nexmon – Blame information for rev 1

Subversion Repositories:
Rev:
Rev Author Line No. Line
1 office 1 /***************************************************************************
2 * *
3 * ########### ########### ########## ########## *
4 * ############ ############ ############ ############ *
5 * ## ## ## ## ## ## ## *
6 * ## ## ## ## ## ## ## *
7 * ########### #### ###### ## ## ## ## ###### *
8 * ########### #### # ## ## ## ## # # *
9 * ## ## ###### ## ## ## ## # # *
10 * ## ## # ## ## ## ## # # *
11 * ############ ##### ###### ## ## ## ##### ###### *
12 * ########### ########### ## ## ## ########## *
13 * *
14 * S E C U R E M O B I L E N E T W O R K I N G *
15 * *
16 * This file is part of NexMon. *
17 * *
18 * Copyright (c) 2016 NexMon Team *
19 * *
20 * NexMon is free software: you can redistribute it and/or modify *
21 * it under the terms of the GNU General Public License as published by *
22 * the Free Software Foundation, either version 3 of the License, or *
23 * (at your option) any later version. *
24 * *
25 * NexMon is distributed in the hope that it will be useful, *
26 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
27 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
28 * GNU General Public License for more details. *
29 * *
30 * You should have received a copy of the GNU General Public License *
31 * along with NexMon. If not, see <http://www.gnu.org/licenses/>. *
32 * *
33 **************************************************************************/
34  
35 #pragma NEXMON targetregion "patch"
36  
37 #include <firmware_version.h> // definition of firmware version macros
38 #include <debug.h> // contains macros to access the debug hardware
39 #include <wrapper.h> // wrapper definitions for functions that already exist in the firmware
40 #include <structs.h> // structures that are used by the code in the firmware
41 #include <helper.h> // useful helper functions
42 #include <patcher.h> // macros used to craete patches such as BLPatch, BPatch, ...
43 #include <rates.h> // rates used to build the ratespec for frame injection
44 #include <bcmwifi_channels.h>
45 #include <monitormode.h> // defitionons such as MONITOR_...
46  
47 #define RADIOTAP_MCS
48 #define RADIOTAP_VENDOR
49 #include <ieee80211_radiotap.h>
50  
51 // plcp length in bytes
52 #define PLCP_LEN 6
53  
54 extern void prepend_ethernet_ipv4_udp_header(struct sk_buff *p);
55  
56 static int
57 channel2freq(struct wl_info *wl, unsigned int channel)
58 {
59 int freq = 0;
60 // void *ci = 0;
61  
62 // TODO wlc_phy_chan2freq_acphy(wl->wlc->band->pi, channel, &freq, &ci);
63  
64 return freq;
65 }
66  
67 static void
68 wl_monitor_radiotap(struct wl_info *wl, struct wl_rxsts *sts, struct sk_buff *p, unsigned char tunnel_over_udp)
69 {
70 struct osl_info *osh = wl->wlc->osh;
71 unsigned int p_len_new;
72 struct sk_buff *p_new;
73  
74 if (tunnel_over_udp) {
75 p_len_new = p->len + sizeof(struct ethernet_ip_udp_header) +
76 sizeof(struct nexmon_radiotap_header);
77 } else {
78 p_len_new = p->len + sizeof(struct nexmon_radiotap_header);
79 }
80  
81 // We figured out that frames larger than 2032 will not arrive in user space
82 if (p_len_new > 2032) {
83 printf("ERR: frame too large\n");
84 return;
85 } else {
86 p_new = pkt_buf_get_skb(osh, p_len_new);
87 }
88  
89 if (!p_new) {
90 printf("ERR: no free sk_buff\n");
91 return;
92 }
93  
94 if (tunnel_over_udp)
95 skb_pull(p_new, sizeof(struct ethernet_ip_udp_header));
96  
97 struct nexmon_radiotap_header *frame = (struct nexmon_radiotap_header *) p_new->data;
98  
99 memset(p_new->data, 0, sizeof(struct nexmon_radiotap_header));
100  
101 frame->header.it_version = 0;
102 frame->header.it_pad = 0;
