This patch kills the management interface type now that we can
see transmitted frames on monitor interfaces.
I renamed the req_tx_status to reliable_tx_mntr and the flag
constant as well since that's what they now mean. It is always
set for injected frames so that hostapd can rely on seeing the
frames it sent.
There are a few minor remaining problems:
* some notifications are now missing
(radar, key threshold, michael MIC failure, wep unknown key)
[radar, key threshold aren't used anywhere so can probably
be left out for now]
* injected frames aren't sent to AC_VO pending on the radiotap
definition for access category
* rate control extra.mgmt_data isn't properly assigned
The biggest problem, however, and I'm not sure how to solve it, is
that hostapd will see either encrypted or unencrypted frames on the
monitor interface depending on whether hardware encryption is used
or not. However, hostapd really needs to see eapol frames to do
whatever it needs to with them. Right now, I don't really have an
idea except maybe to send these packets to hostapd via nl80211,
or to introduce some sort of "decrypted soft monitor" iface.
Signed-off-by: Johannes Berg <[email protected]>
[but please don't apply it, just in case
somebody wants to develop it further]
---
include/net/mac80211.h | 8
net/mac80211/hostapd_ioctl.h | 1
net/mac80211/ieee80211.c | 404 ++++------------------------------------
net/mac80211/ieee80211_common.h | 93 ---------
net/mac80211/ieee80211_i.h | 10
net/mac80211/ieee80211_iface.c | 57 -----
net/mac80211/ieee80211_ioctl.c | 16 -
net/mac80211/ieee80211_sta.c | 1
net/mac80211/wme.c | 4
net/mac80211/wpa.c | 10
10 files changed, 55 insertions(+), 549 deletions(-)
--- wireless-dev.orig/net/mac80211/ieee80211.c 2007-06-21 11:34:18.888645783 +0200
+++ wireless-dev/net/mac80211/ieee80211.c 2007-06-21 11:40:14.208645783 +0200
@@ -26,7 +26,6 @@
#include <net/cfg80211.h>
#include <asm/unaligned.h>
-#include "ieee80211_common.h"
#include "ieee80211_i.h"
#include "ieee80211_rate.h"
#include "wep.h"
@@ -226,35 +225,10 @@ static void ieee80211_key_threshold_noti
struct ieee80211_key *key,
struct sta_info *sta)
{
- struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
- struct sk_buff *skb;
- struct ieee80211_msg_key_notification *msg;
-
- /* if no one will get it anyway, don't even allocate it.
- * unlikely because this is only relevant for APs
- * where the device must be open... */
- if (unlikely(!local->apdev))
- return;
-
- skb = dev_alloc_skb(sizeof(struct ieee80211_frame_info) +
- sizeof(struct ieee80211_msg_key_notification));
- if (!skb)
- return;
-
- skb_reserve(skb, sizeof(struct ieee80211_frame_info));
- msg = (struct ieee80211_msg_key_notification *)
- skb_put(skb, sizeof(struct ieee80211_msg_key_notification));
- msg->tx_rx_count = key->tx_rx_count;
- memcpy(msg->ifname, dev->name, IFNAMSIZ);
- if (sta)
- memcpy(msg->addr, sta->addr, ETH_ALEN);
- else
- memset(msg->addr, 0xff, ETH_ALEN);
-
- key->tx_rx_count = 0;
-
- ieee80211_rx_mgmt(local, skb, NULL,
- ieee80211_msg_key_threshold_notification);
+ /*
+ * XXX: notify userspace of the current key->tx_rx_count
+ * and then set it to 0
+ */
}
@@ -425,8 +399,11 @@ ieee80211_tx_h_rate_ctrl(struct ieee8021
memset(&extra, 0, sizeof(extra));
extra.mode = tx->u.tx.mode;
- extra.mgmt_data = tx->sdata &&
- tx->sdata->type == IEEE80211_IF_TYPE_MGMT;
+ /*
+ * XXX: need to set this again based on radiotap injection, but
+ * current rate control algorithms don't use it.
+ */
+ extra.mgmt_data = 0;
extra.ethertype = tx->ethertype;
tx->u.tx.rate = rate_control_get_rate(tx->local, tx->dev, tx->skb,
@@ -961,7 +938,7 @@ ieee80211_tx_h_check_assoc(struct ieee80
return TXRX_CONTINUE;
}
- if (unlikely(!tx->u.tx.mgmt_interface && tx->sdata->ieee802_1x &&
+ if (unlikely(tx->sdata->ieee802_1x &&
!(sta_flags & WLAN_STA_AUTHORIZED))) {
#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
printk(KERN_DEBUG "%s: dropped frame to " MAC_FMT
@@ -1158,7 +1135,8 @@ static int __ieee80211_parse_tx_radiotap
*/
control->flags &= ~(IEEE80211_TXCTL_USE_RTS_CTS |
IEEE80211_TXCTL_USE_CTS_PROTECT);
- control->flags |= IEEE80211_TXCTL_DO_NOT_ENCRYPT;
+ control->flags |= IEEE80211_TXCTL_DO_NOT_ENCRYPT |
+ IEEE80211_TXCTL_RELIABLE_TX_MONITOR;
/*
* for every radiotap entry that is present
@@ -1435,7 +1413,7 @@ static int __ieee80211_tx(struct ieee802
}
static int ieee80211_tx(struct net_device *dev, struct sk_buff *skb,
- struct ieee80211_tx_control *control, int mgmt)
+ struct ieee80211_tx_control *control)
{
struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
struct sta_info *sta;
@@ -1457,7 +1435,6 @@ static int ieee80211_tx(struct net_devic
}
sta = tx.sta;
- tx.u.tx.mgmt_interface = mgmt;
tx.u.tx.mode = local->hw.conf.mode;
for (handler = local->tx_handlers; *handler != NULL; handler++) {
@@ -1648,16 +1625,15 @@ static int ieee80211_master_start_xmit(s
control.ifindex = odev->ifindex;
control.type = osdata->type;
- if (pkt_data->req_tx_status)
- control.flags |= IEEE80211_TXCTL_REQ_TX_STATUS;
+ if (pkt_data->reliable_tx_mntr)
+ control.flags |= IEEE80211_TXCTL_RELIABLE_TX_MONITOR;
if (pkt_data->do_not_encrypt)
control.flags |= IEEE80211_TXCTL_DO_NOT_ENCRYPT;
if (pkt_data->requeue)
control.flags |= IEEE80211_TXCTL_REQUEUE;
control.queue = pkt_data->queue;
- ret = ieee80211_tx(odev, skb, &control,
- control.type == IEEE80211_IF_TYPE_MGMT);
+ ret = ieee80211_tx(odev, skb, &control);
dev_put(odev);
return ret;
@@ -1688,7 +1664,6 @@ int ieee80211_monitor_start_xmit(struct
pkt_data = (struct ieee80211_tx_packet_data *)skb->cb;
memset(pkt_data, 0, sizeof(*pkt_data));
pkt_data->ifindex = dev->ifindex;
- pkt_data->mgmt_iface = 0;
pkt_data->do_not_encrypt = 1;
/* above needed because we set skb device to master */
@@ -1886,7 +1861,6 @@ int ieee80211_subif_start_xmit(struct sk
pkt_data = (struct ieee80211_tx_packet_data *)skb->cb;
memset(pkt_data, 0, sizeof(struct ieee80211_tx_packet_data));
pkt_data->ifindex = dev->ifindex;
- pkt_data->mgmt_iface = (sdata->type == IEEE80211_IF_TYPE_MGMT);
pkt_data->do_not_encrypt = no_encrypt;
skb->dev = local->mdev;
@@ -1913,66 +1887,6 @@ int ieee80211_subif_start_xmit(struct sk
}
-/*
- * This is the transmit routine for the 802.11 type interfaces
- * called by upper layers of the linux networking
- * stack when it has a frame to transmit
- */
-static int
-ieee80211_mgmt_start_xmit(struct sk_buff *skb, struct net_device *dev)
-{
- struct ieee80211_sub_if_data *sdata;
- struct ieee80211_tx_packet_data *pkt_data;
- struct ieee80211_hdr *hdr;
- u16 fc;
-
- sdata = IEEE80211_DEV_TO_SUB_IF(dev);
-
- if (skb->len < 10) {
- dev_kfree_skb(skb);
- return 0;
- }
-
- if (skb_headroom(skb) < sdata->local->tx_headroom) {
- if (pskb_expand_head(skb, sdata->local->tx_headroom,
- 0, GFP_ATOMIC)) {
- dev_kfree_skb(skb);
- return 0;
- }
- }
-
- hdr = (struct ieee80211_hdr *) skb->data;
- fc = le16_to_cpu(hdr->frame_control);
-
- pkt_data = (struct ieee80211_tx_packet_data *) skb->cb;
- memset(pkt_data, 0, sizeof(struct ieee80211_tx_packet_data));
- pkt_data->ifindex = sdata->dev->ifindex;
- pkt_data->mgmt_iface = (sdata->type == IEEE80211_IF_TYPE_MGMT);
-
- skb->priority = 20; /* use hardcoded priority for mgmt TX queue */
- skb->dev = sdata->local->mdev;
-
- /*
- * We're using the protocol field of the the frame control header
- * to request TX callback for hostapd. BIT(1) is checked.
- */
- if ((fc & BIT(1)) == BIT(1)) {
- pkt_data->req_tx_status = 1;
- fc &= ~BIT(1);
- hdr->frame_control = cpu_to_le16(fc);
- }
-
- pkt_data->do_not_encrypt = !(fc & IEEE80211_FCTL_PROTECTED);
-
- sdata->stats.tx_packets++;
- sdata->stats.tx_bytes += skb->len;
-
- dev_queue_xmit(skb);
-
- return 0;
-}
-
-
static void ieee80211_beacon_add_tim(struct ieee80211_local *local,
struct ieee80211_if_ap *bss,
struct sk_buff *skb)
@@ -2387,23 +2301,6 @@ static int ieee80211_change_mtu(struct n
}
-static int ieee80211_change_mtu_apdev(struct net_device *dev, int new_mtu)
-{
- /* FIX: what would be proper limits for MTU?
