nexmon – Blame information for rev 1

Subversion Repositories:
Rev:
Rev Author Line No. Line
1 office 1 /***************************************************************************
2 * *
3 * ########### ########### ########## ########## *
4 * ############ ############ ############ ############ *
5 * ## ## ## ## ## ## ## *
6 * ## ## ## ## ## ## ## *
7 * ########### #### ###### ## ## ## ## ###### *
8 * ########### #### # ## ## ## ## # # *
9 * ## ## ###### ## ## ## ## # # *
10 * ## ## # ## ## ## ## # # *
11 * ############ ##### ###### ## ## ## ##### ###### *
12 * ########### ########### ## ## ## ########## *
13 * *
14 * S E C U R E M O B I L E N E T W O R K I N G *
15 * *
16 * This file is part of NexMon. *
17 * *
18 * Copyright (c) 2016 NexMon Team *
19 * *
20 * NexMon is free software: you can redistribute it and/or modify *
21 * it under the terms of the GNU General Public License as published by *
22 * the Free Software Foundation, either version 3 of the License, or *
23 * (at your option) any later version. *
24 * *
25 * NexMon is distributed in the hope that it will be useful, *
26 * but WITHOUT ANY WARRANTY; without even the implied warranty of *
27 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
28 * GNU General Public License for more details. *
29 * *
30 * You should have received a copy of the GNU General Public License *
31 * along with NexMon. If not, see <http://www.gnu.org/licenses/>. *
32 * *
33 **************************************************************************/
34  
35 #pragma NEXMON targetregion "patch"
36  
37 #include <firmware_version.h> // definition of firmware version macros
38 #include <debug.h> // contains macros to access the debug hardware
39 #include <wrapper.h> // wrapper definitions for functions that already exist in the firmware
40 #include <structs.h> // structures that are used by the code in the firmware
41 #include <helper.h> // useful helper functions
42 #include <patcher.h> // macros used to craete patches such as BLPatch, BPatch, ...
43 #include <rates.h> // rates used to build the ratespec for frame injection
44 #include <bcmwifi_channels.h>
45 #include <monitormode.h> // defitionons such as MONITOR_...
46  
47 #define RADIOTAP_MCS
48 #define RADIOTAP_VENDOR
49 #include <ieee80211_radiotap.h>
50  
51 // plcp length in bytes
52 #define PLCP_LEN 6
53  
54 extern void prepend_ethernet_ipv4_udp_header(struct sk_buff *p);
55  
56 static int
57 channel2freq(struct wl_info *wl, unsigned int channel)
58 {
59 int freq = 0;
60 void *ci = 0;
61  
62 wlc_phy_chan2freq_acphy(wl->wlc->band->pi, channel, &freq, &ci);
63  
64 return freq;
65 }
66  
67 static void
68 wl_monitor_radiotap(struct wl_info *wl, struct wl_rxsts *sts, struct sk_buff *p)
69 {
70 struct osl_info *osh = wl->wlc->osh;
71 unsigned int p_len_new;
72 struct sk_buff *p_new;
73  
74  
75 p_len_new = p->len + sizeof(struct nexmon_radiotap_header);
76  
77 // We figured out that frames larger than 2032 will not arrive in user space
78 if (p_len_new > 2032) {
79 printf("ERR: frame too large\n");
80 return;
81 } else {
82 p_new = pkt_buf_get_skb(osh, p_len_new);
83 }
84  
85 if (!p_new) {
86 printf("ERR: no free sk_buff\n");
87 return;
88 }
89  
90 struct nexmon_radiotap_header *frame = (struct nexmon_radiotap_header *) p_new->data;
91  
92 memset(p_new->data, 0, sizeof(struct nexmon_radiotap_header));
93  
94 frame->header.it_version = 0;
95 frame->header.it_pad = 0;
96 frame->header.it_len = sizeof(struct nexmon_radiotap_header) + PLCP_LEN;
97 frame->header.it_present =
