During easter vacations, I was doing some tests with the aircrack-ng
port posted on this list (well, a port of the latest 1.0-rc3 trivially
updated by me).
I've noticed that performing a deauth attack using aireplay-ng
was causing a kernel panic in net80211/ieee80211_input.c at line
145:
/*
* Retrieve the length in bytes of an 802.11 header.
*/
u_int
ieee80211_get_hdrlen(const struct ieee80211_frame *wh)
{
u_int size = sizeof(*wh);
/* NB: does not work with control frames */
KASSERT(ieee80211_has_seq(wh));
if (ieee80211_has_addr4(wh))
size += IEEE80211_ADDR_LEN; /* i_addr4 */
if (ieee80211_has_qos(wh))
size += sizeof(u_int16_t); /* i_qos */
if (ieee80211_has_htc(wh))
size += sizeof(u_int32_t); /* i_ht */
return size;
}
After commenting out the line
KASSERT(ieee80211_has_seq(wh));
aireplay-ng has been worked ok in all of my tests (I've successfully
cracked the WPA1 psk of my own wireless lan) and I don't see
problems or strange behaviors in normal wireless usage.
Please, could someone explain the need for this KASSERT?
cheers,
david
P.S.: My card is a Ralink RT2790 (ral* at pci?)
On Fri, 13 Mar 2009, Dawe wrote:
> Benoit Lecocq wrote:
> > Matthias Kilian wrote:
> >> Hi,
> >>
> >> On Sat, Mar 07, 2009 at 01:02:24PM +0100, Benoit Lecocq wrote:
> >>> A update port of aircrack-ng 1.0-rc2 done by Stefan Sperling.
> >>> OK with Stefan.
> >> You dropped some patches from stsp@ (and i don't refer to the manpage
> >> bits which have been fixed upstream). For example, something like
> >> patches/patch-src_Makefile and patches/patch-common_mak from earlier
> >> submissions are still required, IMHO.
> >>
> >> Ciao,
> >> Kili
> >>
> >>
> >
> > OK, right. Here is a update.
> >
>
> Successfully tested against a wep network with ural(4) on i386 and amd64.
>