- * This interface uses 802.11 frames. */
- if (new_mtu < 256 || new_mtu > IEEE80211_MAX_DATA_LEN) {
- printk(KERN_WARNING "%s: invalid MTU %d\n",
- dev->name, new_mtu);
- return -EINVAL;
- }
-
-#ifdef CONFIG_MAC80211_VERBOSE_DEBUG
- printk(KERN_DEBUG "%s: setting MTU %d\n", dev->name, new_mtu);
-#endif /* CONFIG_MAC80211_VERBOSE_DEBUG */
- dev->mtu = new_mtu;
- return 0;
-}
-
enum netif_tx_lock_class {
TX_LOCK_NORMAL,
TX_LOCK_MASTER,
@@ -2567,20 +2464,6 @@ static int ieee80211_master_stop(struct
return 0;
}
-static int ieee80211_mgmt_open(struct net_device *dev)
-{
- struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
-
- if (!netif_running(local->mdev))
- return -EOPNOTSUPP;
- return 0;
-}
-
-static int ieee80211_mgmt_stop(struct net_device *dev)
-{
- return 0;
-}
-
/* Check if running monitor interfaces should go to a "soft monitor" mode
* and switch them if necessary. */
static inline void ieee80211_start_soft_monitor(struct ieee80211_local *local)
@@ -2672,8 +2555,6 @@ static int ieee80211_open(struct net_dev
res = ieee80211_hw_config(local);
if (res && local->ops->stop)
local->ops->stop(local_to_hw(local));
- else if (!res && local->apdev)
- dev_open(local->apdev);
}
}
if (res) {
@@ -2733,8 +2614,6 @@ static int ieee80211_stop(struct net_dev
if (local->open_count == 0) {
if (netif_running(local->mdev))
dev_close(local->mdev);
- if (local->apdev)
- dev_close(local->apdev);
if (local->ops->stop)
local->ops->stop(local_to_hw(local));
tasklet_disable(&local->tx_pending_tasklet);
@@ -3098,112 +2977,6 @@ ieee80211_get_rate(struct ieee80211_loca
return NULL;
}
-static void
-ieee80211_fill_frame_info(struct ieee80211_local *local,
- struct ieee80211_frame_info *fi,
- struct ieee80211_rx_status *status)
-{
- if (status) {
- struct timespec ts;
- struct ieee80211_rate *rate;
-
- jiffies_to_timespec(jiffies, &ts);
- fi->hosttime = cpu_to_be64((u64) ts.tv_sec * 1000000 +
- ts.tv_nsec / 1000);
- fi->mactime = cpu_to_be64(status->mactime);
- switch (status->phymode) {
- case MODE_IEEE80211A:
- fi->phytype = htonl(ieee80211_phytype_ofdm_dot11_a);
- break;
- case MODE_IEEE80211B:
- fi->phytype = htonl(ieee80211_phytype_dsss_dot11_b);
- break;
- case MODE_IEEE80211G:
- fi->phytype = htonl(ieee80211_phytype_pbcc_dot11_g);
- break;
- case MODE_ATHEROS_TURBO:
- fi->phytype =
- htonl(ieee80211_phytype_dsss_dot11_turbo);
- break;
- default:
- fi->phytype = htonl(0xAAAAAAAA);
- break;
- }
- fi->channel = htonl(status->channel);
- rate = ieee80211_get_rate(local, status->phymode,
- status->rate);
- if (rate) {
- fi->datarate = htonl(rate->rate);
- if (rate->flags & IEEE80211_RATE_PREAMBLE2) {
- if (status->rate == rate->val)
- fi->preamble = htonl(2); /* long */
- else if (status->rate == rate->val2)
- fi->preamble = htonl(1); /* short */
- } else
- fi->preamble = htonl(0);
- } else {
- fi->datarate = htonl(0);
- fi->preamble = htonl(0);
- }
-
- fi->antenna = htonl(status->antenna);
- fi->priority = htonl(0xffffffff); /* no clue */
- fi->ssi_type = htonl(ieee80211_ssi_raw);
- fi->ssi_signal = htonl(status->ssi);
- fi->ssi_noise = 0x00000000;
- fi->encoding = 0;
- } else {
- /* clear everything because we really don't know.
- * the msg_type field isn't present on monitor frames
- * so we don't know whether it will be present or not,
- * but it's ok to not clear it since it'll be assigned
- * anyway */
- memset(fi, 0, sizeof(*fi) - sizeof(fi->msg_type));
-
- fi->ssi_type = htonl(ieee80211_ssi_none);
- }
- fi->version = htonl(IEEE80211_FI_VERSION);
- fi->length = cpu_to_be32(sizeof(*fi) - sizeof(fi->msg_type));
-}
-
-/* this routine is actually not just for this, but also
- * for pushing fake 'management' frames into userspace.
- * it shall be replaced by a netlink-based system. */
-void
-ieee80211_rx_mgmt(struct ieee80211_local *local, struct sk_buff *skb,
- struct ieee80211_rx_status *status, u32 msg_type)
-{
- struct ieee80211_frame_info *fi;
- const size_t hlen = sizeof(struct ieee80211_frame_info);
- struct ieee80211_sub_if_data *sdata;
-
- skb->dev = local->apdev;
-
- sdata = IEEE80211_DEV_TO_SUB_IF(local->apdev);
-
- if (skb_headroom(skb) < hlen) {
- I802_DEBUG_INC(local->rx_expand_skb_head);
- if (pskb_expand_head(skb, hlen, 0, GFP_ATOMIC)) {
- dev_kfree_skb(skb);
- return;
- }
- }
-
- fi = (struct ieee80211_frame_info *) skb_push(skb, hlen);
-
- ieee80211_fill_frame_info(local, fi, status);
- fi->msg_type = htonl(msg_type);
-
- sdata->stats.rx_packets++;
- sdata->stats.rx_bytes += skb->len;
-
- skb_set_mac_header(skb, 0);
- skb->ip_summed = CHECKSUM_UNNECESSARY;
- skb->pkt_type = PACKET_OTHERHOST;
- skb->protocol = htons(ETH_P_802_2);
- memset(skb->cb, 0, sizeof(skb->cb));
- netif_rx(skb);
-}
static void
ieee80211_rx_monitor(struct net_device *dev, struct sk_buff *skb,
@@ -3271,27 +3044,7 @@ ieee80211_rx_monitor(struct net_device *
int ieee80211_radar_status(struct ieee80211_hw *hw, int channel,
int radar, int radar_type)
{
- struct sk_buff *skb;
- struct ieee80211_radar_info *msg;
- struct ieee80211_local *local = hw_to_local(hw);
-
- if (!local->apdev)
- return 0;
-
- skb = dev_alloc_skb(sizeof(struct ieee80211_frame_info) +
- sizeof(struct ieee80211_radar_info));
-
- if (!skb)
- return -ENOMEM;
- skb_reserve(skb, sizeof(struct ieee80211_frame_info));
-
- msg = (struct ieee80211_radar_info *)
- skb_put(skb, sizeof(struct ieee80211_radar_info));
- msg->channel = channel;
- msg->radar = radar;
- msg->radar_type = radar_type;
-
- ieee80211_rx_mgmt(local, skb, NULL, ieee80211_msg_radar);
+ /* XXX: notify userspace of radar */
return 0;
}
EXPORT_SYMBOL(ieee80211_radar_status);
@@ -3683,34 +3436,25 @@ ieee80211_rx_h_check(struct ieee80211_tx
} else
rx->skb->pkt_type = PACKET_OTHERHOST;
- /* Drop disallowed frame classes based on STA auth/assoc state;
+ /*
+ * Drop disallowed frame classes based on STA auth/assoc state;
* IEEE 802.11, Chap 5.5.
*
- * 80211.o does filtering only based on association state, i.e., it
- * drops Class 3 frames from not associated stations. hostapd sends
- * deauth/disassoc frames when needed. In addition, hostapd is
- * responsible for filtering on both auth and assoc states.
+ * We do filtering only based on association state, i.e., we
+ * drop Class 3 frames from not associated stations. hostapd sends
+ * deauth/disassoc frames when needed, filtering on both auth and
+ * assoc states.
*/
if (unlikely(((rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA ||
((rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_CTL &&
(rx->fc & IEEE80211_FCTL_STYPE) == IEEE80211_STYPE_PSPOLL)) &&
rx->sdata->type != IEEE80211_IF_TYPE_IBSS &&
(!rx->sta || !(rx->sta->flags & WLAN_STA_ASSOC)))) {
- if ((!(rx->fc & IEEE80211_FCTL_FROMDS) &&
- !(rx->fc & IEEE80211_FCTL_TODS) &&
- (rx->fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA)
- || !rx->u.rx.ra_match) {
- /* Drop IBSS frames and frames for other hosts
- * silently. */
- return TXRX_DROP;
- }
-
- if (!rx->local->apdev)
- return TXRX_DROP;
-
- ieee80211_rx_mgmt(rx->local, rx->skb, rx->u.rx.status,
- ieee80211_msg_sta_not_assoc);
- return TXRX_QUEUED;
+ /*
+ * hostapd will see the frame on the monitor iface and
+ * be able to take action, on this interface drop it.
