diff -Naur linux-2.6.28-pentoo-r4/drivers/staging/wlan-ng/hfa384x.c linux-2.6.28-pentoo-r4-fauxpas/drivers/staging/wlan-ng/hfa384x.c
--- linux-2.6.28-pentoo-r4/drivers/staging/wlan-ng/hfa384x.c	2008-12-24 18:26:37.000000000 -0500
+++ linux-2.6.28-pentoo-r4-fauxpas/drivers/staging/wlan-ng/hfa384x.c	2009-04-04 22:53:46.000000000 -0400
@@ -1873,8 +1873,16 @@
 
 	DBFENTER;
 
-	cmd.cmd = HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_MONITOR) |
-		HFA384x_CMD_AINFO_SET(enable);
+//	cmd.cmd = HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_MONITOR) |
+//		HFA384x_CMD_AINFO_SET(enable);
+	if (enable == HFA384x_MONITOR_ENABLE) {
+		// KoreK: get into test mode 0x0a
+		cmd.cmd = HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_MONITOR) |
+ 			HFA384x_CMD_AINFO_SET(0x0a);
+	} else {
+		cmd.cmd = HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_MONITOR) |
+			HFA384x_CMD_AINFO_SET(enable);
+ 	}
 	cmd.parm0 = 0;
 	cmd.parm1 = 0;
 	cmd.parm2 = 0;
@@ -3114,11 +3122,32 @@
 #endif
 
 	/* if we're using host WEP, increase size by IV+ICV */
-	if (p80211_wep->data) {
-		txdesc.data_len = host2hfa384x_16(skb->len+8);
-		//		txdesc.tx_control |= HFA384x_TX_NOENCRYPT_SET(1);
-	} else {
-		txdesc.data_len =  host2hfa384x_16(skb->len);
+//	if (p80211_wep->data) {
+//		txdesc.data_len = host2hfa384x_16(skb->len+8);
+//		//              txdesc.tx_control |= HFA384x_TX_NOENCRYPT_SET(1);
+//	} else {
+//		txdesc.data_len =  host2hfa384x_16(skb->len);
+//	}
+
+	if (skb->protocol != htons(ETH_P_80211_RAW)) {
+		/* if we're using host WEP, increase size by IV+ICV */
+		if (p80211_wep->data) {
+			txdesc.data_len = host2hfa384x_16(skb->len+8);
+			// txdesc.tx_control |= HFA384x_TX_NOENCRYPT_SET(1);
+		} else {
+			txdesc.data_len =  host2hfa384x_16(skb->len);
+		}
+		} else {
+		/* KoreK: raw injection (monitor mode): pull the rest of
+		   the header and ssanity check on txdesc.data_len */
+		memcpy(&(txdesc.data_len), skb->data, 16);
+		skb_pull(skb,16);
+		if (txdesc.data_len != host2hfa384x_16(skb->len)) {
+			printk(KERN_DEBUG "mismatch frame_len, drop frame\n");
+		return 0;
+		}
+
+		txdesc.tx_control |= HFA384x_TX_RETRYSTRAT_SET(1);
 	}
 
 	txdesc.tx_control = host2hfa384x_16(txdesc.tx_control);
@@ -3142,7 +3171,8 @@
 	spin_lock(&hw->cmdlock);
 
 	/* Copy descriptor+payload to FID */
-        if (p80211_wep->data) {
+//        if (p80211_wep->data) {
+	if (p80211_wep->data && (skb->protocol != htons(ETH_P_80211_RAW))) {
 		result = hfa384x_copy_to_bap4(hw, HFA384x_BAP_PROC, fid, 0,
 					      &txdesc, sizeof(txdesc),
 					      p80211_wep->iv, sizeof(p80211_wep->iv),
@@ -3588,6 +3618,17 @@
 	{
 	case 0:
 
+		/* KoreK: this testmode uses macport 0 */
+		if ((wlandev->netdev->type == ARPHRD_IEEE80211) ||
+			(wlandev->netdev->type == ARPHRD_IEEE80211_PRISM)) {
+			if ( ! HFA384x_RXSTATUS_ISFCSERR(rxdesc.status) ) {
+				hfa384x_int_rxmonitor( wlandev, rxfid, &rxdesc);
+			} else {
+				WLAN_LOG_DEBUG(3,"Received monitor frame: FCSerr set\n");
+			}
+			goto done;
+		}
+
 		fc = ieee2host16(rxdesc.frame_control);
 
