[PATCH] iwlwifi: Enable packet injection for iwl4965 - Kernel

This is a discussion on [PATCH] iwlwifi: Enable packet injection for iwl4965 - Kernel ; Handle station IDs of transmitted packets when in monitor mode, and remove the various anti-injection checks from the iwl4965 driver. This makes injection work on IWL4965 and hopefully IWL50xx. Tested on IWL4965 with aircrack-ng, IWL50xx not tested because I don't ...

+ Reply to Thread
Results 1 to 10 of 10

Thread: [PATCH] iwlwifi: Enable packet injection for iwl4965

  1. [PATCH] iwlwifi: Enable packet injection for iwl4965

    Handle station IDs of transmitted packets when in monitor mode, and
    remove the various anti-injection checks from the iwl4965 driver.
    This makes injection work on IWL4965 and hopefully IWL50xx. Tested on
    IWL4965 with aircrack-ng, IWL50xx not tested because I don't have
    access to an IWL50xx card.

    Note: To inject management frames with this patch, HW crypto support
    must be disabled using the "swcrypto=1" modparam (or "swcrypto50=1"
    for IWL50xx). Otherwise most management frames won't be transmitted.

    Signed-off-by: Gábor Stefanik

    ---

    Patch also available as an attachment on this e-mail, as Gmail tends
    to whitespace-damage patches.

    diff --git a/drivers/net/wireless/iwlwifi/iwl-sta.c
    b/drivers/net/wireless/iwlwifi/iwl-sta.c
    index 6d1467d..78b1315 100644
    --- a/drivers/net/wireless/iwlwifi/iwl-sta.c
    +++ b/drivers/net/wireless/iwlwifi/iwl-sta.c
    @@ -968,6 +968,11 @@ int iwl_get_sta_id(struct iwl_priv *priv, struct
    ieee80211_hdr *hdr)
    iwl_print_hex_dump(priv, IWL_DL_DROP, (u8 *) hdr, sizeof(*hdr));
    return priv->hw_params.bcast_sta_id;

    + /* If we are in monitor mode, use BCAST. This is required for
    + * packet injection. */
    + case IEEE80211_IF_TYPE_MNTR:
    + return priv->hw_params.bcast_sta_id;
    +
    default:
    IWL_WARNING("Unknown mode of operation: %d", priv->iw_mode);
    return priv->hw_params.bcast_sta_id;
    diff --git a/drivers/net/wireless/iwlwifi/iwl-tx.c
    b/drivers/net/wireless/iwlwifi/iwl-tx.c
    index 032641d..55149d4 100644
    --- a/drivers/net/wireless/iwlwifi/iwl-tx.c
    +++ b/drivers/net/wireless/iwlwifi/iwl-tx.c
    @@ -783,11 +783,6 @@ int iwl_tx_skb(struct iwl_priv *priv, struct sk_buff *skb)
    goto drop_unlock;
    }

    - if (!priv->vif) {
    - IWL_DEBUG_DROP("Dropping - !priv->vif\n");
    - goto drop_unlock;
    - }
    -
    if ((ieee80211_get_tx_rate(priv->hw, info)->hw_value & 0xFF) ==
    IWL_INVALID_RATE) {
    IWL_ERROR("ERROR: No TX rate available.\n");
    @@ -810,9 +805,11 @@ int iwl_tx_skb(struct iwl_priv *priv, struct sk_buff *skb)

    /* drop all data frame if we are not associated */
    if (ieee80211_is_data(fc) &&
    - (!iwl_is_associated(priv) ||
    - ((priv->iw_mode == IEEE80211_IF_TYPE_STA) && !priv->assoc_id) ||
    - !priv->assoc_station_added)) {
    + (priv->iw_mode != IEEE80211_IF_TYPE_MNTR ||
    + !(info->flags & IEEE80211_TX_CTL_INJECTED)) && /* packet injection */
    + (!iwl_is_associated(priv) ||
    + ((priv->iw_mode == IEEE80211_IF_TYPE_STA) && !priv->assoc_id) ||
    + !priv->assoc_station_added)) {
    IWL_DEBUG_DROP("Dropping - !iwl_is_associated\n");
    goto drop_unlock;
    }
    @@ -822,7 +819,10 @@ int iwl_tx_skb(struct iwl_priv *priv, struct sk_buff *skb)
    hdr_len = ieee80211_get_hdrlen(le16_to_cpu(fc));