+ */
+ return TXRX_DROP;
}
if (rx->sdata->type == IEEE80211_IF_TYPE_STA)
@@ -3744,12 +3488,8 @@ ieee80211_rx_h_check(struct ieee80211_tx
MAC_ARG(hdr->addr1),
MAC_ARG(hdr->addr2),
MAC_ARG(hdr->addr3));
- if (!rx->local->apdev)
- return TXRX_DROP;
- ieee80211_rx_mgmt(
- rx->local, rx->skb, rx->u.rx.status,
- ieee80211_msg_wep_frame_unknown_key);
- return TXRX_QUEUED;
+ /* XXX: notify userspace of this frame? */
+ return TXRX_DROP;
}
}
}
@@ -3896,13 +3636,8 @@ ieee80211_rx_h_802_1x_pae(struct ieee802
{
if (rx->sdata->eapol && ieee80211_is_eapol(rx->skb) &&
rx->sdata->type != IEEE80211_IF_TYPE_STA && rx->u.rx.ra_match) {
- /* Pass both encrypted and unencrypted EAPOL frames to user
- * space for processing. */
- if (!rx->local->apdev)
- return TXRX_DROP;
- ieee80211_rx_mgmt(rx->local, rx->skb, rx->u.rx.status,
- ieee80211_msg_normal);
- return TXRX_QUEUED;
+ /* hostapd sees them on monitor iface */
+ return TXRX_DROP;
}
if (unlikely(rx->sdata->ieee802_1x &&
@@ -3959,13 +3694,8 @@ ieee80211_rx_h_mgmt(struct ieee80211_txr
sdata->type == IEEE80211_IF_TYPE_IBSS) &&
!rx->local->user_space_mlme) {
ieee80211_sta_rx_mgmt(rx->dev, rx->skb, rx->u.rx.status);
- } else {
- /* Management frames are sent to hostapd for processing */
- if (!rx->local->apdev)
- return TXRX_DROP;
- ieee80211_rx_mgmt(rx->local, rx->skb, rx->u.rx.status,
- ieee80211_msg_normal);
- }
+ } else
+ return TXRX_DROP;
return TXRX_QUEUED;
}
@@ -4072,12 +3802,8 @@ static void ieee80211_rx_michael_mic_rep
/* TODO: consider verifying the MIC error report with software
* implementation if we get too many spurious reports from the
* hardware. */
- if (!rx->local->apdev)
- goto ignore;
- ieee80211_rx_mgmt(rx->local, rx->skb, rx->u.rx.status,
- ieee80211_msg_michael_mic_failure);
- return;
+ /* XXX: notify hostapd */
ignore:
dev_kfree_skb(rx->skb);
rx->skb = NULL;
@@ -4488,8 +4214,12 @@ void ieee80211_tx_status_irqsafe(struct
memcpy(skb->cb, &saved, sizeof(saved));
skb->pkt_type = IEEE80211_TX_STATUS_MSG;
- skb_queue_tail(status->control.flags & IEEE80211_TXCTL_REQ_TX_STATUS ?
- &local->skb_queue : &local->skb_queue_unreliable, skb);
+
+ if (status->control.flags & IEEE80211_TXCTL_RELIABLE_TX_MONITOR)
+ skb_queue_tail(&local->skb_queue, skb);
+ else
+ skb_queue_tail(&local->skb_queue_unreliable, skb);
+
tmp = skb_queue_len(&local->skb_queue) +
skb_queue_len(&local->skb_queue_unreliable);
while (tmp > IEEE80211_IRQSAFE_QUEUE_LIMIT &&
@@ -4554,8 +4284,8 @@ static void ieee80211_remove_tx_extra(st
pkt_data = (struct ieee80211_tx_packet_data *)skb->cb;
pkt_data->ifindex = control->ifindex;
- pkt_data->mgmt_iface = (control->type == IEEE80211_IF_TYPE_MGMT);
- pkt_data->req_tx_status = !!(control->flags & IEEE80211_TXCTL_REQ_TX_STATUS);
+ pkt_data->reliable_tx_mntr = !!(control->flags &
+ IEEE80211_TXCTL_RELIABLE_TX_MONITOR);
pkt_data->do_not_encrypt = !!(control->flags & IEEE80211_TXCTL_DO_NOT_ENCRYPT);
pkt_data->requeue = !!(control->flags & IEEE80211_TXCTL_REQUEUE);
pkt_data->queue = control->queue;
@@ -4610,7 +4340,6 @@ void ieee80211_tx_status(struct ieee8021
struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
struct ieee80211_local *local = hw_to_local(hw);
u16 frag, type;
- u32 msg_type;
struct ieee80211_tx_status_rtap_hdr *rthdr;
struct ieee80211_sub_if_data *sdata;
int monitors;
@@ -4725,34 +4454,14 @@ void ieee80211_tx_status(struct ieee8021
local->dot11FailedCount++;
}
- msg_type = (status->flags & IEEE80211_TX_STATUS_ACK) ?
- ieee80211_msg_tx_callback_ack : ieee80211_msg_tx_callback_fail;
-
- /* this was a transmitted frame, but now we want to reuse it */
- skb_orphan(skb);
-
- if ((status->control.flags & IEEE80211_TXCTL_REQ_TX_STATUS) &&
- local->apdev) {
- if (local->monitors) {
- skb2 = skb_clone(skb, GFP_ATOMIC);
- } else {
- skb2 = skb;
- skb = NULL;
- }
-
- if (skb2)
- /* Send frame to hostapd */
- ieee80211_rx_mgmt(local, skb2, NULL, msg_type);
-
- if (!skb)
- return;
- }
-
if (!local->monitors) {
dev_kfree_skb(skb);
return;
}
+ /* this was a transmitted frame, but now we want to reuse it */
+ skb_orphan(skb);
+
/* send frame to monitor interfaces now */
if (skb_headroom(skb) < sizeof(*rthdr)) {
@@ -4911,7 +4620,7 @@ int ieee80211_if_update_wds(struct net_d
return 0;
}
-/* Must not be called for mdev and apdev */
+/* Must not be called for mdev */
void ieee80211_if_setup(struct net_device *dev)
{
ether_setup(dev);
@@ -4927,28 +4636,13 @@ void ieee80211_if_setup(struct net_devic
dev->destructor = ieee80211_if_free;
}
-void ieee80211_if_mgmt_setup(struct net_device *dev)
-{
- ether_setup(dev);
- dev->hard_start_xmit = ieee80211_mgmt_start_xmit;
- dev->change_mtu = ieee80211_change_mtu_apdev;
- dev->get_stats = ieee80211_get_stats;
- dev->open = ieee80211_mgmt_open;
- dev->stop = ieee80211_mgmt_stop;
- dev->type = ARPHRD_IEEE80211_PRISM;
- dev->hard_header_parse = header_parse_80211;
- dev->uninit = ieee80211_if_reinit;
- dev->destructor = ieee80211_if_free;
-}
-
int ieee80211_init_rate_ctrl_alg(struct ieee80211_local *local,
const char *name)
{
struct rate_control_ref *ref, *old;
ASSERT_RTNL();
- if (local->open_count || netif_running(local->mdev) ||
- (local->apdev && netif_running(local->apdev)))
+ if (local->open_count || netif_running(local->mdev))
return -EBUSY;
ref = rate_control_alloc(name, local);
@@ -5255,8 +4949,6 @@ void ieee80211_unregister_hw(struct ieee
BUG_ON(local->reg_state != IEEE80211_DEV_REGISTERED);
local->reg_state = IEEE80211_DEV_UNREGISTERED;
- if (local->apdev)
- ieee80211_if_del_mgmt(local);
write_lock_bh(&local->sub_if_lock);
list_replace_init(&local->sub_if_list, &tmp_list);
--- wireless-dev.orig/net/mac80211/hostapd_ioctl.h 2007-06-21 11:34:18.908645783 +0200
+++ wireless-dev/net/mac80211/hostapd_ioctl.h 2007-06-21 11:35:20.768645783 +0200
@@ -68,7 +68,6 @@ enum {
PRISM2_PARAM_RADAR_DETECT = 1043,
PRISM2_PARAM_SPECTRUM_MGMT = 1044,
PRISM2_PARAM_USER_SPACE_MLME = 1045,
- PRISM2_PARAM_MGMT_IF = 1046,
};
/* PRISM2_IOCTL_HOSTAPD ioctl() cmd:
--- wireless-dev.orig/net/mac80211/ieee80211_i.h 2007-06-21 11:34:18.998645783 +0200
+++ wireless-dev/net/mac80211/ieee80211_i.h 2007-06-21 11:39:58.038645783 +0200
@@ -135,7 +135,6 @@ struct ieee80211_txrx_data {
* when using CTS protection with IEEE 802.11g. */
struct ieee80211_rate *last_frag_rate;
int last_frag_hwrate;
- int mgmt_interface;
/* Extra fragments (in addition to the first fragment
* in skb) */
@@ -164,10 +163,9 @@ struct ieee80211_txrx_data {
struct ieee80211_tx_packet_data {
int ifindex;
unsigned long jiffies;
- unsigned int req_tx_status:1;
+ unsigned int reliable_tx_mntr:1;
unsigned int do_not_encrypt:1;
unsigned int requeue:1;
- unsigned int mgmt_iface:1;
unsigned int queue:4;
};
@@ -457,7 +455,6 @@ struct ieee80211_local {
struct list_head modes_list;
struct net_device *mdev; /* wmaster# - "master" 802.11 device */
- struct net_device *apdev; /* wlan#ap - management frames (hostapd) */
int open_count;
int monitors;
struct iw_statistics wstats;
@@ -793,8 +790,6 @@ ieee80211_key_data2conf(struct ieee80211
struct ieee80211_key *ieee80211_key_alloc(struct ieee80211_sub_if_data *sdata,
int idx, size_t key_len, gfp_t flags);
void ieee80211_key_free(struct ieee80211_key *key);
-void ieee80211_rx_mgmt(struct ieee80211_local *local, struct sk_buff *skb,
- struct ieee80211_rx_status *status, u32 msg_type);
void ieee80211_prepare_rates(struct ieee80211_local *local,
struct ieee80211_hw_mode *mode);
void ieee80211_tx_set_iswep(struct ieee80211_txrx_data *tx);
@@ -802,7 +797,6 @@ int ieee80211_if_update_wds(struct net_d
int ieee80211_monitor_start_xmit(struct sk_buff *skb, struct net_device *dev);