 		/* If exclude and we receive an unencrypted, drop it */
diff -Naur linux-2.6.28-pentoo-r4/drivers/staging/wlan-ng/hfa384x_usb.c linux-2.6.28-pentoo-r4-fauxpas/drivers/staging/wlan-ng/hfa384x_usb.c
--- linux-2.6.28-pentoo-r4/drivers/staging/wlan-ng/hfa384x_usb.c	2008-12-24 18:26:37.000000000 -0500
+++ linux-2.6.28-pentoo-r4-fauxpas/drivers/staging/wlan-ng/hfa384x_usb.c	2009-04-04 23:13:53.000000000 -0400
@@ -1430,8 +1430,17 @@
 
 	DBFENTER;
 
-	cmd.cmd = HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_MONITOR) |
-		HFA384x_CMD_AINFO_SET(enable);
+//	cmd.cmd = HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_MONITOR) |
+//		HFA384x_CMD_AINFO_SET(enable);
+	if (enable == HFA384x_MONITOR_ENABLE) {
+		// KoreK: get into test mode 0x0a
+		cmd.cmd = HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_MONITOR) |
+			HFA384x_CMD_AINFO_SET(0x0a);
+	} else {
+		cmd.cmd = HFA384x_CMD_CMDCODE_SET(HFA384x_CMDCODE_MONITOR) |
+			HFA384x_CMD_AINFO_SET(enable);
+	}
+
 	cmd.parm0 = 0;
 	cmd.parm1 = 0;
 	cmd.parm2 = 0;
@@ -3431,37 +3440,71 @@
 		HFA384x_TX_MACPORT_SET(0) | HFA384x_TX_STRUCTYPE_SET(1) |
 		HFA384x_TX_TXEX_SET(0) | HFA384x_TX_TXOK_SET(0);
 #endif
-	hw->txbuff.txfrm.desc.tx_control =
-		host2hfa384x_16(hw->txbuff.txfrm.desc.tx_control);
+//	hw->txbuff.txfrm.desc.tx_control =
+//		host2hfa384x_16(hw->txbuff.txfrm.desc.tx_control);
 
-	/* copy the header over to the txdesc */
-	memcpy(&(hw->txbuff.txfrm.desc.frame_control), p80211_hdr, sizeof(p80211_hdr_t));
-
-	/* if we're using host WEP, increase size by IV+ICV */
-	if (p80211_wep->data) {
-		hw->txbuff.txfrm.desc.data_len = host2hfa384x_16(skb->len+8);
-		// hw->txbuff.txfrm.desc.tx_control |= HFA384x_TX_NOENCRYPT_SET(1);
-		usbpktlen+=8;
-	} else {
-		hw->txbuff.txfrm.desc.data_len = host2hfa384x_16(skb->len);
+//	/* copy the header over to the txdesc */
+//	memcpy(&(hw->txbuff.txfrm.desc.frame_control), p80211_hdr, sizeof(p80211_hdr_t));
+	if (skb->protocol != htons(ETH_P_80211_RAW)) {
+		hw->txbuff.txfrm.desc.tx_control =
+			host2hfa384x_16(hw->txbuff.txfrm.desc.tx_control);
+
+		/* copy the header over to the txdesc */
+		memcpy(&(hw->txbuff.txfrm.desc.frame_control), p80211_hdr,
+			sizeof(p80211_hdr_t));
+
+		/* if we're using host WEP, increase size by IV+ICV */
+		if (p80211_wep->data) {
+			hw->txbuff.txfrm.desc.data_len = host2hfa384x_16(skb->len+8);
+			// hw->txbuff.txfrm.desc.tx_control |= HFA384x_TX_NOENCRYPT_SET(1);
+			usbpktlen+=8;
+		} else {
+			hw->txbuff.txfrm.desc.data_len = host2hfa384x_16(skb->len);
+		}
+	} else  {
+		/* KoreK: raw injection (monitor mode): pull the rest of
+		   the header and ssanity check on txdesc.data_len */
+		memcpy(&(hw->txbuff.txfrm.desc.data_len), skb->data, 16);
+		skb_pull(skb,16);
+		if (hw->txbuff.txfrm.desc.data_len != host2hfa384x_16(skb->len)) {
+			printk(KERN_DEBUG "mismatch frame_len, drop frame\n");
+			return 0;
+		}
+//	/* if we're using host WEP, increase size by IV+ICV */
+//	if (p80211_wep->data) {
+//		hw->txbuff.txfrm.desc.data_len = host2hfa384x_16(skb->len+8);
+//		// hw->txbuff.txfrm.desc.tx_control |= HFA384x_TX_NOENCRYPT_SET(1);
+//		usbpktlen+=8;
+//	} else {
+//		hw->txbuff.txfrm.desc.data_len = host2hfa384x_16(skb->len);
+		hw->txbuff.txfrm.desc.tx_control |= HFA384x_TX_RETRYSTRAT_SET(1);
+		hw->txbuff.txfrm.desc.tx_control  =
+			host2hfa384x_16(hw->txbuff.txfrm.desc.tx_control);
+
+		/* copy the header over to the txdesc */
+		memcpy(&(hw->txbuff.txfrm.desc.frame_control), p80211_hdr,
+			sizeof(p80211_hdr_t));
 	}
 
