Project: Camphor

More like a realization followed by revelation.

$ kextfind . -dsym _ieee80211_ifattach
IO80211Family.kext/Contents/PlugIns/AirPortAtheros.kext
IO80211Family.kext/Contents/PlugIns/AirPortAtheros21.kext

$ kextfind . -dsym _m_get
System.kext/PlugIns/Private.kext
System.kext/PlugIns/Unsupported.kext

In other words, these symbols are accessible from any kext if we add a dependency on the kexts that “kextfind” command found.

There are two things happening here:

1. Since Apple and Atheros already ported FreeBSD net80211 to OS X, why should we duplicate the effort? It looks like we can actually ride on the Atheros driver’s back and call the functions from that kext.

2. If instead I decide to go ahead with our own port, the legacy BSD mbuf functions are available from the Private and Unsupported kexts! Which means I can do away with a lot of manual code changes!

This is cool. Let’s see what other info I dig up to make my job easier.

As I have mentioned previously, I’m working to port OpenBSD’s net80211 layer, which is an IEEE 802.11-2007 WiFi stack, to Mac OS X.

Haiku, an open-source operating system, managed to do this last year for their own kernel. So why is it taking us so long to do a similar thing for OS X?

To start off, although it appears that the OS X kernel being partly based on BSD should make things easier, it actually makes it more complicated to attempt a port such as this. Since almost half of the OS X kernel consists of FreeBSD code, there are lots of symbols predefined, like ifnet and mbuf. Apple’s own “Kernel Programming Interface” (KPIs) provide access to these data structures and functions through a slightly different API which is designed to prevent direct access. Unfortunately, most of the code from other BSD kernels heavily relies on direct access (most notable being the mbuf handling routines). To top it off, several of these data structures have been slightly modified in the XNU kernel compared to their BSD counterparts, making their usage very risky.

Hence, simply including the source code for net80211 and some compatibility glue code (like Haiku does) would result in massive naming collisions between predefined structures and functions in the kernel vs. those redefined in the compatibility layer.

Apple already includes a port of the net80211 stack for their drivers for the Atheros wireless adapters. Without access to that source code, it is difficult to figure out (at least for me) what approach they have taken. My approach has been to convert the entire net80211 source code to C++ and wrap them in a namespace. This will automatically cause all symbols to be prefixed with the namespace, hopefully avoiding collisions with their kernel counterparts.

This sounds easy enough, but for some things it just doesn’t work. The mbuf handling routines in net80211 make heavy use of direct access to the mbuf structure. This is not possible in OS X (or not easily possible). OS X drivers use the mbuf_t structure and the mbuf KPI to manipulate mbufs. Now, mbufs are used to store all network data coming in and going out of the system. Thus, it is used extremely frequently. The two ways to deal with this were to either:

1. Re-implement BSD’s mbuf API and structures in our compatibility layer. Bad option in my opinion because of the naming collisions, and more importantly, from a performance point of view, and being badly integrated with OS X’s networking tools.

2. Wade through the hundreds of thousands of instances where mbufs have been used in net80211 source code, and convert them to their mbuf_t KPI equivalents.

I chose the 2nd option as that was the only one which made sense, despite being extremely lengthy. I was actually recommended this by Apple kernel engineers on the darwin-drivers mailing list.

So, the end result was to use Xcode’s “Find” feature to find every single mbuf instance, and replace it with their mbuf_t equivalent, after understanding its context. This was frustrating. But thankfully it’s done. Here’s an example snippet:

And here’s the list of files which needed to be manually reviewed line by line (compiler errors are not always useful) to make sure every instance was properly converted:

The other issue was that a lot of functionality from OpenBSD (e.g. kernel cryptography) is not present in OS X (it probably is present, but inaccessible from the KPIs). So I included all of those. There were also several undefined symbols which I defined as equivalents. All in all, there is a compatibility layer for the compatibility layer:

For what it’s worth, there probably is a much better and more elegant way to do this. But sadly I am not knowledgeable enough to figure out how Apple/Atheros developers did it. How I wish I could at least get a glimpse of their source code! Ralink probably also uses the net80211 stack (or something similar) in the OS X drivers for their USB wifi adapter range. A few days ago I tried to contact Ralink to get access to their source code (in return for making their drivers Airport compatible), but have not received any reply yet.

Anyway, with most of this mechanical porting done, what remains is to write code to glue the net80211 information/function calls to IOKit’s “Airport” interface, which is referred to as apple80211 in Kernel.framework from Leopard and older. Incidentally, Apple stopped supplying this particular set of header files from Snow Leopard onwards. Recreating the proper headers for Snow Leopard was a challenge which deserves a post of its own. Maybe later.

