[PATCH] iwlwifi: Enable packet injection for iwl4965

[PATCH] iwlwifi: Enable packet injection for iwl4965

[Stefanik Gábor]

[-- Attachment #1: Type: text/plain, Size: 3739 bytes --]

Handle station IDs of transmitted packets when in monitor mode, and
remove the various anti-injection checks from the iwl4965 driver.
This makes injection work on IWL4965 and hopefully IWL50xx. Tested on
IWL4965 with aircrack-ng, IWL50xx not tested because I don't have
access to an IWL50xx card.

Note: To inject management frames with this patch, HW crypto support
must be disabled using the "swcrypto=1" modparam (or "swcrypto50=1"
for IWL50xx). Otherwise most management frames won't be transmitted.

Signed-off-by: Gábor Stefanik <netrolller.3d@gmail.com>

---

Patch also available as an attachment on this e-mail, as Gmail tends
to whitespace-damage patches.

diff --git a/drivers/net/wireless/iwlwifi/iwl-sta.c
b/drivers/net/wireless/iwlwifi/iwl-sta.c
index 6d1467d..78b1315 100644
--- a/drivers/net/wireless/iwlwifi/iwl-sta.c
+++ b/drivers/net/wireless/iwlwifi/iwl-sta.c
@@ -968,6 +968,11 @@ int iwl_get_sta_id(struct iwl_priv *priv, struct
ieee80211_hdr *hdr)
 		iwl_print_hex_dump(priv, IWL_DL_DROP, (u8 *) hdr, sizeof(*hdr));
 		return priv->hw_params.bcast_sta_id;

+	/* If we are in monitor mode, use BCAST. This is required for
+	 * packet injection. */
+	case IEEE80211_IF_TYPE_MNTR:
+		return priv->hw_params.bcast_sta_id;
+
 	default:
 		IWL_WARNING("Unknown mode of operation: %d", priv->iw_mode);
 		return priv->hw_params.bcast_sta_id;
diff --git a/drivers/net/wireless/iwlwifi/iwl-tx.c
b/drivers/net/wireless/iwlwifi/iwl-tx.c
index 032641d..55149d4 100644
--- a/drivers/net/wireless/iwlwifi/iwl-tx.c
+++ b/drivers/net/wireless/iwlwifi/iwl-tx.c
@@ -783,11 +783,6 @@ int iwl_tx_skb(struct iwl_priv *priv, struct sk_buff *skb)
 		goto drop_unlock;
 	}

-	if (!priv->vif) {
-		IWL_DEBUG_DROP("Dropping - !priv->vif\n");
-		goto drop_unlock;
-	}
-
 	if ((ieee80211_get_tx_rate(priv->hw, info)->hw_value & 0xFF) ==
 	     IWL_INVALID_RATE) {
 		IWL_ERROR("ERROR: No TX rate available.\n");
@@ -810,9 +805,11 @@ int iwl_tx_skb(struct iwl_priv *priv, struct sk_buff *skb)

 	/* drop all data frame if we are not associated */
 	if (ieee80211_is_data(fc) &&
-	   (!iwl_is_associated(priv) ||
-	    ((priv->iw_mode == IEEE80211_IF_TYPE_STA) && !priv->assoc_id) ||
-	    !priv->assoc_station_added)) {
+	    (priv->iw_mode != IEEE80211_IF_TYPE_MNTR ||
+	    !(info->flags & IEEE80211_TX_CTL_INJECTED)) && /* packet injection */
+	    (!iwl_is_associated(priv) ||
+	     ((priv->iw_mode == IEEE80211_IF_TYPE_STA) && !priv->assoc_id) ||
+	     !priv->assoc_station_added)) {
 		IWL_DEBUG_DROP("Dropping - !iwl_is_associated\n");
 		goto drop_unlock;
 	}
@@ -822,7 +819,10 @@ int iwl_tx_skb(struct iwl_priv *priv, struct sk_buff *skb)
 	hdr_len = ieee80211_get_hdrlen(le16_to_cpu(fc));

