Date: Wed, 11 Dec 2024 15:16:05 +0800 From: Jian-Lin Li <ljianlin99@gmail.com> To: "freebsd-wireless@freebsd.org" <freebsd-wireless@FreeBSD.org> Cc: Li-Wen Hsu <lwhsu@freebsd.org> Subject: Designing frame injection for wtap devices Message-ID: <1D2A9D71-192B-4E82-875D-D09A343DC5F0@gmail.com>
index | next in thread | raw e-mail
Hey there, We are designing a WiFi subsystem fuzzer based on Syzkaller[1]. To do this, we first need to put a WiFi device into adhoc mode, and then perform 802.11 frame injection. On the Linux kernel, we can inject frames using a netlink interface command "HWSIM_CMD_FRAME", which is exposed by the virtual WiFi deivce mac80211_hwsim[2]. We'd like to introduce a netlink interface command for frame injection into wtap device[3], a virtual WiFi device on FreeBSD. We found that the "wtap_rx_proc" function in sys/dev/wtap/if_wtap.c might be useful. Can “wtap_rx_proc" be a good backend if we want to do frame injection over a wtap device? [1] https://github.com/google/syzkaller/blob/master/docs/linux/wifi_fuzzing.md [2] https://wireless.docs.kernel.org/en/latest/en/users/drivers/mac80211_hwsim.html [3] https://github.com/freebsd/freebsd-src/tree/main/sys/dev/wtap Jian-Linhelp
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1D2A9D71-192B-4E82-875D-D09A343DC5F0>