Hey there, We are designing a WiFi subsystem fuzzer based on Syzkaller[1]. To do this, we first need to put a WiFi device into adhoc mode, and then perform 802.11 frame injection. On the Linux kernel, we can inject frames using a netlink interface command "HWSIM_CMD_FRAME", which is exposed by the virtual WiFi deivce mac80211_hwsim[2].
We'd like to introduce a netlink interface command for frame injection into wtap device[3], a virtual WiFi device on FreeBSD. We found that the "wtap_rx_proc" function in sys/dev/wtap/if_wtap.c might be useful. Can “wtap_rx_proc" be a good backend if we want to do frame injection over a wtap device? [1] https://github.com/google/syzkaller/blob/master/docs/linux/wifi_fuzzing.md [2] https://wireless.docs.kernel.org/en/latest/en/users/drivers/mac80211_hwsim.html [3] https://github.com/freebsd/freebsd-src/tree/main/sys/dev/wtap Jian-Lin