 	/* Find (or create) index into station table for destination station */
-	sta_id = iwl_get_sta_id(priv, hdr);
+	if (info->flags & IEEE80211_TX_CTL_INJECTED)
+		sta_id = priv->hw_params.bcast_sta_id;
+	else
+		sta_id = iwl_get_sta_id(priv, hdr);
 	if (sta_id == IWL_INVALID_STATION) {
 		DECLARE_MAC_BUF(mac);

diff --git a/drivers/net/wireless/iwlwifi/iwl4965-base.c
b/drivers/net/wireless/iwlwifi/iwl4965-base.c
index 60b7a64..380cc38 100644
--- a/drivers/net/wireless/iwlwifi/iwl4965-base.c
+++ b/drivers/net/wireless/iwlwifi/iwl4965-base.c
@@ -2680,12 +2680,6 @@ static int iwl4965_mac_tx(struct ieee80211_hw
*hw, struct sk_buff *skb)

 	IWL_DEBUG_MAC80211("enter\n");

-	if (priv->iw_mode == IEEE80211_IF_TYPE_MNTR) {
-		IWL_DEBUG_MAC80211("leave - monitor\n");
-		dev_kfree_skb_any(skb);
-		return 0;
-	}
-
 	IWL_DEBUG_TX("dev->xmit(%d bytes) at rate 0x%02x\n", skb->len,
 		     ieee80211_get_tx_rate(hw, IEEE80211_SKB_CB(skb))->bitrate);

[-- Attachment #2: iwl4965-injection.patch --]
[-- Type: application/mbox, Size: 2984 bytes --]

Re: [PATCH] iwlwifi: Enable packet injection for iwl4965

[Stefanik Gábor]

