On Tue, May 20, 2008 at 6:18 PM, Tomas Winkler <tomasw@xxxxxxxxx> wrote:
> On Wed, May 21, 2008 at 12:51 AM, Stefanik Gábor
> <netrolller.3d@xxxxxxxxx> wrote:
>> On Tue, May 20, 2008 at 5:41 PM, Tomas Winkler <tomasw@xxxxxxxxx> wrote:
>>>
>>> This is certainly no go for 4965. Station must be present in uCode
>>> table. Maybe this work for monitor mode but there is a race in regular
>>> cases, when sta_id != broadcast id at least priv->assoc_station_added
>>> == 1 has to be true. Have you tested it with 4965 ?
>>>
>>> I suggest to proceed with 3945 part only of this patch.
>>>
>>> Tomas
>>
>> Which change does this comment apply to? The "IWL_DEBUG_DROP("Dropping
>> - !priv->vif\n");" one? Or the "drop all data frame if we are not
>> associated" one? Also, doesn't the "if (sta_id ==
>> IWL_INVALID_STATION)" part protect against such cases? Also, what
>> happens if we simply pass broadcast in such a case?
>>
> The station can be in driver data structure but it's not guaranties
> it's also in the uCode. It will
> return correct station id but the table in uCode will be empty.
> Retuning to new channel clears the station table in the uCode so it
> must to be reapplied also you must have applied rate command (LQ).
> Simply currently there is a window big enough for a race. It can be
> solved but there is more coding than this patch.
>
> Thanks
> Tomas
>> --
>> Vista: [V]iruses, [I]ntruders, [S]pyware, [T]rojans and [A]dware. :-)
>>
>
Hmm... wouldn't this patch fix the issue? It limits the condition list
of dropping data packets to just !priv->assoc_station_added. I don't
know if iwl4965 injection still works with this patch though, but I
suspect it does.
---
diff -rp -U 8 compat-wireless-2008-05-20.orig/drivers/net/wireless/iwlwifi/iwl3945-base.c
compat-wireless-2008-05-20/drivers/net/wireless/iwlwifi/iwl3945-base.c
--- compat-wireless-2008-05-20.orig/drivers/net/wireless/iwlwifi/iwl3945-base.c 2008-05-20
05:05:29.000000000 -0400
+++ compat-wireless-2008-05-20/drivers/net/wireless/iwlwifi/iwl3945-base.c 2008-05-20
11:31:15.513173847 -0400
@@ -2542,16 +2542,19 @@ static int iwl3945_get_sta_id(struct iwl
return sta_id;
IWL_DEBUG_DROP("Station %s not in station map. "
"Defaulting to broadcast...\n",
print_mac(mac, hdr->addr1));
iwl3945_print_hex_dump(IWL_DL_DROP, (u8 *) hdr, sizeof(*hdr));
return priv->hw_setting.bcast_sta_id;
}
+ /* If we are in monitor mode, use BCAST */
+ case IEEE80211_IF_TYPE_MNTR:
+ return priv->hw_setting.bcast_sta_id;
default:
IWL_WARNING("Unknown mode of operation: %d", priv->iw_mode);
return priv->hw_setting.bcast_sta_id;
}
}
/*
* start REPLY_TX command process
@@ -2579,21 +2582,16 @@ static int iwl3945_tx_skb(struct iwl3945
int rc;
spin_lock_irqsave(&priv->lock, flags);
if (iwl3945_is_rfkill(priv)) {
IWL_DEBUG_DROP("Dropping - RF KILL\n");
goto drop_unlock;
}
- if (!priv->vif) {
- IWL_DEBUG_DROP("Dropping - !priv->vif\n");
- goto drop_unlock;
- }
-
if ((ctl->tx_rate->hw_value & 0xFF) == IWL_INVALID_RATE) {
IWL_ERROR("ERROR: No TX rate available.\n");
goto drop_unlock;
}
unicast = !is_multicast_ether_addr(hdr->addr1);
id = 0;
@@ -2603,24 +2601,16 @@ static int iwl3945_tx_skb(struct iwl3945
if (ieee80211_is_auth(fc))
IWL_DEBUG_TX("Sending AUTH frame\n");
else if (ieee80211_is_assoc_request(fc))
