw_mode);
return priv->hw_params.bcast_sta_id;
}
}
/*
* start REPLY_TX command process
@@ -1784,21 +1787,16 @@ static int iwl4965_tx_skb(struct iwl_pri
int rc;
spin_lock_irqsave(&priv->lock, flags);
if (iwl_is_rfkill(priv)) {
IWL_DEBUG_DROP("Dropping - RF KILL\n");
goto drop_unlock;
}
- if (!priv->vif) {
- IWL_DEBUG_DROP("Dropping - !priv->vif\n");
- goto drop_unlock;
- }
-
if ((ctl->tx_rate->hw_value & 0xFF) == IWL_INVALID_RATE) {
IWL_ERROR("ERROR: No TX rate available.\n");
goto drop_unlock;
}
unicast = !is_multicast_ether_addr(hdr->addr1);
id = 0;
@@ -1808,22 +1806,20 @@ static int iwl4965_tx_skb(struct iwl_pri
if (ieee80211_is_auth(fc))
IWL_DEBUG_TX("Sending AUTH frame\n");
else if (ieee80211_is_assoc_request(fc))
IWL_DEBUG_TX("Sending ASSOC frame\n");
else if (ieee80211_is_reassoc_request(fc))
IWL_DEBUG_TX("Sending REASSOC frame\n");
#endif
- /* drop all data frame if we are not associated */
+ /* drop all non-broadcast data frames if !priv->assoc_station_added */
if (((fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA) &&
- (!iwl_is_associated(priv) ||
- ((priv->iw_mode == IEEE80211_IF_TYPE_STA) && !priv->assoc_id) ||
- !priv->assoc_station_added)) {
- IWL_DEBUG_DROP("Dropping - !iwl_is_associated\n");
+ !priv->assoc_station_added && sta_id != priv->hw_setting.bcast_sta_id) {
+ IWL_DEBUG_DROP("Dropping - !priv->assoc_station_added\n");
goto drop_unlock;
}
spin_unlock_irqrestore(&priv->lock, flags);
hdr_len = ieee80211_get_hdrlen(fc);
/* Find (or create) index into station table for destination station */
@@ -5110,21 +5106,16 @@ static void iwl4965_mac_stop(struct ieee
static int iwl4965_mac_tx(struct ieee80211_hw *hw, struct sk_buff *skb,
struct ieee80211_tx_control *ctl)
{
struct iwl_priv *priv = hw->priv;
IWL_DEBUG_MAC80211("enter\n");
- if (priv->iw_mode == IEEE80211_IF_TYPE_MNTR) {
- IWL_DEBUG_MAC80211("leave - monitor\n");
- return -1;
- }
-
IWL_DEBUG_TX("dev->xmit(%d bytes) at rate 0x%02x\n", skb->len,
ctl->tx_rate->bitrate);
if (iwl4965_tx_skb(priv, skb, ctl))
dev_kfree_skb_any(skb);
IWL_DEBUG_MAC80211("leave\n");
return 0;
Only in compat-wireless-2008-05-20/drivers/net/wireless/iwlwifi: iwl4965-base.c~
^ permalink raw reply [flat|nested] 15+ messages in thread
* [PATCH V2] iwlwifi: Fix packet injection in iwl3945 and iwl4965
2008-05-20 17:01 [PATCH] iwlwifi: Fix packet injection in iwl3945 and iwl4965 Stefanik Gábor
2008-05-20 21:41 ` Tomas Winkler
@ 2008-05-21 15:19 ` Stefanik Gábor
2008-05-22 9:12 ` Zhu Yi
2008-05-26 7:11 ` Zhu Yi
1 sibling, 2 replies; 15+ messages in thread
From: Stefanik Gábor @ 2008-05-21 15:19 UTC (permalink / raw)
To: John Linville
Cc: Zhu Yi, linux-wireless, Andy Green, Johannes Berg, Tomas Winkler,
ipw3945-devel
[-- Attachment #1: Type: text/plain, Size: 6798 bytes --]
Unlike the previous, broken one that I submitted, this patch really
fixes packet injection on iwlwifi devices (iwl3945 and iwl4965),
without causing possible nasty side-effects. Tested with packetspammer
and aireplay-ng, also works in monitor-while-associated mode. If
possible, please apply to 2.6.26, else to 2.6.27. The patch is also
available as an attachment, in case Gmail decides to word-wrap or
whitespace-damage the inline version.
