I know what most are going to think, but I can assure you there are valid and
ethicaly correct reasons to custom forge packets and transmit them. I would
rather not disclose my idea since it is not fully developed. However, I have
recently been trying to develop it on my laptop which has a "Broadcom
Corporation BCM4318 [AirForce One 54g] 802.11g Wireless LAN Controller (rev
02)". I have "linux-2.6.18-gentoo-r2" kernel compiled using the "bcm43xx"
driver as a module. I have modified the "bcm43xx_main.c" to include a machanism
to accept raw packets and then transmit them using:static ssize_t
bcm43xx_inject_nofcs(struct device *dev,
struct device_attribute *attr, const char
*buf, size_t cnt){ struct
bcm43xx_private *bcm = dev_to_bcm(dev); struct ieee80211_txb *faketxb;
struct sk_buff *skb; unsigned long flags; int err;
printk("injection packet size is %u\n",cnt); faketxb =
kzalloc(sizeof(struct ieee80211_txb) + sizeof(void *), GFP_KERNEL); if
(!faketxb) return -ENOMEM; faketxb->nr_frags = 1;
faketxb->frag_size = cnt; faketxb->payload_size = cnt; skb =
__dev_alloc_skb(cnt + bcm->ieee->tx_headroom, GFP_KERNEL); if (!skb) {
kfree(faketxb); return -ENOMEM; }
skb_reserve(skb, bcm->ieee->tx_headroom); memcpy(skb_put(skb, cnt), buf,
cnt); faketxb->fragments[0] = skb; /* tried inserting mutex and irq
locks, and even caling a function which I know little about "softmac_stop" to
see if it helped the problem. */ mutex_lock(&(bcm)->mutex);
spin_lock_irqsave(&bcm->irq_lock, flags); err = -ENODEV;
//ieee80211softmac_stop(bcm->net_dev); //bcm43xx_mac_suspend(bcm);
err = bcm43xx_tx(bcm, faketxb); spin_unlock_irqrestore(&bcm->irq_lock,
flags); mutex_unlock(&(bcm)->mutex); if (err) {
dev_kfree_skb(skb); kfree(faketxb); return err;
} return cnt;}The function works great! I could in short time write
all the code to manage a 802.11 network, but somehow the card ends up
transmitting multiple clones of the original packet. It makes seven
transmissions at _most_. It averages around six transmissions, and even under
extrememe load which means me sending as many packets as possible it almost
always get one duplication transmitted. I have checked as much as a could. The
function only gets called once using the "printk" for debug, and the xmitstatus
in the "bcm43xx_dma.c" only gets callled once, but somehow multiple packets get
send. If the operating system can somehow manage to send a single packet the
bug must be in the function code I inserted into the driver.If it is quite
evident what the problem is: I would _prefer_ a hint to the solution. So I
could do a little work for my reward instead of just getting handed the answer.
I really just need some direction at this point as I would rather not try the
scheme of constantly uploading and rebooting my WRT54G trying to perform the
testing. If any of this information seems lacking or confusing I can suppliment.
_________________________________________________________________
All-in-one security and maintenance for your PC. Get a free 90-day trial!
http://www.windowsonecare.com/purchase/trial.aspx?sc_cid=wl_wlmail_______________________________________________
Bcm43xx-dev mailing list
[email protected]
https://lists.berlios.de/mailman/listinfo/bcm43xx-dev
