bcm43455c0: trying to fix the monitor mode implementation.

firmwares/bcm43455/7_45_77_0_hw_23_8_2017/Makefile

@@ -19,6 +19,11 @@ rom.bin: ../rom.bin
 	@printf "\033[0;31m  APPLYING FLASHPATCHES TO CLEAN ROM\033[0m\n"
 	$(Q)$(NEXMON_ROOT)/buildtools/flash_patch_extractor/fpext -r $(RAM_FILE) -s $(RAMSTART) -b $(FP_CONFIG_ORIGBASE) -e $(FP_CONFIG_ORIGEND) -i $< -o $@ -t $(ROMSTART) > /dev/null
 
+complete.bin: $(RAM_FILE) rom.bin
+	@printf "\033[0;31m  MERGING %s and rom.bin into %s\033[0m\n" $< $@
+	$(Q)dd if=rom.bin of=$@ bs=1 seek=$$(($(ROMSTART))) conv=notrunc 2>/dev/null
+	$(Q)dd if=$< of=$@ bs=1 seek=$$(($(RAMSTART))) conv=notrunc 2>/dev/null
+
 clean:
 	@printf "\033[0;31m  CLEANING\033[0m\n"
 	$(Q)rm -f ucode.bin templateram.bin flashpatches.c rom.bin

patches/bcm43455c0/7_45_154/nexmon/src/monitormode.c

@@ -35,6 +35,7 @@
 #pragma NEXMON targetregion "patch"
 
 #include <firmware_version.h>   // definition of firmware version macros
+#include <debug.h>              // contains macros to access the debug hardware
 #include <wrapper.h>            // wrapper definitions for functions that already exist in the firmware
 #include <structs.h>            // structures that are used by the code in the firmware
 #include <helper.h>             // useful helper functions
@@ -64,18 +65,14 @@ channel2freq(struct wl_info *wl, unsigned int channel)
 }
 
 static void
-wl_monitor_radiotap(struct wl_info *wl, struct wl_rxsts *sts, struct sk_buff *p, unsigned char tunnel_over_udp)
+wl_monitor_radiotap(struct wl_info *wl, struct wl_rxsts *sts, struct sk_buff *p)
 {
     struct osl_info *osh = wl->wlc->osh;
     unsigned int p_len_new;
     struct sk_buff *p_new;
 
-    if (tunnel_over_udp) {
-        p_len_new = p->len + sizeof(struct ethernet_ip_udp_header) + 
-            sizeof(struct nexmon_radiotap_header);
-    } else {
-        p_len_new = p->len + sizeof(struct nexmon_radiotap_header);
-    }
+
+    p_len_new = p->len + sizeof(struct nexmon_radiotap_header);
 
     // We figured out that frames larger than 2032 will not arrive in user space
     if (p_len_new > 2032) {
@@ -90,9 +87,6 @@ wl_monitor_radiotap(struct wl_info *wl, struct wl_rxsts *sts, struct sk_buff *p,
         return;
     }
 
-    if (tunnel_over_udp)
-        skb_pull(p_new, sizeof(struct ethernet_ip_udp_header));
-
     struct nexmon_radiotap_header *frame = (struct nexmon_radiotap_header *) p_new->data;
 
     memset(p_new->data, 0, sizeof(struct nexmon_radiotap_header));
@@ -168,40 +162,51 @@ wl_monitor_radiotap(struct wl_info *wl, struct wl_rxsts *sts, struct sk_buff *p,
 
     memcpy(p_new->data + sizeof(struct nexmon_radiotap_header), p->data, p->len);
 
