On Wed, May 21, 2008 at 1:26 AM, Stefanik Gábor <netrolller.3d@xxxxxxxxx> wrote:
> On Tue, May 20, 2008 at 6:18 PM, Tomas Winkler <tomasw@xxxxxxxxx> wrote:
>> On Wed, May 21, 2008 at 12:51 AM, Stefanik Gábor
>> <netrolller.3d@xxxxxxxxx> wrote:
>>> On Tue, May 20, 2008 at 5:41 PM, Tomas Winkler <tomasw@xxxxxxxxx> wrote:
>>>>
>>>> This is certainly no go for 4965. Station must be present in uCode
>>>> table. Maybe this work for monitor mode but there is a race in regular
>>>> cases, when sta_id != broadcast id at least priv->assoc_station_added
>>>> == 1 has to be true. Have you tested it with 4965 ?
>>>>
>>>> I suggest to proceed with 3945 part only of this patch.
>>>>
>>>> Tomas
>>>
>>> Which change does this comment apply to? The "IWL_DEBUG_DROP("Dropping
>>> - !priv->vif\n");" one? Or the "drop all data frame if we are not
>>> associated" one? Also, doesn't the "if (sta_id ==
>>> IWL_INVALID_STATION)" part protect against such cases? Also, what
>>> happens if we simply pass broadcast in such a case?
>>>
>> The station can be in driver data structure but it's not guaranties
>> it's also in the uCode. It will
>> return correct station id but the table in uCode will be empty.
>> Retuning to new channel clears the station table in the uCode so it
>> must to be reapplied also you must have applied rate command (LQ).
>> Simply currently there is a window big enough for a race. It can be
>> solved but there is more coding than this patch.
>>
>> Thanks
>> Tomas
>>> --
>>> Vista: [V]iruses, [I]ntruders, [S]pyware, [T]rojans and [A]dware. :-)
>>>
>>
>
> Hmm... wouldn't this patch fix the issue? It limits the condition list
> of dropping data packets to just !priv->assoc_station_added. I don't
> know if iwl4965 injection still works with this patch though, but I
> suspect it does.
>
> ---
>
> diff -rp -U 8 compat-wireless-2008-05-20.orig/drivers/net/wireless/iwlwifi/iwl3945-base.c
> compat-wireless-2008-05-20/drivers/net/wireless/iwlwifi/iwl3945-base.c
> --- compat-wireless-2008-05-20.orig/drivers/net/wireless/iwlwifi/iwl3945-base.c 2008-05-20
> 05:05:29.000000000 -0400
> +++ compat-wireless-2008-05-20/drivers/net/wireless/iwlwifi/iwl3945-base.c 2008-05-20
> 11:31:15.513173847 -0400
> @@ -2542,16 +2542,19 @@ static int iwl3945_get_sta_id(struct iwl
> return sta_id;
>
> IWL_DEBUG_DROP("Station %s not in station map. "
> "Defaulting to broadcast...\n",
> print_mac(mac, hdr->addr1));
> iwl3945_print_hex_dump(IWL_DL_DROP, (u8 *) hdr, sizeof(*hdr));
> return priv->hw_setting.bcast_sta_id;
> }
> + /* If we are in monitor mode, use BCAST */
> + case IEEE80211_IF_TYPE_MNTR:
> + return priv->hw_setting.bcast_sta_id;
> default:
> IWL_WARNING("Unknown mode of operation: %d", priv->iw_mode);
> return priv->hw_setting.bcast_sta_id;
> }
> }
>
> /*
> * start REPLY_TX command process
> @@ -2579,21 +2582,16 @@ static int iwl3945_tx_skb(struct iwl3945
> int rc;
>
> spin_lock_irqsave(&priv->lock, flags);
> if (iwl3945_is_rfkill(priv)) {
> IWL_DEBUG_DROP("Dropping - RF KILL\n");
> goto drop_unlock;
> }
>
> - if (!priv->vif) {
> - IWL_DEBUG_DROP("Dropping - !priv->vif\n");
> - goto drop_unlock;
> - }
> -
> if ((ctl->tx_rate->hw_value & 0xFF) == IWL_INVALID_RATE) {
> IWL_ERROR("ERROR: No TX rate available.\n");
> goto drop_unlock;
> }
>
> unicast = !is_multicast_ether_addr(hdr->addr1);
> id = 0;
>
> @@ -2603,24 +2601,16 @@ static int iwl3945_tx_skb(struct iwl3945
> if (ieee80211_is_auth(fc))
> IWL_DEBUG_TX("Sending AUTH frame\n");
> else if (ieee80211_is_assoc_request(fc))
> IWL_DEBUG_TX("Sending ASSOC frame\n");
> else if (ieee80211_is_reassoc_request(fc))
> IWL_DEBUG_TX("Sending REASSOC frame\n");
> #endif
>
> - /* drop all data frame if we are not associated */
> - if ((!iwl3945_is_associated(priv) ||
> - ((priv->iw_mode == IEEE80211_IF_TYPE_STA) && !priv->assoc_id)) &&
> - ((fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA)) {
> - IWL_DEBUG_DROP("Dropping - !iwl3945_is_associated\n");
> - goto drop_unlock;
> - }
> -
> spin_unlock_irqrestore(&priv->lock, flags);