On Fri, Jul 18, 2008 at 9:05 PM, Stefanik G=E1bor <netrolller.3d@gmail.=
com> wrote:
> Handle station IDs of transmitted packets when in monitor mode, and
> remove the various anti-injection checks from the iwl4965 driver.
> This makes injection work on IWL4965 and hopefully IWL50xx. Tested on
> IWL4965 with aircrack-ng, IWL50xx not tested because I don't have
> access to an IWL50xx card.
>
> Note: To inject management frames with this patch, HW crypto support
> must be disabled using the "swcrypto=3D1" modparam (or "swcrypto50=3D=
1"
> for IWL50xx). Otherwise most management frames won't be transmitted.
>
> Signed-off-by: G=E1bor Stefanik <netrolller.3d@gmail.com>
>
> ---
>
> Patch also available as an attachment on this e-mail, as Gmail tends
> to whitespace-damage patches.
>
> diff --git a/drivers/net/wireless/iwlwifi/iwl-sta.c
> b/drivers/net/wireless/iwlwifi/iwl-sta.c
> index 6d1467d..78b1315 100644
> --- a/drivers/net/wireless/iwlwifi/iwl-sta.c
> +++ b/drivers/net/wireless/iwlwifi/iwl-sta.c
> @@ -968,6 +968,11 @@ int iwl_get_sta_id(struct iwl_priv *priv, struct
> ieee80211_hdr *hdr)
>                iwl_print_hex_dump(priv, IWL_DL_DROP, (u8 *) hdr, size=
of(*hdr));
>                return priv->hw_params.bcast_sta_id;
>
> +       /* If we are in monitor mode, use BCAST. This is required for
> +        * packet injection. */
> +       case IEEE80211_IF_TYPE_MNTR:
> +               return priv->hw_params.bcast_sta_id;
> +
>        default:
>                IWL_WARNING("Unknown mode of operation: %d", priv->iw_=
mode);
>                return priv->hw_params.bcast_sta_id;
> diff --git a/drivers/net/wireless/iwlwifi/iwl-tx.c
> b/drivers/net/wireless/iwlwifi/iwl-tx.c
> index 032641d..55149d4 100644
> --- a/drivers/net/wireless/iwlwifi/iwl-tx.c
> +++ b/drivers/net/wireless/iwlwifi/iwl-tx.c
> @@ -783,11 +783,6 @@ int iwl_tx_skb(struct iwl_priv *priv, struct sk_=
buff *skb)
>                goto drop_unlock;
>        }
>
> -       if (!priv->vif) {
> -               IWL_DEBUG_DROP("Dropping - !priv->vif\n");
> -               goto drop_unlock;
> -       }
> -
>        if ((ieee80211_get_tx_rate(priv->hw, info)->hw_value & 0xFF) =3D=
=3D
>             IWL_INVALID_RATE) {
>                IWL_ERROR("ERROR: No TX rate available.\n");
> @@ -810,9 +805,11 @@ int iwl_tx_skb(struct iwl_priv *priv, struct sk_=
buff *skb)
>
>        /* drop all data frame if we are not associated */
>        if (ieee80211_is_data(fc) &&
> -          (!iwl_is_associated(priv) ||
> -           ((priv->iw_mode =3D=3D IEEE80211_IF_TYPE_STA) && !priv->a=
ssoc_id) ||
> -           !priv->assoc_station_added)) {
> +           (priv->iw_mode !=3D IEEE80211_IF_TYPE_MNTR ||
> +           !(info->flags & IEEE80211_TX_CTL_INJECTED)) && /* packet =
injection */
> +           (!iwl_is_associated(priv) ||
> +            ((priv->iw_mode =3D=3D IEEE80211_IF_TYPE_STA) && !priv->=
assoc_id) ||
> +            !priv->assoc_station_added)) {
>                IWL_DEBUG_DROP("Dropping - !iwl_is_associated\n");
>                goto drop_unlock;
>        }
> @@ -822,7 +819,10 @@ int iwl_tx_skb(struct iwl_priv *priv, struct sk_=
buff *skb)
>        hdr_len =3D ieee80211_get_hdrlen(le16_to_cpu(fc));
>
>        /* Find (or create) index into station table for destination s=
tation */
> -       sta_id =3D iwl_get_sta_id(priv, hdr);
> +       if (info->flags & IEEE80211_TX_CTL_INJECTED)
> +               sta_id =3D priv->hw_params.bcast_sta_id;
> +       else
> +               sta_id =3D iwl_get_sta_id(priv, hdr);
>        if (sta_id =3D=3D IWL_INVALID_STATION) {
>                DECLARE_MAC_BUF(mac);
>
> diff --git a/drivers/net/wireless/iwlwifi/iwl4965-base.c
> b/drivers/net/wireless/iwlwifi/iwl4965-base.c
> index 60b7a64..380cc38 100644
> --- a/drivers/net/wireless/iwlwifi/iwl4965-base.c
> +++ b/drivers/net/wireless/iwlwifi/iwl4965-base.c
> @@ -2680,12 +2680,6 @@ static int iwl4965_mac_tx(struct ieee80211_hw
> *hw, struct sk_buff *skb)
>
>        IWL_DEBUG_MAC80211("enter\n");
>
> -       if (priv->iw_mode =3D=3D IEEE80211_IF_TYPE_MNTR) {
> -               IWL_DEBUG_MAC80211("leave - monitor\n");
> -               dev_kfree_skb_any(skb);
> -               return 0;
> -       }
> -
>        IWL_DEBUG_TX("dev->xmit(%d bytes) at rate 0x%02x\n", skb->len,
>                     ieee80211_get_tx_rate(hw, IEEE80211_SKB_CB(skb))-=
>bitrate);
>

What is the status of this patch? Did it get lost? Was it rejected? I
didn't get any answer on it, and I can't see it in iwlwifi-2.6.git or
wireless-testing.git.

