Commit d685b8c2 authored by Zhu Yi's avatar Zhu Yi Committed by John W. Linville

[PATCH] ipw2200: Enable rtap interface for RF promiscuous mode while associated

With this patch, a new promiscuous mode is enabled. If the module is loaded
with the rtap_iface=1 module parameter, two interfaces will be created
(instead of just one).

The second interface is prefixed 'rtap' and provides received 802.11 frames
on the current channel to user space in a radiotap header format.

Example usage:

        % modprobe ipw2200 rtap_iface=1
        % iwconfig eth1 essid MyNetwork
        % dhcpcd eth1
        % tcpdump -i rtap0

If you do not specify 'rtap_iface=1' then the rtap interface will
not be created and you will need to turn it on via:

        % echo 1 > /sys/bus/pci/drivers/ipw2200/*/rtap_iface

You can filter out what type of information is passed to user space via
the rtap_filter sysfs entry.  Currently you can tell the driver to
transmit just the headers (which will provide the RADIOTAP and IEEE
802.11 header but not the payload), to filter based on frame control
type (Management, Control, or Data), and whether to report transmitted
frames, received frames, or both.

The transmit frame reporting is based on a patch by Stefan Rompf.

Filters can be get and set via a sysfs interface. For example, set the
filter to only send headers (0x7), don't report Tx'd frames (0x10), and
don't report data frames (0x100):

        % echo 0x117 > /sys/bus/pci/drivers/ipw2200/*/rtap_filter

All your packets are belong to us:

        % tethereal -n -i rtap0
Signed-off-by: default avatarJames Ketrenos <jketreno@linux.intel.com>
Signed-off-by: default avatarZhu Yi <yi.zhu@intel.com>
Signed-off-by: default avatarJohn W. Linville <linville@tuxdriver.com>
parent c6c33a77
......@@ -263,6 +263,30 @@ config IPW2200_DEBUG
If you are not trying to debug or develop the IPW2200 driver, you
most likely want to say N here.
bool "Enable creation of a RF radiotap promiscuous interface."
depends on IPW2200
select IEEE80211_RADIOTAP
Enables the creation of a second interface prefixed 'rtap'.
This second interface will provide every received in radiotap
This is useful for performing wireless network analysis while
maintaining an active association.
Example usage:
% modprobe ipw2200 rtap_iface=1
% ifconfig rtap0 up
% tethereal -i rtap0
If you do not specify 'rtap_iface=1' as a module parameter then
the rtap interface will not be created and you will need to turn
it on via sysfs:
% echo 1 > /sys/bus/pci/drivers/ipw2200/*/rtap_iface
config AIRO
tristate "Cisco/Aironet 34X/35X/4500/4800 ISA and PCI cards"
depends on NET_RADIO && ISA_DMA_API && (PCI || BROKEN)
This diff is collapsed.
......@@ -789,7 +789,7 @@ struct ipw_sys_config {
u8 bt_coexist_collision_thr;
u8 silence_threshold;
u8 accept_all_mgmt_bcpr;
u8 accept_all_mgtm_frames;
u8 accept_all_mgmt_frames;
u8 pass_noise_stats_to_host;
u8 reserved3;
} __attribute__ ((packed));
......@@ -1122,6 +1122,52 @@ struct ipw_fw_error {
u8 payload[0];
} __attribute__ ((packed));
enum ipw_prom_filter {
IPW_PROM_ALL_HEADER_ONLY = 0xf, /* bits 0..3 */
IPW_PROM_NO_TX = (1 << 4),
IPW_PROM_NO_RX = (1 << 5),
IPW_PROM_NO_CTL = (1 << 6),
IPW_PROM_NO_MGMT = (1 << 7),
IPW_PROM_NO_DATA = (1 << 8),
struct ipw_priv;
struct ipw_prom_priv {
struct ipw_priv *priv;
struct ieee80211_device *ieee;
enum ipw_prom_filter filter;
int tx_packets;
int rx_packets;
#if defined(CONFIG_IEEE80211_RADIOTAP) || defined(CONFIG_IPW2200_PROMISCUOUS)
/* Magic struct that slots into the radiotap header -- no reason
* to build this manually element by element, we can write it much
* more efficiently than we can parse it. ORDER MATTERS HERE
* When sent to us via the simulated Rx interface in sysfs, the entire
* structure is provided regardless of any bits unset.
struct ipw_rt_hdr {
struct ieee80211_radiotap_header rt_hdr;
u64 rt_tsf; /* TSF */
u8 rt_flags; /* radiotap packet flags */
u8 rt_rate; /* rate in 500kb/s */
u16 rt_channel; /* channel in mhz */
u16 rt_chbitmask; /* channel bitfield */
s8 rt_dbmsignal; /* signal in dbM, kluged to signed */
s8 rt_dbmnoise;
u8 rt_antenna; /* antenna number */
u8 payload[0]; /* payload... */
} __attribute__ ((packed));
struct ipw_priv {
/* ieee device used by generic ieee processing code */
struct ieee80211_device *ieee;
......@@ -1133,6 +1179,12 @@ struct ipw_priv {
struct pci_dev *pci_dev;
struct net_device *net_dev;
/* Promiscuous mode */
struct ipw_prom_priv *prom_priv;
struct net_device *prom_net_dev;
/* pci hardware address support */
void __iomem *hw_base;
unsigned long hw_len;
......@@ -1306,6 +1358,29 @@ struct ipw_priv {
/* debug macros */
/* Debug and printf string expansion helpers for printing bitfields */
#define BIT_FMT8 "%c%c%c%c-%c%c%c%c"
#define BIT_FMT16 BIT_FMT8 ":" BIT_FMT8
#define BIT_FMT32 BIT_FMT16 " " BIT_FMT16
#define BITC(x,y) (((x>>y)&1)?'1':'0')
#define BIT_ARG8(x) \
#define BIT_ARG16(x) \
#define BIT_ARG32(x) \
#define IPW_DEBUG(level, fmt, args...) \
do { if (ipw_debug_level & (level)) \