-    if (tunnel_over_udp) {
-        prepend_ethernet_ipv4_udp_header(p_new);
-    }
-
-    if (wl->wlc->wlcif_list->next)
-        wl->wlc->wlcif_list->wlif->dev->chained->funcs->xmit(wl->wlc->wlcif_list->wlif->dev, wl->wlc->wlcif_list->wlif->dev->chained, p_new);
-    else
-        wl->dev->chained->funcs->xmit(wl->dev, wl->dev->chained, p_new);
+    //wl_sendup(wl, 0, p_new);
+    wl->dev->chained->funcs->xmit(wl->dev, wl->dev->chained, p_new);
 }
 
 void
 wl_monitor_hook(struct wl_info *wl, struct wl_rxsts *sts, struct sk_buff *p) {
-    switch(wl->wlc->monitor & 0xFF) {
-        case MONITOR_RADIOTAP:
-                wl_monitor_radiotap(wl, sts, p);
-            break;
-
-        case MONITOR_IEEE80211:
-                wl_monitor(wl, sts, p);
-            break;
-
-        case MONITOR_LOG_ONLY:
-                printf("frame received\n");
-            break;
-
-        case MONITOR_DROP_FRM:
-            break;
-
-        case MONITOR_IPV4_UDP:
-                printf("%s: udp tunneling not implemented\n");
-                // not implemented yet
-            break;
+    unsigned char monitor = wl->wlc->monitor & 0xFF;
+
+    if (monitor & MONITOR_RADIOTAP) {
+        wl_monitor_radiotap(wl, sts, p);
+    }
+
+    if (monitor & MONITOR_IEEE80211) {
+        wl_monitor(wl, sts, p);
+    }
+
+    if (monitor & MONITOR_LOG_ONLY) {
+        printf("frame received\n");
+    }
+
+    if (monitor & MONITOR_DROP_FRM) {
+        ;
+    }
+
+    if (monitor & MONITOR_IPV4_UDP) {
+        printf("MONITOR over udp is not supported!\n");
     }
 }
 
+// Hook the call to wl_monitor in wlc_monitor
 __attribute__((at(0x1a6928, "", CHIP_VER_BCM43455c0, FW_VER_7_45_154)))
+__attribute__((at(0x1AD75E, "", CHIP_VER_BCM43455, FW_VER_7_45_77_0_23_8_2017)))
 BLPatch(wl_monitor_hook, wl_monitor_hook);
+
+/* // no flashpatches left
+// activate badfcs, if MONITOR_ACTIVATE_BADFCS is set
+void
+wlc_mctrl_hook(struct wlc_info *wlc, uint32 mask, uint32 val)
+{
+    if (wlc->monitor & MONITOR_ACTIVATE_BADFCS)
+        wlc_mctrl(wlc, MCTL_PROMISC | MCTL_KEEPBADFCS | MCTL_KEEPCONTROL, MCTL_PROMISC | MCTL_KEEPBADFCS | MCTL_KEEPCONTROL);
+    else
+        wlc_mctrl(wlc, mask, val);
+}
+
+__attribute__((at(0x2FB9A, "flashpatch", CHIP_VER_BCM43455, FW_VER_ALL)))
+BLPatch(wlc_mctrl_hook, wlc_mctrl_hook);
+*/