98 (1<<IEEE80211_RADIOTAP_TSFT)
99 | (1<<IEEE80211_RADIOTAP_FLAGS)
100 | (1<<IEEE80211_RADIOTAP_RATE)
101 | (1<<IEEE80211_RADIOTAP_CHANNEL)
102 | (1<<IEEE80211_RADIOTAP_DBM_ANTSIGNAL)
103 | (1<<IEEE80211_RADIOTAP_DBM_ANTNOISE)
104 | (1<<IEEE80211_RADIOTAP_MCS)
105 | (1<<IEEE80211_RADIOTAP_VENDOR_NAMESPACE);
106 frame->tsf.tsf_l = sts->mactime;
107 frame->tsf.tsf_h = 0;
108 frame->flags = IEEE80211_RADIOTAP_F_FCS;
109 frame->chan_freq = channel2freq(wl, CHSPEC_CHANNEL(sts->chanspec));
110  
111 if (frame->chan_freq > 3000)
112 frame->chan_flags |= IEEE80211_CHAN_5GHZ;
113 else
114 frame->chan_flags |= IEEE80211_CHAN_2GHZ;
115  
116 if (sts->encoding == WL_RXS_ENCODING_OFDM)
117 frame->chan_flags |= IEEE80211_CHAN_OFDM;
118 if (sts->encoding == WL_RXS_ENCODING_DSSS_CCK)
119 frame->chan_flags |= IEEE80211_CHAN_CCK;
120  
121 frame->data_rate = sts->datarate;
122  
123 frame->dbm_antsignal = sts->signal;
124 frame->dbm_antnoise = sts->noise;
125  
126 if (sts->encoding == WL_RXS_ENCODING_HT) {
127 frame->mcs[0] =
128 IEEE80211_RADIOTAP_MCS_HAVE_BW
129 | IEEE80211_RADIOTAP_MCS_HAVE_MCS
130 | IEEE80211_RADIOTAP_MCS_HAVE_GI
131 | IEEE80211_RADIOTAP_MCS_HAVE_FMT
132 | IEEE80211_RADIOTAP_MCS_HAVE_FEC
133 | IEEE80211_RADIOTAP_MCS_HAVE_STBC;
134 switch(sts->htflags) {
135 case WL_RXS_HTF_40:
136 frame->mcs[1] |= IEEE80211_RADIOTAP_MCS_BW_40;
137 break;
138 case WL_RXS_HTF_20L:
139 frame->mcs[1] |= IEEE80211_RADIOTAP_MCS_BW_20L;
140 break;
141 case WL_RXS_HTF_20U:
142 frame->mcs[1] |= IEEE80211_RADIOTAP_MCS_BW_20U;
143 break;
144 case WL_RXS_HTF_SGI:
145 frame->mcs[1] |= IEEE80211_RADIOTAP_MCS_SGI;
146 break;
147 case WL_RXS_HTF_STBC_MASK:
148 frame->mcs[1] |= ((sts->htflags & WL_RXS_HTF_STBC_MASK) >> WL_RXS_HTF_STBC_SHIFT) << IEEE80211_RADIOTAP_MCS_STBC_SHIFT;
149 break;
150 case WL_RXS_HTF_LDPC:
151 frame->mcs[1] |= IEEE80211_RADIOTAP_MCS_FEC_LDPC;
152 break;
153 }
154 frame->mcs[2] = sts->mcs;
155 }
156  
157 frame->vendor_oui[0] = 'N';
158 frame->vendor_oui[1] = 'E';
159 frame->vendor_oui[2] = 'X';
160 frame->vendor_sub_namespace = 0;
161 frame->vendor_skip_length = PLCP_LEN;
162  
163 memcpy(p_new->data + sizeof(struct nexmon_radiotap_header), p->data, p->len);
164  
165 //wl_sendup(wl, 0, p_new);
166 wl->dev->chained->funcs->xmit(wl->dev, wl->dev->chained, p_new);
167 }
168  
169 void
170 wl_monitor_hook(struct wl_info *wl, struct wl_rxsts *sts, struct sk_buff *p) {
171 unsigned char monitor = wl->wlc->monitor & 0xFF;
172  
173 if (monitor & MONITOR_RADIOTAP) {
174 wl_monitor_radiotap(wl, sts, p);
175 }
176  
177 if (monitor & MONITOR_IEEE80211) {
178 wl_monitor(wl, sts, p);
179 }
180  
181 if (monitor & MONITOR_LOG_ONLY) {
182 printf("frame received\n");
183 }
184  
185 if (monitor & MONITOR_DROP_FRM) {
186 ;
187 }
188  
189 if (monitor & MONITOR_IPV4_UDP) {
190 printf("MONITOR over udp is not supported!\n");
191 }
192 }
193  
194 // Hook the call to wl_monitor in wlc_monitor
195 __attribute__((at(0x209570, "", CHIP_VER_BCM43455, FW_VER_7_120_7_1_sta_C0)))
196 BLPatch(wl_monitor_hook, wl_monitor_hook);
197  
198 // activate badfcs, if MONITOR_ACTIVATE_BADFCS is set
199 void
200 wlc_mctrl_hook(struct wlc_info *wlc, uint32 mask, uint32 val)
201 {
202 if (wlc->monitor & MONITOR_ACTIVATE_BADFCS)
203 wlc_mctrl(wlc, MCTL_PROMISC | MCTL_KEEPBADFCS | MCTL_KEEPCONTROL, MCTL_PROMISC | MCTL_KEEPBADFCS | MCTL_KEEPCONTROL);
204 else
205 wlc_mctrl(wlc, mask, val);
206 }
207  
208 __attribute__((at(0x2FB9A, "flashpatch", CHIP_VER_BCM43455, FW_VER_ALL)))
209 BLPatch(wlc_mctrl_hook, wlc_mctrl_hook);