Signed-off-by: Gábor Stefanik <netrolller.3d@gmail.com>
---
diff -rp -U 8 compat-wireless-2008-05-20.orig/drivers/net/wireless/iwlwifi/iwl3945-base.c
compat-wireless-2008-05-20/drivers/net/wireless/iwlwifi/iwl3945-base.c
--- compat-wireless-2008-05-20.orig/drivers/net/wireless/iwlwifi/iwl3945-base.c 2008-05-20
05:05:29.000000000 -0400
+++ compat-wireless-2008-05-20/drivers/net/wireless/iwlwifi/iwl3945-base.c 2008-05-20
11:31:15.513173847 -0400
@@ -2542,16 +2542,19 @@ static int iwl3945_get_sta_id(struct iwl
return sta_id;
IWL_DEBUG_DROP("Station %s not in station map. "
"Defaulting to broadcast...\n",
print_mac(mac, hdr->addr1));
iwl3945_print_hex_dump(IWL_DL_DROP, (u8 *) hdr, sizeof(*hdr));
return priv->hw_setting.bcast_sta_id;
}
+ /* If we are in monitor mode, use BCAST */
+ case IEEE80211_IF_TYPE_MNTR:
+ return priv->hw_setting.bcast_sta_id;
default:
IWL_WARNING("Unknown mode of operation: %d", priv->iw_mode);
return priv->hw_setting.bcast_sta_id;
}
}
/*
* start REPLY_TX command process
@@ -2579,21 +2582,16 @@ static int iwl3945_tx_skb(struct iwl3945
int rc;
spin_lock_irqsave(&priv->lock, flags);
if (iwl3945_is_rfkill(priv)) {
IWL_DEBUG_DROP("Dropping - RF KILL\n");
goto drop_unlock;
}
- if (!priv->vif) {
- IWL_DEBUG_DROP("Dropping - !priv->vif\n");
- goto drop_unlock;
- }
-
if ((ctl->tx_rate->hw_value & 0xFF) == IWL_INVALID_RATE) {
IWL_ERROR("ERROR: No TX rate available.\n");
goto drop_unlock;
}
unicast = !is_multicast_ether_addr(hdr->addr1);
id = 0;
@@ -2603,24 +2601,16 @@ static int iwl3945_tx_skb(struct iwl3945
if (ieee80211_is_auth(fc))
IWL_DEBUG_TX("Sending AUTH frame\n");
else if (ieee80211_is_assoc_request(fc))
IWL_DEBUG_TX("Sending ASSOC frame\n");
else if (ieee80211_is_reassoc_request(fc))
IWL_DEBUG_TX("Sending REASSOC frame\n");
#endif
- /* drop all data frame if we are not associated */
- if ((!iwl3945_is_associated(priv) ||
- ((priv->iw_mode == IEEE80211_IF_TYPE_STA) && !priv->assoc_id)) &&
- ((fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA)) {
- IWL_DEBUG_DROP("Dropping - !iwl3945_is_associated\n");
- goto drop_unlock;
- }
-
spin_unlock_irqrestore(&priv->lock, flags);
hdr_len = ieee80211_get_hdrlen(fc);
/* Find (or create) index into station table for destination station */
sta_id = iwl3945_get_sta_id(priv, hdr);
if (sta_id == IWL_INVALID_STATION) {
DECLARE_MAC_BUF(mac);
@@ -6692,21 +6682,16 @@ static void iwl3945_mac_stop(struct ieee
static int iwl3945_mac_tx(struct ieee80211_hw *hw, struct sk_buff *skb,
struct ieee80211_tx_control *ctl)
{
struct iwl3945_priv *priv = hw->priv;
IWL_DEBUG_MAC80211("enter\n");
- if (priv->iw_mode == IEEE80211_IF_TYPE_MNTR) {
- IWL_DEBUG_MAC80211("leave - monitor\n");
- return -1;
- }
-
IWL_DEBUG_TX("dev->xmit(%d bytes) at rate 0x%02x\n", skb->len,
ctl->tx_rate->bitrate);
if (iwl3945_tx_skb(priv, skb, ctl))
dev_kfree_skb_any(skb);
