This is a quick and dirty hack to inject packets into
the bcm43xx driver.
Note that the driver won't let you send every kind
of data blob. The packet must:
* be preferrably valid. I don't know to which extend the
card supports invalid packets.
* _not_ have a FCS at the end. (important)
To inject packets, write them to sysfs device
attribute "inject_nofcs". use find(1) to find it ;)
Only root is permitted to inject packets.
Note that fragmentation is not supported with this hack.
The packet must include a full wireless header, payload
and _NO_ FCS at the end. If your template has an FCS, simply
strip the last 4 byte.
This is a hack and it won't go upstream.
If you are interrested in a real implementation of
packet injection, talk to the 802.11 stack guys on netdev list.
--
Index: wireless-dev/drivers/net/wireless/bcm43xx/bcm43xx_main.c
===================================================================
--- wireless-dev.orig/drivers/net/wireless/bcm43xx/bcm43xx_main.c
2006-06-24 22:07:55.000000000 +0200
+++ wireless-dev/drivers/net/wireless/bcm43xx/bcm43xx_main.c 2006-06-24
23:11:51.000000000 +0200
@@ -104,6 +104,13 @@
#endif /* CONFIG_BCM43XX_DEBUG*/
+static ssize_t bcm43xx_inject_nofcs(struct device *dev,
+ struct device_attribute *attr,
+ const char *buf,
+ size_t cnt);
+static DEVICE_ATTR(inject_nofcs, 0200,
+ NULL, bcm43xx_inject_nofcs);
+
/* If you want to debug with just a single device, enable this,
* where the string is the pci device ID (as given by the kernel's
* pci_name function) of the device to be used.
@@ -3158,6 +3165,7 @@
int i, err;
unsigned long flags;
+ device_remove_file(&bcm->pci_dev->dev, &dev_attr_inject_nofcs);
bcm43xx_sysfs_unregister(bcm);
bcm43xx_periodic_tasks_delete(bcm);
@@ -3269,6 +3277,7 @@
bcm43xx_periodic_tasks_setup(bcm);
bcm43xx_sysfs_register(bcm);
+ device_create_file(&bcm->pci_dev->dev, &dev_attr_inject_nofcs);
//FIXME: check for bcm43xx_sysfs_register failure. This function is a
bit messy regarding unwinding, though...
/*FIXME: This should be handled by softmac instead. */
@@ -3540,6 +3549,46 @@
return err;
}
+static ssize_t bcm43xx_inject_nofcs(struct device *dev,
+ struct device_attribute *attr,
+ const char *buf,
+ size_t cnt)
+{
+ struct bcm43xx_private *bcm = dev_to_bcm(dev);
+ struct ieee80211_txb *faketxb;
+ struct sk_buff *skb;
+ unsigned long flags;
+ int err;
+
+ faketxb = kzalloc(sizeof(struct ieee80211_txb) + sizeof(void *),
GFP_KERNEL);
+ if (!faketxb)
+ return -ENOMEM;
+ faketxb->nr_frags = 1;
+ faketxb->frag_size = cnt;
+ faketxb->payload_size = cnt;
+ skb = __dev_alloc_skb(cnt + bcm->ieee->tx_headroom, GFP_KERNEL);
+ if (!skb) {
+ kfree(faketxb);
+ return -ENOMEM;
+ }
+ skb_reserve(skb, bcm->ieee->tx_headroom);
+ memcpy(skb_put(skb, cnt), buf, cnt);
+ faketxb->fragments[0] = skb;
+
+ bcm43xx_lock_mmio(bcm, flags);
+ err = -ENODEV;
+ if (bcm->initialized)
+ err = bcm43xx_tx(bcm, faketxb);
+ bcm43xx_unlock_mmio(bcm, flags);
+ if (err) {
+ dev_kfree_skb(skb);
+ kfree(faketxb);
+ return err;
+ }
+
+ return cnt;
+}
+
static void bcm43xx_ieee80211_set_chan(struct net_device *net_dev,
u8 channel)
{
--
Greetings Michael.
_______________________________________________
Bcm43xx-dev mailing list
[email protected]
http://lists.berlios.de/mailman/listinfo/bcm43xx-dev