103 frame->header.it_len = sizeof(struct nexmon_radiotap_header) + PLCP_LEN;
104 frame->header.it_present =
105 (1<<IEEE80211_RADIOTAP_TSFT)
106 | (1<<IEEE80211_RADIOTAP_FLAGS)
107 | (1<<IEEE80211_RADIOTAP_RATE)
108 | (1<<IEEE80211_RADIOTAP_CHANNEL)
109 | (1<<IEEE80211_RADIOTAP_DBM_ANTSIGNAL)
110 | (1<<IEEE80211_RADIOTAP_DBM_ANTNOISE)
111 | (1<<IEEE80211_RADIOTAP_MCS)
112 | (1<<IEEE80211_RADIOTAP_VENDOR_NAMESPACE);
113 frame->tsf.tsf_l = sts->mactime;
114 frame->tsf.tsf_h = 0;
115 frame->flags = IEEE80211_RADIOTAP_F_FCS;
116 frame->chan_freq = channel2freq(wl, CHSPEC_CHANNEL(sts->chanspec));
117  
118 if (frame->chan_freq > 3000)
119 frame->chan_flags |= IEEE80211_CHAN_5GHZ;
120 else
121 frame->chan_flags |= IEEE80211_CHAN_2GHZ;
122  
123 if (sts->encoding == WL_RXS_ENCODING_OFDM)
124 frame->chan_flags |= IEEE80211_CHAN_OFDM;
125 if (sts->encoding == WL_RXS_ENCODING_DSSS_CCK)
126 frame->chan_flags |= IEEE80211_CHAN_CCK;
127  
128 frame->data_rate = sts->datarate;
129  
130 frame->dbm_antsignal = sts->signal;
131 frame->dbm_antnoise = sts->noise;
132  
133 if (sts->encoding == WL_RXS_ENCODING_HT) {
134 frame->mcs[0] =
135 IEEE80211_RADIOTAP_MCS_HAVE_BW
136 | IEEE80211_RADIOTAP_MCS_HAVE_MCS
137 | IEEE80211_RADIOTAP_MCS_HAVE_GI
138 | IEEE80211_RADIOTAP_MCS_HAVE_FMT
139 | IEEE80211_RADIOTAP_MCS_HAVE_FEC
140 | IEEE80211_RADIOTAP_MCS_HAVE_STBC;
141 switch(sts->htflags) {
142 case WL_RXS_HTF_40:
143 frame->mcs[1] |= IEEE80211_RADIOTAP_MCS_BW_40;
144 break;
145 case WL_RXS_HTF_20L:
146 frame->mcs[1] |= IEEE80211_RADIOTAP_MCS_BW_20L;
147 break;
148 case WL_RXS_HTF_20U:
149 frame->mcs[1] |= IEEE80211_RADIOTAP_MCS_BW_20U;
150 break;
151 case WL_RXS_HTF_SGI:
152 frame->mcs[1] |= IEEE80211_RADIOTAP_MCS_SGI;
153 break;
154 case WL_RXS_HTF_STBC_MASK:
155 frame->mcs[1] |= ((sts->htflags & WL_RXS_HTF_STBC_MASK) >> WL_RXS_HTF_STBC_SHIFT) << IEEE80211_RADIOTAP_MCS_STBC_SHIFT;
156 break;
157 case WL_RXS_HTF_LDPC:
158 frame->mcs[1] |= IEEE80211_RADIOTAP_MCS_FEC_LDPC;
159 break;
160 }
161 frame->mcs[2] = sts->mcs;
162 }
163  
164 frame->vendor_oui[0] = 'N';
165 frame->vendor_oui[1] = 'E';
166 frame->vendor_oui[2] = 'X';
167 frame->vendor_sub_namespace = 0;
168 frame->vendor_skip_length = PLCP_LEN;
169  
170 memcpy(p_new->data + sizeof(struct nexmon_radiotap_header), p->data, p->len);
171  
172 if (tunnel_over_udp) {
173 prepend_ethernet_ipv4_udp_header(p_new);
174 }
175  
176 //wl_sendup(wl, 0, p_new);
177 wl->dev->chained->funcs->xmit(wl->dev, wl->dev->chained, p_new);
178 }
179  
180 void
181 wl_monitor_hook(struct wl_info *wl, struct wl_rxsts *sts, struct sk_buff *p) {
182 unsigned char monitor = wl->wlc->monitor & 0xFF;
183  
184 if (monitor & MONITOR_RADIOTAP) {
185 wl_monitor_radiotap(wl, sts, p, 0);
186 }
187  
188 if (monitor & MONITOR_IEEE80211) {
189 wl_monitor(wl, sts, p);
190 }
191  
192 if (monitor & MONITOR_LOG_ONLY) {
193 printf("frame received\n");
194 }
195  
196 if (monitor & MONITOR_DROP_FRM) {
197 ;
198 }
199  
200 if (monitor & MONITOR_IPV4_UDP) {
201 wl_monitor_radiotap(wl, sts, p, 1);
202 }
203 }
204  
205 // Hook the call to wl_monitor in wlc_monitor
206 __attribute__((at(0x19277A, "", CHIP_VER_BCM4335b0, FW_VER_6_30_171_1_sta)))
207 BLPatch(wl_monitor_hook, wl_monitor_hook);
208  
209 // activate badfcs, if MONITOR_ACTIVATE_BADFCS is set
210 void
211 wlc_mctrl_hook(struct wlc_info *wlc, uint32 mask, uint32 val)
212 {
213 if (wlc->monitor & MONITOR_ACTIVATE_BADFCS)
214 wlc_mctrl(wlc, MCTL_PROMISC | MCTL_KEEPBADFCS | MCTL_KEEPCONTROL, MCTL_PROMISC | MCTL_KEEPBADFCS | MCTL_KEEPCONTROL);
215 else
216 wlc_mctrl(wlc, mask, val);
217 }
218  
219 __attribute__((at(0x181BEC, "", CHIP_VER_BCM4335b0, FW_VER_ALL)))
220 GenericPatch4(wlc_mctrl_hook, wlc_mctrl_hook + 1);