IWL_DEBUG_TX("Sending ASSOC frame\n");
else if (ieee80211_is_reassoc_request(fc))
IWL_DEBUG_TX("Sending REASSOC frame\n");
#endif
- /* drop all data frame if we are not associated */
- if ((!iwl3945_is_associated(priv) ||
- ((priv->iw_mode == IEEE80211_IF_TYPE_STA) && !priv->assoc_id)) &&
- ((fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA)) {
- IWL_DEBUG_DROP("Dropping - !iwl3945_is_associated\n");
- goto drop_unlock;
- }
-
spin_unlock_irqrestore(&priv->lock, flags);
hdr_len = ieee80211_get_hdrlen(fc);
/* Find (or create) index into station table for destination station */
sta_id = iwl3945_get_sta_id(priv, hdr);
if (sta_id == IWL_INVALID_STATION) {
DECLARE_MAC_BUF(mac);
@@ -6692,21 +6682,16 @@ static void iwl3945_mac_stop(struct ieee
static int iwl3945_mac_tx(struct ieee80211_hw *hw, struct sk_buff *skb,
struct ieee80211_tx_control *ctl)
{
struct iwl3945_priv *priv = hw->priv;
IWL_DEBUG_MAC80211("enter\n");
- if (priv->iw_mode == IEEE80211_IF_TYPE_MNTR) {
- IWL_DEBUG_MAC80211("leave - monitor\n");
- return -1;
- }
-
IWL_DEBUG_TX("dev->xmit(%d bytes) at rate 0x%02x\n", skb->len,
ctl->tx_rate->bitrate);
if (iwl3945_tx_skb(priv, skb, ctl))
dev_kfree_skb_any(skb);
IWL_DEBUG_MAC80211("leave\n");
return 0;
diff -rp -U 8 compat-wireless-2008-05-20.orig/drivers/net/wireless/iwlwifi/iwl4965-base.c
compat-wireless-2008-05-20/drivers/net/wireless/iwlwifi/iwl4965-base.c
--- compat-wireless-2008-05-20.orig/drivers/net/wireless/iwlwifi/iwl4965-base.c 2008-05-20
05:05:29.000000000 -0400
+++ compat-wireless-2008-05-20/drivers/net/wireless/iwlwifi/iwl4965-base.c 2008-05-20
18:18:58.399897940 -0400
@@ -1746,16 +1746,19 @@ static int iwl4965_get_sta_id(struct iwl
return sta_id;
IWL_DEBUG_DROP("Station %s not in station map. "
"Defaulting to broadcast...\n",
print_mac(mac, hdr->addr1));
iwl_print_hex_dump(priv, IWL_DL_DROP, (u8 *) hdr, sizeof(*hdr));
return priv->hw_params.bcast_sta_id;
+ /* If we are in monitor mode, use BCAST */
+ case IEEE80211_IF_TYPE_MNTR:
+ return priv->hw_params.bcast_sta_id;
default:
IWL_WARNING("Unknown mode of operation: %d", priv->iw_mode);
return priv->hw_params.bcast_sta_id;
}
}
/*
* start REPLY_TX command process
@@ -1784,21 +1787,16 @@ static int iwl4965_tx_skb(struct iwl_pri
int rc;
spin_lock_irqsave(&priv->lock, flags);
if (iwl_is_rfkill(priv)) {
IWL_DEBUG_DROP("Dropping - RF KILL\n");
goto drop_unlock;
}
- if (!priv->vif) {
- IWL_DEBUG_DROP("Dropping - !priv->vif\n");
- goto drop_unlock;
- }
-
if ((ctl->tx_rate->hw_value & 0xFF) == IWL_INVALID_RATE) {
IWL_ERROR("ERROR: No TX rate available.\n");
goto drop_unlock;
}
unicast = !is_multicast_ether_addr(hdr->addr1);
id = 0;
@@ -1808,22 +1806,20 @@ static int iwl4965_tx_skb(struct iwl_pri
if (ieee80211_is_auth(fc))
IWL_DEBUG_TX("Sending AUTH frame\n");
else if (ieee80211_is_assoc_request(fc))
IWL_DEBUG_TX("Sending ASSOC frame\n");
else if (ieee80211_is_reassoc_request(fc))
IWL_DEBUG_TX("Sending REASSOC frame\n");
#endif
- /* drop all data frame if we are not associated */
+ /* drop all data frame if !priv->assoc_station_added */
if (((fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA) &&
- (!iwl_is_associated(priv) ||
- ((priv->iw_mode == IEEE80211_IF_TYPE_STA) && !priv->assoc_id) ||
- !priv->assoc_station_added)) {