int ieee80211_subif_start_xmit(struct sk_buff *skb, struct net_device *dev);
void ieee80211_if_setup(struct net_device *dev);
-void ieee80211_if_mgmt_setup(struct net_device *dev);
int ieee80211_init_rate_ctrl_alg(struct ieee80211_local *local,
const char *name);
struct net_device_stats *ieee80211_dev_stats(struct net_device *dev);
@@ -898,8 +892,6 @@ void __ieee80211_if_del(struct ieee80211
int ieee80211_if_remove(struct net_device *dev, const char *name, int id);
void ieee80211_if_free(struct net_device *dev);
void ieee80211_if_sdata_init(struct ieee80211_sub_if_data *sdata);
-int ieee80211_if_add_mgmt(struct ieee80211_local *local);
-void ieee80211_if_del_mgmt(struct ieee80211_local *local);
/* regdomain.c */
void ieee80211_regdomain_init(void);
--- wireless-dev.orig/net/mac80211/ieee80211_iface.c 2007-06-21 11:34:19.028645783 +0200
+++ wireless-dev/net/mac80211/ieee80211_iface.c 2007-06-21 11:35:20.768645783 +0200
@@ -97,60 +97,6 @@ fail:
return ret;
}
-int ieee80211_if_add_mgmt(struct ieee80211_local *local)
-{
- struct net_device *ndev;
- struct ieee80211_sub_if_data *nsdata;
- int ret;
-
- ASSERT_RTNL();
-
- ndev = alloc_netdev(sizeof(struct ieee80211_sub_if_data), "wmgmt%d",
- ieee80211_if_mgmt_setup);
- if (!ndev)
- return -ENOMEM;
- ret = dev_alloc_name(ndev, ndev->name);
- if (ret < 0)
- goto fail;
-
- memcpy(ndev->dev_addr, local->hw.wiphy->perm_addr, ETH_ALEN);
- SET_NETDEV_DEV(ndev, wiphy_dev(local->hw.wiphy));
-
- nsdata = IEEE80211_DEV_TO_SUB_IF(ndev);
- ndev->ieee80211_ptr = &nsdata->wdev;
- nsdata->wdev.wiphy = local->hw.wiphy;
- nsdata->type = IEEE80211_IF_TYPE_MGMT;
- nsdata->dev = ndev;
- nsdata->local = local;
- ieee80211_if_sdata_init(nsdata);
-
- ret = register_netdevice(ndev);
- if (ret)
- goto fail;
-
- ieee80211_debugfs_add_netdev(nsdata);
-
- if (local->open_count > 0)
- dev_open(ndev);
- local->apdev = ndev;
- return 0;
-
-fail:
- free_netdev(ndev);
- return ret;
-}
-
-void ieee80211_if_del_mgmt(struct ieee80211_local *local)
-{
- struct net_device *apdev;
-
- ASSERT_RTNL();
- apdev = local->apdev;
- ieee80211_debugfs_remove_netdev(IEEE80211_DEV_TO_SUB_IF(apdev));
- local->apdev = NULL;
- unregister_netdevice(apdev);
-}
-
void ieee80211_if_set_type(struct net_device *dev, int type)
{
struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
@@ -362,11 +308,8 @@ int ieee80211_if_remove(struct net_devic
void ieee80211_if_free(struct net_device *dev)
{
- struct ieee80211_local *local = wdev_priv(dev->ieee80211_ptr);
struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(dev);
- /* local->apdev must be NULL when freeing management interface */
- BUG_ON(dev == local->apdev);
ieee80211_if_sdata_deinit(sdata);
free_netdev(dev);
}
--- wireless-dev.orig/net/mac80211/ieee80211_ioctl.c 2007-06-21 11:34:19.088645783 +0200
+++ wireless-dev/net/mac80211/ieee80211_ioctl.c 2007-06-21 11:35:20.768645783 +0200
@@ -2476,16 +2476,6 @@ static int ieee80211_ioctl_prism2_param(
case PRISM2_PARAM_SPECTRUM_MGMT:
local->hw.conf.spect_mgmt = value;
break;
- case PRISM2_PARAM_MGMT_IF:
- if (value == 1) {
- if (!local->apdev)
- ret = ieee80211_if_add_mgmt(local);
- } else if (value == 0) {
- if (local->apdev)
- ieee80211_if_del_mgmt(local);
- } else
- ret = -EINVAL;
- break;
case PRISM2_PARAM_USER_SPACE_MLME:
local->user_space_mlme = value;
break;
@@ -2663,12 +2653,6 @@ static int ieee80211_ioctl_get_prism2_pa
else
*param = !!sdata->u.sta.wmm_enabled;
break;
- case PRISM2_PARAM_MGMT_IF:
- if (local->apdev)
- *param = local->apdev->ifindex;
- else
- ret = -ENOENT;
- break;
case PRISM2_PARAM_USER_SPACE_MLME:
*param = local->user_space_mlme;
break;
--- wireless-dev.orig/net/mac80211/wpa.c 2007-06-21 11:34:19.108645783 +0200
+++ wireless-dev/net/mac80211/wpa.c 2007-06-21 11:35:20.768645783 +0200
@@ -14,7 +14,6 @@
#include <net/iw_handler.h>
#include <net/mac80211.h>
-#include "ieee80211_common.h"
#include "ieee80211_i.h"
#include "michael.h"
#include "tkip.h"
@@ -265,13 +264,8 @@ ieee80211_rx_h_michael_mic_verify(struct
kfree(buf);
} while (0);
- if (!rx->local->apdev)
- return TXRX_DROP;
-
- ieee80211_rx_mgmt(rx->local, rx->skb, rx->u.rx.status,
- ieee80211_msg_michael_mic_failure);
-
- return TXRX_QUEUED;
+ /* XXX: notify userspace of mic failure */
+ return TXRX_DROP;
}
remove_mic:
--- wireless-dev.orig/include/net/mac80211.h 2007-06-21 11:34:19.338645783 +0200
+++ wireless-dev/include/net/mac80211.h 2007-06-21 11:39:35.808645783 +0200
@@ -174,8 +174,9 @@ struct ieee80211_tx_control {
* specific value for the rate (from
* struct ieee80211_rate) */
-#define IEEE80211_TXCTL_REQ_TX_STATUS (1<<0)/* request TX status callback for
- * this frame */
+#define IEEE80211_TXCTL_RELIABLE_TX_MONITOR (1<<0) /* reliable TX monitor for
+ * for this frame (internal)
+ */
#define IEEE80211_TXCTL_DO_NOT_ENCRYPT (1<<1) /* send this frame without
* encryption; e.g., for EAPOL
* frames */
@@ -315,8 +316,6 @@ struct ieee80211_conf {
* enum ieee80211_if_types - types of 802.11 network interfaces
*
* @IEEE80211_IF_TYPE_AP: interface in AP mode.
- * @IEEE80211_IF_TYPE_MGMT: special interface for communication with hostap
- * daemon. Drivers should never see this type.
* @IEEE80211_IF_TYPE_STA: interface in STA (client) mode.
* @IEEE80211_IF_TYPE_IBSS: interface in IBSS (ad-hoc) mode.
* @IEEE80211_IF_TYPE_MNTR: interface in monitor (rfmon) mode.
@@ -325,7 +324,6 @@ struct ieee80211_conf {
*/
enum ieee80211_if_types {
IEEE80211_IF_TYPE_AP = 0x00000000,
- IEEE80211_IF_TYPE_MGMT = 0x00000001,
IEEE80211_IF_TYPE_STA = 0x00000002,
IEEE80211_IF_TYPE_IBSS = 0x00000003,
IEEE80211_IF_TYPE_MNTR = 0x00000004,
--- wireless-dev.orig/net/mac80211/ieee80211_sta.c 2007-06-21 11:34:19.178645783 +0200
+++ wireless-dev/net/mac80211/ieee80211_sta.c 2007-06-21 11:35:20.778645783 +0200
@@ -459,7 +459,6 @@ static void ieee80211_sta_tx(struct net_
pkt_data = (struct ieee80211_tx_packet_data *) skb->cb;
memset(pkt_data, 0, sizeof(struct ieee80211_tx_packet_data));
pkt_data->ifindex = sdata->dev->ifindex;
- pkt_data->mgmt_iface = (sdata->type == IEEE80211_IF_TYPE_MGMT);
pkt_data->do_not_encrypt = !encrypt;
dev_queue_xmit(skb);
--- wireless-dev.orig/net/mac80211/wme.c 2007-06-21 11:34:19.198645783 +0200
+++ wireless-dev/net/mac80211/wme.c 2007-06-21 11:35:20.838645783 +0200
@@ -168,8 +168,6 @@ static inline int classify80211(struct s
struct ieee80211_local *local = wdev_priv(qd->dev->ieee80211_ptr);
struct ieee80211_sub_if_data *sdata = IEEE80211_DEV_TO_SUB_IF(qd->dev);
struct ieee80211_if_sta *ifsta = &sdata->u.sta;
- struct ieee80211_tx_packet_data *pkt_data =
- (struct ieee80211_tx_packet_data *) skb->cb;
struct ieee80211_hdr *hdr = (struct ieee80211_hdr *) skb->data;
unsigned short fc = le16_to_cpu(hdr->frame_control);
int qos, tsid, dir;
@@ -182,7 +180,7 @@ static inline int classify80211(struct s
return IEEE80211_TX_QUEUE_DATA0;
}
- if (unlikely(pkt_data->mgmt_iface)) {
+ if (0 /* XXX: inject flag? */) {
/* Data frames from hostapd (mainly, EAPOL) use AC_VO
* and they will include QoS control fields if
* the target STA is using WME. */
--- wireless-dev.orig/net/mac80211/ieee80211_common.h 2007-06-21 11:34:19.268645783 +0200
+++ /dev/null 1970-01-01 00:00:00.000000000 +0000
@@ -1,93 +0,0 @@
-/*
- * IEEE 802.11 driver (80211.o) -- hostapd interface
- * Copyright 2002-2004, Instant802 Networks, Inc.
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License version 2 as
- * published by the Free Software Foundation.
- */
-
-#ifndef IEEE80211_COMMON_H
-#define IEEE80211_COMMON_H
-
-#include <linux/types.h>
-
-/*
- * This is common header information with user space. It is used on all
- * frames sent to wlan#ap interface.
