I have still not been able to successfully inject packets with a throughput >10Mbits/s. I have included the patch that I used. I have combined two old patches that I found on this list. Please tell me if this can even work in principle, or if I have to make any changes. I am injecting packets with libpcap and use the following headers: static const uint8_t radiotap_header[] = { 0x00, 0x00, // <-- radiotap version 0x0e, 0x00, // <- radiotap header length 0x06, 0x00, 0x0b, 0x00, // <-- bitmap 0x00, // <-- flags 0x00, // <-- rate 0x00, // <-- rts retries 0x01, // <-- data retries 0x02, 0x01 // <-- mcs index, flags 1=40MHz 2=shortgi }; static const uint8_t ieee_header[] = { 0x88, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x11, 0x22, 0x33, 0x44, 0x55, 0x66, 0x00, 0x00, 0x00, 0x00, 0xaa, 0xaa, 0x03, 0x00, 0x00, 0x00, 0x08, 0x00 }; I also tried different MCS indexes, and using the real mac-adresses instead, but never am I able to get more than 10MBits/s throughput. diff -ru a/Documentation/networking/mac80211-injection.txt b/Documentation/networking/mac80211-injection.txt --- a/Documentation/networking/mac80211-injection.txt 2010-08-09 23:30:51.375120261 +0200 +++ b/Documentation/networking/mac80211-injection.txt 2010-08-09 23:56:11.470652572 +0200 @@ -23,6 +23,17 @@ IEEE80211_RADIOTAP_F_FRAG: frame will be fragmented if longer than the current fragmentation threshold. + * IEEE80211_RADIOTAP_RATE: Transmit rate will be set to the requested value if + it's available. Rate control will not be used for + the frame. + + * IEEE80211_RADIOTAP_DATA_RETRIES: Retry count will be set to the requested + value. This parameter can only be used in + conjunction with IEEE80211_RADIOTAP_RATE. + + * IEEE80211_RADIOTAP_RATE_MCS: Transmit rate will be set to the requested MCS + index. Rate control will not be used for the + frame. The injection code can also skip all other currently defined radiotap fields facilitating replay of captured radiotap headers directly. diff -ru a/include/net/ieee80211_radiotap.h b/include/net/ieee80211_radiotap.h --- a/include/net/ieee80211_radiotap.h 2010-08-09 23:29:56.819125364 +0200 +++ b/include/net/ieee80211_radiotap.h 2010-08-09 23:11:33.962618255 +0200 @@ -174,6 +174,11 @@ * * Number of rts retries a transmitted frame used. * + * IEEE80211_RADIOTAP_RATE_MCS 2 x u8 data, bitmap + * + * First byte is the MCS index of the rate, + * second one has flags about channel width and guard interval + * * IEEE80211_RADIOTAP_DATA_RETRIES u8 data * * Number of unicast retries a transmitted frame used. @@ -198,6 +203,7 @@ IEEE80211_RADIOTAP_TX_FLAGS = 15, IEEE80211_RADIOTAP_RTS_RETRIES = 16, IEEE80211_RADIOTAP_DATA_RETRIES = 17, + IEEE80211_RADIOTAP_RATE_MCS = 19, /* valid in every it_present bitmap, even vendor namespaces */ IEEE80211_RADIOTAP_RADIOTAP_NAMESPACE = 29, @@ -245,6 +251,10 @@ #define IEEE80211_RADIOTAP_F_TX_CTS 0x0002 /* used cts 'protection' */ #define IEEE80211_RADIOTAP_F_TX_RTS 0x0004 /* used rts/cts handshake */ +/* For IEEE80211_RADIOTAP_RATE_MCS */ +#define IEEE80211_RADIOTAP_RATE_MCS_40MHZ 0x01 /* 40 MHz channel width */ +#define IEEE80211_RADIOTAP_RATE_MCS_SHORT_GI 0x02 /* short guard interval */ + /* Ugly macro