kern/144987: [wpi] [panic] injecting packets with wlaninject
using Intel 3945ABG wireless card gives kernel panic
Bernhard Schmidt
bschmidt at freebsd.org
Wed Dec 22 09:10:11 UTC 2010
The following reply was made to PR kern/144987; it has been noted by GNATS.
From: Bernhard Schmidt <bschmidt at freebsd.org>
To: bug-followup at freebsd.org,
gabrielquadros at hotmail.com
Cc: Julian Elischer <julian at freebsd.org>
Subject: Re: kern/144987: [wpi] [panic] injecting packets with wlaninject using Intel 3945ABG wireless card gives kernel panic
Date: Wed, 22 Dec 2010 09:58:34 +0100
On Monday 20 December 2010 15:10:02 Bernhard Schmidt wrote:
> Hi,
>
> The issue here is that you've tried to use wlaninject with a VAP in sta
> mode. As soon as wlaninject tries to set up the interface, net80211 will
> start to do a scan which means constant channel switches until it finds
> something to associate. wlaninject itself is not aware of that and happily
> injects frames no matter what the current channel state is, as the above
> trace shows, you hit a point where no channel is set between 2 scan
> interations.
>
> wlaninject is supposed to be used with VAPs in ahdemo mode and wpi(4) does
> not support that mode. Therefore I tend to close this PR.
Looking closer I might have been a bit wrong. There are several issue here..
One being that ni_chan is used in the TX path which should and can actually be
replaced by ic_curchan. This will fix the panic reported above, though, this
does no longer obscure other issues. For examples, we are allowed to pass in
frames of arbitrary length, extremely short frames will be discarded early due
to an overflow checking the length (the message to long error). But, if the
length is just long enough to reach the driver it might still be shorter then
the header for a 802.11 frame. This will result in another panic() in
m_copydata() as we try to copy over the header to firmware..
I'll try to find a useful solution for that.
--
Bernhard
More information about the freebsd-net
mailing list