    /* Find (or create) index into station table for destination station */
    - sta_id = iwl_get_sta_id(priv, hdr);
    + if (info->flags & IEEE80211_TX_CTL_INJECTED)
    + sta_id = priv->hw_params.bcast_sta_id;
    + else
    + sta_id = iwl_get_sta_id(priv, hdr);
    if (sta_id == IWL_INVALID_STATION) {
    DECLARE_MAC_BUF(mac);

    diff --git a/drivers/net/wireless/iwlwifi/iwl4965-base.c
    b/drivers/net/wireless/iwlwifi/iwl4965-base.c
    index 60b7a64..380cc38 100644
    --- a/drivers/net/wireless/iwlwifi/iwl4965-base.c
    +++ b/drivers/net/wireless/iwlwifi/iwl4965-base.c
    @@ -2680,12 +2680,6 @@ static int iwl4965_mac_tx(struct ieee80211_hw
    *hw, struct sk_buff *skb)

    IWL_DEBUG_MAC80211("enter\n");

    - if (priv->iw_mode == IEEE80211_IF_TYPE_MNTR) {
    - IWL_DEBUG_MAC80211("leave - monitor\n");
    - dev_kfree_skb_any(skb);
    - return 0;
    - }
    -
    IWL_DEBUG_TX("dev->xmit(%d bytes) at rate 0x%02x\n", skb->len,
    ieee80211_get_tx_rate(hw, IEEE80211_SKB_CB(skb))->bitrate);