to convert literal channel numbers into their mhz equivalents * There are certianly some conditions that will break this (like feeding it '30') * but they shouldn't arise since nothing talks on channel 30. */ diff -ru a/include/net/mac80211.h b/include/net/mac80211.h --- a/include/net/mac80211.h 2010-08-09 23:29:57.398627648 +0200 +++ b/include/net/mac80211.h 2010-08-09 23:59:45.182646922 +0200 @@ -287,6 +287,7 @@ * @IEEE80211_TX_CTL_LDPC: tells the driver to use LDPC for this frame * @IEEE80211_TX_CTL_STBC: Enables Space-Time Block Coding (STBC) for this * frame and selects the maximum number of streams that it can use. + * @IEEE80211_TX_CTL_RC_BYPASS: Don't use rate control on the frame. */ enum mac80211_tx_control_flags { IEEE80211_TX_CTL_REQ_TX_STATUS = BIT(0), @@ -313,6 +314,7 @@ IEEE80211_TX_CTL_LDPC = BIT(22), IEEE80211_TX_CTL_STBC = BIT(23) | BIT(24), #define IEEE80211_TX_CTL_STBC_SHIFT 23 + IEEE80211_TX_CTL_RC_BYPASS = BIT(25), }; /** @@ -1929,7 +1931,7 @@ * The TX headroom reserved by mac80211 for its own tx_status functions. * This is enough for the radiotap header. */ -#define IEEE80211_TX_STATUS_HEADROOM 13 +#define IEEE80211_TX_STATUS_HEADROOM 14 /** * ieee80211_tx_status - transmit status callback diff -ru a/net/mac80211/ieee80211_i.h b/net/mac80211/ieee80211_i.h --- a/net/mac80211/ieee80211_i.h 2010-08-09 23:26:40.731120745 +0200 +++ b/net/mac80211/ieee80211_i.h 2010-08-09 23:13:27.235118320 +0200 @@ -1084,6 +1084,7 @@ u8 padding_for_rate; __le16 tx_flags; u8 data_retries; + u8 mcs; /*HT rates*/ } __attribute__ ((packed)); diff -ru a/net/mac80211/rx.c b/net/mac80211/rx.c --- a/net/mac80211/rx.c 2010-08-09 23:26:40.694618415 +0200 +++ b/net/mac80211/rx.c 2010-08-09 23:13:27.270630234 +0200 @@ -81,7 +81,8 @@ len += 8; if (local->hw.flags & IEEE80211_HW_SIGNAL_DBM) len += 1; - + if (status->flag & RX_FLAG_HT) + len += 2; if (len & 1) /* padding for RX_FLAGS if necessary */ len++; @@ -137,19 +138,11 @@ pos++; /* IEEE80211_RADIOTAP_RATE */ - if (status->flag & RX_FLAG_HT) { - /* - * TODO: add following information into radiotap header once - * suitable fields are defined for it: - * - MCS index (status->rate_idx) - * - HT40 (status->flag & RX_FLAG_40MHZ) - * - short-GI (status->flag & RX_FLAG_SHORT_GI) - */ + rthdr->it_present |= cpu_to_le32(1 << IEEE80211_RADIOTAP_RATE); + if (status->flag & RX_FLAG_HT) *pos = 0; - } else { - rthdr->it_present |= cpu_to_le32(1 << IEEE80211_RADIOTAP_RATE); + else *pos = rate->bitrate / 5; - } pos++; /* IEEE80211_RADIOTAP_CHANNEL */ @@ -193,6 +186,20 @@ rx_flags |= IEEE80211_RADIOTAP_F_RX_BADPLCP; put_unaligned_le16(rx_flags, pos); pos += 2; + + /* IEEE80211_RADIOTAP_RATE_MCS */ + if (status->flag & RX_FLAG_HT) { + rthdr->it_present |= + cpu_to_le32(1 << IEEE80211_RADIOTAP_RATE_MCS); + *pos = status->rate_idx; + pos++; + *pos = 0; + if (status->flag & RX_FLAG_40MHZ) + *pos |= IEEE80211_RADIOTAP_RATE_MCS_40MHZ; + if (status->flag & RX_FLAG_SHORT_GI) + *pos |= IEEE80211_RADIOTAP_RATE_MCS_SHORT_GI; + pos++; + } } /* diff -ru a/net/mac80211/status.c b/net/mac80211/status.c --- a/net/mac80211/status.c 2010-08-09 23:26:40.714691704 +0200 +++ b/net/mac80211/status.c 2010-08-09 23:13:26.422694046 +0200 @@ -352,6 +352,16 @@ !