So that’s a survey of the process and the difficulties so far. This week I’ll be working to finish off the “compatibility layer” for net80211 based drivers to access the hardware, and finally hooking it all up to parts of VoodooWireless so it can talk to Airport. Hopefully this approach will work. As is evident, I have not tested even a single line of all this code yet - simply because there are millions of nuts and bolts that all must fit in together before the whole thing will fly. This month I’m hoping it’ll all start to take shape. If not, well tough luck to us.

Postscript: I mainly wrote this post so that future developers who might want to pick up on this project after I leave, can get an idea of what work is being done and how it’s intended to work. Feel free to write to me at voodoo@mercurysquad.com if you have more technical questions (don’t write to ask “how much longer” or “it doesn’t work”, though).

Thanks for reading!

Anonymous asked: waiting for intel 5100 agn drive for mac os thx

The 4965 driver, when finished, should work with 5100 and higher cards.

Anonymous asked: Hi,

i just would like to ask if there is anything (Except Donations) that WE ( the People who were waiting for a working kext ) can do to help you with the Projekt? Coffee, Tea, Intel 5100 Cards,....

Just let us know :)

I already have an Intel 4965 thanks to a generous donator. I don’t need 5100 or other cards because the 4965 driver will work with them also. Thanks for asking, though!

Anonymous asked: hi i just want to know y the intel2200 kext doesn't work for me( i have a intel 2200 bg wireless card on 10.6.4) but when i install the voodoowireless and voodoowireless clipher and intel 3945 kexts the airport shows but i can't connect to any wifi with wep (they just tell me that you cannot connect just after i press the connect button)

The Intel 2200 driver beta6 does not support WEP (beta5 does). It has also not been tested on Snow Leopard.

Anonymous asked: Hi,
there is a date when the beta of the driver for 4965 is released?
Thanks you

Before the end of the month, or never. Hopefully the former.

Anonymous asked: Hello i have a intel 3945bg wireless card and i can't connect to me home's wifi cause its protected with wep and i installed the right kexts for that. My question is: Are you working on making the Wep and Wpa work? And if so, when will it be released

Yes, WEP and WPA have already been ported. What remains is to hook them up to Airport’s GUI. It will be released before the end of this month (or never).

Anonymous asked: Is it possible to help you port the net80211 or the drivers? If so, how much coding experience is necessary?

So far I’ve been working on it by myself, but I’m considering going fully open source. A blog entry will be posted when I’ve cleaned up and uploaded the source code.

You should have strong C++ skills for writing IOKit drivers, and extremely strong C skills for helping to port net80211 to OS X. Apart from that, you need to know the IEEE 802.11-2007 specification (the document is available free of cost), and have sound knowledge of networking. You also need to be at least familiar with IOKit (the OS X driver model), ideally be an expert in it — because we need to figure out how to hook up a driver from a totally different operating system into Mac OS X — and figuring out the best way to do it is important.

And finally, the most important skill is: writing correct code that works. Debugging in kernel space is not easy (specially without a spare OS X machine), so it is important that the code you write is well thought out and intended to work at the first try (or with minor modifications).

Knowledge about the FreeBSD/OpenBSD kernel (specially net80211 itself) will also be very valuable — but not required, as long as you are good at reading other people’s code and understanding how it works. Beware that the net80211 codebase is pretty huge. Being able to connect the dots is crucial.

I’m really not able to find time to work on project:camphor these days, though I think all it requires is around a week of hacking. So much has already been done (as I said the porting part is 90% done, hooking it to OSX hasn’t even been started yet).

Also, my friend Vaibhav Bajpai will be joining in the porting effort soon. That should speed it up.

I would just like to add that the project is NOT abandoned.

Many people seem to think so because of lack of progress. This is not the case. As for donations, thanks to all who have donated so far but I request people to hold off on donating for now because I don’t want to hear constant complains that the delay is to amass more donations.

And for the constant barrage of emails and comments on the blog (now disabled) that I keep getting saying “it’s been over a year, this will never get done” — by all means buy a USB wifi dongle or replace your Intel wifi card with a Broadcom. Both options cost very little.

My honest opinion is that saving 10 bucks is not worth waiting over a year for the drivers. This is a fun and challenging project which when done right has the potential to breathe life into a lot of laptops which cannot upgrade (eg. BIOS locked) or for those who don’t want to carry around extra equipment.

But for the rest, there is an easier, faster and more reliable option. Please avail of it instead of complaining. Angry emails/comments does not help anyone.

Thanks.

Anonymous asked: So much better!!!!!... but.. a little color would be nicer... i could make a theme for the blog.... ;)

Thanks, please feel free to create a theme. This blog uses tumblr, so you might want to look up the tags.