Real-time collaboration for Jupyter Notebooks, Linux Terminals, LaTeX, VS Code, R IDE, and more,
all in one place. Commercial Alternative to JupyterHub.

1
From c46a994dd78befbe94e66771db41c18351be2aae Mon Sep 17 00:00:00 2001
2
From: Steve deRosier <[email protected]>
3
Date: Fri, 29 Sep 2017 10:48:19 -0700
4
Subject: [PATCH] wireless: carl9170: Enable sniffer mode promisc flag to fix
5
 injection
6

7
The removal of the AR9170_MAC_SNIFFER_ENABLE_PROMISC flag to fix an issue
8
many years ago caused the AR9170 to not be able to pass probe response
9
packets with different MAC addresses back up to the driver. In general
10
operation, this doesn't matter, but in the case of packet injection with
11
aireplay-ng it is important. aireplay-ng specifically injects packets with
12
spoofed MAC addresses on the probe requests and looks for probe responses
13
back to those addresses. No other combination of filter flags seem to fix
14
this issue and so AR9170_MAC_SNIFFER_ENABLE is required to get these packets.
15

16
This was originally caused by commit e0509d3bdd7365d06c9bf570bf9f11 which
17
removed this flag in order to avoid spurious ack noise from the hardware.
18
In testing for this issue, keeping this flag but not restoring the
19
AR9170_MAC_RX_CTRL_ACK_IN_SNIFFER flag on the rc_ctrl seems to solve this
20
issue, at least with the most current firmware v1.9.9.
21

22
Signed-off-by: Steve deRosier <[email protected]>
23
---
24
 drivers/net/wireless/ath/carl9170/mac.c | 5 +++++
25
 1 file changed, 5 insertions(+)
26

27
diff --git a/drivers/net/wireless/ath/carl9170/mac.c b/drivers/net/wireless/ath/carl9170/mac.c
28
index 7d4a72dc98db..c617e883f47a 100644
29
--- a/drivers/net/wireless/ath/carl9170/mac.c
30
+++ b/drivers/net/wireless/ath/carl9170/mac.c
31
@@ -309,6 +309,7 @@ int carl9170_set_operating_mode(struct ar9170 *ar)
32
 	u32 rx_ctrl = AR9170_MAC_RX_CTRL_DEAGG |
33
 		      AR9170_MAC_RX_CTRL_SHORT_FILTER;
34
 	u32 sniffer = AR9170_MAC_SNIFFER_DEFAULTS;
35
+	u32 mac_ftf = AR9170_MAC_FTF_DEFAULTS;
36
 	int err = 0;
37
 
38
 	rcu_read_lock();
39
@@ -373,6 +374,9 @@ int carl9170_set_operating_mode(struct ar9170 *ar)
40
 
41
 	if (ar->sniffer_enabled) {
42
 		enc_mode |= AR9170_MAC_ENCRYPTION_RX_SOFTWARE;
43
+		mac_ftf = AR9170_MAC_FTF_MONITOR;
44
+		sniffer |= AR9170_MAC_SNIFFER_ENABLE_PROMISC;
45
+		mac_addr = NULL;
46
 	}
47
 
48
 	err = carl9170_set_mac_reg(ar, AR9170_MAC_REG_MAC_ADDR_L, mac_addr);
49
@@ -384,6 +388,7 @@ int carl9170_set_operating_mode(struct ar9170 *ar)
50
 		return err;
51
 
52
 	carl9170_regwrite_begin(ar);
53
+	carl9170_regwrite(AR9170_MAC_REG_FRAMETYPE_FILTER, mac_ftf);
54
 	carl9170_regwrite(AR9170_MAC_REG_SNIFFER, sniffer);
55
 	carl9170_regwrite(AR9170_MAC_REG_CAM_MODE, cam_mode);
56
 	carl9170_regwrite(AR9170_MAC_REG_ENCRYPTION, enc_mode);
57
-- 
58
2.14.1
59

60

61