 	usbpktlen += skb->len;
 
 	/* copy over the WEP IV if we are using host WEP */
 	ptr = hw->txbuff.txfrm.data;
-	if (p80211_wep->data) {
+//	if (p80211_wep->data) {
+	if (p80211_wep->data && skb->protocol != htons(ETH_P_80211_RAW)) {
 		memcpy(ptr, p80211_wep->iv, sizeof(p80211_wep->iv));
 		ptr+= sizeof(p80211_wep->iv);
 		memcpy(ptr, p80211_wep->data, skb->len);
 	} else {
 		memcpy(ptr, skb->data, skb->len);
 	}
+
 	/* copy over the packet data */
 	ptr+= skb->len;
 
 	/* copy over the WEP ICV if we are using host WEP */
-	if (p80211_wep->data) {
+//	if (p80211_wep->data) {
+	if (p80211_wep->data && skb->protocol != htons(ETH_P_80211_RAW)) {
 		memcpy(ptr, p80211_wep->icv, sizeof(p80211_wep->icv));
 	}
 
@@ -4223,6 +4266,17 @@
 	switch( HFA384x_RXSTATUS_MACPORT_GET(usbin->rxfrm.desc.status) )
 	{
 	case 0:
+		/* KoreK: this testmode uses macport 0 */
+		if ((wlandev->netdev->type == ARPHRD_IEEE80211) ||
+			(wlandev->netdev->type == ARPHRD_IEEE80211_PRISM)) {
+			if ( ! HFA384x_RXSTATUS_ISFCSERR(usbin->rxfrm.desc.status) ) {
+				hfa384x_int_rxmonitor(wlandev, &usbin->rxfrm);
+			} else {
+				WLAN_LOG_DEBUG(3,"Received monitor frame: FCSerr set\n");
+			}
+			goto done;
+		}
+
 		fc = ieee2host16(usbin->rxfrm.desc.frame_control);
 
 		/* If exclude and we receive an unencrypted, drop it */
diff -Naur linux-2.6.28-pentoo-r4/drivers/staging/wlan-ng/p80211netdev.c linux-2.6.28-pentoo-r4-fauxpas/drivers/staging/wlan-ng/p80211netdev.c
--- linux-2.6.28-pentoo-r4/drivers/staging/wlan-ng/p80211netdev.c	2008-12-24 18:26:37.000000000 -0500
+++ linux-2.6.28-pentoo-r4-fauxpas/drivers/staging/wlan-ng/p80211netdev.c	2009-04-04 22:42:15.000000000 -0400
@@ -512,7 +512,7 @@
 		 * and return success .
 		 * TODO: we need a saner way to handle this
 		 */
-		if(skb->protocol != ETH_P_80211_RAW) {
+		if(skb->protocol != htons(ETH_P_80211_RAW)) {
 			p80211netdev_start_queue(wlandev);
 			WLAN_LOG_NOTICE(
 				"Tx attempt prior to association, frame dropped.\n");
@@ -524,7 +524,7 @@
 	}
 
