Question
I am building UDP packets from scratch (including 802.11 MAC, LLC, IP and UDP headers) and injecting them into a wireless network using LORCON. The receiving host has an interface wlan0 in regular, managed mode (but not connected to any AP), and I've added a sub-interface mon0 running in monitor mode as such:
https://stackoverflow.com/questions/19433979
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russianiw dev wlan0 interface add mon0 type monitor
Watching the monitoring interface shows that the packet is received correctly:
$ sudo tcpdump -vei mon0 udp
tcpdump: WARNING: mon0: no IPv4 address assigned
tcpdump: listening on mon0, link-type IEEE802_11_RADIO (802.11 plus radiotap header), capture size 65535 bytes
<time> <signal info> DA:Broadcast BSSID:... SA:... LLC, dsap SNAP (0xaa) Individual, ssap SNAP (0xaa) Command, ctrl 0x03: oui Ethernet (0x000000), ethertype IPv4 (0x0800): (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 53)
10.0.0.1.1234 > 255.255.255.255.1234: UDP, length 17
However, if I run sudo tcpdump -vei wlan0, no packets are printed, even though both the MAC and IP destination addresses are set to the broadcast address. The source address is set to a ficticious address, but I don't think that should prevent tcpdump from seeing the packet at all?
$ ip link
...
7: wlan0: <NO-CARRIER,BROADCAST,MULTICAST,PROMISC,UP> mtu 1500 qdisc mq state DOWN qlen 1000
link/ether 00:21:6a:c5:3e:7a brd ff:ff:ff:ff:ff:ff
8: mon0: <BROADCAST,MULTICAST,PROMISC,UP,LOWER_UP> mtu 1500 qdisc mq state UNKNOWN qlen 1000
link/ieee802.11/radiotap 00:21:6a:c5:3e:7a brd ff:ff:ff:ff:ff:ff
For what it's worth, setting net.ipv4.conf.all.rp_filter=0 as suggested here has no effect. Neither does setting net.ipv4.ip_forward=1. Enabling net.ipv4.conf.all.log_martians produces no output in the syslog.
Any pointers as to why this might be are most welcome!
FWIW, the machine is running Ubuntu 12.04.3, but with the 3.5.7 kernel.
EDIT: Here's something interesting I just discovered: tcpdump -i any doesn't print anything either. Only when I explicitly run tcpdump -i mon0 do I see the incoming packet. Why would something be excluded from -i any?
Solution
After many fruitless experiments, I decided to simply put the main interface in monitor mode with
iw dev wlan0 set type monitor
ip link set wlan0 promisc on
And then use pcap to extract the packets in questions. Adds a dependency on pcap, but also significantly easier it seems than trying to figure out packets go in the Linux kernel. A good intro to pcap can be found here.