  2. Re: [PATCH] iwlwifi: Enable packet injection for iwl4965

    On Fri, Jul 18, 2008 at 9:05 PM, Stefanik Gábor wrote:
    > Handle station IDs of transmitted packets when in monitor mode, and
    > remove the various anti-injection checks from the iwl4965 driver.
    > This makes injection work on IWL4965 and hopefully IWL50xx. Tested on
    > IWL4965 with aircrack-ng, IWL50xx not tested because I don't have
    > access to an IWL50xx card.
    >
    > Note: To inject management frames with this patch, HW crypto support
    > must be disabled using the "swcrypto=1" modparam (or "swcrypto50=1"
    > for IWL50xx). Otherwise most management frames won't be transmitted.
    >
    > Signed-off-by: Gábor Stefanik
    >
    > ---
    >
    > Patch also available as an attachment on this e-mail, as Gmail tends
    > to whitespace-damage patches.
    >
    > diff --git a/drivers/net/wireless/iwlwifi/iwl-sta.c
    > b/drivers/net/wireless/iwlwifi/iwl-sta.c
    > index 6d1467d..78b1315 100644
    > --- a/drivers/net/wireless/iwlwifi/iwl-sta.c
    > +++ b/drivers/net/wireless/iwlwifi/iwl-sta.c
    > @@ -968,6 +968,11 @@ int iwl_get_sta_id(struct iwl_priv *priv, struct
    > ieee80211_hdr *hdr)
    > iwl_print_hex_dump(priv, IWL_DL_DROP, (u8 *) hdr, sizeof(*hdr));
    > return priv->hw_params.bcast_sta_id;
    >
    > + /* If we are in monitor mode, use BCAST. This is required for
    > + * packet injection. */
    > + case IEEE80211_IF_TYPE_MNTR:
    > + return priv->hw_params.bcast_sta_id;
    > +
    > default:
    > IWL_WARNING("Unknown mode of operation: %d", priv->iw_mode);
    > return priv->hw_params.bcast_sta_id;
    > diff --git a/drivers/net/wireless/iwlwifi/iwl-tx.c
    > b/drivers/net/wireless/iwlwifi/iwl-tx.c
    > index 032641d..55149d4 100644
    > --- a/drivers/net/wireless/iwlwifi/iwl-tx.c
    > +++ b/drivers/net/wireless/iwlwifi/iwl-tx.c
    > @@ -783,11 +783,6 @@ int iwl_tx_skb(struct iwl_priv *priv, struct sk_buff *skb)
    > goto drop_unlock;
    > }
    >
    > - if (!priv->vif) {
    > - IWL_DEBUG_DROP("Dropping - !priv->vif\n");
    > - goto drop_unlock;
    > - }
    > -
    > if ((ieee80211_get_tx_rate(priv->hw, info)->hw_value & 0xFF) ==
    > IWL_INVALID_RATE) {
    > IWL_ERROR("ERROR: No TX rate available.\n");
    > @@ -810,9 +805,11 @@ int iwl_tx_skb(struct iwl_priv *priv, struct sk_buff *skb)
    >
    > /* drop all data frame if we are not associated */
    > if (ieee80211_is_data(fc) &&
    > - (!iwl_is_associated(priv) ||
    > - ((priv->iw_mode == IEEE80211_IF_TYPE_STA) && !priv->assoc_id) ||
    > - !priv->assoc_station_added)) {
    > + (priv->iw_mode != IEEE80211_IF_TYPE_MNTR ||
    > + !(info->flags & IEEE80211_TX_CTL_INJECTED)) && /* packet injection */
    > + (!iwl_is_associated(priv) ||
    > + ((priv->iw_mode == IEEE80211_IF_TYPE_STA) && !priv->assoc_id) ||
    > + !priv->assoc_station_added)) {
    > IWL_DEBUG_DROP("Dropping - !iwl_is_associated\n");
    > goto drop_unlock;
    > }
    > @@ -822,7 +819,10 @@ int iwl_tx_skb(struct iwl_priv *priv, struct sk_buff *skb)
    > hdr_len = ieee80211_get_hdrlen(le16_to_cpu(fc));
    >
    > /* Find (or create) index into station table for destination station */
    > - sta_id = iwl_get_sta_id(priv, hdr);
    > + if (info->flags & IEEE80211_TX_CTL_INJECTED)
    > + sta_id = priv->hw_params.bcast_sta_id;
    > + else
    > + sta_id = iwl_get_sta_id(priv, hdr);
    > if (sta_id == IWL_INVALID_STATION) {
    > DECLARE_MAC_BUF(mac);
    >
    > diff --git a/drivers/net/wireless/iwlwifi/iwl4965-base.c
    > b/drivers/net/wireless/iwlwifi/iwl4965-base.c
    > index 60b7a64..380cc38 100644
    > --- a/drivers/net/wireless/iwlwifi/iwl4965-base.c
    > +++ b/drivers/net/wireless/iwlwifi/iwl4965-base.c
    > @@ -2680,12 +2680,6 @@ static int iwl4965_mac_tx(struct ieee80211_hw
    > *hw, struct sk_buff *skb)
    >
    > IWL_DEBUG_MAC80211("enter\n");
    >
    > - if (priv->iw_mode == IEEE80211_IF_TYPE_MNTR) {
    > - IWL_DEBUG_MAC80211("leave - monitor\n");
    > - dev_kfree_skb_any(skb);
    > - return 0;
    > - }
    > -
    > IWL_DEBUG_TX("dev->xmit(%d bytes) at rate 0x%02x\n", skb->len,
    > ieee80211_get_tx_rate(hw, IEEE80211_SKB_CB(skb))->bitrate);
    >


    What is the status of this patch? Did it get lost? Was it rejected? I
    didn't get any answer on it, and I can't see it in iwlwifi-2.6.git or
    wireless-testing.git.

    --
    Vista: [V]iruses, [I]ntruders, [S]pyware, [T]rojans and [A]dware. :-)
    --
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

  3. Re: [PATCH] iwlwifi: Enable packet injection for iwl4965

    On Tue, 2008-07-22 at 13:54 +0200, Stefanik Gábor wrote:

    > What is the status of this patch? Did it get lost? Was it rejected? I
    > didn't get any answer on it, and I can't see it in iwlwifi-2.6.git or
    > wireless-testing.git.


