"HowTo" for injecting frames?

[Jouni Malinen]

On Wed, Jul 30, 2003 at 02:58:23PM +0200, Andreas.Greulich at ISB.admin.ch wrote:

> I read there's a packet injection mechanism provided in hostap (I'm using
> version 0.0.3), using a wlan0ap method? Unfortunately I didn't find any
> documentation about it.

In this case, source code is the documentation ;-).

> In the hostapd directory, I created a test program which is quite a hack, it
> just includes the full hostapd.c file without main() function.

>     struct hfa384x_rx_frame *tx;

You should not use struct hfa384x_rx_frame in user space. The driver
expects to receive IEEE 802.11 frames, not hardware specific TX
structures.

>     /* Send packet, without 14 bytes Prism2-header (it seems these must be
> skipped) */

And not only those.. TX descriptor (and RX, which you actually used) has
couple of extra fields after 802.11 header. Those must not be sent in
the TX packet.

> As I said, it is a hack and I just want to try out if injection works. But
> unfortunately it doesn't.... a second laptop with Ethereal running can't see
> the packets.

You can also enable TX and TXE frame dumping in the Host AP driver with
'iwpriv wlan0 dump 6'. Then run your program and verify whether TX
headers are correct in 'dmesg' output.

> If I set the wlan0 into monitor mode (iwconfig wlan0 mode monitor), I don't
> get any error messages within dmesg, but packets are not sent (ifconfig
> wlan0 shows that #err-packets increased). 

Firmware probably did not like the packet. Try enabling the debug code I
mentioned and you should get more details.

-- 
Jouni Malinen                                            PGP id EFC895FA