Search Linux Wireless

Re: [ath5k-devel] [PATCH] ath5k: set mac address in add_interface

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Dec 16, 2008 at 3:58 PM, Bob Copeland <me@xxxxxxxxxxxxxxx> wrote:
> On Mon, Dec 15, 2008 at 12:16 PM, Bob Copeland <me@xxxxxxxxxxxxxxx> wrote:
>> On Mon, Dec 15, 2008 at 11:12 AM, Stefanik Gábor
>> <netrolller.3d@xxxxxxxxx> wrote:
>>> That is not the problem - aireplay-ng operates on a monitor interface
>>> that is already up. Likely this patch somehow misses monitor
>>> interfaces.
>>
>> Agreed, that is probably the case.  Reverting that hunk makes it come up
>> with the eeprom mac without adding any interface.  Looking at the
>> add_interface() code, it 'should' program the mac for monitor interfaces
>> too, so offhand I'm not sure, will take a look tonight.
>
> Okay, so that I understand the problem a bit better: what used to happen
> and what does not happen now?  Is the ath5k device not sending ACKs, or
> not passing any frames back to the host?
>
> The code, for mac address setting at least, looks to be working as
> designed: the mac address is only set up at add_interface time to avoid
> automatically acking packets before an interface is brought up (see the
> kerneldoc comments in mac80211 on add/remove_interface).
>
> The ath5k rx filter for unicast frames requires mac addresses to match in
> order to accept or ack frames.  However, in monitor mode, mac80211 will
> never call add_interface().  Instead, it should configure the filter to
> put the card in promiscuous mode which then should enable all packets
> to be passed back to the host.
>
> Does the fragmentation attack also work with e.g. b43 (which also only
> sets up the mac at add_interface time)?
>
> --
> Bob Copeland %% www.bobcopeland.com
>

The fragmentation attack works perfectly in b43, regardless of whether
I set the main interface to monitor mode, or create a secondary
monitor interface. In the second case, it also doesn't matter whether
the main interface is up or down.

With the "buggy" ath5k, it only works if I use a secondary interface,
and also bring the main (managed) interface up.

About the attachments: ath5k-debug-sent.cap was captured on the
monitor interface set up on the ath5k device, while
ath5k-debug-mon.cap was captured on my rtl8187. They are not from the
same session, but they were created the same way: I started a
fragmentation attack with ath5k's managed interface down, then while
it was retrying, brought up the managed interface using ifconfig.

-- 
Vista: [V]iruses, [I]ntruders, [S]pyware, [T]rojans and [A]dware. :-)

Attachment: ath5k-debug-mon.cap
Description: Binary data

Attachment: ath5k-debug-sent.cap
Description: Binary data


[Index of Archives]     [Linux Host AP]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Linux Kernel]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]
  Powered by Linux