    It's OLS. Wait a week

    johannes

    -----BEGIN PGP SIGNATURE-----
    Comment: Johannes Berg (powerbook)

    iQIcBAABAgAGBQJIhdOVAAoJEKVg1VMiehFYcOgP/0a/xjjGfIh77YL/qdHeeHiU
    4f8Cxd+zWjz5ZOzHAOJkI0k6j7uF3cxVAnLmh/K/dxIzCuBtv05slImZC0NDYazF
    h+jHX2RKgYf32fJ1m3aXqlRFIV+glHq8mhJE61In1hwliJpp6U 5fno+9ooxplP96
    GrVytYXHSGj333sSqkEf1MyLp/3Jp8dAqizWrSkKY4zZH/8uZkGDkyJOkVk0eVId
    Jpk1ajRBaWqjeXK0O4E5kwOS+4U91JjKRiOC0owdMBQBPPTFiQ A3zkrYUPUvCPmh
    a1NtVU14o9NCoeJpzUTHMqLzrbRT8/lwSrqQbWGBHJOGVTw2ist9vkFV3dypQjZh
    V22yZo4yHMVEj1DSnaIPa0LtTSkH2w7L7ggm/XWRstbxw5B6fd7pP4HEDp60LYji
    vqDfS5/LZXzFkXgAqvvUzCkMxcxtpYKWAUkALrJZEykdvXZwN1DJhkEMm EBySyZM
    MhQh6hSprxvwyIpeOZDkL7cldZ+qYikwm6JrtqpVEFm3/ZguIN/QX3d9RNCLsscB
    4ae9Qemo2NtJKybnvCO9oVRaBsJu1zBidQtQBcEpNnhjOFXVj8 XhUazuMar0NcTV
    pbFDEfFD9b90jPpylmDkAkU4MCsOwiRVQAfho/1BvhD2ideO+7Vu5pqZ000w3pvw
    +kT47R4xsFvv1wxBwmMm
    =iIK7
    -----END PGP SIGNATURE-----


  4. Re: [ipw3945-devel] [PATCH] iwlwifi: Enable packet injection for iwl4965

    Stefanik Gábor wrote:
    > What is the status of this patch? Did it get lost? Was it rejected? I
    > didn't get any answer on it, and I can't see it in iwlwifi-2.6.git or
    > wireless-testing.git.


    Actually it is at least in linux-next since 30th of June as of commit
    914233d68f07d5d9c22630cd5a84fdfd98f39da2.

    Cheers, Johannes
    --
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

  5. Re: [ipw3945-devel] [PATCH] iwlwifi: Enable packet injection for iwl4965

    Johannes Engel a écrit :
    > Stefanik Gábor wrote:
    >> What is the status of this patch? Did it get lost? Was it rejected? I
    >> didn't get any answer on it, and I can't see it in iwlwifi-2.6.git or
    >> wireless-testing.git.

    >
    > Actually it is at least in linux-next since 30th of June as of commit
    > 914233d68f07d5d9c22630cd5a84fdfd98f39da2.


    I beg your pardon, but this commit is for iwl3945, not iwl4965.
    The patch for iwl4965 is currently not in any git tree.

    Stephane.

    --
    /// Stephane Jourdois /"\ ASCII RIBBON CAMPAIGN \\\
    ((( Consultant securite \ / AGAINST HTML MAIL )))
    \\\ 157 Bd Davout X ///
    \\\ 75020 Paris / \ +33 6 8643 3085 ///
    --
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

  6. Re: [ipw3945-devel] [PATCH] iwlwifi: Enable packet injection for iwl4965

    On Tue, 2008-07-22 at 20:13 +0200, St¨¦phane Jourdois wrote:
    > but this commit is for iwl3945, not iwl4965.
    > The patch for iwl4965 is currently not in any git tree.


    We are waiting for more "confirmed success" response before merging it.

    Thanks,
    -yi

    --
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

  7. Re: [ipw3945-devel] [PATCH] iwlwifi: Enable packet injection for iwl4965

    2008/7/25 Zhu Yi :
    > On Tue, 2008-07-22 at 20:13 +0200, Stéphane Jourdois wrote:
    >> but this commit is for iwl3945, not iwl4965.
    >> The patch for iwl4965 is currently not in any git tree.

    >
    > We are waiting for more "confirmed success" response before merging it.
    >
    > Thanks,
    > -yi


    I think we now have a lot of "confirmed success", as aircrack-ng users
    are now using this card with aireplay-ng - injecting association
    frames is unstable, but injecting data packets works.

