Still unsolved: sending NULL packets while scanning

[Holger Schurig]

I did not manage to send any NULL packets with Transmit Packet 
Flags set in a way that the Access-Point thinks we're sleeping. 
That would have allowed us to leave the current channel for any 
time, in order to scan for APs on other channels. It's a common 
way to handle this, but so far the firmware doesn't allow us.

According to the firmware, it should work. At least the Firmware 
v5.1 spec tells about this possibility on page 24. But the
firmware 5.0.11 and 5.0.16 for CF card's simply don't card. 
Nothing happens, nothing get's sent out.

Firmware 5.110.7p0 for the USB dongle does something, but 
unexpected things. I think it switches itself off, at least a 
LED on it's board turns off and the card doesn't react correctly 
anymore until I remove-and-insert the card again.

Following are a bunch of WIP patches so that you can see what I 
tried.