(no subject)
kala_maico at tiscali.it
kala_maico
Fri Feb 27 05:32:23 PST 2004
Hello,
I am back playing with packet injection: this time the problem is on injecting
control frames.
I forge a Power Save Poll frame (which is 16 bytes long) and try to send
it to the air using the hostapd mode. I hacked the function prism2_tx_80211
in order not to drop this packet as follows:
ORIGINAL:
if (skb->len < 24) { //drop frame }
HACKED:
if (skb->len < 24) { hdr_len = skb->len; flag =1; }
else hdr_len = 24;
the instruction hdr_len = 24; which appears some lines below becomes commented.
the "flag" variable is used when sending packet to the card (many lines
below in the code), as follows:
spin_lock(&local->baplock);
res = hfa384x_setup_bap(dev, BAP0, local->txfid[idx], 0);
//the above 2 lines are from original code, around line 2290
if (flag == 0) {//original code}
else
{
if (!res)
res = hfa384x_to_bap(dev, BAP0, &txdesc, sizeof(txdesc));
}
(basically I added the flag to be avoid messing with original code)
The frames are now sent to the air as I expected, but only a few of them
have the correct length of 16 bytes , others are 52 bytes long, others 70,
other more than 100 bytes.
The same problem appears if I try with ACK, RTS or CTS frames.
Question is: WHY? Where is this error coming from? Is it the usual firmware-black-box
who plays tricks or is it my mistake?
Thanks and regards,
/Giorgio Calandriello
__________________________________________________________________
Tiscali ADSL SENZA CANONE:
Attivazione GRATIS, contributo adesione GRATIS, modem GRATIS,
50 ore di navigazione GRATIS. ABBONARTI TI COSTA SOLO UN CLICK!
http://point.tiscali.it/adsl/index.shtml
More information about the Hostap
mailing list