nexmon – Blame information for rev 1
?pathlinks?
| Rev | Author | Line No. | Line |
|---|---|---|---|
| 1 | office | 1 | /*************************************************************************** |
| 2 | * * |
||
| 3 | * ########### ########### ########## ########## * |
||
| 4 | * ############ ############ ############ ############ * |
||
| 5 | * ## ## ## ## ## ## ## * |
||
| 6 | * ## ## ## ## ## ## ## * |
||
| 7 | * ########### #### ###### ## ## ## ## ###### * |
||
| 8 | * ########### #### # ## ## ## ## # # * |
||
| 9 | * ## ## ###### ## ## ## ## # # * |
||
| 10 | * ## ## # ## ## ## ## # # * |
||
| 11 | * ############ ##### ###### ## ## ## ##### ###### * |
||
| 12 | * ########### ########### ## ## ## ########## * |
||
| 13 | * * |
||
| 14 | * S E C U R E M O B I L E N E T W O R K I N G * |
||
| 15 | * * |
||
| 16 | * This file is part of NexMon. * |
||
| 17 | * * |
||
| 18 | * Copyright (c) 2016 NexMon Team * |
||
| 19 | * * |
||
| 20 | * NexMon is free software: you can redistribute it and/or modify * |
||
| 21 | * it under the terms of the GNU General Public License as published by * |
||
| 22 | * the Free Software Foundation, either version 3 of the License, or * |
||
| 23 | * (at your option) any later version. * |
||
| 24 | * * |
||
| 25 | * NexMon is distributed in the hope that it will be useful, * |
||
| 26 | * but WITHOUT ANY WARRANTY; without even the implied warranty of * |
||
| 27 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * |
||
| 28 | * GNU General Public License for more details. * |
||
| 29 | * * |
||
| 30 | * You should have received a copy of the GNU General Public License * |
||
| 31 | * along with NexMon. If not, see <http://www.gnu.org/licenses/>. * |
||
| 32 | * * |
||
| 33 | **************************************************************************/ |
||
| 34 | |||
| 35 | #pragma NEXMON targetregion "patch" |
||
| 36 | |||
| 37 | #include <firmware_version.h> // definition of firmware version macros |
||
| 38 | #include <debug.h> // contains macros to access the debug hardware |
||
| 39 | #include <wrapper.h> // wrapper definitions for functions that already exist in the firmware |
||
| 40 | #include <structs.h> // structures that are used by the code in the firmware |
||
| 41 | #include <helper.h> // useful helper functions |
||
| 42 | #include <patcher.h> // macros used to craete patches such as BLPatch, BPatch, ... |
||
| 43 | #include <rates.h> // rates used to build the ratespec for frame injection |
||
| 44 | #include <nexioctls.h> // ioctls added in the nexmon patch |
||
| 45 | #include <capabilities.h> // capabilities included in a nexmon patch |
||
| 46 | #include <sendframe.h> // sendframe functionality |
||
| 47 | #include <version.h> // version information |
||
| 48 | #include <ieee80211_radiotap.h> // Radiotap header relateds |
||
| 49 | |||
| 50 | extern void *inject_frame(struct wlc_info *wlc, struct sk_buff *p); |
||
| 51 | |||
| 52 | struct inject_frame { |
||
| 53 | unsigned short len; |
||
| 54 | unsigned char pad; |
||
| 55 | unsigned char type; |
||
| 56 | char data[]; |
||
| 57 | }; |
||
| 58 | |||
| 59 | int |
||
| 60 | wlc_ioctl_hook(struct wlc_info *wlc, int cmd, char *arg, int len, void *wlc_if) |
||
| 61 | { |
||
| 62 | int ret = IOCTL_ERROR; |
||
| 63 | |||
| 64 | switch (cmd) { |
||
| 65 | case NEX_GET_CAPABILITIES: |
||
| 66 | if (len == 4) { |
||
| 67 | memcpy(arg, &capabilities, 4); |
||
| 68 | ret = IOCTL_SUCCESS; |
||
| 69 | } |
||
| 70 | break; |
||
| 71 | |||
| 72 | case NEX_WRITE_TO_CONSOLE: |
||
| 73 | if (len > 0) { |
||
| 74 | arg[len-1] = 0; |
||
| 75 | printf("ioctl: %s\n", arg); |
||
| 76 | ret = IOCTL_SUCCESS; |
||
| 77 | } |
||
| 78 | break; |
||
| 79 | |||
| 80 | case NEX_GET_VERSION_STRING: |
||
| 81 | { |
||
| 82 | int strlen = 0; |
||
| 83 | for ( strlen = 0; version[strlen]; ++strlen ); |
||
| 84 | if (len >= strlen) { |
||
| 85 | memcpy(arg, version, strlen); |
||
| 86 | ret = IOCTL_SUCCESS; |
||
| 87 | } |
||
| 88 | } |
||
| 89 | break; |
||
| 90 | |||
| 91 | case NEX_INJECT_FRAME: |
||
| 92 | { |
||
| 93 | sk_buff *p; |
||
| 94 | int bytes_used = 0; |
||
| 95 | struct inject_frame *frm = (struct inject_frame *) arg; |
||
| 96 | |||
| 97 | while ((frm->len > 0) && (bytes_used + frm->len <= len)) { |
||
| 98 | // add a dummy radiotap header if frame does not contain one |
||
| 99 | if (frm->type == 0) { |
||
| 100 | p = pkt_buf_get_skb(wlc->osh, frm->len + 202 + 8 - 4); |
||
| 101 | skb_pull(p, 202); |
||
| 102 | struct ieee80211_radiotap_header *radiotap = |
||
| 103 | (struct ieee80211_radiotap_header *) p->data; |
||
| 104 | |||
| 105 | memset(radiotap, 0, sizeof(struct ieee80211_radiotap_header)); |
||
| 106 | |||
| 107 | radiotap->it_len = 8; |
||
| 108 | |||
| 109 | skb_pull(p, 8); |
||
| 110 | memcpy(p->data, frm->data, frm->len - 4); |
||
| 111 | skb_push(p, 8); |
||
| 112 | } else { |
||
| 113 | p = pkt_buf_get_skb(wlc->osh, frm->len + 202 - 4); |
||
| 114 | skb_pull(p, 202); |
||
| 115 | |||
| 116 | memcpy(p->data, frm->data, frm->len - 4); |
||
| 117 | } |
||
| 118 | |||
| 119 | inject_frame(wlc, p); |
||
| 120 | |||
| 121 | bytes_used += frm->len; |
||
| 122 | |||
| 123 | frm = (struct inject_frame *) (arg + bytes_used); |
||
| 124 | } |
||
| 125 | |||
| 126 | ret = IOCTL_SUCCESS; |
||
| 127 | } |
||
| 128 | break; |
||
| 129 | |||
| 130 | default: |
||
| 131 | ret = wlc_ioctl(wlc, cmd, arg, len, wlc_if); |
||
| 132 | } |
||
| 133 | |||
| 134 | return ret; |
||
| 135 | } |
||
| 136 | |||
| 137 | __attribute__((at(0x2054B0, "", CHIP_VER_BCM43455, FW_VER_7_120_7_1_sta_C0))) |
||
| 138 | GenericPatch4(wlc_ioctl_hook, wlc_ioctl_hook + 1); |