Frame Injection in Monitor Mode

Frame Injection in Monitor Mode

[Yeoh Chun-Yeow]

Hi, all

Anyone has tried the frame injection using the standalone monitor mode
on AP firmware.

I have tried this but no luck not working.

-----
Chun-Yeow

_______________________________________________
ath10k mailing list
ath10k@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/ath10k

Re: Frame Injection in Monitor Mode

[Michal Kazior]

On 1 July 2014 09:17, Yeoh Chun-Yeow <yeohchunyeow@gmail.com> wrote:
> Hi, all
>
> Anyone has tried the frame injection using the standalone monitor mode
> on AP firmware.
>
> I have tried this but no luck not working.

I played with this a little a while ago.

Raw tx on 10.1.467 is broken. It needs htt tx command to be modified
to send a fixed up msdu len (msdu->len -
ieee80211_hdrlen(hdr->frame_control) + sizeof(struct ethhdr) if my
memory serves right) however firmware crashes on null dereference as
soon as the frame completion is handled.

I haven't tried this with CT firmware from Ben - maybe you should give it a try?


Michał

_______________________________________________
ath10k mailing list
ath10k@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/ath10k

Re: Frame Injection in Monitor Mode

[Yeoh Chun-Yeow]

On Tue, Jul 1, 2014 at 3:29 PM, Michal Kazior <michal.kazior@tieto.com> wrote:
> On 1 July 2014 09:17, Yeoh Chun-Yeow <yeohchunyeow@gmail.com> wrote:
>> Hi, all
>>
>> Anyone has tried the frame injection using the standalone monitor mode
>> on AP firmware.
>>
>> I have tried this but no luck not working.
>
> I played with this a little a while ago.
>
> Raw tx on 10.1.467 is broken. It needs htt tx command to be modified
> to send a fixed up msdu len (msdu->len -
> ieee80211_hdrlen(hdr->frame_control) + sizeof(struct ethhdr) if my

So with this msdu->len, it means that there is no 802.11 MAC header in
the frame submission for transmission, and only Ethernet header. So
the transmit mode is ATH10K_HW_TXRX_ETHERNET, am I right?

Please advice. Thanks

Regards,
Chun-Yeow

_______________________________________________
ath10k mailing list
ath10k@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/ath10k

Re: Frame Injection in Monitor Mode

[Michal Kazior]

On 1 July 2014 10:04, Yeoh Chun-Yeow <yeohchunyeow@gmail.com> wrote:
> On Tue, Jul 1, 2014 at 3:29 PM, Michal Kazior <michal.kazior@tieto.com> wrote:
>> On 1 July 2014 09:17, Yeoh Chun-Yeow <yeohchunyeow@gmail.com> wrote:
>>> Hi, all
>>>
>>> Anyone has tried the frame injection using the standalone monitor mode
>>> on AP firmware.
>>>
>>> I have tried this but no luck not working.
>>
>> I played with this a little a while ago.
>>
>> Raw tx on 10.1.467 is broken. It needs htt tx command to be modified
>> to send a fixed up msdu len (msdu->len -
>> ieee80211_hdrlen(hdr->frame_control) + sizeof(struct ethhdr) if my
>
> So with this msdu->len, it means that there is no 802.11 MAC header in
> the frame submission for transmission, and only Ethernet header. So
> the transmit mode is ATH10K_HW_TXRX_ETHERNET, am I right?

This calculation is necessary for TXRX_RAW actually. There seems to be
a bug in fw and this tricks it to send the raw frame correctly.


Michał

_______________________________________________
ath10k mailing list
ath10k@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/ath10k

Re: Frame Injection in Monitor Mode

[Yeoh Chun-Yeow]

I have tried to set the following:

flags0 |= SM(ATH10K_HW_TXRX_RAW, HTT_DATA_TX_DESC_FLAGS0_PKT_TYPE);

But both AP and CT firmware crashed.

----
Chun-Yeow

On Tue, Jul 1, 2014 at 4:47 PM, Michal Kazior <michal.kazior@tieto.com> wrote:
> On 1 July 2014 10:04, Yeoh Chun-Yeow <yeohchunyeow@gmail.com> wrote:
>> On Tue, Jul 1, 2014 at 3:29 PM, Michal Kazior <michal.kazior@tieto.com> wrote:
>>> On 1 July 2014 09:17, Yeoh Chun-Yeow <yeohchunyeow@gmail.com> wrote:
>>>> Hi, all
>>>>
>>>> Anyone has tried the frame injection using the standalone monitor mode
>>>> on AP firmware.
>>>>
>>>> I have tried this but no luck not working.
>>>
>>> I played with this a little a while ago.
>>>
>>> Raw tx on 10.1.467 is broken. It needs htt tx command to be modified
>>> to send a fixed up msdu len (msdu->len -
>>> ieee80211_hdrlen(hdr->frame_control) + sizeof(struct ethhdr) if my
>>
>> So with this msdu->len, it means that there is no 802.11 MAC header in
>> the frame submission for transmission, and only Ethernet header. So
>> the transmit mode is ATH10K_HW_TXRX_ETHERNET, am I right?
>
> This calculation is necessary for TXRX_RAW actually. There seems to be
> a bug in fw and this tricks it to send the raw frame correctly.
>
>
> Michał

_______________________________________________
ath10k mailing list
ath10k@lists.infradead.org
http://lists.infradead.org/mailman/listinfo/ath10k