Orange Pi5 kernel

Deprecated Linux kernel 5.10.110 for OrangePi 5/5B/5+ boards

3 Commits   0 Branches   0 Tags
Index
Trunk
Branches
Tags
Trunk
Branches
Tags
Home page
Home page
orangepi/linux-orangepi-5.10.y.git/trunk/Documentation/networking/mac80211-injection.rst 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   1) .. SPDX-License-Identifier: GPL-2.0
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   2) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   3) =========================================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   4) How to use packet injection with mac80211
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   5) =========================================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   6) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   7) mac80211 now allows arbitrary packets to be injected down any Monitor Mode
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   8) interface from userland.  The packet you inject needs to be composed in the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300   9) following format::
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  10) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  11)  [ radiotap header  ]
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  12)  [ ieee80211 header ]
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  13)  [ payload ]
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  14) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  15) The radiotap format is discussed in
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  16) ./Documentation/networking/radiotap-headers.rst.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  17) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  18) Despite many radiotap parameters being currently defined, most only make sense
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  19) to appear on received packets.  The following information is parsed from the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  20) radiotap headers and used to control injection:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  21) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  22)  * IEEE80211_RADIOTAP_FLAGS
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  23) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  24)    =========================  ===========================================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  25)    IEEE80211_RADIOTAP_F_FCS   FCS will be removed and recalculated
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  26)    IEEE80211_RADIOTAP_F_WEP   frame will be encrypted if key available
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  27)    IEEE80211_RADIOTAP_F_FRAG  frame will be fragmented if longer than the
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  28) 			      current fragmentation threshold.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  29)    =========================  ===========================================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  30) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  31)  * IEEE80211_RADIOTAP_TX_FLAGS
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  32) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  33)    =============================  ========================================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  34)    IEEE80211_RADIOTAP_F_TX_NOACK  frame should be sent without waiting for
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  35) 				  an ACK even if it is a unicast frame
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  36)    =============================  ========================================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  37) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  38)  * IEEE80211_RADIOTAP_RATE
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  39) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  40)    legacy rate for the transmission (only for devices without own rate control)
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  41) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  42)  * IEEE80211_RADIOTAP_MCS
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  43) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  44)    HT rate for the transmission (only for devices without own rate control).
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  45)    Also some flags are parsed
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  46) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  47)    ============================  ========================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  48)    IEEE80211_RADIOTAP_MCS_SGI    use short guard interval
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  49)    IEEE80211_RADIOTAP_MCS_BW_40  send in HT40 mode
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  50)    ============================  ========================
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  51) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  52)  * IEEE80211_RADIOTAP_DATA_RETRIES
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  53) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  54)    number of retries when either IEEE80211_RADIOTAP_RATE or
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  55)    IEEE80211_RADIOTAP_MCS was used
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  56) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  57)  * IEEE80211_RADIOTAP_VHT
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  58) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  59)    VHT mcs and number of streams used in the transmission (only for devices
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  60)    without own rate control). Also other fields are parsed
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  61) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  62)    flags field
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  63) 	IEEE80211_RADIOTAP_VHT_FLAG_SGI: use short guard interval
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  64) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  65)    bandwidth field
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  66) 	* 1: send using 40MHz channel width
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  67) 	* 4: send using 80MHz channel width
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  68) 	* 11: send using 160MHz channel width
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  69) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  70) The injection code can also skip all other currently defined radiotap fields
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  71) facilitating replay of captured radiotap headers directly.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  72) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  73) Here is an example valid radiotap header defining some parameters::
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  74) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  75) 	0x00, 0x00, // <-- radiotap version
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  76) 	0x0b, 0x00, // <- radiotap header length
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  77) 	0x04, 0x0c, 0x00, 0x00, // <-- bitmap
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  78) 	0x6c, // <-- rate
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  79) 	0x0c, //<-- tx power
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  80) 	0x01 //<-- antenna
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  81) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  82) The ieee80211 header follows immediately afterwards, looking for example like
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  83) this::
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  84) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  85) 	0x08, 0x01, 0x00, 0x00,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  86) 	0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  87) 	0x13, 0x22, 0x33, 0x44, 0x55, 0x66,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  88) 	0x13, 0x22, 0x33, 0x44, 0x55, 0x66,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  89) 	0x10, 0x86
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  90) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  91) Then lastly there is the payload.
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  92) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  93) After composing the packet contents, it is sent by send()-ing it to a logical
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  94) mac80211 interface that is in Monitor mode.  Libpcap can also be used,
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  95) (which is easier than doing the work to bind the socket to the right
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  96) interface), along the following lines:::
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  97) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  98) 	ppcap = pcap_open_live(szInterfaceName, 800, 1, 20, szErrbuf);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300  99) 	...
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 100) 	r = pcap_inject(ppcap, u8aSendBuffer, nLength);
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 101) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 102) You can also find a link to a complete inject application here:
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 103) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 104) https://wireless.wiki.kernel.org/en/users/Documentation/packetspammer
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 105) 
^8f3ce5b39 (kx 2023-10-28 12:00:06 +0300 106) Andy Green <andy@warmcat.com>
cGit-ui 0.1.7
Git 2.40.0
Nginx 1.22.1

Where any material of this site is being reproduced, published or issued to others the reference to the source is obligatory.

© Andrey V. Kosteltsev, 2019 – 2025.