Dont we all like to play
Anyways, good luck, allthogh, this is not really for beginners, also considering that this is work in progress (I did find some issues, yes)

@nieldk, did you check with another device, like using kismet for example what the actual station details were when you did direct packet tranmission?
Just curious, that did the frame formatting really work as attempted...

Good input
No, I didnt test that yet, but I think you are right, will provide more information.
What I did do, was to use ethtool to get information on the mon0 device, which seems legit and good.
Now, thinking whats next. I believe aircrack may need some tampering - so that eventually we wont need to macchanger.
I have also looked more in the kernel sources and Davids N900 patches, but I cant (for now) make it fit together.
It does seem like, that moving the 802 to modules (thanks) did make some change to get this working, so at least that is positive.
I am having a few issues.
Mainly, aireplay doesnt work completely as intended when trying to do fake accesspoint to kick of connected clients and make them reconnect.
Also, for some reason, some times the injection test (aireplay-ng -9 mon0) doesnt find any nearby accesspoint, and doesnt report 'injection working'. This, it seems, to be because of power. My kernel is compiled with power saving features disabled as standard so I am not sure if this is the real issue (my AP is actually very close to the device).
PS! I hope David reads this and finds temptation to start working Device, he confirmed, arrived.

what about n950 kernel ?

why not
not sure, but shouldnt it be able to use the N9 kernel ?
en case not, I dont see obstacles in compiling a n950 kernel.

ask me for testing

please do
i believe this kernel will install fine on n950 also

Just an (positive) update

I am quite confused here.

First of all great work, but, does it all actually work ?

Is it even possible to do without reverse engineering the driver ?

AFAIK without reverse engineering the driver it is not possible.

How was this done for the N900 ( wifi chip WL1251 ) and how can it be done for other devices with TI wifi chip like wl1271 ?

Partly, it is unstable, in the sense, that there are issues with 1) channel selection - seems to get answer on channel selection = -1, also, Injection seems to be not so stable, possibly this is transmission power. 2) Still dependent on macchanger aswell - perhaps a patch is needed to aircrack suite.

I believe so, I had some success.[/QUOTE]

David created a working driver for the N900, he got a device from me, and I hope he will see this thread and find the urge to assist
Regarding the wl1271, well the N9 has a wl1273 chip, and all wl12xx uses same drivers (to my knowledge).
What makes a differenc between N900/N9 ? Well, I compiled this kernel to support creation of devices (to allow creation of eg monX/atX) and moved cfg80211 to modules, still, like said, airmon-ng for some reason creates devices with MAC of 00:00:00:00:00 which needs to be changed using macchanger - or - perhaps - patching aircrack suite.