IWL_DEBUG_MAC80211("leave\n");
return 0;
diff -rp -U 8 compat-wireless-2008-05-20.orig/drivers/net/wireless/iwlwifi/iwl4965-base.c
compat-wireless-2008-05-20/drivers/net/wireless/iwlwifi/iwl4965-base.c
--- compat-wireless-2008-05-20.orig/drivers/net/wireless/iwlwifi/iwl4965-base.c 2008-05-20
05:05:29.000000000 -0400
+++ compat-wireless-2008-05-20/drivers/net/wireless/iwlwifi/iwl4965-base.c 2008-05-20
18:59:39.400975754 -0400
@@ -1746,16 +1746,19 @@ static int iwl4965_get_sta_id(struct iwl
return sta_id;
IWL_DEBUG_DROP("Station %s not in station map. "
"Defaulting to broadcast...\n",
print_mac(mac, hdr->addr1));
iwl_print_hex_dump(priv, IWL_DL_DROP, (u8 *) hdr, sizeof(*hdr));
return priv->hw_params.bcast_sta_id;
+ /* If we are in monitor mode, use BCAST */
+ case IEEE80211_IF_TYPE_MNTR:
+ return priv->hw_params.bcast_sta_id;
default:
IWL_WARNING("Unknown mode of operation: %d", priv->iw_mode);
return priv->hw_params.bcast_sta_id;
}
}
/*
* start REPLY_TX command process
@@ -1784,21 +1787,16 @@ static int iwl4965_tx_skb(struct iwl_pri
int rc;
spin_lock_irqsave(&priv->lock, flags);
if (iwl_is_rfkill(priv)) {
IWL_DEBUG_DROP("Dropping - RF KILL\n");
goto drop_unlock;
}
- if (!priv->vif) {
- IWL_DEBUG_DROP("Dropping - !priv->vif\n");
- goto drop_unlock;
- }
-
if ((ctl->tx_rate->hw_value & 0xFF) == IWL_INVALID_RATE) {
IWL_ERROR("ERROR: No TX rate available.\n");
goto drop_unlock;
}
unicast = !is_multicast_ether_addr(hdr->addr1);
id = 0;
@@ -1808,22 +1806,20 @@ static int iwl4965_tx_skb(struct iwl_pri
if (ieee80211_is_auth(fc))
IWL_DEBUG_TX("Sending AUTH frame\n");
else if (ieee80211_is_assoc_request(fc))
IWL_DEBUG_TX("Sending ASSOC frame\n");
else if (ieee80211_is_reassoc_request(fc))
IWL_DEBUG_TX("Sending REASSOC frame\n");
#endif
- /* drop all data frame if we are not associated */
+ /* drop all non-broadcast data frames if !priv->assoc_station_added */
if (((fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA) &&
- (!iwl_is_associated(priv) ||
- ((priv->iw_mode == IEEE80211_IF_TYPE_STA) && !priv->assoc_id) ||
- !priv->assoc_station_added)) {
- IWL_DEBUG_DROP("Dropping - !iwl_is_associated\n");
+ !priv->assoc_station_added && sta_id != priv->hw_params.bcast_sta_id) {
+ IWL_DEBUG_DROP("Dropping - !priv->assoc_station_added\n");
goto drop_unlock;
}
spin_unlock_irqrestore(&priv->lock, flags);
hdr_len = ieee80211_get_hdrlen(fc);
/* Find (or create) index into station table for destination station */
@@ -5110,21 +5106,16 @@ static void iwl4965_mac_stop(struct ieee
static int iwl4965_mac_tx(struct ieee80211_hw *hw, struct sk_buff *skb,
struct ieee80211_tx_control *ctl)
{
struct iwl_priv *priv = hw->priv;
IWL_DEBUG_MAC80211("enter\n");
- if (priv->iw_mode == IEEE80211_IF_TYPE_MNTR) {
- IWL_DEBUG_MAC80211("leave - monitor\n");
- return -1;
- }
-
IWL_DEBUG_TX("dev->xmit(%d bytes) at rate 0x%02x\n", skb->len,