patches/common/wrapper.c

@@ -236,6 +236,7 @@ AT(CHIP_VER_BCM43455, FW_VER_7_45_77_0, 0x19A0E8)
 AT(CHIP_VER_BCM43455, FW_VER_7_120_5_1_sta_C0, 0x19A0F8)
 AT(CHIP_VER_BCM43455, FW_VER_7_45_77_0_23_8_2017, 0x19A0F8)
 AT(CHIP_VER_BCM43455c0, FW_VER_7_45_154, 0x19a098)
+AT(CHIP_VER_BCM43909b0, FW_VER_ALL, 0x64588)
 int
 memcpy(void *dst, void *src, int len)
 RETURN_DUMMY
@@ -310,6 +311,8 @@ AT(CHIP_VER_BCM4335b0, FW_VER_ALL, 0x18B04)
 AT(CHIP_VER_BCM43596a0, FW_VER_ALL, 0x6054)
 AT(CHIP_VER_BCM43451b1, FW_VER_ALL, 0x64d88)
 AT(CHIP_VER_BCM43455, FW_VER_ALL, 0x9C04C)
+AT(CHIP_VER_BCM43455c0, FW_VER_ALL, 0x9C04C)
+AT(CHIP_VER_BCM43909b0, FW_VER_ALL, 0x646B8)
 void *
 pkt_buf_get_skb(void *osh, unsigned int len)
 RETURN_DUMMY
@@ -324,6 +327,7 @@ AT(CHIP_VER_BCM4330, FW_VER_ALL, 0x80E300)
 AT(CHIP_VER_BCM4335b0, FW_VER_ALL, 0x18A98)
 AT(CHIP_VER_BCM43596a0, FW_VER_ALL, 0x5FE8)
 AT(CHIP_VER_BCM43455, FW_VER_ALL, 0x9C05C)
+AT(CHIP_VER_BCM43455c0, FW_VER_ALL, 0x9C05C)
 void *
 pkt_buf_free_skb(void *osh, void *p, int send)
 RETURN_DUMMY
@@ -758,6 +762,7 @@ AT(CHIP_VER_BCM4330, FW_VER_ALL, 0x817ACC)
 AT(CHIP_VER_BCM4335b0, FW_VER_ALL, 0x29BB8)
 AT(CHIP_VER_BCM43596a0, FW_VER_ALL, 0x369B8)
 AT(CHIP_VER_BCM43455, FW_VER_ALL, 0x1ED5C)
+AT(CHIP_VER_BCM43455c0, FW_VER_ALL, 0x1ED5C)
 void
 wl_monitor(void *wl, void *sts, void *p)
 VOID_DUMMY
@@ -1074,6 +1079,7 @@ AT(CHIP_VER_BCM43451b1, FW_VER_ALL, 0xf7cc)
 AT(CHIP_VER_BCM43455, FW_VER_ALL, 0x203B8)
 AT(CHIP_VER_BCM43596a0, FW_VER_ALL, 0x38E3C)
 AT(CHIP_VER_BCM43455c0, FW_VER_ALL, 0x203B8)
+AT(CHIP_VER_BCM43909b0, FW_VER_ALL, 0xe4c4)
 int
 wlc_ioctl(void *wlc, int cmd, void *arg, int len, void *wlc_if)
 RETURN_DUMMY
@@ -1255,6 +1261,7 @@ AT(CHIP_VER_BCM4356, FW_VER_7_35_101_5_sta, 0x1C469A)
 AT(CHIP_VER_BCM43455, FW_VER_7_45_77_0, 0x1D0DFC)
 AT(CHIP_VER_BCM43455, FW_VER_7_120_5_1_sta_C0, 0x1CF9A0)
 AT(CHIP_VER_BCM43455, FW_VER_7_45_77_0_23_8_2017, 0x1D13C8)
+AT(CHIP_VER_BCM43455c0, FW_VER_7_45_154, 0x1C9FA4)
 int
 wlc_phy_chan2freq_acphy(void *pi, int chanspec, int *freq, void **chan_info_ptr)
 RETURN_DUMMY
@@ -1641,6 +1648,7 @@ VOID_DUMMY
 
 //AT(CHIP_VER_BCM4339, FW_VER_ALL, 0x5BA28)
 AT(CHIP_VER_BCM4339, FW_VER_6_37_32_RC23_34_43_r639704, 0x01ADBB4)
+AT(CHIP_VER_BCM43909b0, FW_VER_ALL, 0x37A30)
 int
 wlc_valid_chanspec_ext(void *wlc_cm, unsigned short chanspec, int dualband)
 RETURN_DUMMY

patches/include/firmware_version.h

@@ -47,6 +47,7 @@
 #define CHIP_VER_BCM43451b1                 8
 #define CHIP_VER_BCM43455                   9
 #define CHIP_VER_BCM43455c0               101
+#define CHIP_VER_BCM43909b0               102
 
 #define FW_VER_ALL                          0
 
@@ -91,4 +92,7 @@
 // for CHIP_VER_BCM43455c0
 #define FW_VER_7_45_154                    110
 
+// for CHIP_VER_BCM43909b0
+#define FW_VER_7_15_168_108                210
+
 #endif /*FIRMWARE_VERSION_H*/