(no subject)

kala_maico at tiscali.it kala_maico at tiscali.it
Fri Feb 27 08:32:23 EST 2004


Hello,

I am back playing with packet injection: this time the problem is on injecting
control frames.

I forge a Power Save Poll frame (which is 16 bytes long) and try to send
it to the air using the hostapd mode. I hacked the function prism2_tx_80211
in order not to drop this packet as follows:

ORIGINAL:
if (skb->len < 24) { //drop frame }

HACKED:
if (skb->len < 24)  { hdr_len = skb->len; flag =1; } 
else hdr_len = 24;

the instruction hdr_len = 24; which appears some lines below becomes commented.

the "flag" variable is used when sending packet to the card (many lines
below in the code), as follows:

spin_lock(&local->baplock);
res = hfa384x_setup_bap(dev, BAP0, local->txfid[idx], 0);   
//the above 2 lines are from original code, around line 2290
if (flag == 0) {//original code}
else
{ 
if (!res)
res = hfa384x_to_bap(dev, BAP0, &txdesc, sizeof(txdesc));
}

(basically I added the flag to be avoid messing with original code)

The frames are now sent to the air as I expected, but only a few of them
have the correct length of 16 bytes , others are 52 bytes long, others 70,
other more than 100 bytes.

The same problem appears if I try with ACK, RTS or CTS frames.

Question is: WHY? Where is this error coming from? Is it the usual firmware-black-box
who plays tricks or is it my mistake?

Thanks and regards,
/Giorgio Calandriello

__________________________________________________________________
Tiscali ADSL SENZA CANONE:
Attivazione GRATIS, contributo adesione GRATIS, modem GRATIS,
50 ore di navigazione GRATIS.  ABBONARTI TI COSTA SOLO UN CLICK!
http://point.tiscali.it/adsl/index.shtml






More information about the HostAP mailing list