- */
-
-#define IEEE80211_FI_VERSION 0x80211001
-
-struct ieee80211_frame_info {
- __be32 version;
- __be32 length;
- __be64 mactime;
- __be64 hosttime;
- __be32 phytype;
- __be32 channel;
- __be32 datarate;
- __be32 antenna;
- __be32 priority;
- __be32 ssi_type;
- __be32 ssi_signal;
- __be32 ssi_noise;
- __be32 preamble;
- __be32 encoding;
-
- /* Note: this structure is otherwise identical to capture format used
- * in linux-wlan-ng, but this additional field is used to provide meta
- * data about the frame to hostapd. This was the easiest method for
- * providing this information, but this might change in the future. */
- __be32 msg_type;
-} __attribute__ ((packed));
-
-
-enum ieee80211_msg_type {
- ieee80211_msg_normal = 0,
- ieee80211_msg_tx_callback_ack = 1,
- ieee80211_msg_tx_callback_fail = 2,
- /* hole at 3, was ieee80211_msg_passive_scan but unused */
- ieee80211_msg_wep_frame_unknown_key = 4,
- ieee80211_msg_michael_mic_failure = 5,
- /* hole at 6, was monitor but never sent to userspace */
- ieee80211_msg_sta_not_assoc = 7,
- /* 8 was ieee80211_msg_set_aid_for_sta */
- ieee80211_msg_key_threshold_notification = 9,
- ieee80211_msg_radar = 11,
-};
-
-struct ieee80211_msg_key_notification {
- int tx_rx_count;
- char ifname[IFNAMSIZ];
- u8 addr[ETH_ALEN]; /* ff:ff:ff:ff:ff:ff for broadcast keys */
-};
-
-
-enum ieee80211_phytype {
- ieee80211_phytype_fhss_dot11_97 = 1,
- ieee80211_phytype_dsss_dot11_97 = 2,
- ieee80211_phytype_irbaseband = 3,
- ieee80211_phytype_dsss_dot11_b = 4,
- ieee80211_phytype_pbcc_dot11_b = 5,
- ieee80211_phytype_ofdm_dot11_g = 6,
- ieee80211_phytype_pbcc_dot11_g = 7,
- ieee80211_phytype_ofdm_dot11_a = 8,
- ieee80211_phytype_dsss_dot11_turbog = 255,
- ieee80211_phytype_dsss_dot11_turbo = 256,
-};
-
-enum ieee80211_ssi_type {
- ieee80211_ssi_none = 0,
- ieee80211_ssi_norm = 1, /* normalized, 0-1000 */
- ieee80211_ssi_dbm = 2,
- ieee80211_ssi_raw = 3, /* raw SSI */
-};
-
-struct ieee80211_radar_info {
- int channel;
- int radar;
- int radar_type;
-};
-
-#endif /* IEEE80211_COMMON_H */
On Sat, 2007-06-23 at 09:29 +0100, Andy Green wrote:
> I've converted the injection patches and packetspammer[1] to use this
> encapsulation method. I added
>
> #define ETH_P_80211_RT 0x001B /* Radiotap + 80211 encapsulation */
>
> to ./include/linux/if_ether.h to define the new ethtype.
>
> My results at the moment are that my encapsulated injected packets are
> dropped before reaching wlan0's dev->hard_start_xmit(), but if I send
> them to a second network interface for the same device configured into
> monitor mode, then they are injected correctly and go out on the air.
>
> Any ideas about where to look or what to do about the packets getting
> dropped on wlan0?
Possibly the reframing code simply doesn't udnerstand and thus kills the
packets?
johannes
Johannes Berg wrote:
>> but actually I quite liked your encapsulation
>> thing -- in itself is compatible with working in any mode. The only
>> problem with it right now is that it seems when mananged mode interfaces
>> are not associated, they are in a netif_carrier_off() state or similar.
>
> Oh, good point, I forgot about that in my other reply. Yeah, we really
> want to go to IFF_DORMANT too and that really stops us from doing
> anything. Also, if we do QoS on the interfaces then the qdisc might end
> up dropping our packets if we don't do special hacks around that, again
> something we cannot accept.
That definitely is a bit of a problem for using Managed mode wlan0 for
injection, since it shuts off packets outside of mac80211 when
unassociated. The "solution" if one was wanted would be to stop using
the interface-level mechanism and let everything through and filter in
hard_start_xmit() so only injected packets were accepted.
This is only the case on managed mode interfaces though, a feature of
the encapsulated method was that it removed the dependence on
specifically Monitor Mode to determine that an incoming TX packet had
the radiotap format -- aside from Managed it still works fine on Monitor
Mode interfaces (and presumably the other modes) with or without an
associated interface on the device. To be clear it works exactly the
same on Monitor Mode as Try #13 just requiring a 14-byte ethhdr at the
start of the injected packet.
Anyway I don't want to argue myself out of an ACK ;-) I think what I'll
do is post a try #14 using encapsulation that works on wlan0 too but
needs it associated, but on the understanding that try #13 is not
deprecated if people prefer it.
-Andy
On Sun, 24 Jun 2007 09:39:28 +0100, Andy Green wrote:
> Anyway I don't want to argue myself out of an ACK ;-) I think what I'll
> do is post a try #14 using encapsulation that works on wlan0 too but
> needs it associated, but on the understanding that try #13 is not
> deprecated if people prefer it.
Although that thing was my idea, I prefer #13. I think Johannes said that
too and given the fact that #14 is just a subset of #13 (regarding
functionality), you can save some time by not working on #14 ;-)
The only advantage of this would be not having monitor interface when using
tools like aircrack. But this is so specific usage that we don't care.
Jiri
--
Jiri Benc
SUSE Labs
On Fri, 22 Jun 2007 15:29:05 +0100, Andy Green wrote:
> But for any nontrivial use, you need to capture RX and not blindly
> inject, and so you have a monitor mode interface up anyway.
No, why? You can encapsulate received management frames (only the ones
that need to go to user space or so) in the same way and send them
through the regular interface.
Jiri
--
Jiri Benc
SUSE Labs
Johannes Berg wrote:
> On the other hand, I do consider userspace MLME needs slightly
> different; it needs to be able to have frames encrypted, needs to see
> frames that have been decrypted even though they would otherwise be
> dropped [and this is very different to what you want], and probably
> more.
Fair enough, but injection is a separate issue from RX, despite one
usually needs both. That there is no standard way to inject on
mac80211, regardless of the RX situation is a major lack. If injection
is not treated as a separate valid action then it will constantly be
delayed as part of some larger effort, when it is valuable in itself.
But Jiri's encapsulation method is an improvement if it can be
implemented okay for unassociated interfaces and so on.
> I haven't seen a good proposal to unify this. To me, Jiri's proposal of
> packing what is essentially out-of-band data into some sort of special
> frames is no use, and your proposal to use monitor mode interfaces is
> perfect for the first use case, but still leaves us with more
> out-of-band data that the userspace MLME needs and hence doesn't gain us
> much.
Understood, it doesn't affect injection though. Also the kernel packet
filter stuff can easily filter on the ethertype part of the encapsulated
packets.
> Who started this anti-nl80211 thing anyway? I still don't see what's so
> wrong with sending frames down a PF_NETLINK socket rather than a
> PF_PACKET socket.
I don't have anything against it, but for me the packets I am injecting
are normal network traffic and sending them like that seems the most
natural way. For RX down in userspace it is marginally simpler to use
libpcap monitoring and the same handle for injection and rx. I
definitely think having two paths to injection is not necessary, but for
splitting out normally invisible management packets to go down a
separate netlink socket instead of encapsulating them I don't mind
either way.
-Andy
Jiri Benc wrote:
> On Thu, 21 Jun 2007 14:45:19 +0200, Johannes Berg wrote:
>> On Thu, 2007-06-21 at 14:35 +0200, Jiri Benc wrote:
>>
>>> 1. I'm still not sure if using monitor interface for this purpose is a
>>> good idea. Given the fact we want to switch to user space MLME, this
>>> will mean that at least one monitor interface is always present. So we
>>> got rid of management interface just to introduce another user visible
>>> magic interface.
>> Well, that's not a bad point, but at least it's not created via magic
>> ioctls etc.
>
> That's true. Still, couldn't we find a better solution?
There probably isn't a better solution for passing actual packets back
and forth than an actual network interface. They are made for the task,
solid and well debugged, and can deal with heavy traffic cleanly.
> I know that netlink isn't designed for this kind of things. But if we
> don't have any other idea, I'd still prefer that over a dedicated
> network interface.
If the only objection to the network interface is purely cosmetic in
usermode, and there is no technical complaint about it otherwise, maybe
changing it is not the right answer. For example if the spawned
interface naming followed a convention like .wlan0_mlme consistently,
usermode apps could filter on that. Although I admit the 2001 release
date of latest net-tools does not hold out much hope for ifconfig...
http://www.tazenda.demon.co.uk/phil/net-tools/
-Andy
Is there any way you can make your mails thread correctly? Maybe by
using a proper MUA?
> Regarding user-space MLME and special interfaces:
> mac80211 allows for multiple virtual interfaces on top of one physical NIC, right?
> Can one run multiple MLME (e.g. hostapd) instances to run multiple virtual master mode interfaces
> for different networks? With different BSSID?
Only if the underlaying hardware and driver support that. No current
drivers do.
johannes
On Fri, 22 Jun 2007 17:30:21 +0200, Johannes Berg wrote:
> In addition, we still have the problem with receiving encrypted eapol
> frames etc. that we really need to see unencrypted but can't make it to
> the network interface.
Hm, are you able to get such management frames if you're not root (or
has CAP_NET_RAW capabilities)?
> I'm still for using netlink. It's just a socket too after all, and
> what's the conceptual difference between packing network packets into
> other packets or packing them into netlink messages? I don't see why
> people are so dead set against using nl80211 for the userspace MLME
> needs including frame stuff.
I think netlink is fine if it is used for injection too (at least of
management frames and WPA stuff).