--=20
Vista: [V]iruses, [I]ntruders, [S]pyware, [T]rojans and [A]dware. :-)
--
To unsubscribe from this list: send the line "unsubscribe linux-wireles=
s" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH] iwlwifi: Enable packet injection for iwl4965

[Johannes Berg]

[-- Attachment #1: Type: text/plain, Size: 272 bytes --]

On Tue, 2008-07-22 at 13:54 +0200, Stefanik Gábor wrote:

> What is the status of this patch? Did it get lost? Was it rejected? I
> didn't get any answer on it, and I can't see it in iwlwifi-2.6.git or
> wireless-testing.git.

It's OLS. Wait a week :)

johannes

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 836 bytes --]

Re: [ipw3945-devel] [PATCH] iwlwifi: Enable packet injection for iwl4965

[Johannes Engel]

Stefanik G=E1bor wrote:
> What is the status of this patch? Did it get lost? Was it rejected? I
> didn't get any answer on it, and I can't see it in iwlwifi-2.6.git or
> wireless-testing.git.

Actually it is at least in linux-next since 30th of June as of commit=20
914233d68f07d5d9c22630cd5a84fdfd98f39da2.

Cheers, Johannes
--
To unsubscribe from this list: send the line "unsubscribe linux-wireles=
s" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [ipw3945-devel] [PATCH] iwlwifi: Enable packet injection for iwl4965

[Stéphane Jourdois]

Johannes Engel a =C3=A9crit :
> Stefanik G=C3=A1bor wrote:
>> What is the status of this patch? Did it get lost? Was it rejected? =
I
>> didn't get any answer on it, and I can't see it in iwlwifi-2.6.git o=
r
>> wireless-testing.git.
>=20
> Actually it is at least in linux-next since 30th of June as of commit=
=20
> 914233d68f07d5d9c22630cd5a84fdfd98f39da2.

I beg your pardon, but this commit is for iwl3945, not iwl4965.
The patch for iwl4965 is currently not in any git tree.

Stephane.

--=20
  ///  Stephane Jourdois     /"\  ASCII RIBBON CAMPAIGN \\\
(((    Consultant securite  \ /    AGAINST HTML MAIL    )))
  \\\   157 Bd Davout         X                         ///
   \\\  75020  Paris         / \    +33 6 8643 3085    ///
--
To unsubscribe from this list: send the line "unsubscribe linux-wireles=
s" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [ipw3945-devel] [PATCH] iwlwifi: Enable packet injection for iwl4965

[Zhu Yi]

On Tue, 2008-07-22 at 20:13 +0200, St=A8=A6phane Jourdois wrote:
> but this commit is for iwl3945, not iwl4965.
> The patch for iwl4965 is currently not in any git tree.

We are waiting for more "confirmed success" response before merging it.

Thanks,
-yi

--
To unsubscribe from this list: send the line "unsubscribe linux-wireles=
s" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [ipw3945-devel] [PATCH] iwlwifi: Enable packet injection for iwl4965

[Stefanik Gábor]

2008/7/25 Zhu Yi <yi.zhu@intel.com>:
> On Tue, 2008-07-22 at 20:13 +0200, St=E9phane Jourdois wrote:
>> but this commit is for iwl3945, not iwl4965.
>> The patch for iwl4965 is currently not in any git tree.
>
> We are waiting for more "confirmed success" response before merging i=
t.
>
> Thanks,
> -yi

I think we now have a lot of "confirmed success", as aircrack-ng users
are now using this card with aireplay-ng - injecting association
frames is unstable, but injecting data packets works.

--=20
Vista: [V]iruses, [I]ntruders, [S]pyware, [T]rojans and [A]dware. :-)
--
To unsubscribe from this list: send the line "unsubscribe linux-wireles=
s" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [ipw3945-devel] [PATCH] iwlwifi: Enable packet injection for iwl4965

[Junty Mesmon]

If this is the right place to do it, i would like to confirm that i
have had success injecting data packets with the stated patchto the
iwl4965 driver.

