| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 29 Mar 2018 12:33:59 +0800 From: YIN Wei <yinwei168@...il.com> To: linux-wireless@...r.kernel.org, netdev@...r.kernel.org Subject: how to disable DIFS and Backoff in 802.11 ath9k or ath5k driver Dear All, I am a researcher on 802.11 network security. I am doing a project where the first two stations are communicating and the third station tries to inject an forged 802.11 ACK if the last data frame is lost. The ACK must be arrived to the data sender before the ACK timer expires. Therefore the third station should not wait for a DIFS and a random backoff to send out the ACK. I am using ath9k driver, I found two functions ath9k_hw_set_sifs_time() and ath9k_hw_setslottime() in the Hw.c file in the ath9k directory, which set the SIFS and backoff slot time in the registers.. I search all the ath9k files and found no register is for setting the DIFS. but the DIFS is can be calculated by DIFS = SIFS + 2 * Slot Time. Therefore I thought the wireless chips should calculate DIFS this way. I used to believe that I solved the problem by just setting the two registers. However,when I capture the raw frames using the airdump-ng ( an aircrack-ng module) and found that it takes more than 80 microseconds to appear after the data, which is much longer than the ACK timer out. The ACK timeout is usually 30 microseconds. So the third station is forced by me to send out a forged ACK at around 25 microsecond. Can any one tell me whether I am doing the right way to make the third station not follow the 802.11 backoff. any suggestion would be much appreciated. Thank you. Regards, Wei
Powered by blists - more mailing lists