I have researched and researched this.. I see alot of people using the iwp4965 card and no injection support for it yet. I have even found a post where a guy made a patch for the injection (listed below). But have yet to see any talk about this being introduced in the next release of BT or being fixed in the current. Is anyone working on, going to work on, or plan to work on this? Thanks in advance! :eek:

diff --git a/origin/iwl4965-base.c b/origin/iwl4965-base.c
index bb476b5..aa07522 100644
--- a/origin/iwl4965-base.c
+++ b/origin/iwl4965-base.c
@@ -2679,7 +2679,8 @@ static void iwl4965_connection_init_rx_config(struct iwl4965_priv *priv)

case IEEE80211_IF_TYPE_STA:
priv->staging_rxon.dev_type = RXON_DEV_TYPE_ESS;
- priv->staging_rxon.filter_flags = RXON_FILTER_ACCEPT_GRP_MSK;
+ priv->staging_rxon.filter_flags = RXON_FILTER_ACCEPT_GRP_MSK |
+ RXON_FILTER_CTL2HOST_MSK;
break;

case IEEE80211_IF_TYPE_IBSS:
@@ -2984,11 +2985,6 @@ static int iwl4965_tx_skb(struct iwl4965_priv *priv,
goto drop_unlock;
}

- if (!priv->interface_id) {
- IWL_DEBUG_DROP("Dropping - !priv->interface_id\n");
- goto drop_unlock;
- }
-
if ((ctl->tx_rate & 0xFF) == IWL_INVALID_RATE) {
IWL_ERROR("ERROR: No TX rate available.\n");
goto drop_unlock;
@@ -3010,7 +3006,8 @@ static int iwl4965_tx_skb(struct iwl4965_priv *priv,

/* drop all data frame if we are not associated */
if (!iwl4965_is_associated(priv) && !priv->assoc_id &&
- ((fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA)) {
+ ((fc & IEEE80211_FCTL_FTYPE) == IEEE80211_FTYPE_DATA) &&
+ priv->interface_id) {
IWL_DEBUG_DROP("Dropping - !iwl4965_is_associated\n");
goto drop_unlock;
}
@@ -3020,11 +3017,22 @@ static int iwl4965_tx_skb(struct iwl4965_priv *priv,
hdr_len = ieee80211_get_hdrlen(fc);

/* Find (or create) index into station table for destination station */
- sta_id = iwl4965_get_sta_id(priv, hdr);
+ if (unlikely(!priv->interface_id)) {
+ if (!ieee80211_is_probe_response(le16_to_cpu(hdr->frame_control)) &&
+ !is_multicast_ether_addr(hdr->addr1) &&
+ !is_broadcast_ether_addr(hdr->addr1))
+ sta_id = iwl4965_add_station_flags(priv, hdr->addr1, 0, 0);
+ else
+ sta_id = priv->hw_setting.bcast_sta_id;
+ }
+ else
+ sta_id = iwl4965_get_sta_id(priv, hdr);
if (sta_id == IWL_INVALID_STATION) {
- IWL_DEBUG_DROP("Dropping - INVALID STATION: " MAC_FMT "\n",
- MAC_ARG(hdr->addr1));
- goto drop;
+ if (priv->interface_id) {
+ IWL_DEBUG_DROP("Dropping - INVALID STATION: " MAC_FMT "\n", MAC_ARG(hdr->addr1));
+ goto drop;
+ }
+ sta_id = priv->hw_setting.bcast_sta_id;
}

IWL_DEBUG_RATE("station Id %d\n", sta_id);



http://tinyshell.be/aircrackng/forum/index.php?topic=2606.new#new
http://www.intellinuxwireless.org/bugzilla/show_bug.cgi?id=1537
http://rpmfind.net/linux/RPM/opensuse/updates/10.3/x86_64/iwlwifi-kmp-xen-1.2.0_2.6.22.16_0.1-0.1.x86_64.html
http://rpmfind.net/linux/RPM/opensuse/updates/10.3/x86_64/lib_modules_2.6.22.17-0.1-xen_updates_Tree.html

chmod,

I think the way it works @ BT is that if a working injection patch is available, BT will incorporate it into their release or efforts. But, BT will depend on others (aircrack-ng.org, madwifi.org, and others) to provide working injection patches.

BT then concentrates on their speciality......providing the most available wireless pcmcia, pci, usb dongle injection capable units in the Linux o/s along side the most available penetration software possible.

So.................if 4965 injection is available, I would bet it will be included in the final BT3.

