added support for fragmentation attack

4 files changed, 70 insertions, 2 deletions

diff --git a/sys-kernel/meego-n900-sources/Manifest b/sys-kernel/meego-n900-sources/Manifest
index 7255063..35ce53d 100644
--- a/sys-kernel/meego-n900-sources/Manifest
+++ b/sys-kernel/meego-n900-sources/Manifest
@@ -1,5 +1,7 @@
+AUX 4013-runtime-enable-disable-of-mac80211-packet-injection.patch 1490 RMD160 53c728303c77b2ffd93917bceaaad6a38ee80236 SHA1 3b6aa934cf4c09deb8e93fcb08b10bfb1f6bdbb9 SHA256 88f997a54768feeb40a9f985e412e90e9fda2491f32cf6b078eb2a0a9f81e785
+AUX mac80211.compat08082009.wl_frag+ack_v1.patch 1049 RMD160 e864ee2e0c70ce344000baa8ee5fca3b23c3305a SHA1 85f7a1b141549b774f5631fba259bc414aeeffb8 SHA256 e04ed9997e1578cc1becd4ef9d9f2f6f606590aa91a56e42835963913e1b0f52
 DIST deblob-2.6.33 86599 RMD160 534eb7b76ea29561a0b6e73659f67fc746fad111 SHA1 0c3c2d8c299f3cb5d807bc4a35b20bdca50ccbce SHA256 176aa9c73f27c9c69f198e3637cae61072f152c25c468ffbebf1a4c2494d52d0
 DIST linux-2.6.33.tar.bz2 66266488 RMD160 7f0897db8113bc17249d82d61ca41e3b91eb4664 SHA1 acc8db00f30c7dfb4f04183a88ba35a32b6f8e8d SHA256 63e237de3b3c4c46a21833b9ce7e20574548d52dabbd1a8bf376041e4455d5c6
 DIST meego-n900.patch.bz2 1476572 RMD160 7fe5c2f96063f363c878f327c3bbcbee9e4b99bd SHA1 61e6e0e2ab9ee8401c8572045189ed49acd31771 SHA256 229db51f312c83fb895cfa796d684ef996b016fd57b09b6aeb6ef9e8b0a9dc57
 DIST patch-2.6.33.2.bz2 95719 RMD160 a276a6053cea22783ce44cc0cc57a4402202d534 SHA1 4261a1d5f0230f56f77f5a461a541397db07c2ba SHA256 33b2b1da01af5f186caf262588aac305ca93ca4f03f037243c035c7c418427ea
-EBUILD meego-n900-sources-2.6.33.2.ebuild 479 RMD160 96638c3c5ad09012a79d061330adc9e0b327f846 SHA1 66beff54ead693d3087f494ef44e460af171e113 SHA256 6bbc8fb4fb86e011c88c5dcae0871f53fe6bf7d8514d740f8cdc952de8833bc2
+EBUILD meego-n900-sources-2.6.33.2.ebuild 611 RMD160 69b00f8c01fa1321fe075388b1f5bb224e1d2b42 SHA1 5de58c2b121ca63aaab09666d6a72d5f7b7eba35 SHA256 f6daec8fa697b4842bfec8ba1df19ae0c5a1f2914e8cf1b87a1c1c1ddc21e66e
diff --git a/sys-kernel/meego-n900-sources/files/4013-runtime-enable-disable-of-mac80211-packet-injection.patch b/sys-kernel/meego-n900-sources/files/4013-runtime-enable-disable-of-mac80211-packet-injection.patch
new file mode 100644
index 0000000..82d9a4c
--- /dev/null
+++ b/sys-kernel/meego-n900-sources/files/4013-runtime-enable-disable-of-mac80211-packet-injection.patch
@@ -0,0 +1,37 @@
+--- net/mac80211/tx.c	2009-11-29 14:59:53.474095955 +0100
++++ net/mac80211/tx.c	2009-11-29 15:03:06.436871431 +0100
+@@ -670,6 +670,10 @@
+ 	return TX_CONTINUE;
+ }
+ 
++static int ieee80211_injection_patch = 1;
++module_param(ieee80211_injection_patch, int, 0644);
++MODULE_PARM_DESC(ieee80211_injection_patch, "Enable packet injection patch");
++
+ static ieee80211_tx_result debug_noinline
+ ieee80211_tx_h_sequence(struct ieee80211_tx_data *tx)
+ {
+@@ -686,14 +690,20 @@
+ 	 * excessive retries (ACKing and retrying should be
+ 	 * handled by the injecting application).