Jiri
--
Jiri Benc
SUSE Labs
On Thu, 2007-06-21 at 06:35 -0700, Jouni Malinen wrote:
> I don't really see need for getting rid of the management interface, but
> if there is consensus on doing that,
I think the ugliest point is that you need to do voodoo to conjure it :)
> we would need to have another way
> of being able to receive and transmit management frames and data frames
> from/to user space in a way that provides at least following
> functionality:
> - transmit management frames at high priority
> - control whether transmitted frames will be encrypted or not
> - get callback to report TX status for unicast frames (whether the
> receiver sent control::ack for the frame)
> - receive management frames
> - delivery of notifications to user space for Michael MIC errors and
> other similar events
That all seems doable with some patches adding to the patches I had
posted before the one we're discussing.
> - receive data frames EAPOL/etc. ethertypes in decrypted form
This looks like a show-stopper.
Also the fact that then we don't need to add at least the flag "monitor
without leaving power save" which is fairly problematic to define
API-wise.
Plus Jiri's point that having a second interface open [1] is still ugly.
I don't even disagree, but until now I didn't have a better reason to
repudiate the monitor mode idea. I suppose that actually working in this
area made us all see the issues better (you've listed exactly the issues
but I had to extract those points from the code).
johannes
[1] and network manager hates that, it'll take the first opportunity it
has to convert monitor interfaces back to managed mode, at least if
they're alphabetically before the managed mode interface
On Sat, 2007-06-23 at 13:23 +0100, Andy Green wrote:
> Jiri Benc wrote:
> > On Sat, 23 Jun 2007 08:53:50 +0200, Johannes Berg wrote:
> >> Who started this anti-nl80211 thing anyway? I still don't see what's so
> >> wrong with sending frames down a PF_NETLINK socket rather than a
> >> PF_PACKET socket.
> >
> > Perhaps it was just my misunderstanding about the monitor interface tx
> > injection patches; I though this mechanism should be used for hostapd and
> > user space MLME, which I consider wrong. Johannes' comment about different
> > needs (and thus having both injection through monitor iface and through
> > netlink) makes perfectly sense, though.
> >
> > Andy, is using a monitor interface (for both injecting and receiving of
> > frames) acceptable for you? If yes, let's drop my proposal (I said it might
> > turn up to be useless :-)), apply patches for monitor iface injection and
> > implement a netlink soultion as a replacement of the current management
> > interface.
>
> Yes the existing Monitor Mode Try #13 is fine for me and the userland
> projects I know about,
:)
> but actually I quite liked your encapsulation
> thing -- in itself is compatible with working in any mode. The only
> problem with it right now is that it seems when mananged mode interfaces
> are not associated, they are in a netif_carrier_off() state or similar.
Oh, good point, I forgot about that in my other reply. Yeah, we really
want to go to IFF_DORMANT too and that really stops us from doing
anything. Also, if we do QoS on the interfaces then the qdisc might end
up dropping our packets if we don't do special hacks around that, again
something we cannot accept.
johannes
On Sun, 2007-06-24 at 09:51 +0100, Andy Green wrote:
> The thing that it buys is allowing injection in a standardized format on
> interfaces in any mode. Currently the fact that a TX packet comes on a
> Monitor Mode interface is used to infer the format of it, that it will
> have a radiotap header. That's not too ugly, but allowing
> injection/radiotap format packets to be accepted on any interface in any
> mode (eg, Master) and to use an ethhdr to determine the structure of the
> packet is a bit more general and clean, since that is the job of the
> ethhdr everywhere.
The real question IMHO is if we actually want that. And I don't think
we'll find an easy solution for say the qdisc dropping the packet before
we see it.
> It'll be interesting to see what the genuine primitives are for the MLME
> after you are finished ejecting the ioctl type cruft. I don't have much
> idea of what is truly needed as it stands.
I think I'm pretty much done killing all the currently unused ioctls.
Jouni's mail contained a short overview that seemed fairly complete
though lacking details.
johannes
On Thu, 2007-06-21 at 22:05 -0700, Michael Wu wrote:
> > - receive data frames EAPOL/etc. ethertypes in decrypted form
> We should be able to receive this on the other interface which is handling all
> the data frames, right?
No, they need to be dropped by the kernel in most cases afaict and
should never make it to that interface.
johannes
On Fri, 2007-06-22 at 15:29 +0100, Andy Green wrote:
> > I have a new idea. Maybe it will turn out to have fatal design or
> > implementation problems, but anyway.
> But for any nontrivial use, you need to capture RX and not blindly
> inject, and so you have a monitor mode interface up anyway. The
> footprint in the political networking space is less if it just goes in
> as a monitor mode TX action.
In addition, we still have the problem with receiving encrypted eapol
frames etc. that we really need to see unencrypted but can't make it to
the network interface.
I'm still for using netlink. It's just a socket too after all, and
what's the conceptual difference between packing network packets into
other packets or packing them into netlink messages? I don't see why
people are so dead set against using nl80211 for the userspace MLME
needs including frame stuff.
johannes
On Thu, 2007-06-21 at 14:35 +0200, Jiri Benc wrote:
> 1. I'm still not sure if using monitor interface for this purpose is a
> good idea. Given the fact we want to switch to user space MLME, this
> will mean that at least one monitor interface is always present. So we
> got rid of management interface just to introduce another user visible
> magic interface.
Well, that's not a bad point, but at least it's not created via magic
ioctls etc.
> 2. How is hostapd (or other programs) supposed to connect frames
> returned on monitor interface with frames it sent? Does it need to
> remember each sent frame and compare it with the ones received through
> the monitor interface? (It probably wouldn't work anyway because of seq
> numbers, sw encryption, etc).
Actually, I first thought that as well, but in fact the userspace MLME
in wpa_supplicant doesn't even need to connect these events, it simply
checks which auth sequence number it sent and then assumes that whatever
it did was correct and adds the sta to the associated/auth list on the
callback.
johannes
Jiri Benc wrote:
> On Fri, 22 Jun 2007 15:29:05 +0100, Andy Green wrote:
>> But for any nontrivial use, you need to capture RX and not blindly
>> inject, and so you have a monitor mode interface up anyway.
>
> No, why? You can encapsulate received management frames (only the ones
> that need to go to user space or so) in the same way and send them
> through the regular interface.
For my usage case I want specific unencrypted packets filtered by a MAC
address that isn't part of the authenticated network, so the reception
action needs to be effectively promisc a la Monitor mode, not just
"received management frames". But I guess it can be done with IFF_PROMISC.
By piping everything down "wlan0" normal packets will not have the
radiotap metadata on their capture, but presumably the abnormal packets
can have it via a special ethernet frame type + radiotap header. Maybe
it doesn't matter for any actual use.
-Andy
On Sat, 23 Jun 2007 08:53:50 +0200, Johannes Berg wrote:
> Who started this anti-nl80211 thing anyway? I still don't see what's so
> wrong with sending frames down a PF_NETLINK socket rather than a
> PF_PACKET socket.
Perhaps it was just my misunderstanding about the monitor interface tx
injection patches; I though this mechanism should be used for hostapd and
user space MLME, which I consider wrong. Johannes' comment about different
needs (and thus having both injection through monitor iface and through
netlink) makes perfectly sense, though.
Andy, is using a monitor interface (for both injecting and receiving of
frames) acceptable for you? If yes, let's drop my proposal (I said it might
turn up to be useless :-)), apply patches for monitor iface injection and
implement a netlink soultion as a replacement of the current management
interface.
Thanks,
Jiri
--
Jiri Benc
SUSE Labs
On Thu, 21 Jun 2007 11:42:19 +0200, Johannes Berg wrote:
> This patch kills the management interface type now that we can
> see transmitted frames on monitor interfaces.
>
> I renamed the req_tx_status to reliable_tx_mntr and the flag
> constant as well since that's what they now mean. It is always
> set for injected frames so that hostapd can rely on seeing the
> frames it sent.
I have two comments.
1. I'm still not sure if using monitor interface for this purpose is a
good idea. Given the fact we want to switch to user space MLME, this
will mean that at least one monitor interface is always present. So we
got rid of management interface just to introduce another user visible
magic interface.
2. How is hostapd (or other programs) supposed to connect frames
returned on monitor interface with frames it sent? Does it need to
remember each sent frame and compare it with the ones received through
the monitor interface? (It probably wouldn't work anyway because of seq
numbers, sw encryption, etc).
Maybe allowing to put some stamp on injected frames (in a radiotap
header?) and keep the stamp in frames returned through monitor
interface (again, in the radiotap header?) would solve all those
problems. When the stamp field is not present, the frame needs not to
be returned.
But I'd prefer some other solution than using monitor interface for
this stuff.
> There are a few minor remaining problems:
> * some notifications are now missing
> (radar, key threshold, michael MIC failure, wep unknown key)
> [radar, key threshold aren't used anywhere so can probably
> be left out for now]
> * injected frames aren't sent to AC_VO pending on the radiotap
> definition for access category
> * rate control extra.mgmt_data isn't properly assigned
>
> The biggest problem, however, and I'm not sure how to solve it, is
> that hostapd will see either encrypted or unencrypted frames on the
> monitor interface depending on whether hardware encryption is used
> or not. However, hostapd really needs to see eapol frames to do
> whatever it needs to with them. Right now, I don't really have an
> idea except maybe to send these packets to hostapd via nl80211,
> or to introduce some sort of "decrypted soft monitor" iface.
Using stamps (independent of the mechanism used for handing frames from
and to user space MLME) could solve this.
Thanks,
Jiri
--
Jiri Benc
SUSE Labs
Jiri Benc wrote:
> On Thu, 21 Jun 2007 15:14:41 +0200, Jiri Benc wrote:
>> That's true. Still, couldn't we find a better solution?
>
> I have a new idea. Maybe it will turn out to have fatal design or
> implementation problems, but anyway.
>
> First, I thought how all of this would be easier if we have a native
> 802.11 (virtual) interfaces and don't translate from Ethernet. Then I
> realized it wouldn't help us much - we want to specify some parameters
> for each frame, so we'd have to use some encapsulation anyway to allow
> radiotap headers. Hm, wait a moment - why we cannot use the
> encapsulation we currently have? That means, why can't we encapsulate
> raw 802.11 frames in Ethernet frames?
>
> Before you reject the whole idea, please think a moment about it.
I don't reject it at all, it's fine for injection.
