CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
orangepi-xunlong

Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place. Commercial Alternative to JupyterHub.

GitHub Repository: orangepi-xunlong/orangepi-build
 Path: blob/next/external/patch/misc/kali-wifi-injection-1.patch
Views: 3959
1
--- a/net/mac80211/cfg.c

2
+++ b/net/mac80211/cfg.c

3
@@ -784,7 +784,8 @@ static int ieee80211_set_monitor_channel

4
 			ret = ieee80211_vif_use_channel(sdata, chandef,

5
 					IEEE80211_CHANCTX_EXCLUSIVE);

6
 		}

7
-	} else if (local->open_count == local->monitors) {

8
+       // Patch: Always allow channel change, even if a normal virtual interface is present

9
+       } else /*if (local->open_count == local->monitors)*/ {

10
 		local->_oper_chandef = *chandef;

11
 		ieee80211_hw_config(local, 0);

12
 	}

13
--- a/net/mac80211/tx.c

14
+++ b/net/mac80211/tx.c

15
@@ -803,11 +803,19 @@ ieee80211_tx_h_sequence(struct ieee80211

16
 

17
 	/*

18
 	 * Packet injection may want to control the sequence

19
-	 * number, if we have no matching interface then we

20
-	 * neither assign one ourselves nor ask the driver to.

21
+	 * number, so if an injected packet is found, skip

22
+	 * renumbering it. Also make the packet NO_ACK to avoid

23
+	 * excessive retries (ACKing and retrying should be

24
+	 * handled by the injecting application).

25
+	 * FIXME This may break hostapd and some other injectors.

26
+	 * This should be done using a radiotap flag.

27
 	 */

28
-	if (unlikely(info->control.vif->type == NL80211_IFTYPE_MONITOR))

29
+	if (unlikely((info->flags & IEEE80211_TX_CTL_INJECTED) &&

30
+	   !(tx->sdata->u.mntr.flags & MONITOR_FLAG_COOK_FRAMES))) {

31
+		if (!ieee80211_has_morefrags(hdr->frame_control))

32
+			info->flags |= IEEE80211_TX_CTL_NO_ACK;

33
 		return TX_CONTINUE;

34
+	}

35
 

36
 	if (unlikely(ieee80211_is_ctl(hdr->frame_control)))

37
 		return TX_CONTINUE;

38
@@ -2012,7 +2020,10 @@ void ieee80211_xmit(struct ieee80211_sub

39
 		}

40
 	}

41
 

42
-	ieee80211_set_qos_hdr(sdata, skb);

43
+        // Don't overwrite QoS header in monitor mode

44
+        if (likely(info->control.vif->type != NL80211_IFTYPE_MONITOR)) {

45
+            ieee80211_set_qos_hdr(sdata, skb);

46
+        }

47
 	ieee80211_tx(sdata, sta, skb, false, txdata_flags);

48
 }

49
 

50
--- a/net/wireless/chan.c

51
+++ b/net/wireless/chan.c

52
@@ -1148,8 +1148,10 @@ int cfg80211_set_monitor_channel(struct

53
 {

54
 	if (!rdev->ops->set_monitor_channel)

55
 		return -EOPNOTSUPP;

56
-	if (!cfg80211_has_monitors_only(rdev))

57
-		return -EBUSY;

58
+	// Always allow user to change channel, even if there is another normal

59
+	// virtual interface using the device.

60
+	//if (!cfg80211_has_monitors_only(rdev))

61
+	//	return -EBUSY;

62
 

63
 	return rdev_set_monitor_channel(rdev, chandef);

64
 }

65
--- a/drivers/net/wireless/zydas/zd1211rw/zd_mac.c

66
+++ b/drivers/net/wireless/zydas/zd1211rw/zd_mac.c

67
@@ -229,14 +229,19 @@ void zd_mac_clear(struct zd_mac *mac)

68
 static int set_rx_filter(struct zd_mac *mac)

69
 {

70
 	unsigned long flags;

71
-	u32 filter = STA_RX_FILTER;

72
+	struct zd_ioreq32 ioreqs[] = {

73
+		{CR_RX_FILTER, STA_RX_FILTER},

74
+		{ CR_SNIFFER_ON, 0U },

75
+	};

76
 

77
 	spin_lock_irqsave(&mac->lock, flags);

78
-	if (mac->pass_ctrl)

79
-		filter |= RX_FILTER_CTRL;

80
+	if (mac->pass_ctrl) {

81
+		ioreqs[0].value |= 0xFFFFFFFF;

82
+		ioreqs[1].value = 0x1;

83
+	}

84
 	spin_unlock_irqrestore(&mac->lock, flags);

85
 

86
-	return zd_iowrite32(&mac->chip, CR_RX_FILTER, filter);

87
+	return zd_iowrite32a(&mac->chip, ioreqs, ARRAY_SIZE(ioreqs));

88
 }

89
 

90
 static int set_mac_and_bssid(struct zd_mac *mac)

91
@@ -1043,7 +1048,8 @@ int zd_mac_rx(struct ieee80211_hw *hw, c

92
 	/* Caller has to ensure that length >= sizeof(struct rx_status). */

93
 	status = (struct rx_status *)

94
 		(buffer + (length - sizeof(struct rx_status)));

95
-	if (status->frame_status & ZD_RX_ERROR) {

96
+	if ((status->frame_status & ZD_RX_ERROR) ||

97
+		(status->frame_status & ~0x21)) {

98
 		if (mac->pass_failed_fcs &&

99
 				(status->frame_status & ZD_RX_CRC32_ERROR)) {

100
 			stats.flag |= RX_FLAG_FAILED_FCS_CRC;

101
@@ -1386,7 +1392,7 @@ struct ieee80211_hw *zd_mac_alloc_hw(str

102
 	ieee80211_hw_set(hw, MFP_CAPABLE);

103
 	ieee80211_hw_set(hw, HOST_BROADCAST_PS_BUFFERING);

104
 	ieee80211_hw_set(hw, RX_INCLUDES_FCS);

105
-	ieee80211_hw_set(hw, SIGNAL_UNSPEC);

106
+	ieee80211_hw_set(hw, SIGNAL_DBM);

107
 

108
 	hw->wiphy->interface_modes =

109
 		BIT(NL80211_IFTYPE_MESH_POINT) |

110
--- a/drivers/net/wireless/realtek/rtl818x/rtl8187/dev.c

111
+++ b/drivers/net/wireless/realtek/rtl818x/rtl8187/dev.c

112
@@ -248,8 +248,17 @@ static void rtl8187_tx(struct ieee80211_

113
 	flags |= RTL818X_TX_DESC_FLAG_NO_ENC;

114
 

115
 	flags |= ieee80211_get_tx_rate(dev, info)->hw_value << 24;

116
+

117
+	// When this flag is set the firmware waits untill ALL fragments have

118
+	// reached the USB device. Then it sends the first fragment and waits

119
+	// for ACKS's. Of course in monitor mode it won't detect these ACK's.

120
 	if (ieee80211_has_morefrags(tx_hdr->frame_control))

121
-		flags |= RTL818X_TX_DESC_FLAG_MOREFRAG;

122
+	{

123
+		// If info->control.vif is NULL it's most likely in monitor mode

124
+		if (likely(info->control.vif != NULL && info->control.vif->type != NL80211_IFTYPE_MONITOR)) {

125
+			flags |= RTL818X_TX_DESC_FLAG_MOREFRAG;

126
+		}

127
+	}

128
 

129
 	/* HW will perform RTS-CTS when only RTS flags is set.

130
 	 * HW will perform CTS-to-self when both RTS and CTS flags are set.

131


132