Hi Michael,
I think a lof of people will be happy with this patch. Is it because the
netdev guys have not released a kind of "injection stack" that you don't want
to make this patch go upstream, or because it implies a lot of possible
hackings with this patch enabled ?
Thanks in advance for your answer.
Le Samedi 24 Juin 2006 23:31, Michael Buesch a écrit :
> This is a quick and dirty hack to inject packets into
> the bcm43xx driver.
> Note that the driver won't let you send every kind
> of data blob. The packet must:
> * be preferrably valid. I don't know to which extend the
> card supports invalid packets.
> * _not_ have a FCS at the end. (important)
>
> To inject packets, write them to sysfs device
> attribute "inject_nofcs". use find(1) to find it ;)
> Only root is permitted to inject packets.
>
> Note that fragmentation is not supported with this hack.
> The packet must include a full wireless header, payload
> and _NO_ FCS at the end. If your template has an FCS, simply
> strip the last 4 byte.
>
> This is a hack and it won't go upstream.
> If you are interrested in a real implementation of
> packet injection, talk to the 802.11 stack guys on netdev list.
>
>
> --
>
> Index: wireless-dev/drivers/net/wireless/bcm43xx/bcm43xx_main.c
> ===================================================================
> ---
> wireless-dev.orig/drivers/net/wireless/bcm43xx/bcm43xx_main.c 2006-06-24
> 22:07:55.000000000 +0200 +++
> wireless-dev/drivers/net/wireless/bcm43xx/bcm43xx_main.c 2006-06-24
> 23:11:51.000000000 +0200 @@ -104,6 +104,13 @@
> #endif /* CONFIG_BCM43XX_DEBUG*/
>
>
> +static ssize_t bcm43xx_inject_nofcs(struct device *dev,
> + struct device_attribute *attr,
> + const char *buf,
> + size_t cnt);
> +static DEVICE_ATTR(inject_nofcs, 0200,
> + NULL, bcm43xx_inject_nofcs);
> +
> /* If you want to debug with just a single device, enable this,
> * where the string is the pci device ID (as given by the kernel's
> * pci_name function) of the device to be used.
> @@ -3158,6 +3165,7 @@
> int i, err;
> unsigned long flags;
>
> + device_remove_file(&bcm->pci_dev->dev, &dev_attr_inject_nofcs);
> bcm43xx_sysfs_unregister(bcm);
>
> bcm43xx_periodic_tasks_delete(bcm);
> @@ -3269,6 +3277,7 @@
>
> bcm43xx_periodic_tasks_setup(bcm);
> bcm43xx_sysfs_register(bcm);
> + device_create_file(&bcm->pci_dev->dev, &dev_attr_inject_nofcs);
> //FIXME: check for bcm43xx_sysfs_register failure. This function is a
> bit
> messy regarding unwinding, though...
>
> /*FIXME: This should be handled by softmac instead. */
> @@ -3540,6 +3549,46 @@
> return err;
> }
>
> +static ssize_t bcm43xx_inject_nofcs(struct device *dev,
> + struct device_attribute *attr,
> + const char *buf,
> + size_t cnt)
> +{
> + struct bcm43xx_private *bcm = dev_to_bcm(dev);
> + struct ieee80211_txb *faketxb;
> + struct sk_buff *skb;
> + unsigned long flags;
> + int err;
> +
> + faketxb = kzalloc(sizeof(struct ieee80211_txb) + sizeof(void *),
> GFP_KERNEL); + if (!faketxb)
> + return -ENOMEM;
> + faketxb->nr_frags = 1;
> + faketxb->frag_size = cnt;
> + faketxb->payload_size = cnt;
> + skb = __dev_alloc_skb(cnt + bcm->ieee->tx_headroom, GFP_KERNEL);
> + if (!skb) {
> + kfree(faketxb);
> + return -ENOMEM;
> + }
> + skb_reserve(skb, bcm->ieee->tx_headroom);
> + memcpy(skb_put(skb, cnt), buf, cnt);
> + faketxb->fragments[0] = skb;
> +
> + bcm43xx_lock_mmio(bcm, flags);
> + err = -ENODEV;
> + if (bcm->initialized)
> + err = bcm43xx_tx(bcm, faketxb);
> + bcm43xx_unlock_mmio(bcm, flags);
> + if (err) {
> + dev_kfree_skb(skb);
> + kfree(faketxb);
> + return err;
> + }
> +
> + return cnt;
> +}
> +
> static void bcm43xx_ieee80211_set_chan(struct net_device *net_dev,
> u8 channel)
> {
_______________________________________________
Bcm43xx-dev mailing list
[email protected]
http://lists.berlios.de/mailman/listinfo/bcm43xx-dev