ctl->tx_rate->bitrate);
if (iwl4965_tx_skb(priv, skb, ctl))
dev_kfree_skb_any(skb);
IWL_DEBUG_MAC80211("leave\n");
return 0;
[-- Warning: decoded text below may be mangled, UTF-8 assumed --]
[-- Attachment #2: iwlinject3.1.diff --]
[-- Type: text/x-diff; name=iwlinject3.1.diff, Size: 6202 bytes --]
diff -rp -U 8 compat-wireless-2008-05-20.orig/drivers/net/wireless/iwlwifi/iwl3945-base.c compat-wireless-2008-05-20/drivers/net/wireless/iwlwifi/iwl3945-base.c
--- compat-wireless-2008-05-20.orig/drivers/net/wireless/iwlwifi/iwl3945-base.c 2008-05-20 05:05:29.000000000 -0400
+++ compat-wireless-2008-05-20/drivers/net/wireless/iwlwifi/iwl3945-base.c 2008-05-20 11:31:15.513173847 -0400
@@ -2542,16 +2542,19 @@ static int iwl3945_get_sta_id(struct iwl
return sta_id;
IWL_DEBUG_DROP("Station %s not in station map. "
"Defaulting to broadcast...\n",
print_mac(mac, hdr->addr1));
iwl3945_print_hex_dump(IWL_DL_DROP, (u8 *) hdr, sizeof(*hdr));
return priv->hw_setting.bcast_sta_id;
}
+ /* If we are in monitor mode, use BCAST */
+ case IEEE80211_IF_TYPE_MNTR:
+ return priv->hw_setting.bcast_sta_id;
default:
IWL_WARNING("Unknown mode of operation: %d", priv->iw_mode);
return priv->hw_setting.bcast_sta_id;
}
}
/*
* start REPLY_TX command process
@@ -2579,21 +2582,16 @@ static int iwl3945_tx_skb(struct iwl3945
int rc;
spin_lock_irqsave(&priv->lock, flags);
if (iwl3945_is_rfkill(priv)) {
IWL_DEBUG_DROP("Dropping - RF KILL\n");
goto drop_unlock;
}
- if (!priv->vif) {
- IWL_DEBUG_DROP("Dropping - !priv->vif\n");
- goto drop_unlock;
- }
-
if ((ctl->tx_rate->hw_value & 0xFF) == IWL_INVALID_RATE) {
IWL_ERROR("ERROR: No TX rate available.\n");
goto drop_unlock;
}
unicast = !is_multicast_ether_addr(hdr->addr1);
id = 0;
@@ -2603,24 +2601,16 @@ static int iwl3945_tx_skb(struct iwl3945
if (ieee80211_is_auth(fc))
IWL_DEBUG_TX("Sending AUTH frame\n");
else if (ieee80211_is_assoc_request(fc))
IWL_DEBUG_TX("Sending ASSOC frame\n");
else if (ieee80211_is_reassoc_request(fc))
IWL_DEBUG_TX("Sending REASSOC frame\n");
#endif
- /* drop all data frame if we are not associated */
- if ((!iwl3945_is_associated(priv) ||
- ((priv->iw_mode == IEEE80211_IF_TYPE_STA) && !priv->assoc_id)) &&
- ((fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA)) {
- IWL_DEBUG_DROP("Dropping - !iwl3945_is_associated\n");
- goto drop_unlock;
- }
-
spin_unlock_irqrestore(&priv->lock, flags);
hdr_len = ieee80211_get_hdrlen(fc);
/* Find (or create) index into station table for destination station */
sta_id = iwl3945_get_sta_id(priv, hdr);
if (sta_id == IWL_INVALID_STATION) {
DECLARE_MAC_BUF(mac);
@@ -6692,21 +6682,16 @@ static void iwl3945_mac_stop(struct ieee
static int iwl3945_mac_tx(struct ieee80211_hw *hw, struct sk_buff *skb,
struct ieee80211_tx_control *ctl)
{
struct iwl3945_priv *priv = hw->priv;
IWL_DEBUG_MAC80211("enter\n");