- IWL_DEBUG_DROP("Dropping - !iwl_is_associated\n");
+ !priv->assoc_station_added) {
+ IWL_DEBUG_DROP("Dropping - !priv->assoc_station_added\n");
goto drop_unlock;
}
spin_unlock_irqrestore(&priv->lock, flags);
hdr_len = ieee80211_get_hdrlen(fc);
/* Find (or create) index into station table for destination station */
@@ -5110,21 +5106,16 @@ static void iwl4965_mac_stop(struct ieee
static int iwl4965_mac_tx(struct ieee80211_hw *hw, struct sk_buff *skb,
struct ieee80211_tx_control *ctl)
{
struct iwl_priv *priv = hw->priv;
IWL_DEBUG_MAC80211("enter\n");
- if (priv->iw_mode == IEEE80211_IF_TYPE_MNTR) {
- IWL_DEBUG_MAC80211("leave - monitor\n");
- return -1;
- }
-
IWL_DEBUG_TX("dev->xmit(%d bytes) at rate 0x%02x\n", skb->len,
ctl->tx_rate->bitrate);
if (iwl4965_tx_skb(priv, skb, ctl))
dev_kfree_skb_any(skb);
IWL_DEBUG_MAC80211("leave\n");
return 0;
diff -rp -U 8 compat-wireless-2008-05-20.orig/drivers/net/wireless/iwlwifi/iwl3945-base.c compat-wireless-2008-05-20/drivers/net/wireless/iwlwifi/iwl3945-base.c
--- compat-wireless-2008-05-20.orig/drivers/net/wireless/iwlwifi/iwl3945-base.c 2008-05-20 05:05:29.000000000 -0400
+++ compat-wireless-2008-05-20/drivers/net/wireless/iwlwifi/iwl3945-base.c 2008-05-20 11:31:15.513173847 -0400
@@ -2542,16 +2542,19 @@ static int iwl3945_get_sta_id(struct iwl
return sta_id;
IWL_DEBUG_DROP("Station %s not in station map. "
"Defaulting to broadcast...\n",
print_mac(mac, hdr->addr1));
iwl3945_print_hex_dump(IWL_DL_DROP, (u8 *) hdr, sizeof(*hdr));
return priv->hw_setting.bcast_sta_id;
}
+ /* If we are in monitor mode, use BCAST */
+ case IEEE80211_IF_TYPE_MNTR:
+ return priv->hw_setting.bcast_sta_id;
default:
IWL_WARNING("Unknown mode of operation: %d", priv->iw_mode);
return priv->hw_setting.bcast_sta_id;
}
}
/*
* start REPLY_TX command process
@@ -2579,21 +2582,16 @@ static int iwl3945_tx_skb(struct iwl3945
int rc;
spin_lock_irqsave(&priv->lock, flags);
if (iwl3945_is_rfkill(priv)) {
IWL_DEBUG_DROP("Dropping - RF KILL\n");
goto drop_unlock;
}
- if (!priv->vif) {
- IWL_DEBUG_DROP("Dropping - !priv->vif\n");
- goto drop_unlock;
- }
-
if ((ctl->tx_rate->hw_value & 0xFF) == IWL_INVALID_RATE) {
IWL_ERROR("ERROR: No TX rate available.\n");
goto drop_unlock;
}
unicast = !is_multicast_ether_addr(hdr->addr1);
id = 0;
@@ -2603,24 +2601,16 @@ static int iwl3945_tx_skb(struct iwl3945
if (ieee80211_is_auth(fc))
IWL_DEBUG_TX("Sending AUTH frame\n");
else if (ieee80211_is_assoc_request(fc))
IWL_DEBUG_TX("Sending ASSOC frame\n");
else if (ieee80211_is_reassoc_request(fc))
IWL_DEBUG_TX("Sending REASSOC frame\n");
#endif
- /* drop all data frame if we are not associated */
- if ((!iwl3945_is_associated(priv) ||
- ((priv->iw_mode == IEEE80211_IF_TYPE_STA) && !priv->assoc_id)) &&
- ((fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA)) {
- IWL_DEBUG_DROP("Dropping - !iwl3945_is_associated\n");
- goto drop_unlock;
- }
-
spin_unlock_irqrestore(&priv->lock, flags);
hdr_len = ieee80211_get_hdrlen(fc);
/* Find (or create) index into station table for destination station */
sta_id = iwl3945_get_sta_id(priv, hdr);
if (sta_id == IWL_INVALID_STATION) {
DECLARE_MAC_BUF(mac);
@@ -6692,21 +6682,16 @@ static void iwl3945_mac_stop(struct ieee
static int iwl3945_mac_tx(struct ieee80211_hw *hw, struct sk_buff *skb,
