Jouni Malinen wrote:
On Mon, Mar 05, 2007 at 12:34:07PM +0100, Johannes Berg wrote:
But if you want to do injection over monitor interfaces we'll need to
have the stupid mgmt interface hack around forever for the userspace
MLME so it can receive only management traffic (even the non-promisc
monitor iface we should have gets *far* too much traffic for a userspace
MLME)
I'm probably fine with this with Linux socket filter. I haven't verified
this, but I would assume it can match on the 802.11 header frace control
field to select only management frames. I don't think I would like to
see variable length pseudo-header before the 802.11 header, though, in
this case.. It might be possible to parse that in the filter byte code,
but it would certainly be easier if the filter code can just refer to
the beginning of the 802.11 header.
It has been too long since I last used LSF and I think it was only for
matching things in the IP header, so I don't remember what exactly can
be matched in the headers before the IP headert and how easy this would
be in case of monitoring headers. Before throughing away the management
interface, someone would need to verify that this can indeed be done
reasonably.
libpcap at least allows you to express presumably kernel-side filters like
"radio[0x4a:4]==0x13223344"
which means that the u32 at +0x4a bytes from the radio header (this is
for Prism2) must match the constant.
What I saw earlier when wandering through some related code (ipw3945 or
iwlwifi I think) was that other folks have adopted a hybrid system: they
used variable length radiotap headers alright but padded them to 0x40
bytes length. It's not the most beautiful architectural concept but
since mac80211 will be filling in the monitor side with a canned set of
radiotap elements it is in a position to guarantee no violation of it.
For the injection side variable length incoming radiotap headers are
probably no issue, since there is a length field at a fixed place near
the start of the radiotap stuff and the BPF syntax isn't being applied.
Besides, to userspace, this is almost identical. In both cases it opens
a socket, binds to something (either raw socket bound to netdev or
netlink socket bound to nl80211) and then stuffs frames into that socket
with some fixed header format (for most apps anyway)
Well, almost identical still means a change to the kernel-user space
interface.. Though, I think I would be willing to live with the
consequencies in this case assuming we come up with a solution that is
likely to stick for next several years without incompatible changes.
My guess is that whoever has to work with that management mode ioctl
forest, with one half of it in userspace or the other half in kernel out
of his control, will jump at the chance to replace it with a nice clean
reliable packet injection mechanism where if the driver only honours the
injection parameters, the usermode guy is in control of the whole
association protocol "soup to nuts" and can monitor everything from
tcpdump too.
-Andy
-
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
