Promiscuous Mode

[Nickelme]

Thank you for confirming this as it is mostly what I wanted. Is there an expected release date on this or maybe an idea when it might get released?

[brainstorm]

+1 on Nickelme, really looking forward to having this info available so I can move on with my project(s), thanks Angus

[brainstorm]

While we wait for that RadioTAP spec to come, I'm experimenting with packet injection via the esp_wifi_internal_tx() function:

https://gist.github.com/brainstorm/24e8 ... 7c5b43a02c

I'm not getting this right since I don't really know what to pass to "wifi_eth"... "eth0"? "wlan0"? According to the tcp_ip_adapter.h header docs in:

https://github.com/espressif/esp-idf/bl ... ter.h#L388

It should be a @param[in] void *dev: adapter interface but I have no idea what interface (name?) that looks like in the chip.

Code: Select all

    esp_interface_t wifi_if;
    void* wifi_eth = NULL;
(...)
    wifi_if = tcpip_adapter_get_esp_if(wifi_eth);

Any hints are highly welcome!

[ESP_Angus]

Structure information for the radiotap header now merged to esp-idf master:

https://github.com/espressif/esp-idf/bl ... pes.h#L188

While we wait for that RadioTAP spec to come, I'm experimenting with packet injection via the esp_wifi_internal_tx() function:

I'm not getting this right since I don't really know what to pass to "wifi_eth"... "eth0"? "wlan0"? According to the tcp_ip_adapter.h header docs in:

Probably the best way to understand this function is to look at how it's used in the LWIP interface-level driver:
https://github.com/espressif/esp-idf/bl ... nif.c#L121

The parameter is the LWIP network interface pointer ("upper half", if you like), and it returns a pointer to the tcpip_adapter-side (WiFi-facing, "lower half" if you like) part of the driver. You can get an LWIP network interface pointer from the netif_find() function.

A couple of things to note:

• This probably won't do what you want. The frame data passed in here is a network-layer frame, so there's no 802.11 information at this layer. 802.11 frame stuff gets added one layer lower in the MAC layer, so data passed into esp_wifi_internal_tx() will always be subject to the same handling that any other frame holding an IP packet would be.
• LWIP runs all network operations in a single task, and the WiFi driver is (I'm fairly sure) built on the assumption that this task is the only thing which calls esp_wifi_internal_tx(). So it may not like it if you start calling this function from multiple tasks. It's labelled as an internal function for a reason!
• To inject arbitrary network frames (not the same as arbitrary 802.11 frames) in a multithreaded environment, LWIP has raw socket support which you can use (the frames will end up being passed to the low_level_output function linked above).

[brainstorm]

Woah, thanks much ESP_Angus, both for the radiotap commit and the lwip pointers. I suspected that injecting arbitrary 802.11 frames wouldn't be that easy, but I was willing to give it a try with the standard SDK instead of having to poke into lib80211.a and libpp.a (good old times with wifi_send_pkt_freedom):

https://github.com/pulkin/esp8266-injection-example

I guess it's then time to followup steps from cnlohr, pfalcon, yourself (ha!) but on the ESP32 this time

https://github.com/israellot/esp-ginx/issues/2
https://github.com/SuperHouse/esp-open- ... -118361975
https://github.com/ernacktob/esp8266_wifi_raw
https://github.com/cnlohr/esp8266rawpackets
https://github.com/pfalcon/ScratchABit
http://www.esp8266.com/viewtopic.php?f= ... 1&start=12

Happy (Christmas&&Hacking)

[Nickelme]

That was quick. Also it looks awesome, can't wait to try it out. Also brainstorm keep us up to date if you can get your injection working.