struct ieee80211_tx_control *ctl)
{
struct iwl3945_priv *priv = hw->priv;
IWL_DEBUG_MAC80211("enter\n");
- if (priv->iw_mode == IEEE80211_IF_TYPE_MNTR) {
- IWL_DEBUG_MAC80211("leave - monitor\n");
- return -1;
- }
-
IWL_DEBUG_TX("dev->xmit(%d bytes) at rate 0x%02x\n", skb->len,
ctl->tx_rate->bitrate);
if (iwl3945_tx_skb(priv, skb, ctl))
dev_kfree_skb_any(skb);
IWL_DEBUG_MAC80211("leave\n");
return 0;
diff -rp -U 8 compat-wireless-2008-05-20.orig/drivers/net/wireless/iwlwifi/iwl4965-base.c compat-wireless-2008-05-20/drivers/net/wireless/iwlwifi/iwl4965-base.c
--- compat-wireless-2008-05-20.orig/drivers/net/wireless/iwlwifi/iwl4965-base.c 2008-05-20 05:05:29.000000000 -0400
+++ compat-wireless-2008-05-20/drivers/net/wireless/iwlwifi/iwl4965-base.c 2008-05-20 18:18:58.399897940 -0400
@@ -1746,16 +1746,19 @@ static int iwl4965_get_sta_id(struct iwl
return sta_id;
IWL_DEBUG_DROP("Station %s not in station map. "
"Defaulting to broadcast...\n",
print_mac(mac, hdr->addr1));
iwl_print_hex_dump(priv, IWL_DL_DROP, (u8 *) hdr, sizeof(*hdr));
return priv->hw_params.bcast_sta_id;
+ /* If we are in monitor mode, use BCAST */
+ case IEEE80211_IF_TYPE_MNTR:
+ return priv->hw_params.bcast_sta_id;
default:
IWL_WARNING("Unknown mode of operation: %d", priv->iw_mode);
return priv->hw_params.bcast_sta_id;
}
}
/*
* start REPLY_TX command process
@@ -1784,21 +1787,16 @@ static int iwl4965_tx_skb(struct iwl_pri
int rc;
spin_lock_irqsave(&priv->lock, flags);
if (iwl_is_rfkill(priv)) {
IWL_DEBUG_DROP("Dropping - RF KILL\n");
goto drop_unlock;
}
- if (!priv->vif) {
- IWL_DEBUG_DROP("Dropping - !priv->vif\n");
- goto drop_unlock;
- }
-
if ((ctl->tx_rate->hw_value & 0xFF) == IWL_INVALID_RATE) {
IWL_ERROR("ERROR: No TX rate available.\n");
goto drop_unlock;
}
unicast = !is_multicast_ether_addr(hdr->addr1);
id = 0;
@@ -1808,22 +1806,20 @@ static int iwl4965_tx_skb(struct iwl_pri
if (ieee80211_is_auth(fc))
IWL_DEBUG_TX("Sending AUTH frame\n");
else if (ieee80211_is_assoc_request(fc))
IWL_DEBUG_TX("Sending ASSOC frame\n");
else if (ieee80211_is_reassoc_request(fc))
IWL_DEBUG_TX("Sending REASSOC frame\n");
#endif
- /* drop all data frame if we are not associated */
+ /* drop all data frame if !priv->assoc_station_added */
if (((fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA) &&
- (!iwl_is_associated(priv) ||
- ((priv->iw_mode == IEEE80211_IF_TYPE_STA) && !priv->assoc_id) ||
- !priv->assoc_station_added)) {
- IWL_DEBUG_DROP("Dropping - !iwl_is_associated\n");
+ !priv->assoc_station_added) {
+ IWL_DEBUG_DROP("Dropping - !priv->assoc_station_added\n");
goto drop_unlock;
}
spin_unlock_irqrestore(&priv->lock, flags);
hdr_len = ieee80211_get_hdrlen(fc);
/* Find (or create) index into station table for destination station */
@@ -5110,21 +5106,16 @@ static void iwl4965_mac_stop(struct ieee
static int iwl4965_mac_tx(struct ieee80211_hw *hw, struct sk_buff *skb,
struct ieee80211_tx_control *ctl)
{
struct iwl_priv *priv = hw->priv;
IWL_DEBUG_MAC80211("enter\n");
- if (priv->iw_mode == IEEE80211_IF_TYPE_MNTR) {
- IWL_DEBUG_MAC80211("leave - monitor\n");
- return -1;
- }
-
IWL_DEBUG_TX("dev->xmit(%d bytes) at rate 0x%02x\n", skb->len,
ctl->tx_rate->bitrate);
if (iwl4965_tx_skb(priv, skb, ctl))
dev_kfree_skb_any(skb);
IWL_DEBUG_MAC80211("leave\n");
return 0;