+ 	 * FIXME This may break hostapd and some other injectors.
+-	 * This should be done using a radiotap flag.
++	 * This should be done using a radiotap flag. For the time being, this
++	 * may be enabled/disabled in
++	 * /sys/module/mac80211/parameters/ieee80211_injection_patch
+ 	 */
+-	if (unlikely((info->flags & IEEE80211_TX_CTL_INJECTED) &&
+-	   !(tx->sdata->u.mntr_flags & MONITOR_FLAG_COOK_FRAMES))) {
++       if (unlikely(ieee80211_injection_patch &&
++          (info->flags & IEEE80211_TX_CTL_INJECTED) &&
++		!(tx->sdata->u.mntr_flags & MONITOR_FLAG_COOK_FRAMES))) {
+ 		if (!ieee80211_has_morefrags(hdr->frame_control))
+ 			info->flags |= IEEE80211_TX_CTL_NO_ACK;
+ 		return TX_CONTINUE;
+ 	}
++        if (unlikely(!ieee80211_injection_patch &&
++           info->control.vif->type == NL80211_IFTYPE_MONITOR))
++                return TX_CONTINUE;
+ 
+ 	if (unlikely(ieee80211_is_ctl(hdr->frame_control)))
+ 		return TX_CONTINUE;
diff --git a/sys-kernel/meego-n900-sources/files/mac80211.compat08082009.wl_frag+ack_v1.patch b/sys-kernel/meego-n900-sources/files/mac80211.compat08082009.wl_frag+ack_v1.patch
new file mode 100644
index 0000000..8b7add3
--- /dev/null
+++ b/sys-kernel/meego-n900-sources/files/mac80211.compat08082009.wl_frag+ack_v1.patch
@@ -0,0 +1,27 @@
+diff --git a/net/mac80211/tx.c b/net/mac80211/tx.c
+index 0855cac..221bed6 100644
+--- a/net/mac80211/tx.c
++++ b/net/mac80211/tx.c
+@@ -677,11 +677,19 @@ int tid;
+ 
+ 	/*
+ 	 * Packet injection may want to control the sequence
+-	 * number, if we have no matching interface then we
+-	 * neither assign one ourselves nor ask the driver to.
++	 * number, so if an injected packet is found, skip
++	 * renumbering it. Also make the packet NO_ACK to avoid
++	 * excessive retries (ACKing and retrying should be
++	 * handled by the injecting application).
++	 * FIXME This may break hostapd and some other injectors.
++	 * This should be done using a radiotap flag.
+ 	 */
+-	if (unlikely(info->control.vif->type == NL80211_IFTYPE_MONITOR))
++	if (unlikely((info->flags & IEEE80211_TX_CTL_INJECTED) &&
++	   !(tx->sdata->u.mntr_flags & MONITOR_FLAG_COOK_FRAMES))) {
++		if (!ieee80211_has_morefrags(hdr->frame_control))
++			info->flags |= IEEE80211_TX_CTL_NO_ACK;
+ 		return TX_CONTINUE;
++	}
+ 
+ 	if (unlikely(ieee80211_is_ctl(hdr->frame_control)))
+ 		return TX_CONTINUE;
diff --git a/sys-kernel/meego-n900-sources/meego-n900-sources-2.6.33.2.ebuild b/sys-kernel/meego-n900-sources/meego-n900-sources-2.6.33.2.ebuild
index cde6b9d..d7eb0fc 100644
--- a/sys-kernel/meego-n900-sources/meego-n900-sources-2.6.33.2.ebuild
+++ b/sys-kernel/meego-n900-sources/meego-n900-sources-2.6.33.2.ebuild
@@ -13,7 +13,9 @@ ETYPE="sources"
 inherit kernel-2
 detect_version
 
-UNIPATCH_LIST="${DISTDIR}/meego-n900.patch.bz2" 
+UNIPATCH_LIST="${DISTDIR}/meego-n900.patch.bz2
+${FILESDIR}/mac80211.compat08082009.wl_frag+ack_v1.patch
+${FILESDIR}/4013-runtime-enable-disable-of-mac80211-packet-injection.patch" 
 
 DESCRIPTION=""
 HOMEPAGE=""