Promiscuous Mode

Nickelme
Posts: 7
Joined: Sat Nov 26, 2016 4:47 am

Re: Promiscuous Mode

Postby Nickelme » Wed Dec 14, 2016 4:38 am

Thank you for confirming this as it is mostly what I wanted. Is there an expected release date on this or maybe an idea when it might get released?

brainstorm
Posts: 27
Joined: Mon Dec 12, 2016 12:22 pm

Re: Promiscuous Mode

Postby brainstorm » Wed Dec 14, 2016 2:53 pm

+1 on Nickelme, really looking forward to having this info available so I can move on with my project(s), thanks Angus ;)

brainstorm
Posts: 27
Joined: Mon Dec 12, 2016 12:22 pm

Re: Promiscuous Mode

Postby brainstorm » Thu Dec 15, 2016 3:35 pm

While we wait for that RadioTAP spec to come, I'm experimenting with packet injection via the esp_wifi_internal_tx() function:

https://gist.github.com/brainstorm/24e8 ... 7c5b43a02c

I'm not getting this right since I don't really know what to pass to "wifi_eth"... "eth0"? "wlan0"? According to the tcp_ip_adapter.h header docs in:

https://github.com/espressif/esp-idf/bl ... ter.h#L388

It should be a @param[in] void *dev: adapter interface but I have no idea what interface (name?) that looks like in the chip.

Code: Select all

    esp_interface_t wifi_if;
    void* wifi_eth = NULL;
(...)
    wifi_if = tcpip_adapter_get_esp_if(wifi_eth);
Any hints are highly welcome!

ESP_Angus
Posts: 2344
Joined: Sun May 08, 2016 4:11 am

Re: Promiscuous Mode

Postby ESP_Angus » Thu Dec 15, 2016 10:36 pm

Structure information for the radiotap header now merged to esp-idf master:

https://github.com/espressif/esp-idf/bl ... pes.h#L188
brainstorm wrote:While we wait for that RadioTAP spec to come, I'm experimenting with packet injection via the esp_wifi_internal_tx() function:

I'm not getting this right since I don't really know what to pass to "wifi_eth"... "eth0"? "wlan0"? According to the tcp_ip_adapter.h header docs in:
Probably the best way to understand this function is to look at how it's used in the LWIP interface-level driver:
https://github.com/espressif/esp-idf/bl ... nif.c#L121

The parameter is the LWIP network interface pointer ("upper half", if you like), and it returns a pointer to the tcpip_adapter-side (WiFi-facing, "lower half" if you like) part of the driver. You can get an LWIP network interface pointer from the netif_find() function.

A couple of things to note:
  • This probably won't do what you want. The frame data passed in here is a network-layer frame, so there's no 802.11 information at this layer. 802.11 frame stuff gets added one layer lower in the MAC layer, so data passed into esp_wifi_internal_tx() will always be subject to the same handling that any other frame holding an IP packet would be.
  • LWIP runs all network operations in a single task, and the WiFi driver is (I'm fairly sure) built on the assumption that this task is the only thing which calls esp_wifi_internal_tx(). So it may not like it if you start calling this function from multiple tasks. It's labelled as an internal function for a reason! :)
  • To inject arbitrary network frames (not the same as arbitrary 802.11 frames) in a multithreaded environment, LWIP has raw socket support which you can use (the frames will end up being passed to the low_level_output function linked above).

brainstorm
Posts: 27
Joined: Mon Dec 12, 2016 12:22 pm

Re: Promiscuous Mode

Postby brainstorm » Fri Dec 16, 2016 1:13 pm

Woah, thanks much ESP_Angus, both for the radiotap commit and the lwip pointers. I suspected that injecting arbitrary 802.11 frames wouldn't be that easy, but I was willing to give it a try with the standard SDK instead of having to poke into lib80211.a and libpp.a (good old times with wifi_send_pkt_freedom):

https://github.com/pulkin/esp8266-injection-example

I guess it's then time to followup steps from cnlohr, pfalcon, yourself (ha!) but on the ESP32 this time ;)

https://github.com/israellot/esp-ginx/issues/2
https://github.com/SuperHouse/esp-open- ... -118361975
https://github.com/ernacktob/esp8266_wifi_raw
https://github.com/cnlohr/esp8266rawpackets
https://github.com/pfalcon/ScratchABit
http://www.esp8266.com/viewtopic.php?f= ... 1&start=12

Happy (Christmas&&Hacking)

Nickelme
Posts: 7
Joined: Sat Nov 26, 2016 4:47 am

Re: Promiscuous Mode

Postby Nickelme » Sat Dec 17, 2016 2:12 am

That was quick. Also it looks awesome, can't wait to try it out. Also brainstorm keep us up to date if you can get your injection working.

Who is online

Users browsing this forum: No registered users and 126 guests