Alacrity:)

Just thought I'd through my $0.02 in here.
I have an Intel 4965agn and I have been able to get it into monitor mode with surprisingly little effort. Basically after boot I open konsole and execute the following:
iwconfig wlan0 mode monitor
ifconfig wlan0 up
airodump-ng wlan0 #this works great
airreplay-ng -1 0 -a 001122334455 -h 001122334455 wlan0 #things go CRAZY

and by crazy I mean i get a constant stream of garbage on my prompt and it locks up my keyboard. If I ctrl-c i get nothing. If I close the window and open a new Konsole window the stream of garbage continues. Obviously injection is not working...BOO!!!

has anyone tried the patch yet? I've been waiting for this forever!!

where did you find that at by the way?

I have an Intel 4965agn too. i would like how to use the injection. The authentification mode (-1) don't work, and I have this :

Interface Chipset Driver
wlan0 iwl4965 - [phy0]/usr/local/sbin/airmon-ng: line 338: /sys/class/ieee80211/phy0/add_iface: Permission denied
mon0: ERROR while getting interface flags: No such device (monitor mode enabled on mon0)

Who can help me ? :(

I have added a resource link to the 4695 code patch.

I have added a resource link to the 4695 code patch.
Where can I dowload your patch modified?

I found another thread that seems to be getting close to getting packet injection working. tinyshell.be/aircrackng/forum/index.php?topic=2898.45

I have an Intel 4965agn too. i would like how to use the injection. The authentification mode (-1) don't work, and I have this :

Interface Chipset Driver
wlan0 iwl4965 - [phy0]/usr/local/sbin/airmon-ng: line 338: /sys/class/ieee80211/phy0/add_iface: Permission denied
mon0: ERROR while getting interface flags: No such device (monitor mode enabled on mon0)

Who can help me ? :(

I am getting the exact same error, running BT3b via USB.

I tried installing the latest Intel mac80211 drivers and the latest iwlwifi-1.2.25 drivers, but each and every time I've done it I've destroyed my Vista HDD MBR.

When I boot into BT3 now, I have no drivers loaded for my wireless card as default and can't work out why. When I manually load the iwlwifi-1.2.25 drivers and try to connect to my network the computer freezes and needs a hard reset.

Damn problematic card this one!

from the aircrack-ng team (Dark Audax , precisely )

"Nobody has reported success with the 4965agn"

no way for the moment ........

Solution : BUY A SUPPORTED CARD !

SUGGEST THREAD MOVE TO NON-WORKING HARDWARE

It appears a patch has been developed and submitted to the kernel group. Doesn't seem to be been listed for commit to to trunk yet, but here it is (add prefix and remove whirespace due to posting rules)
a r t i c l e .gmane.org/gmane.linux.kernel.wireless.general/15111

While my expertise is quite limited, seems in prior code Intel prohibited frame tx in monitor mode, and this patch creates VAP equivalents as an alternative (along with other work).
This patch is meant to be applied to 2.6.26 (or 2.6.27 in theory) - from what I understand of BT3beta incorporating this patch will be non-trivial (kernel upgrade.. dependencies?). Wonder if the team are keeping the dev tree in-sync with kernel development - lack of progressive beta releases even incorporating known bugfixes makes me suspect otherwise. mac80211 changes will probably break any attempt at a backport.
Added: Since this patch creates extra interfaces it may enable some extra functionality, iirc some tool can use a second station interface for extra features (testing assoc with key maybe? don't member.)
Intel dev's seemed resistant to enabling injection while in monitor mode but stuff like hostapd needs it so they rolled over - makes it more likely this patch will become mainline.
This patch hasn't been queued for commit to WIRELESS-TESTING ('bleeding edge' trunk which is used as staging for wireless-next). It may require validation - if you test this patch, PLEASE EMAIL THE LIST WITH CONFIRMATION OF FUNCTIONALITY - (replace whitespace for url) g i t.kernel.org/?p=linux/kernel/git/linville/wireless-testing.git
Note the iwl driver still doesn't work in ap, wds and maybe ibss modes.


Beware the current pre-commit patches have at least one moderate regression issue with station mode.

Also there's a 'frag fix' (I think for mac80211) that is required from frag attacks and may be a dependency, dunno if it's in mainline or not.

Be interested to hear from anyone who manages to work this into a patched BT3 build!
Great to see progress on this, even if the iwl4965 is a crap card.. Tx 16dBm/39mW and Rx sens 54Mbit/-74 dBm; 6 Mbps/-90 dBm :(

UPDATE: This patch was ignored by the wireless developers. The author will not be updating it (and it will probably not apply against the current codebase) due to the huge and frequent changes to the iwl driver at the moment - it's a fast-moving target, and unless the devs commit to incorporating a revised patch into the trunk at a particular point I don't blame the author for refusing to recode.
This might settle down once intel finish work on support for the iwl5050 wimax/wifi chipset due to be released in a few months.