lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Tue, 22 Jul 2008 13:54:28 +0200
From:	"Stefanik Gábor" <netrolller.3d@...il.com>
To:	"Zhu Yi" <yi.zhu@...el.com>,
	"John W. Linville" <linville@...driver.com>
Cc:	linux-wireless <linux-wireless@...r.kernel.org>,
	linux-kernel@...r.kernel.org,
	ipw3945-devel <ipw3945-devel@...ts.sourceforge.net>,
	"Tomas Winkler" <tomasw@...il.com>,
	"Tomas Winkler" <tomas.winkler@...el.com>,
	"Johannes Berg" <johannes@...solutions.net>,
	"Marco Schuster" <marco@...ddisk.is-a-geek.org>
Subject: Re: [PATCH] iwlwifi: Enable packet injection for iwl4965

On Fri, Jul 18, 2008 at 9:05 PM, Stefanik Gábor <netrolller.3d@...il.com> wrote:
> Handle station IDs of transmitted packets when in monitor mode, and
> remove the various anti-injection checks from the iwl4965 driver.
> This makes injection work on IWL4965 and hopefully IWL50xx. Tested on
> IWL4965 with aircrack-ng, IWL50xx not tested because I don't have
> access to an IWL50xx card.
>
> Note: To inject management frames with this patch, HW crypto support
> must be disabled using the "swcrypto=1" modparam (or "swcrypto50=1"
> for IWL50xx). Otherwise most management frames won't be transmitted.
>
> Signed-off-by: Gábor Stefanik <netrolller.3d@...il.com>
>
> ---
>
> Patch also available as an attachment on this e-mail, as Gmail tends
> to whitespace-damage patches.
>
> diff --git a/drivers/net/wireless/iwlwifi/iwl-sta.c
> b/drivers/net/wireless/iwlwifi/iwl-sta.c
> index 6d1467d..78b1315 100644
> --- a/drivers/net/wireless/iwlwifi/iwl-sta.c
> +++ b/drivers/net/wireless/iwlwifi/iwl-sta.c
> @@ -968,6 +968,11 @@ int iwl_get_sta_id(struct iwl_priv *priv, struct
> ieee80211_hdr *hdr)
>                iwl_print_hex_dump(priv, IWL_DL_DROP, (u8 *) hdr, sizeof(*hdr));
>                return priv->hw_params.bcast_sta_id;
>
> +       /* If we are in monitor mode, use BCAST. This is required for
> +        * packet injection. */
> +       case IEEE80211_IF_TYPE_MNTR:
> +               return priv->hw_params.bcast_sta_id;
> +
>        default:
>                IWL_WARNING("Unknown mode of operation: %d", priv->iw_mode);
>                return priv->hw_params.bcast_sta_id;
> diff --git a/drivers/net/wireless/iwlwifi/iwl-tx.c
> b/drivers/net/wireless/iwlwifi/iwl-tx.c
> index 032641d..55149d4 100644
> --- a/drivers/net/wireless/iwlwifi/iwl-tx.c
> +++ b/drivers/net/wireless/iwlwifi/iwl-tx.c
> @@ -783,11 +783,6 @@ int iwl_tx_skb(struct iwl_priv *priv, struct sk_buff *skb)
>                goto drop_unlock;
>        }
>
> -       if (!priv->vif) {
> -               IWL_DEBUG_DROP("Dropping - !priv->vif\n");
> -               goto drop_unlock;
> -       }
> -
>        if ((ieee80211_get_tx_rate(priv->hw, info)->hw_value & 0xFF) ==
>             IWL_INVALID_RATE) {
>                IWL_ERROR("ERROR: No TX rate available.\n");
> @@ -810,9 +805,11 @@ int iwl_tx_skb(struct iwl_priv *priv, struct sk_buff *skb)
>
>        /* drop all data frame if we are not associated */
>        if (ieee80211_is_data(fc) &&
> -          (!iwl_is_associated(priv) ||
> -           ((priv->iw_mode == IEEE80211_IF_TYPE_STA) && !priv->assoc_id) ||
> -           !priv->assoc_station_added)) {
> +           (priv->iw_mode != IEEE80211_IF_TYPE_MNTR ||
> +           !(info->flags & IEEE80211_TX_CTL_INJECTED)) && /* packet injection */
> +           (!iwl_is_associated(priv) ||
> +            ((priv->iw_mode == IEEE80211_IF_TYPE_STA) && !priv->assoc_id) ||
> +            !priv->assoc_station_added)) {
>                IWL_DEBUG_DROP("Dropping - !iwl_is_associated\n");
>                goto drop_unlock;
>        }
> @@ -822,7 +819,10 @@ int iwl_tx_skb(struct iwl_priv *priv, struct sk_buff *skb)
>        hdr_len = ieee80211_get_hdrlen(le16_to_cpu(fc));
>
>        /* Find (or create) index into station table for destination station */
> -       sta_id = iwl_get_sta_id(priv, hdr);
> +       if (info->flags & IEEE80211_TX_CTL_INJECTED)
> +               sta_id = priv->hw_params.bcast_sta_id;
> +       else
> +               sta_id = iwl_get_sta_id(priv, hdr);
>        if (sta_id == IWL_INVALID_STATION) {
>                DECLARE_MAC_BUF(mac);
>
> diff --git a/drivers/net/wireless/iwlwifi/iwl4965-base.c
> b/drivers/net/wireless/iwlwifi/iwl4965-base.c
> index 60b7a64..380cc38 100644
> --- a/drivers/net/wireless/iwlwifi/iwl4965-base.c
> +++ b/drivers/net/wireless/iwlwifi/iwl4965-base.c
> @@ -2680,12 +2680,6 @@ static int iwl4965_mac_tx(struct ieee80211_hw
> *hw, struct sk_buff *skb)
>
>        IWL_DEBUG_MAC80211("enter\n");
>
> -       if (priv->iw_mode == IEEE80211_IF_TYPE_MNTR) {
> -               IWL_DEBUG_MAC80211("leave - monitor\n");
> -               dev_kfree_skb_any(skb);
> -               return 0;
> -       }
> -
>        IWL_DEBUG_TX("dev->xmit(%d bytes) at rate 0x%02x\n", skb->len,
>                     ieee80211_get_tx_rate(hw, IEEE80211_SKB_CB(skb))->bitrate);
>

What is the status of this patch? Did it get lost? Was it rejected? I
didn't get any answer on it, and I can't see it in iwlwifi-2.6.git or
wireless-testing.git.

-- 
Vista: [V]iruses, [I]ntruders, [S]pyware, [T]rojans and [A]dware. :-)
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