But for any nontrivial use, you need to capture RX and not blindly
inject, and so you have a monitor mode interface up anyway. The
footprint in the political networking space is less if it just goes in
as a monitor mode TX action.
-Andy
On Thu, Jun 21, 2007 at 11:42:19AM +0200, Johannes Berg wrote:
> This patch kills the management interface type now that we can
> see transmitted frames on monitor interfaces.
Has someone tested that this works with programs that use the management
interface (mainly, hostapd and wpa_supplicant)? Is all the needed
functionality available with the alternative solution?
> I renamed the req_tx_status to reliable_tx_mntr and the flag
> constant as well since that's what they now mean. It is always
> set for injected frames so that hostapd can rely on seeing the
> frames it sent.
I'm not sure I follow this explanation fully.. How would hostapd learn
whether the destination address acknowledged a unicast frame?
> There are a few minor remaining problems:
> * some notifications are now missing
> (radar, key threshold, michael MIC failure, wep unknown key)
> [radar, key threshold aren't used anywhere so can probably
> be left out for now]
I would not remove key threshold notification and we must most certainly
not remove Michal MIC failure before there is a reliable way of doing
the same functionality.
> * injected frames aren't sent to AC_VO pending on the radiotap
> definition for access category
This is not good either since management frames should be sent at a high
priority.
> The biggest problem, however, and I'm not sure how to solve it, is
> that hostapd will see either encrypted or unencrypted frames on the
> monitor interface depending on whether hardware encryption is used
> or not. However, hostapd really needs to see eapol frames to do
> whatever it needs to with them. Right now, I don't really have an
> idea except maybe to send these packets to hostapd via nl80211,
> or to introduce some sort of "decrypted soft monitor" iface.
If I've understood correctly (please correct me, if not), this patch is
proposing to remove an interface that works currently and leave the
stack in state that does not work. I can only strongly recommend this
patch not to be applied at this point. It is not a good direction to
start removing working code before there is a good alternative available
and that alternative has actually been tested to provide the needed
functionality.
I don't really see need for getting rid of the management interface, but
if there is consensus on doing that, we would need to have another way
of being able to receive and transmit management frames and data frames
from/to user space in a way that provides at least following
functionality:
- transmit management frames at high priority
- control whether transmitted frames will be encrypted or not
- get callback to report TX status for unicast frames (whether the
receiver sent control::ack for the frame)
- receive management frames
- receive data frames EAPOL/etc. ethertypes in decrypted form
- delivery of notifications to user space for Michael MIC errors and
other similar events
--
Jouni Malinen PGP id EFC895FA
On Sat, 2007-06-23 at 06:58 +0100, Andy Green wrote:
> Johannes Berg wrote:
>
> >> I think netlink is fine if it is used for injection too (at least of
> >> management frames and WPA stuff).
> >
> > I don't disagree. I'd even say that having both injection interfaces is
> > fine since they really cover different use cases.
>
> What are these different usage cases such that you need to maintain the
> two different ways of doing it?
Well one is yours which is rather similar to the "security-related"
tools (airsnort, aireplay, ...), you want to be able to send the frame
as much as you hand it to the kernel as possible.
On the other hand, I do consider userspace MLME needs slightly
different; it needs to be able to have frames encrypted, needs to see
frames that have been decrypted even though they would otherwise be
dropped [and this is very different to what you want], and probably
more.
I haven't seen a good proposal to unify this. To me, Jiri's proposal of
packing what is essentially out-of-band data into some sort of special
frames is no use, and your proposal to use monitor mode interfaces is
perfect for the first use case, but still leaves us with more
out-of-band data that the userspace MLME needs and hence doesn't gain us
much.
Who started this anti-nl80211 thing anyway? I still don't see what's so
wrong with sending frames down a PF_NETLINK socket rather than a
PF_PACKET socket.
johannes
Johannes Berg wrote:
>> I think netlink is fine if it is used for injection too (at least of
>> management frames and WPA stuff).
>
> I don't disagree. I'd even say that having both injection interfaces is
> fine since they really cover different use cases.
What are these different usage cases such that you need to maintain the
two different ways of doing it?
-Andy
Jiri Benc wrote:
> On Sat, 23 Jun 2007 08:53:50 +0200, Johannes Berg wrote:
>> Who started this anti-nl80211 thing anyway? I still don't see what's so
>> wrong with sending frames down a PF_NETLINK socket rather than a
>> PF_PACKET socket.
>
> Perhaps it was just my misunderstanding about the monitor interface tx
> injection patches; I though this mechanism should be used for hostapd and
> user space MLME, which I consider wrong. Johannes' comment about different
> needs (and thus having both injection through monitor iface and through
> netlink) makes perfectly sense, though.
>
> Andy, is using a monitor interface (for both injecting and receiving of
> frames) acceptable for you? If yes, let's drop my proposal (I said it might
> turn up to be useless :-)), apply patches for monitor iface injection and
> implement a netlink soultion as a replacement of the current management
> interface.
Yes the existing Monitor Mode Try #13 is fine for me and the userland
projects I know about, but actually I quite liked your encapsulation
thing -- in itself is compatible with working in any mode. The only
problem with it right now is that it seems when mananged mode interfaces
are not associated, they are in a netif_carrier_off() state or similar.
If in the future it becomes possible to via netlink to target types of
packets to come down any interface in encapsulated bubbles, then
possibly it makes sense to use the encapsulated version. But of course
either way will be great compared to nothing.
-Andy
On Thu, 21 Jun 2007 14:45:19 +0200, Johannes Berg wrote:
> On Thu, 2007-06-21 at 14:35 +0200, Jiri Benc wrote:
>
> > 1. I'm still not sure if using monitor interface for this purpose is a
> > good idea. Given the fact we want to switch to user space MLME, this
> > will mean that at least one monitor interface is always present. So we
> > got rid of management interface just to introduce another user visible
> > magic interface.
>
> Well, that's not a bad point, but at least it's not created via magic
> ioctls etc.
That's true. Still, couldn't we find a better solution?
I know that netlink isn't designed for this kind of things. But if we
don't have any other idea, I'd still prefer that over a dedicated
network interface.
> Actually, I first thought that as well, but in fact the userspace MLME
> in wpa_supplicant doesn't even need to connect these events, it simply
> checks which auth sequence number it sent and then assumes that whatever
> it did was correct and adds the sta to the associated/auth list on the
> callback.
If some program needs to get frames it injected back with a status,
there should exist an easy way to determine which status corresponds
with which frame. If there is no need to determine this, what is the
reason for returning back injected frames in the first place?
Jiri
--
Jiri Benc
SUSE Labs
Johannes Berg wrote:
> Don't get me wrong, I fully support your patches. I can see usefulness
> in what you're doing there, I even based my recent patch-frenzy on top
> of your patches ;) But I'm not fully convinced that this will be the
Thanks for the faith Johannes :-)
> best path for the userspace MLME (in whatever form); I do however think
> that it is the best option for wireless analysis/hacking/... tools or
> something like your penumbra.
>
>> But Jiri's encapsulation method is an improvement if it can be
>> implemented okay for unassociated interfaces and so on.
>
> Not convinced; it solves only a minor part of the problem, the hard
> things aren't solved (like that we need to see the decrypted frames that
> would normally be dropped by the kernel). Hence, I don't see any value
> in it by itself without solving the harder parts as well (or better even
> first), when solving that may end up using netlink for frames anyway.
The thing that it buys is allowing injection in a standardized format on
interfaces in any mode. Currently the fact that a TX packet comes on a
Monitor Mode interface is used to infer the format of it, that it will
have a radiotap header. That's not too ugly, but allowing
injection/radiotap format packets to be accepted on any interface in any
mode (eg, Master) and to use an ethhdr to determine the structure of the
packet is a bit more general and clean, since that is the job of the
ethhdr everywhere.
> I think what we need to accept is that the long-touted concept of a
> "userspace MLME" isn't really that, while it's dead simple to do
> *everything* in userspace by using a monitor interface with injection
> and then a tun interface that isn't really what we want. We want to push
> parts of the complexity to userspace while still having it
> kernel-assisted for various reasons like performance.
It'll be interesting to see what the genuine primitives are for the MLME
after you are finished ejecting the ioctl type cruft. I don't have much
idea of what is truly needed as it stands.
-Andy
Andy Green wrote:
> Jiri Benc wrote:
>
>> On Fri, 22 Jun 2007 15:29:05 +0100, Andy Green wrote:
>>> But for any nontrivial use, you need to capture RX and not blindly
>>> inject, and so you have a monitor mode interface up anyway.
>> No, why? You can encapsulate received management frames (only the ones
>> that need to go to user space or so) in the same way and send them
>> through the regular interface.
>
> For my usage case I want specific unencrypted packets filtered by a MAC
> address that isn't part of the authenticated network, so the reception
> action needs to be effectively promisc a la Monitor mode, not just
> "received management frames". But I guess it can be done with IFF_PROMISC.
>
> By piping everything down "wlan0" normal packets will not have the
> radiotap metadata on their capture, but presumably the abnormal packets
> can have it via a special ethernet frame type + radiotap header. Maybe
> it doesn't matter for any actual use.
I've converted the injection patches and packetspammer[1] to use this
encapsulation method. I added
#define ETH_P_80211_RT 0x001B /* Radiotap + 80211 encapsulation */
to ./include/linux/if_ether.h to define the new ethtype.
My results at the moment are that my encapsulated injected packets are
dropped before reaching wlan0's dev->hard_start_xmit(), but if I send
them to a second network interface for the same device configured into
monitor mode, then they are injected correctly and go out on the air.
Any ideas about where to look or what to do about the packets getting
dropped on wlan0? wlan0 is "up" and has its channel set, but is not
associated to anything during this test.
-Andy
[1] in git at http://git.warmcat.com
On Thursday 21 June 2007 06:35, Jouni Malinen wrote:
> On Thu, Jun 21, 2007 at 11:42:19AM +0200, Johannes Berg wrote:
> > This patch kills the management interface type now that we can
> > see transmitted frames on monitor interfaces.