On Fri, Jul 25, 2008 at 5:49 PM, Stefanik G=E1bor <netrolller.3d@gmail.=
com> wrote:
> 2008/7/25 Zhu Yi <yi.zhu@intel.com>:
>> On Tue, 2008-07-22 at 20:13 +0200, St=E9phane Jourdois wrote:
>>> but this commit is for iwl3945, not iwl4965.
>>> The patch for iwl4965 is currently not in any git tree.
>>
>> We are waiting for more "confirmed success" response before merging =
it.
>>
>> Thanks,
>> -yi
>
> I think we now have a lot of "confirmed success", as aircrack-ng user=
s
> are now using this card with aireplay-ng - injecting association
> frames is unstable, but injecting data packets works.
>
> --
> Vista: [V]iruses, [I]ntruders, [S]pyware, [T]rojans and [A]dware. :-)
>
> ---------------------------------------------------------------------=
----
> This SF.Net email is sponsored by the Moblin Your Move Developer's ch=
allenge
> Build the coolest Linux based applications with Moblin SDK & win grea=
t prizes
> Grand prize is a trip for two to an Open Source event anywhere in the=
 world
> http://moblin-contest.org/redirect.php?banner_id=3D100&url=3D/
> _______________________________________________
> Ipw3945-devel mailing list
> Ipw3945-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/ipw3945-devel
>
--
To unsubscribe from this list: send the line "unsubscribe linux-wireles=
s" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [ipw3945-devel] [PATCH] iwlwifi: Enable packet injection for iwl4965

[Tomas Winkler]

On Sat, Jul 26, 2008 at 6:30 AM, Junty Mesmon <jmesmon@gmail.com> wrote=
:
> If this is the right place to do it, i would like to confirm that i
> have had success injecting data packets with the stated patchto the
> iwl4965 driver.
>
> On Fri, Jul 25, 2008 at 5:49 PM, Stefanik G=E1bor <netrolller.3d@gmai=
l.com> wrote:
>> 2008/7/25 Zhu Yi <yi.zhu@intel.com>:
>>> On Tue, 2008-07-22 at 20:13 +0200, St=E9phane Jourdois wrote:
>>>> but this commit is for iwl3945, not iwl4965.
>>>> The patch for iwl4965 is currently not in any git tree.
>>>
>>> We are waiting for more "confirmed success" response before merging=
 it.
>>>
>>> Thanks,
>>> -yi
>>
>> I think we now have a lot of "confirmed success", as aircrack-ng use=
rs
>> are now using this card with aireplay-ng - injecting association
>> frames is unstable, but injecting data packets works.

That I don't have doubt the question whether it didn't break normal ope=
ration.
Tomas
--
To unsubscribe from this list: send the line "unsubscribe linux-wireles=
s" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html

Re: [PATCH] iwlwifi: Enable packet injection for iwl4965

[Stefanik Gábor]

On Fri, Jul 18, 2008 at 9:05 PM, Stefanik G=E1bor <netrolller.3d@gmail.=
com> wrote:
> @@ -822,7 +819,10 @@ int iwl_tx_skb(struct iwl_priv *priv, struct sk_=
buff *skb)
>        hdr_len =3D ieee80211_get_hdrlen(le16_to_cpu(fc));
>
>        /* Find (or create) index into station table for destination s=
tation */
> -       sta_id =3D iwl_get_sta_id(priv, hdr);
> +       if (info->flags & IEEE80211_TX_CTL_INJECTED)
> +               sta_id =3D priv->hw_params.bcast_sta_id;
> +       else
> +               sta_id =3D iwl_get_sta_id(priv, hdr);
>        if (sta_id =3D=3D IWL_INVALID_STATION) {
>                DECLARE_MAC_BUF(mac);

Oops... this hunk (last hunk in iwl-tx.c) is unneeded, just ignore it
(it's a leftover from another patch I have in my tree).

--=20
Vista: [V]iruses, [I]ntruders, [S]pyware, [T]rojans and [A]dware. :-)
--
To unsubscribe from this list: send the line "unsubscribe linux-wireles=
s" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html