- if (priv->iw_mode == IEEE80211_IF_TYPE_MNTR) {
- IWL_DEBUG_MAC80211("leave - monitor\n");
- return -1;
- }
-
IWL_DEBUG_TX("dev->xmit(%d bytes) at rate 0x%02x\n", skb->len,
ctl->tx_rate->bitrate);
if (iwl3945_tx_skb(priv, skb, ctl))
dev_kfree_skb_any(skb);
IWL_DEBUG_MAC80211("leave\n");
return 0;
diff -rp -U 8 compat-wireless-2008-05-20.orig/drivers/net/wireless/iwlwifi/iwl4965-base.c compat-wireless-2008-05-20/drivers/net/wireless/iwlwifi/iwl4965-base.c
--- compat-wireless-2008-05-20.orig/drivers/net/wireless/iwlwifi/iwl4965-base.c 2008-05-20 05:05:29.000000000 -0400
+++ compat-wireless-2008-05-20/drivers/net/wireless/iwlwifi/iwl4965-base.c 2008-05-20 18:59:39.400975754 -0400
@@ -1746,16 +1746,19 @@ static int iwl4965_get_sta_id(struct iwl
return sta_id;
IWL_DEBUG_DROP("Station %s not in station map. "
"Defaulting to broadcast...\n",
print_mac(mac, hdr->addr1));
iwl_print_hex_dump(priv, IWL_DL_DROP, (u8 *) hdr, sizeof(*hdr));
return priv->hw_params.bcast_sta_id;
+ /* If we are in monitor mode, use BCAST */
+ case IEEE80211_IF_TYPE_MNTR:
+ return priv->hw_params.bcast_sta_id;
default:
IWL_WARNING("Unknown mode of operation: %d", priv->iw_mode);
return priv->hw_params.bcast_sta_id;
}
}
/*
* start REPLY_TX command process
@@ -1784,21 +1787,16 @@ static int iwl4965_tx_skb(struct iwl_pri
int rc;
spin_lock_irqsave(&priv->lock, flags);
if (iwl_is_rfkill(priv)) {
IWL_DEBUG_DROP("Dropping - RF KILL\n");
goto drop_unlock;
}
- if (!priv->vif) {
- IWL_DEBUG_DROP("Dropping - !priv->vif\n");
- goto drop_unlock;
- }
-
if ((ctl->tx_rate->hw_value & 0xFF) == IWL_INVALID_RATE) {
IWL_ERROR("ERROR: No TX rate available.\n");
goto drop_unlock;
}
unicast = !is_multicast_ether_addr(hdr->addr1);
id = 0;
@@ -1808,22 +1806,20 @@ static int iwl4965_tx_skb(struct iwl_pri
if (ieee80211_is_auth(fc))
IWL_DEBUG_TX("Sending AUTH frame\n");
else if (ieee80211_is_assoc_request(fc))
IWL_DEBUG_TX("Sending ASSOC frame\n");
else if (ieee80211_is_reassoc_request(fc))
IWL_DEBUG_TX("Sending REASSOC frame\n");
#endif
- /* drop all data frame if we are not associated */
+ /* drop all non-broadcast data frames if !priv->assoc_station_added */
if (((fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA) &&
- (!iwl_is_associated(priv) ||
- ((priv->iw_mode == IEEE80211_IF_TYPE_STA) && !priv->assoc_id) ||
- !priv->assoc_station_added)) {
- IWL_DEBUG_DROP("Dropping - !iwl_is_associated\n");
+ !priv->assoc_station_added && sta_id != priv->hw_params.bcast_sta_id) {
+ IWL_DEBUG_DROP("Dropping - !priv->assoc_station_added\n");
goto drop_unlock;
}
spin_unlock_irqrestore(&priv->lock, flags);
hdr_len = ieee80211_get_hdrlen(fc);
/* Find (or create) index into station table for destination station */
@@ -5110,21 +5106,16 @@ static void iwl4965_mac_stop(struct ieee
static int iwl4965_mac_tx(struct ieee80211_hw *hw, struct sk_buff *skb,
struct ieee80211_tx_control *ctl)