(info->status.rates[0].flags & IEEE80211_TX_RC_MCS)) rthdr->rate = sband->bitrates[ info->status.rates[0].idx].bitrate / 5; + /* HT rates */ + if (info->status.rates[0].flags & IEEE80211_TX_RC_MCS) { + rthdr->hdr.it_present |= cpu_to_le32(1 << IEEE80211_RADIOTAP_RATE_MCS); + rthdr->rate = 0; + rthdr->mcs = info->status.rates[0].idx; + if (info->status.rates[0].flags & IEEE80211_TX_RC_40_MHZ_WIDTH) + rthdr->tx_flags |= cpu_to_le16(IEEE80211_RADIOTAP_RATE_MCS_40MHZ); + if (info->status.rates[0].flags & IEEE80211_TX_RC_SHORT_GI) + rthdr->tx_flags |= cpu_to_le16(IEEE80211_RADIOTAP_RATE_MCS_SHORT_GI); + } /* for now report the total retry_count */ rthdr->data_retries = retry_count; diff -ru a/net/mac80211/tx.c b/net/mac80211/tx.c --- a/net/mac80211/tx.c 2010-08-09 23:26:40.558625717 +0200 +++ b/net/mac80211/tx.c 2010-08-09 23:58:17.347120109 +0200 @@ -1068,6 +1068,49 @@ tx->flags |= IEEE80211_TX_FRAGMENTED; break; + case IEEE80211_RADIOTAP_RATE: { + info->control.rates[0].idx = 0; + if (*iterator.this_arg) { + int i; + for (i = 0; i < sband->n_bitrates; i++) + if (sband->bitrates[i].bitrate <= + *iterator.this_arg * 5) { + info->control.rates[0].idx = i; + break; + } + } + info->flags |= IEEE80211_TX_CTL_RC_BYPASS; + info->control.rates[0].flags = 0; + info->control.rates[1].idx = -1; + info->control.rates[2].idx = -1; + info->control.rates[3].idx = -1; + info->control.rates[4].idx = -1; + break; + } + + case IEEE80211_RADIOTAP_DATA_RETRIES: + info->control.rates[0].count = *iterator.this_arg; + break; + + case IEEE80211_RADIOTAP_RATE_MCS: { + u8 flags; + if (info->control.rates[0].idx) + break; + flags = *(iterator.this_arg + 1); + info->control.rates[0].idx = *iterator.this_arg; + + info->flags |= IEEE80211_TX_CTL_RC_BYPASS; + info->control.rates[0].flags |= + IEEE80211_TX_RC_MCS; + if (flags & IEEE80211_RADIOTAP_RATE_MCS_40MHZ) + info->control.rates[0].flags |= + IEEE80211_TX_RC_40_MHZ_WIDTH; + if (flags & IEEE80211_RADIOTAP_RATE_MCS_SHORT_GI) + info->control.rates[0].flags |= + IEEE80211_TX_RC_SHORT_GI; + break; + } + /* * Please update the file * Documentation/networking/mac80211-injection.txt @@ -1314,7 +1357,8 @@ CALL_TXH(ieee80211_tx_h_ps_buf); CALL_TXH(ieee80211_tx_h_select_key); CALL_TXH(ieee80211_tx_h_sta); - if (!(tx->local->hw.flags & IEEE80211_HW_HAS_RATE_CONTROL)) + if (!(tx->local->hw.flags & IEEE80211_HW_HAS_RATE_CONTROL) && + !(info->flags & IEEE80211_TX_CTL_RC_BYPASS)) CALL_TXH(ieee80211_tx_h_rate_ctrl); if (unlikely(info->flags & IEEE80211_TX_INTFL_RETRANSMISSION)) diff -ru a/net/wireless/radiotap.c b/net/wireless/radiotap.c --- a/net/wireless/radiotap.c 2010-08-09 23:26:28.263132773 +0200 +++ b/net/wireless/radiotap.c 2010-08-09 23:12:46.366644666 +0200 @@ -39,6 +39,7 @@ [IEEE80211_RADIOTAP_TX_FLAGS] = { .align = 2, .size = 2, }, [IEEE80211_RADIOTAP_RTS_RETRIES] = { .align = 1, .size = 1, }, [IEEE80211_RADIOTAP_DATA_RETRIES] = { .align = 1, .size = 1, }, + [IEEE80211_RADIOTAP_RATE_MCS] = { .align = 1, .size = 2, } /* * add more here as they are defined in radiotap.h */ -- To unsubscribe from this list: send the line "unsubscribe linux-wireless" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html