search

vanhoefm / modwifi

462 stars 127 forks source link

Failed to ping wlan0 using masked MAC #27

Closed Rot127 closed 4 years ago

Rot127 commented 4 years ago

After running channelmitm -a wlan0 -c wlan1 -s SSID -vv -d mitm.pcap it fails with:

...
Testing ACK generation...
    Pinging 00:7b:4b:ab:b9:b4 (wlan0) with mask ff:ff:ff:ff:ff:ff
     [TEST] rval=10
    Pinging 00:7b:4b:ab:b9:b5 (wlan0) with mask ff:ff:ff:ff:ff:fe
     [TEST] rval=0
Failed to ping wlan0 using masked MAC

I am using a TL-WN722N v1.1 and a WNDA3200 on a RaspberryPi, kernel version 4.19.118-v7+. Both doggles are in monitor mode. There are no other tasks using the interfaces (airmon-zc returns non).

Any ideas what the problem could be?

Rot127 commented 4 years ago

Sending the ping multiple times works fine after some time. I replaced the function int osal_wi_ping(wi_dev *dev, const MacAddr &dst) in ./modwifi/tools/osal_wi.cpp with:

int osal_wi_ping(wi_dev *dev, const MacAddr &dst)
{
        uint8_t buf[2048];

        // generate a random source MAC address to use
        MacAddr src = MacAddr::random();

        // create dummy packet
        ieee80211header hdr;
        dst.setbuf(hdr.addr1);
        src.setbuf(hdr.addr2);
        hdr.sequence.seqnum = rand();
        int rval = 0;

        // send the packet
        for (int i=0; i<100; ++i) {
                std::cout << "\tPinging " << dst << " using MAC " << src << std::endl;     
                if (osal_wi_write(dev, (uint8_t*)&hdr, sizeof(hdr)) < 0) {
                        fprintf(stderr, "Failed to inject ping packet\n");
                        return -1;
                }

                // monitor 5ms for an ACK
                struct timespec timeout;
                timeout.tv_sec = 0;
                timeout.tv_nsec =  5 * 1000000;
                rval = osal_wi_sniff(dev, buf, sizeof(buf), is_ack_from, &src, &timeout);    
                std::cout << "\t [TEST] rval=" <<  rval << std::endl;
                if (rval <= 0) continue;
                if (rval > 0) break;
        }
        if (rval < 0) return -1;

        // rval = length recieved packet
        return rval > 0;
}
Rot127 commented 4 years ago

The problem came probably from incorrect linux-headers. On a RaspberryPi one should do rpi-update e1050e94821a70b2e4c72b318d6c6c968552e9a2 to install the Linux kernel 4.19.0 and its kernel headers. Hashes for other kernel versions can be found here: https://github.com/Hexxeh/rpi-firmware/commits/master Then recompile the drivers.

Rot127 commented 4 years ago

Missing headers was not the issue (Don't know why it worked on the rapsberry). The ath9k_htc driver is more strict receiving malformed packets than it was 2015. Therefore the unit tests have to send proper packets. Pull request follows.

Rot127 commented 4 years ago

Fixed by https://github.com/vanhoefm/modwifi-tools/pull/1/commits/ed181ca4d4d156fbb1243acb23dd42c4abcac96e