>
> hdr_len = ieee80211_get_hdrlen(fc);
>
> /* Find (or create) index into station table for destination station */
> sta_id = iwl3945_get_sta_id(priv, hdr);
> if (sta_id == IWL_INVALID_STATION) {
> DECLARE_MAC_BUF(mac);
> @@ -6692,21 +6682,16 @@ static void iwl3945_mac_stop(struct ieee
>
> static int iwl3945_mac_tx(struct ieee80211_hw *hw, struct sk_buff *skb,
> struct ieee80211_tx_control *ctl)
> {
> struct iwl3945_priv *priv = hw->priv;
>
> IWL_DEBUG_MAC80211("enter\n");
>
> - if (priv->iw_mode == IEEE80211_IF_TYPE_MNTR) {
> - IWL_DEBUG_MAC80211("leave - monitor\n");
> - return -1;
> - }
> -
> IWL_DEBUG_TX("dev->xmit(%d bytes) at rate 0x%02x\n", skb->len,
> ctl->tx_rate->bitrate);
>
> if (iwl3945_tx_skb(priv, skb, ctl))
> dev_kfree_skb_any(skb);
>
> IWL_DEBUG_MAC80211("leave\n");
> return 0;
> diff -rp -U 8 compat-wireless-2008-05-20.orig/drivers/net/wireless/iwlwifi/iwl4965-base.c
> compat-wireless-2008-05-20/drivers/net/wireless/iwlwifi/iwl4965-base.c
> --- compat-wireless-2008-05-20.orig/drivers/net/wireless/iwlwifi/iwl4965-base.c 2008-05-20
> 05:05:29.000000000 -0400
> +++ compat-wireless-2008-05-20/drivers/net/wireless/iwlwifi/iwl4965-base.c 2008-05-20
> 18:18:58.399897940 -0400
> @@ -1746,16 +1746,19 @@ static int iwl4965_get_sta_id(struct iwl
> return sta_id;
>
> IWL_DEBUG_DROP("Station %s not in station map. "
> "Defaulting to broadcast...\n",
> print_mac(mac, hdr->addr1));
> iwl_print_hex_dump(priv, IWL_DL_DROP, (u8 *) hdr, sizeof(*hdr));
> return priv->hw_params.bcast_sta_id;
>
> + /* If we are in monitor mode, use BCAST */
> + case IEEE80211_IF_TYPE_MNTR:
> + return priv->hw_params.bcast_sta_id;
> default:
> IWL_WARNING("Unknown mode of operation: %d", priv->iw_mode);
> return priv->hw_params.bcast_sta_id;
> }
> }
>
> /*
> * start REPLY_TX command process
> @@ -1784,21 +1787,16 @@ static int iwl4965_tx_skb(struct iwl_pri
> int rc;
>
> spin_lock_irqsave(&priv->lock, flags);
> if (iwl_is_rfkill(priv)) {
> IWL_DEBUG_DROP("Dropping - RF KILL\n");
> goto drop_unlock;
> }
>
> - if (!priv->vif) {
> - IWL_DEBUG_DROP("Dropping - !priv->vif\n");
> - goto drop_unlock;
> - }
> -
> if ((ctl->tx_rate->hw_value & 0xFF) == IWL_INVALID_RATE) {
> IWL_ERROR("ERROR: No TX rate available.\n");
> goto drop_unlock;
> }
>
> unicast = !is_multicast_ether_addr(hdr->addr1);
> id = 0;
>
> @@ -1808,22 +1806,20 @@ static int iwl4965_tx_skb(struct iwl_pri
> if (ieee80211_is_auth(fc))
> IWL_DEBUG_TX("Sending AUTH frame\n");
> else if (ieee80211_is_assoc_request(fc))
> IWL_DEBUG_TX("Sending ASSOC frame\n");
> else if (ieee80211_is_reassoc_request(fc))
> IWL_DEBUG_TX("Sending REASSOC frame\n");
> #endif
>
> - /* drop all data frame if we are not associated */
> + /* drop all data frame if !priv->assoc_station_added */
> if (((fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA) &&
> - (!iwl_is_associated(priv) ||
> - ((priv->iw_mode == IEEE80211_IF_TYPE_STA) && !priv->assoc_id) ||
> - !priv->assoc_station_added)) {
> - IWL_DEBUG_DROP("Dropping - !iwl_is_associated\n");
> + !priv->assoc_station_added) {
> + IWL_DEBUG_DROP("Dropping - !priv->assoc_station_added\n");
> goto drop_unlock;
> }
>
Need to add if (sta_is != bcast) otherwise this will drop all your
injected packets.
> hdr_len = ieee80211_get_hdrlen(fc);
>
> /* Find (or create) index into station table for destination station */
> @@ -5110,21 +5106,16 @@ static void iwl4965_mac_stop(struct ieee
>
> static int iwl4965_mac_tx(struct ieee80211_hw *hw, struct sk_buff *skb,
> struct ieee80211_tx_control *ctl)
> {
> struct iwl_priv *priv = hw->priv;
>
> IWL_DEBUG_MAC80211("enter\n");
>
> - if (priv->iw_mode == IEEE80211_IF_TYPE_MNTR) {
> - IWL_DEBUG_MAC80211("leave - monitor\n");
> - return -1;
> - }
> -
> IWL_DEBUG_TX("dev->xmit(%d bytes) at rate 0x%02x\n", skb->len,
> ctl->tx_rate->bitrate);
>
> if (iwl4965_tx_skb(priv, skb, ctl))
> dev_kfree_skb_any(skb);
>
> IWL_DEBUG_MAC80211("leave\n");
> return 0;
>
--
To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