 	/* Check for raw transmits */
-	if(skb->protocol == ETH_P_80211_RAW) {
+	if(skb->protocol == htons(ETH_P_80211_RAW)) {
 		if (!capable(CAP_NET_ADMIN)) {
 			result = 1;
 			goto failed;
@@ -952,8 +952,9 @@
 		dev->set_mac_address =	p80211knetdev_set_mac_address;
 #endif
 #ifdef HAVE_TX_TIMEOUT
-		dev->tx_timeout      =  &p80211knetdev_tx_timeout;
-		dev->watchdog_timeo  =  (wlan_watchdog * HZ) / 1000;
+// korek: still not implemented (XXX: Why exactly do we remove this???)
+//		dev->tx_timeout      =  &p80211knetdev_tx_timeout;
+//		dev->watchdog_timeo  =  (wlan_watchdog * HZ) / 1000;
 #endif
 		netif_carrier_off(dev);
 	}
diff -Naur linux-2.6.28-pentoo-r4/drivers/staging/wlan-ng/prism2mgmt.c linux-2.6.28-pentoo-r4-fauxpas/drivers/staging/wlan-ng/prism2mgmt.c
--- linux-2.6.28-pentoo-r4/drivers/staging/wlan-ng/prism2mgmt.c	2008-12-24 18:26:37.000000000 -0500
+++ linux-2.6.28-pentoo-r4-fauxpas/drivers/staging/wlan-ng/prism2mgmt.c	2009-04-04 23:18:35.000000000 -0400
@@ -2860,9 +2860,12 @@
 		}
 
 		/* Now if we're already sniffing, we can skip the rest */
-		if (wlandev->netdev->type != ARPHRD_ETHER) {
+//		if (wlandev->netdev->type != ARPHRD_ETHER) {
+		if ((wlandev->netdev->type != ARPHRD_IEEE80211) &&
+			(wlandev->netdev->type != ARPHRD_IEEE80211_PRISM)) {
 			/* Set the port type to pIbss */
-			word = HFA384x_PORTTYPE_PSUEDOIBSS;
+//			word = HFA384x_PORTTYPE_PSUEDOIBSS;
+			word = 5; // HFA384x_PORTTYPE_PSUEDOIBSS;
 			result = hfa384x_drvr_setconfig16(hw,
 							  HFA384x_RID_CNFPORTTYPE, word);
 			if ( result ) {
@@ -2874,6 +2877,8 @@
 			}
 			if ((msg->keepwepflags.status == P80211ENUM_msgitem_status_data_ok) && (msg->keepwepflags.data != P80211ENUM_truth_true)) {
 				/* Set the wepflags for no decryption */
+				/* doesn't work - done from the CLI */
+				/* Fix? KoreK */
 				word = HFA384x_WEPFLAGS_DISABLE_TXCRYPT |
 					HFA384x_WEPFLAGS_DISABLE_RXCRYPT;
 				result = hfa384x_drvr_setconfig16(hw, HFA384x_RID_CNFWEPFLAGS, word);
@@ -2919,7 +2924,9 @@
 			goto failed;
 		}
 
-		if (wlandev->netdev->type == ARPHRD_ETHER) {
+//		if (wlandev->netdev->type == ARPHRD_ETHER) {
+		if ((wlandev->netdev->type != ARPHRD_IEEE80211) &&
+			(wlandev->netdev->type != ARPHRD_IEEE80211_PRISM)) {
 			WLAN_LOG_INFO("monitor mode enabled\n");
 		}
 
diff -Naur linux-2.6.28-pentoo-r4/drivers/staging/wlan-ng/prism2sta.c linux-2.6.28-pentoo-r4-fauxpas/drivers/staging/wlan-ng/prism2sta.c
--- linux-2.6.28-pentoo-r4/drivers/staging/wlan-ng/prism2sta.c	2008-12-24 18:26:37.000000000 -0500
+++ linux-2.6.28-pentoo-r4-fauxpas/drivers/staging/wlan-ng/prism2sta.c	2009-04-04 23:20:58.000000000 -0400
@@ -411,7 +411,9 @@
 	DBFENTER;
 
 	/* If necessary, set the 802.11 WEP bit */
-	if ((wlandev->hostwep & (HOSTWEP_PRIVACYINVOKED | HOSTWEP_ENCRYPT)) == HOSTWEP_PRIVACYINVOKED) {
+//	if ((wlandev->hostwep & (HOSTWEP_PRIVACYINVOKED | HOSTWEP_ENCRYPT)) == HOSTWEP_PRIVACYINVOKED) {
+	if (((wlandev->hostwep & (HOSTWEP_PRIVACYINVOKED | HOSTWEP_ENCRYPT)) == HOSTWEP_PRIVACYINVOKED)
+		&& (skb->protocol != htons(ETH_P_80211_RAW))) {
 		p80211_hdr->a3.fc |= host2ieee16(WLAN_SET_FC_ISWEP(1));
 	}