    --
    Vista: [V]iruses, [I]ntruders, [S]pyware, [T]rojans and [A]dware. :-)
    --
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

  8. Re: [ipw3945-devel] [PATCH] iwlwifi: Enable packet injection for iwl4965

    If this is the right place to do it, i would like to confirm that i
    have had success injecting data packets with the stated patchto the
    iwl4965 driver.

    On Fri, Jul 25, 2008 at 5:49 PM, Stefanik Gábor wrote:
    > 2008/7/25 Zhu Yi :
    >> On Tue, 2008-07-22 at 20:13 +0200, Stéphane Jourdois wrote:
    >>> but this commit is for iwl3945, not iwl4965.
    >>> The patch for iwl4965 is currently not in any git tree.

    >>
    >> We are waiting for more "confirmed success" response before merging it.
    >>
    >> Thanks,
    >> -yi

    >
    > I think we now have a lot of "confirmed success", as aircrack-ng users
    > are now using this card with aireplay-ng - injecting association
    > frames is unstable, but injecting data packets works.
    >
    > --
    > Vista: [V]iruses, [I]ntruders, [S]pyware, [T]rojans and [A]dware. :-)
    >
    > -------------------------------------------------------------------------
    > This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
    > Build the coolest Linux based applications with Moblin SDK & win great prizes
    > Grand prize is a trip for two to an Open Source event anywhere in the world
    > http://moblin-contest.org/redirect.p...r_id=100&url=/
    > _______________________________________________
    > Ipw3945-devel mailing list
    > Ipw3945-devel@lists.sourceforge.net
    > https://lists.sourceforge.net/lists/.../ipw3945-devel
    >

    --
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

  9. Re: [ipw3945-devel] [PATCH] iwlwifi: Enable packet injection for iwl4965

    On Sat, Jul 26, 2008 at 6:30 AM, Junty Mesmon wrote:
    > If this is the right place to do it, i would like to confirm that i
    > have had success injecting data packets with the stated patchto the
    > iwl4965 driver.
    >
    > On Fri, Jul 25, 2008 at 5:49 PM, Stefanik Gábor wrote:
    >> 2008/7/25 Zhu Yi :
    >>> On Tue, 2008-07-22 at 20:13 +0200, Stéphane Jourdois wrote:
    >>>> but this commit is for iwl3945, not iwl4965.
    >>>> The patch for iwl4965 is currently not in any git tree.
    >>>
    >>> We are waiting for more "confirmed success" response before merging it.
    >>>
    >>> Thanks,
    >>> -yi

    >>
    >> I think we now have a lot of "confirmed success", as aircrack-ng users
    >> are now using this card with aireplay-ng - injecting association
    >> frames is unstable, but injecting data packets works.


    That I don't have doubt the question whether it didn't break normal operation.
    Tomas
    --
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

  10. Re: [PATCH] iwlwifi: Enable packet injection for iwl4965

    On Fri, Jul 18, 2008 at 9:05 PM, Stefanik Gábor wrote:
    > @@ -822,7 +819,10 @@ int iwl_tx_skb(struct iwl_priv *priv, struct sk_buff *skb)
    > hdr_len = ieee80211_get_hdrlen(le16_to_cpu(fc));
    >
    > /* Find (or create) index into station table for destination station */
    > - sta_id = iwl_get_sta_id(priv, hdr);
    > + if (info->flags & IEEE80211_TX_CTL_INJECTED)
    > + sta_id = priv->hw_params.bcast_sta_id;
    > + else
    > + sta_id = iwl_get_sta_id(priv, hdr);
    > if (sta_id == IWL_INVALID_STATION) {
    > DECLARE_MAC_BUF(mac);


    Oops... this hunk (last hunk in iwl-tx.c) is unneeded, just ignore it
    (it's a leftover from another patch I have in my tree).

    --
    Vista: [V]iruses, [I]ntruders, [S]pyware, [T]rojans and [A]dware. :-)
    --
    To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
    the body of a message to majordomo@vger.kernel.org
    More majordomo info at http://vger.kernel.org/majordomo-info.html
    Please read the FAQ at http://www.tux.org/lkml/

+ Reply to Thread