| author | mjm <mjm> | 2002-11-23 21:42:41 (UTC) |
|---|---|---|
| committer | mjm <mjm> | 2002-11-23 21:42:41 (UTC) |
| commit | c93ded2c1256817b9c974c792cd143315b98fff7 (patch) (side-by-side diff) | |
| tree | 7de5b3fc8eee930f72c4e3ef662f48948a60d935 | |
| parent | 4e24ece4607d3b2f9e3252fa561fabaa9cdddd63 (diff) | |
| download | opie-c93ded2c1256817b9c974c792cd143315b98fff7.zip opie-c93ded2c1256817b9c974c792cd143315b98fff7.tar.gz opie-c93ded2c1256817b9c974c792cd143315b98fff7.tar.bz2 | |
implemented sniffer function in daemon.cc
| -rw-r--r-- | noncore/net/wellenreiter/daemon/source/Makefile | 7 | ||||
| -rw-r--r-- | noncore/net/wellenreiter/daemon/source/TODO | 1 | ||||
| -rw-r--r-- | noncore/net/wellenreiter/daemon/source/cardmode.cc | 3 | ||||
| -rw-r--r-- | noncore/net/wellenreiter/daemon/source/cardmode.hh | 4 | ||||
| -rw-r--r-- | noncore/net/wellenreiter/daemon/source/daemon.cc | 50 | ||||
| -rw-r--r-- | noncore/net/wellenreiter/daemon/source/sniffer.cc | 41 | ||||
| -rw-r--r-- | noncore/net/wellenreiter/daemon/source/sniffer.hh | 8 |
7 files changed, 38 insertions, 76 deletions
diff --git a/noncore/net/wellenreiter/daemon/source/Makefile b/noncore/net/wellenreiter/daemon/source/Makefile index bcbc799..f3f41f0 100644 --- a/noncore/net/wellenreiter/daemon/source/Makefile +++ b/noncore/net/wellenreiter/daemon/source/Makefile @@ -1,33 +1,28 @@ # $Id$ CPP = g++ OPTIMFLAGS = -g WARNFLAGS = -Wall -pedantic -DDEBUG LDFLAGS = LIBS = -lpcap ../../libwellenreiter/source/libwellenreiter.a -OBJ = daemon.o +OBJ = daemon.o cardmode.o sniffer.o .SUFFIXES: .PHONY: all wellenreiterd clean distclean realclean %.o : %.cc $(CPP) $(WARNFLAGS) $(OPTIMFLAGS) -c $< -o $@ all: wellenreiterd wellenreiterd: $(OBJ) $(CPP) $(OPTIMFLAGS) $(WARNFLAGS) $(OBJ) $(LDFLAGS) $(LIBS) -o $@ @echo Build wellenreiterd -sniffer: sniffer.o cardmode.o - $(CPP) $(OPTIMFLAGS) $(WARNFLAGS) sniffer.o cardmode.o $(LDFLAGS) $(LIBS) -o $@ - @echo Build sniffer - - clean distclean realclean: @rm -rf wellenreiterd *~ *.o @echo All dependent files have been removed. daemon.o: config.hh diff --git a/noncore/net/wellenreiter/daemon/source/TODO b/noncore/net/wellenreiter/daemon/source/TODO index 39b1a05..2d72ab7 100644 --- a/noncore/net/wellenreiter/daemon/source/TODO +++ b/noncore/net/wellenreiter/daemon/source/TODO @@ -1,5 +1,4 @@ implement communication protocol security analysis -implement sniffer (last step) security analysis code cleanup
\ No newline at end of file diff --git a/noncore/net/wellenreiter/daemon/source/cardmode.cc b/noncore/net/wellenreiter/daemon/source/cardmode.cc index f84ce23..8069edc 100644 --- a/noncore/net/wellenreiter/daemon/source/cardmode.cc +++ b/noncore/net/wellenreiter/daemon/source/cardmode.cc @@ -1,89 +1,90 @@ /* $Id$ */ +#include "config.hh" #include "cardmode.hh" int card_into_monitormode (char *device, int cardtype) { int datalink; /* used for getting the pcap datalink type */ char CiscoRFMON[35] = "/proc/driver/aironet/"; FILE *CISCO_CONFIG_FILE; char errbuf[PCAP_ERRBUF_SIZE]; pcap_t *handle; /* Checks if we have a device to sniff on */ if(device == NULL) { printf ("Fatal error i did not have any interfaces to