{
struct iwl_priv *priv = hw->priv;
IWL_DEBUG_MAC80211("enter\n");
- if (priv->iw_mode == IEEE80211_IF_TYPE_MNTR) {
- IWL_DEBUG_MAC80211("leave - monitor\n");
- return -1;
- }
-
IWL_DEBUG_TX("dev->xmit(%d bytes) at rate 0x%02x\n", skb->len,
ctl->tx_rate->bitrate);
if (iwl4965_tx_skb(priv, skb, ctl))
dev_kfree_skb_any(skb);
IWL_DEBUG_MAC80211("leave\n");
return 0;
Only in compat-wireless-2008-05-20/drivers/net/wireless/iwlwifi: iwl4965-base.c~
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PATCH V2] iwlwifi: Fix packet injection in iwl3945 and iwl4965
2008-05-21 15:19 ` [PATCH V2] " Stefanik Gábor
@ 2008-05-22 9:12 ` Zhu Yi
2008-05-22 9:17 ` Johannes Berg
2008-05-26 7:11 ` Zhu Yi
1 sibling, 1 reply; 15+ messages in thread
From: Zhu Yi @ 2008-05-22 9:12 UTC (permalink / raw)
To: Stefanik Gábor
Cc: John Linville, linux-wireless, Andy Green, Johannes Berg,
Tomas Winkler, ipw3945-devel
On Wed, 2008-05-21 at 17:19 +0200, Stefanik G=A8=A2bor wrote:
> also works in monitor-while-associated mode.
How does it work? AFAICS, mac80211 wext.c blocks setting essid and bssi=
d
in monitor mode. Did you patch it?
Thanks,
-yi
--
To unsubscribe from this list: send the line "unsubscribe linux-wireles=
s" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PATCH V2] iwlwifi: Fix packet injection in iwl3945 and iwl4965
2008-05-22 9:12 ` Zhu Yi
@ 2008-05-22 9:17 ` Johannes Berg
2008-05-22 10:19 ` Stefanik Gábor
0 siblings, 1 reply; 15+ messages in thread
From: Johannes Berg @ 2008-05-22 9:17 UTC (permalink / raw)
To: Zhu Yi
Cc: Stefanik Gábor, John Linville, linux-wireless, Andy Green,
Tomas Winkler, ipw3945-devel
[-- Attachment #1: Type: text/plain, Size: 469 bytes --]
On Thu, 2008-05-22 at 17:12 +0800, Zhu Yi wrote:
> On Wed, 2008-05-21 at 17:19 +0200, Stefanik Gábor wrote:
> > also works in monitor-while-associated mode.
>
> How does it work? AFAICS, mac80211 wext.c blocks setting essid and bssid
> in monitor mode. Did you patch it?
You just create two virtual interfaces. Which, incidentally, iwlwifi
seems to be quite buggy about: it will accept all types, even those it
doesn't support (mesh, ap, wds?)
johannes
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 828 bytes --]
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PATCH V2] iwlwifi: Fix packet injection in iwl3945 and iwl4965
2008-05-22 9:17 ` Johannes Berg
@ 2008-05-22 10:19 ` Stefanik Gábor
0 siblings, 0 replies; 15+ messages in thread
From: Stefanik Gábor @ 2008-05-22 10:19 UTC (permalink / raw)
To: Johannes Berg
Cc: Zhu Yi, John Linville, linux-wireless, Andy Green, Tomas Winkler,
ipw3945-devel
On Thu, May 22, 2008 at 11:17 AM, Johannes Berg
<johannes@sipsolutions.net> wrote:
> On Thu, 2008-05-22 at 17:12 +0800, Zhu Yi wrote:
>> On Wed, 2008-05-21 at 17:19 +0200, Stefanik G=E1bor wrote:
>> > also works in monitor-while-associated mode.
