Experimental support for transmitting ACK's

I just committed support for a new LORCON function, tx80211_selfack(). While LORCON has been able to transmit spoofed ACK frames for a long time now, the nature of non-real-time operating systems makes this of limited usefulness. If you want to ACK a received frame, the ACK must be transmitted within a very short time interval to let the transmitter know that it was properly received. Trying to fake this by sending ACK's from userspace applications was a hit-and-miss affair.

Now, with tx80211_selfack(), you can specify a MAC address and LORCON will configure your wireless card to handle transmitting ACK's automatically for you. I've been using this to fake an association to an AP using a false MAC address, and have been successful in getting a fake station authenticated and associated to an open AP.

The prototype of tx80211_selfack() is as follows:

int tx80211_selfack(struct tx80211 *in_tx, uint8_t *address);

LORCON will change your wireless card's MAC address to the specified address to let the hardware send ACK's for you. After calling tx80211_close(), LORCON will restore your original MAC address.

The capabilities flag for tx80211_selfack() is TX80211_CAP_SELFACK, and the madwifing and hostap drivers are currently supported. More driver support to follow.

Take a look, let me know if you run into trouble. Thanks!

-Josh