Re: Designing frame injection for wtap devices
- In reply to: Jian-Lin Li : "Designing frame injection for wtap devices"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 11 Dec 2024 15:34:54 UTC
hi! Oh, interesting! I hadn't thought about packet injection for wtap. I'm surprised it's not just exposed via bpf and the raw transmit path into the wtap interface, so it shows up on the peer(s) ? -adrian On Tue, 10 Dec 2024 at 23:16, Jian-Lin Li <ljianlin99@gmail.com> wrote: > Hey there, > > We are designing a WiFi subsystem fuzzer based on Syzkaller[1]. To do > this, we first need to put a WiFi device into adhoc mode, and then perform > 802.11 frame injection. On the Linux kernel, we can inject frames using a > netlink interface command "HWSIM_CMD_FRAME", which is exposed by the > virtual WiFi deivce mac80211_hwsim[2]. > > We'd like to introduce a netlink interface command for frame injection > into wtap device[3], a virtual WiFi device on FreeBSD. We found that the > "wtap_rx_proc" function in sys/dev/wtap/if_wtap.c might be useful. Can > “wtap_rx_proc" be a good backend if we want to do frame injection over a > wtap device? > > [1] > https://github.com/google/syzkaller/blob/master/docs/linux/wifi_fuzzing.md > [2] > https://wireless.docs.kernel.org/en/latest/en/users/drivers/mac80211_hwsim.html > [3] https://github.com/freebsd/freebsd-src/tree/main/sys/dev/wtap > > Jian-Lin > > >