>>
>> How does it work? AFAICS, mac80211 wext.c blocks setting essid and b=
ssid
>> in monitor mode. Did you patch it?
>
> You just create two virtual interfaces. Which, incidentally, iwlwifi
> seems to be quite buggy about: it will accept all types, even those i=
t
> doesn't support (mesh, ap, wds?)
>
> johannes
>
Exactly. I should have wrote multi-VAP mode, since that's what it
really is, except for that it doesn't panic, unlike madwifi's
similarly named mode. Wext.c blocks setting ESSID and BSSID for
monitor interfaces - but there is nothing that prevents a monitor and
a station interface to coexist on the same wmaster - and even though
setting ESSID and BSSID on the monitor interface (call it "rtap0") is
blocked, they still work on the station interface (for example,
"wlan0"). (This multi-interface mode is exposed by the iw tool, as
well as aircrack-ng's airmon-ng script, which essentially acts as a
front-end for iw.)
G=E1bor
--=20
Vista: [V]iruses, [I]ntruders, [S]pyware, [T]rojans and [A]dware. :-)
--
To unsubscribe from this list: send the line "unsubscribe linux-wireles=
s" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 15+ messages in thread
* Re: [PATCH V2] iwlwifi: Fix packet injection in iwl3945 and iwl4965
2008-05-21 15:19 ` [PATCH V2] " Stefanik Gábor
2008-05-22 9:12 ` Zhu Yi
@ 2008-05-26 7:11 ` Zhu Yi
1 sibling, 0 replies; 15+ messages in thread
From: Zhu Yi @ 2008-05-26 7:11 UTC (permalink / raw)
To: Stefanik Gábor
Cc: John Linville, linux-wireless, Andy Green, Johannes Berg,
Tomas Winkler, ipw3945-devel
On Wed, 2008-05-21 at 17:19 +0200, Stefanik G=A8=A2bor wrote:
> this patch really
> fixes packet injection on iwlwifi devices (iwl3945 and iwl4965),
> without causing possible nasty side-effects. Tested with packetspamme=
r
> and aireplay-ng, also works in monitor-while-associated mode.
The mode you enabled is not real "monitor" mode. You can only receive
broadcast/mulitcast frames but not unicast frames destined to other
hosts.
Thanks,
-yi
--
To unsubscribe from this list: send the line "unsubscribe linux-wireles=
s" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
^ permalink raw reply [flat|nested] 15+ messages in thread
end of thread, other threads:[~2008-05-26 7:12 UTC | newest]
Thread overview: 15+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2008-05-20 17:01 [PATCH] iwlwifi: Fix packet injection in iwl3945 and iwl4965 Stefanik Gábor
2008-05-20 21:41 ` Tomas Winkler
2008-05-20 21:51 ` Stefanik Gábor
2008-05-20 22:18 ` Tomas Winkler
2008-05-20 22:26 ` Stefanik Gábor
2008-05-20 22:45 ` Tomas Winkler
2008-05-20 22:56 ` Stefanik Gábor
2008-05-20 23:03 ` Stefanik Gábor
2008-05-20 23:13 ` Tomas Winkler
2008-05-21 15:02 ` Stefanik Gábor
2008-05-21 15:19 ` [PATCH V2] " Stefanik Gábor
2008-05-22 9:12 ` Zhu Yi
2008-05-22 9:17 ` Johannes Berg
2008-05-22 10:19 ` Stefanik Gábor
2008-05-26 7:11 ` Zhu Yi
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).