>
> Has someone tested that this works with programs that use the management
> interface (mainly, hostapd and wpa_supplicant)? Is all the needed
> functionality available with the alternative solution?
>
The management interface shouldn't be killed until hostap and wpa_supplicant
can work with monitor interfaces.
> > I renamed the req_tx_status to reliable_tx_mntr and the flag
> > constant as well since that's what they now mean. It is always
> > set for injected frames so that hostapd can rely on seeing the
> > frames it sent.
>
> I'm not sure I follow this explanation fully.. How would hostapd learn
> whether the destination address acknowledged a unicast frame?
>
It's the same as the management interface - hostap receives the same frame it
sent, with a header that says whether or not it was ACKed.
> > The biggest problem, however, and I'm not sure how to solve it, is
> > that hostapd will see either encrypted or unencrypted frames on the
> > monitor interface depending on whether hardware encryption is used
> > or not. However, hostapd really needs to see eapol frames to do
> > whatever it needs to with them. Right now, I don't really have an
> > idea except maybe to send these packets to hostapd via nl80211,
> > or to introduce some sort of "decrypted soft monitor" iface.
>
> If I've understood correctly (please correct me, if not), this patch is
> proposing to remove an interface that works currently and leave the
> stack in state that does not work. I can only strongly recommend this
> patch not to be applied at this point. It is not a good direction to
> start removing working code before there is a good alternative available
> and that alternative has actually been tested to provide the needed
> functionality.
>
Agreed. However, it is marked WIP and has spawned some good discussion. :)
> I don't really see need for getting rid of the management interface, but
> if there is consensus on doing that, we would need to have another way
> of being able to receive and transmit management frames and data frames
> from/to user space in a way that provides at least following
> functionality:
> - transmit management frames at high priority
Should be fine to hardcode this for now since the current mgmt interface
doesn't allow control over this.
> - control whether transmitted frames will be encrypted or not
IEEE80211_RADIOTAP_F_WEP should be appropriate, I think. (despite its somewhat
misleading name)
> - get callback to report TX status for unicast frames (whether the
> receiver sent control::ack for the frame)
This is provided by [PATCH] mac80211: show transmitted frames on monitor
interfaces.
> - receive management frames
Well, it's a monitor interface, so it's more of a challenge to receive just
the desired frames. Hopefully packet filter works well enough for this..
> - receive data frames EAPOL/etc. ethertypes in decrypted form
We should be able to receive this on the other interface which is handling all
the data frames, right?
> - delivery of notifications to user space for Michael MIC errors and
> other similar events
nl80211 should be appropriate for this. nl80211 is probably the biggest
blocker before removing the mgmt interface completely.. everything else is
*almost* there.
-Michael Wu
On Fri, 2007-06-22 at 17:49 +0200, Jiri Benc wrote:
> On Fri, 22 Jun 2007 17:30:21 +0200, Johannes Berg wrote:
> > In addition, we still have the problem with receiving encrypted eapol
> > frames etc. that we really need to see unencrypted but can't make it to
> > the network interface.
>
> Hm, are you able to get such management frames if you're not root (or
> has CAP_NET_RAW capabilities)?
Currently? You need CAP_NET_ADMIN for PF_PACKET, but I'm not sure what
would happen if we passed them up instead of dropping them. There must
be a reason we currently drop them.
> I think netlink is fine if it is used for injection too (at least of
> management frames and WPA stuff).
I don't disagree. I'd even say that having both injection interfaces is
fine since they really cover different use cases.
johannes
On Thu, 21 Jun 2007 15:14:41 +0200, Jiri Benc wrote:
> That's true. Still, couldn't we find a better solution?
I have a new idea. Maybe it will turn out to have fatal design or
implementation problems, but anyway.
First, I thought how all of this would be easier if we have a native
802.11 (virtual) interfaces and don't translate from Ethernet. Then I
realized it wouldn't help us much - we want to specify some parameters
for each frame, so we'd have to use some encapsulation anyway to allow
radiotap headers. Hm, wait a moment - why we cannot use the
encapsulation we currently have? That means, why can't we encapsulate
raw 802.11 frames in Ethernet frames?
Before you reject the whole idea, please think a moment about it.
The actual implementation is not hard: use our own proprietary
ethertype and use the whole 802.11 frame including MAC and radiotap
header as a payload. We can even use the same format for sending
management frames to the user space for hostapd's use without any extra
interface.
Several things need to be handled first, of course:
- Returning of tx status. That could be solved by adding a stamp into
radiotap header of injected frame and returning a status (not the whole
frame, just the stamp plus some relevant info) through netlink.
- Interference with bridging. We don't want our injected (or returned
management) frame to be bridged. That could perhaps be solved by using
a certain Ethernet destination address (our own address?), but I'm not
sure here.
- There will probably more issues pop up.
Jiri
--
Jiri Benc
SUSE Labs
Regarding user-space MLME and special interfaces:
mac80211 allows for multiple virtual interfaces on top of one physical =
NIC, right?=20
Can one run multiple MLME (e.g. hostapd) instances to run multiple virt=
ual master mode interfaces
for different networks? With different BSSID?
=20
-- =20
Regards
=20
Joerg
=20
__________________________________________________
Do You Yahoo!?
Sie sind Spam leid? Yahoo! Mail verf=FCgt =FCber einen herausragenden S=
chutz gegen Massenmails.=20
http://mail.yahoo.com=20
On Sat, 2007-06-23 at 10:00 +0100, Andy Green wrote:
> Johannes Berg wrote:
>
> > On the other hand, I do consider userspace MLME needs slightly
> > different; it needs to be able to have frames encrypted, needs to see
> > frames that have been decrypted even though they would otherwise be
> > dropped [and this is very different to what you want], and probably
> > more.
>
> Fair enough, but injection is a separate issue from RX, despite one
> usually needs both. That there is no standard way to inject on
> mac80211, regardless of the RX situation is a major lack. If injection
> is not treated as a separate valid action then it will constantly be
> delayed as part of some larger effort, when it is valuable in itself.
Don't get me wrong, I fully support your patches. I can see usefulness
in what you're doing there, I even based my recent patch-frenzy on top
of your patches ;) But I'm not fully convinced that this will be the
best path for the userspace MLME (in whatever form); I do however think
that it is the best option for wireless analysis/hacking/... tools or
something like your penumbra.
> But Jiri's encapsulation method is an improvement if it can be
> implemented okay for unassociated interfaces and so on.
Not convinced; it solves only a minor part of the problem, the hard
things aren't solved (like that we need to see the decrypted frames that
would normally be dropped by the kernel). Hence, I don't see any value
in it by itself without solving the harder parts as well (or better even
first), when solving that may end up using netlink for frames anyway.
> I don't have anything against it, but for me the packets I am injecting
> are normal network traffic and sending them like that seems the most
> natural way. For RX down in userspace it is marginally simpler to use
> libpcap monitoring and the same handle for injection and rx.
Right; I see that your situation wildly differs from the userspace MLME
and that in that situation this is the best and easiest thing to do.
> I
> definitely think having two paths to injection is not necessary, but for
> splitting out normally invisible management packets to go down a
> separate netlink socket instead of encapsulating them I don't mind
> either way.
I think what we need to accept is that the long-touted concept of a
"userspace MLME" isn't really that, while it's dead simple to do
*everything* in userspace by using a monitor interface with injection
and then a tun interface that isn't really what we want. We want to push
parts of the complexity to userspace while still having it
kernel-assisted for various reasons like performance.
johannes
Please always use "reply to all" when replying to mails from Linux
mailing lists.
On Thu, 21 Jun 2007 14:50:32 -0700 (PDT), Joerg Pommnitz wrote:
> Regarding user-space MLME and special interfaces:
> mac80211 allows for multiple virtual interfaces on top of one physical NIC, right?
Yes.
> Can one run multiple MLME (e.g. hostapd) instances to run multiple virtual master mode interfaces
> for different networks? With different BSSID?
I don't think that would be ever possible when using monitor
interfaces.
On the other hand, it doesn't make much sense to support that. The
interfaces are not completely independent, e.g. you cannot tune to
different channels on different virtual interfaces. Therefore, at least
a minimal knowledge about virtual interfaces would be needed in more
complicated user space MLMEs.
Jiri
--
Jiri Benc
SUSE Labs
On 7/2/07, Jiri Benc <[email protected]> wrote:
> > Von: "Cohen, Guy" <[email protected]>
> > > This is a required feature for Access Points (multiple BSSID).
>
> On Mon, 2 Jul 2007 06:38:00 -0700 (PDT), Joerg Pommnitz wrote:
> > And, just from reading the documentation, it seems to be supported by MadWifi for Atheros
> > based devices:
> >
> > http://madwifi.org/wiki/ngFeatures
> >
> > and note the "To create APs which share a single MAC address, use the -bssid flag when
> > creating the VAPs:" remark.
> >
> > Even if no current mac80211 driver supports this feature, the API must not prevent this in the future.
>
> What are you talking about? Have you actually looked at mac80211? This
> is supported from day 0 of d80211.
>
> Jiri
>
There is probably difference between running multiple hostapd
instances and running in multiple BSSID mode over one interface,
meaning that hostapad is running multiple instances of MLME. I guess
the original post was a bit confusing.
I'm not sure if and how current implementation of hostapd can do that,
but that's probably question for another mailing list.
> --
> Jiri Benc
> SUSE Labs
> -
> To unsubscribe from this list: send the line "unsubscribe linux-wireless" in
> the body of a message to [email protected]
> More majordomo info at http://vger.kernel.org/majordomo-info.html
>
Jiri Benc wrote:
> > Can one run multiple MLME (e.g. hostapd) instances to run multiple
> virtual master mode interfaces
> > for different networks? With different BSSID?
>
> I don't think that would be ever possible when using monitor
> interfaces.
>
> On the other hand, it doesn't make much sense to support that. The
> interfaces are not completely independent, e.g. you cannot tune to
> different channels on different virtual interfaces. Therefore, at
least
> a minimal knowledge about virtual interfaces would be needed in more
> complicated user space MLMEs.
This is a required feature for Access Points (multiple BSSID).