Date: Sun, 02 Jul 2006 20:52:33 -0700 From: Sam Leffler <sam@errno.com> To: freebsd-arch@freebsd.org Cc: a.bittau@cs.ucl.ac.uk Subject: RFC: raw 802.11 packet transmit Message-ID: <44A89481.3020709@errno.com>
next in thread | raw e-mail | index | archive | help
Andrea Bittau and I have been working on a facility for injecting (i.e. transmitting) 802.11 frames via bpf. It's to the point where we're looking for feedback before committing to head. The idea is that you can send 802.11 frames with bpf using the DLT_IEEE802_11 and DLT_IEEE802_11_RADIO data link types. The DLT_IEEE802_11 case takes a mostly formed 802.11 frame and passes it through the tx path normally used for sending 802.11 management frames. In this case drivers may fillin bits of the 802.11 header like the sequence number and apply the tx rate control algorithm. With DLT_IEEE802_11_RADIO user code passes a special data structure at the front of each frame that completely specifies how the frame should be treated and a new tx path is used that honors these parameters. Drivers must be modified for this mechanism to be effective; legacy drivers will fall back to the above tx path and the parameters will be ignored. Even with proper raw tx support not all drivers may be capable of handling all the parameters passed in (e.g. some cards will stomp on the sequence number). There are several unresolved issues; most notably how to handle 802.11 ACK's. We've talked about mechanisms like generating ACK's in the driver based on dynamically filled in mac tables but I'm not happy with adding more complexity to drivers. John Bickett's raw xmit support for madwifi (for the MIT Roofnet project) lets the h/w handle ACK's and dispatches events on tx complete so user code can track tx status (e.g. to implement tx rate control). I'm considering this or some other mechanism for returning tx completion status. The kernel patches and a set of test tools can be found at: http://www.freebsd.org/~sam/tx80211 The patch is for HEAD. The tools go in src/tools/tools/net80211 (the tarball includes the existing tools so you can save the old dir and put this new stuff in place). Check out the README files in the tools area. Most testing has been done with ath but I've also verified ral and ural work at least some. None of my wi cards work but Andrea did the wi mods and has something that works (the wi cards I tried were Lucent Gold, and Intersil Prism w/ sta rev 1.7.4 firmware). Note the ral mods are only for 256x cards; I don't have any 266x cards. iwi and ipw are not capable of packet injection. Sam
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44A89481.3020709>