sniff on\n"); return 0; - } + } /* Setting the prmiscous and up flag to the interface */ if (card_set_promisc_up (device) == 0) { printf ("Interface flags correctly set using ifconfig\n"); } /* Check the cardtype and executes the commands to go into monitor mode */ if (cardtype == CARD_TYPE_CISCO) /* I got a cisco card */ { /* bring the sniffer into rfmon mode */ snprintf(CiscoRFMON, sizeof(CiscoRFMON),DEFAULT_PATH, device); CISCO_CONFIG_FILE = fopen(CiscoRFMON,"w"); fputs ("Mode: r",CISCO_CONFIG_FILE); fputs ("Mode: y",CISCO_CONFIG_FILE); fputs ("XmitPower: 1",CISCO_CONFIG_FILE); fclose(CISCO_CONFIG_FILE); } else if (cardtype == CARD_TYPE_NG) { char wlanngcmd[62]; snprintf(wlanngcmd, sizeof(wlanngcmd),"%s %s lnxreq_wlansniff channel=1 enable=true",WLANCTL_PATH,device); if (system (wlanngcmd) != 0) { printf ("\n Fatal error could not set %s in raw mode, check cardtype\n\n\tterminating now...\n\n",device); exit(1); } } else if (cardtype == CARD_TYPE_HOSTAP) { printf ("Got a host-ap card, nothing is implemented now\n"); } /* Check the interface if it is in the correct raw mode */ handle = pcap_open_live(device, BUFSIZ, 1, 0, errbuf); /* getting the datalink type */ datalink = pcap_datalink(handle); if (datalink == DLT_IEEE802_11) /* Rawmode is IEEE802_11 */ { printf ("Your successfully listen on %s in 802.11 raw mode\n",device); pcap_close(handle); return 0; } else { printf ("Fatal error, cannot continue, your interface %s does not work in the correct 802.11 raw mode, check you driver please\n\tterminating now",device); pcap_close(handle); exit(1); } } int card_set_promisc_up (char * device) { int ret; char ifconfigcmd[32]; snprintf(ifconfigcmd,sizeof(ifconfigcmd),SBIN_PATH, device); ret = system (ifconfigcmd); if (ret > 0) { printf ("\nFatal error, could not execute %s please check your card,binary location and permission\n",ifconfigcmd); return 0; } return 1; } diff --git a/noncore/net/wellenreiter/daemon/source/cardmode.hh b/noncore/net/wellenreiter/daemon/source/cardmode.hh index 87284a1..ecc97b1 100644 --- a/noncore/net/wellenreiter/daemon/source/cardmode.hh +++ b/noncore/net/wellenreiter/daemon/source/cardmode.hh @@ -1,36 +1,34 @@ /* $Id$ */ #ifndef CARDMODE_HH #define CARDMODE_HH #include <string.h> #include <stdio.h> #include <stdlib.h> #include <pcap.h> #include <errno.h> #include <sys/socket.h> #include <netinet/in.h> #include <arpa/inet.h> #include <net/bpf.h> -#endif /* CARDMODE_HH */ - /* Defines, used for the card setup */ #define DEFAULT_PATH "/proc/driver/aironet/%s/Config" #define CARD_TYPE_CISCO 1 #define CARD_TYPE_NG 2 #define CARD_TYPE_HOSTAP 3 /* only for now, until we have the daemon running */ /*the config file should provide these information */ #define SNIFFER_DEVICE "wlan0" #define CARD_TYPE CARD_TYPE_CISCO #define SBIN_PATH "/sbin/ifconfig %s promisc up" #define WLANCTL_PATH "/sbin/wlanctl-ng" /* Prototypes */ int card_into_monitormode (char * device, int cardtype); int card_set_promisc_up (char * device); - +#endif /* CARDMODE_HH */ diff --git a/noncore/net/wellenreiter/daemon/source/daemon.cc b/noncore/net/wellenreiter/daemon/source/daemon.cc index b3a37b6..1f9e98a 100644 --- a/noncore/net/wellenreiter/daemon/source/daemon.cc +++ b/noncore/net/wellenreiter/daemon/source/daemon.cc @@ -1,81 +1,95 @@ /* * Startup functions of wellenreiter * * $Id$ */ #include "config.hh" #include "daemon.hh" +#include "cardmode.hh" +#include "sniffer.hh" /* Main function of wellenreiterd */ int main(int argc, char **argv) { - int sock, maxfd, guiport=GUIPORT; - char guihost[]="127.0.0.1"; + int sock, maxfd; struct sockaddr_in *cliaddr; socklen_t len=sizeof(struct sockaddr); char buffer[128]; - FILE *fp=stdin; /* Will be replaced with sniffer */ + pcap_t *handletopcap; /* The handle to the libpcap */ + char errbuf[PCAP_ERRBUF_SIZE]; /* The errorbuffer of libpacap */ + struct pcap_pkthdr header; /* The packet header from pcap*/ + const u_char *packet; /* The actual packet content*/ + fd_set rset; fprintf(stderr, "wellenreiterd %s\n\n", VERSION); + /* will be replaced soon, just for max because max is lazy :-) */ + if(card_into_monitormode (SNIFFER_DEVICE, CARD_TYPE_NG) < 0) + { + fprintf(stderr, "Cannot set card into mon mode, aborting\n"); + exit(-1); + } + + /* opening the pcap for sniffing */ + handletopcap = pcap_open_live(SNIFFER_DEVICE, BUFSIZ, 1, 1000, errbuf); +#ifdef HAVE_PCAP_NONBLOCK + pcap_setnonblock(handletopcap, 1, errstr); +#endif + /* Setup socket for incoming commands */ if((sock=commsock(DAEMONADDR, DAEMONPORT)) < 0) { wl_logerr("Cannot setup socket"); exit(-1); } wl_loginfo("Set up socket '%d' for GUI communication", sock); FD_ZERO(&rset); /* Start main loop */ wl_loginfo("Starting main loop"); while(1) { FD_SET(sock, &rset); - FD_SET(fileno(fp), &rset); - maxfd=sock+fileno(fp)+1; + FD_SET(pcap_fileno(handletopcap), &rset); + maxfd=sock + pcap_fileno(handletopcap) + 1; if(select(maxfd, &rset, NULL, NULL, NULL) < 0) { wl_logerr("Error calling select: %s", strerror(errno)); break; } /* Got data on local socket from GUI */ if(FD_ISSET(sock, &rset)) { memset(buffer, 0, sizeof(buffer)); if(recvfrom(sock, buffer, sizeof(buffer)-1, 0, (struct sockaddr *)cliaddr, &len) < 0) { wl_logerr("Cannot read from socket: %s", strerror(errno)); break; } wl_loginfo("Received command from '%s': %s", inet_ntoa(cliaddr->sin_addr), buffer); - /* Pass string to analyze function */ - // sendcomm(guihost, guiport, buffer); + /* will be passed to analyze function */ + fprintf(stderr, "Received command: %s\n", buffer); } - /* Will be replaced with sniffer ... later */ - if(FD_ISSET(fileno(fp), &rset)) + /* Pcap stuff */ + if(FD_ISSET(pcap_fileno(handletopcap), &rset)) { - memset(buffer, 0, sizeof(buffer)); - if(fgets(buffer, sizeof(buffer) - 1, fp) == NULL) - { - wl_logerr("Cannot read from stdin: %s", strerror(errno)); - break; - } - wl_loginfo("Sending command to '%s': %s", GUIADDR, buffer); - /* Send string to GUI */ - sendcomm(guihost, guiport, "%d: %s", 1234, buffer); + /* Grab one single packet */ + packet = pcap_next(handletopcap, &header); + + /* process the packet */ + process_packets(NULL,&header,*&packet); } } close(sock); exit(0); } diff --git a/noncore/net/wellenreiter/daemon/source/sniffer.cc b/noncore/net/wellenreiter/daemon/source/sniffer.cc index be64d67..66d5b6f 100644 --- a/noncore/net/wellenreiter/daemon/source/sniffer.cc +++ b/noncore/net/wellenreiter/daemon/source/sniffer.cc @@ -1,149 +1,110 @@ /* * rfmon mode sniffer * This works only with cisco wireless cards with an rfmon * able driver and not with wifi stuff. * * $Id$ */ #include "config.hh" #include "cardmode.hh" #include "sniffer.hh" #include "ieee802_11.hh" #include "extract.hh" -int main(void) -{ - if(card_into_monitormode (SNIFFER_DEVICE, CARD_TYPE_NG) < 0) - return 0; - start_sniffing (SNIFFER_DEVICE); - - return 1; -} - -int start_sniffing (char * device) -{ - - pcap_t *handletopcap; /* The handle to the libpcap */ - char errbuf[PCAP_ERRBUF_SIZE]; /* The errorbuffer of libpacap */ - struct pcap_pkthdr header; /* The packet header from pcap*/ - const u_char *packet; /* The actual packet content*/ - - /* opening the pcap for sniffing */ - handletopcap = pcap_open_live(device, BUFSIZ, 1, 1000, errbuf); - - #ifdef HAVE_PCAP_NONBLOCK - pcap_setnonblock(handletopcap, 1, errstr); - #endif - /*start scanning */ -// pcap_loop(handletopcap,-1,process_packets,NULL); - /* Loope endless */ - while(1) - { - /* Grab one single packet */ - packet = pcap_next(handletopcap, &header); - - /* process the packet */ - process_packets(NULL,&header,*&packet); - } - - printf("\nDone processing packets... wheew!\n"); - return 1; -} - void process_packets(u_char *useless,const struct pcap_pkthdr* pkthdr,const u_char* packet) { u_int caplen = pkthdr->caplen; u_int length = pkthdr->len; u_int16_t fc; u_int HEADER_LENGTH; /* pinfo holds all interresting information for us */ struct packetinfo pinfo; struct packetinfo *pinfoptr; pinfoptr=&pinfo; pinfoptr->isvalid = 0; pinfoptr->pktlen = pkthdr->len; if (caplen < IEEE802_11_FC_LEN) { /* This is a garbage packet, because is does not long enough to hold a 802.11b header */ pinfoptr->isvalid = 0; return; } /* Gets the framecontrol bits (2bytes long) */ fc = EXTRACT_LE_16BITS(packet); HEADER_LENGTH = GetHeaderLength(fc); if (caplen < HEADER_LENGTH) { /* This is a garbage packet, because it is not long enough to hold a correct header of its type */ pinfoptr->isvalid = 0; return; } /* Decode 802.11b header out of the packet */ if (decode_80211b_hdr(packet,pinfoptr) == 0) { /* Justification of the ofset to further process the packet */ length -= HEADER_LENGTH; caplen -= HEADER_LENGTH; packet += HEADER_LENGTH; } else { /* Something is wrong,could not be a correct packet */ return; } switch (FC_TYPE(fc)) { /* Is it a managemnet frame? */ case T_MGMT: switch (FC_SUBTYPE(fc)) { /* Is it a beacon frame? */ case ST_BEACON: if (handle_beacon(fc, packet,pinfoptr) ==0) { if (!strcmp(pinfoptr->desthwaddr,"ff:ff:ff:ff:ff:ff") == 0) { /* Every beacon must have the broadcast as destination so it must be a shitti packet */ pinfoptr->isvalid = 0; return; } if (pinfoptr->cap_ESS == pinfoptr->cap_IBSS) { /* Only one of both are possible, so must be a noise packet, if this comes up */ pinfoptr->isvalid = 0; return; } if (pinfoptr->channel < 1 || pinfoptr->channel > 14) { /* Only channels between 1 and 14 are possible others must be noise packets */ pinfoptr->isvalid = 0; return; } /* Here should be the infos to the gui issued */ if (pinfoptr->cap_ESS == 1 &&pinfoptr->cap_IBSS ==0) { printf ("\nHave found an accesspoint:"); } else if(pinfoptr->cap_ESS == 0 && pinfoptr->cap_IBSS == 1) { printf ("\nHave found an AD-HOC station:"); } if (strcmp (pinfoptr->ssid,NONBROADCASTING) ==0) { printf ("\n\tOn a non-broadcasting network"); } else @@ -205,143 +166,143 @@ void etheraddr_string(register const u_char *ep,char * text) if ((j = *ep >> 4) != 0) *cp++ = hex[j]; *cp++ = hex[*ep++ & 0xf]; for (i = 5; (int)--i >= 0;) { *cp++ = ':'; if ((j = *ep >> 4) != 0) *cp++ = hex[j]; *cp++ = hex[*ep++ & 0xf]; } *cp = '\0'; strcpy(text,buf); } int handle_beacon(u_int16_t fc, const u_char *p,struct packetinfo *ppinfo) { struct mgmt_body_t pbody; int offset = 0; /* Get the static informations out of the packet */ memset(&pbody, 0, sizeof(pbody)); memcpy(&pbody.timestamp, p, 8); offset += 8; pbody.beacon_interval = EXTRACT_LE_16BITS(p+offset); offset += 2; pbody.capability_info = EXTRACT_LE_16BITS(p+offset); offset += 2; /* Gets the different flags out of the capabilities */ ppinfo->cap_ESS = CAPABILITY_ESS(pbody.capability_info); ppinfo->cap_IBSS = CAPABILITY_IBSS(pbody.capability_info); ppinfo->cap_WEP = CAPABILITY_PRIVACY(pbody.capability_info); /* Gets the tagged elements out of the packets */ while (offset + 1 < ppinfo->pktlen) { switch (*(p + offset)) { case E_SSID: memcpy(&(pbody.ssid),p+offset,2); offset += 2; if (pbody.ssid.length > 0) { memcpy(&(pbody.ssid.ssid),p+offset,pbody.ssid.length); offset += pbody.ssid.length; pbody.ssid.ssid[pbody.ssid.length]='\0'; if (strcmp((char *)pbody.ssid.ssid,"")==0) { ppinfo->ssid = NONBROADCASTING; } else { ppinfo->ssid = (char *)pbody.ssid.ssid; } ppinfo->ssid_len = pbody.ssid.length; } break; case E_CHALLENGE: memcpy(&(pbody.challenge),p+offset,2); offset += 2; if (pbody.challenge.length > 0) { memcpy(&(pbody.challenge.text),p+offset,pbody.challenge.length); offset += pbody.challenge.length; pbody.challenge.text[pbody.challenge.length]='\0'; } break; case E_RATES: memcpy(&(pbody.rates),p+offset,2); offset += 2; if (pbody.rates.length > 0) { memcpy(&(pbody.rates.rate),p+offset,pbody.rates.length); offset += pbody.rates.length; } break; case E_DS: memcpy(&(pbody.ds),p+offset,3); offset +=3; ppinfo->channel = pbody.ds.channel; break; case E_CF: memcpy(&(pbody.cf),p+offset,8); offset +=8; break; case E_TIM: memcpy(&(pbody.tim),p+offset,2); offset +=2; memcpy(&(pbody.tim.count),p+offset,3); offset +=3; if ((pbody.tim.length -3) > 0) { memcpy((pbody.tim.bitmap),p+(pbody.tim.length -3),(pbody.tim.length -3)); offset += pbody.tim.length -3; } break; default: offset+= *(p+offset+1) + 2; break; } /* end of switch*/ } /* end of for loop */ return 0; } /* End of handle_beacon */ -static int GetHeaderLength(u_int16_t fc) +int GetHeaderLength(u_int16_t fc) { int iLength=0; switch (FC_TYPE(fc)) { case T_MGMT: iLength = MGMT_HEADER_LEN; break; case T_CTRL: switch (FC_SUBTYPE(fc)) { case CTRL_PS_POLL: iLength = CTRL_PS_POLL_LEN; break; case CTRL_RTS: iLength = CTRL_RTS_LEN; break; case CTRL_CTS: iLength = CTRL_CTS_LEN; break; case CTRL_ACK: iLength = CTRL_ACK_LEN; break; case CTRL_CF_END: iLength = CTRL_END_LEN; break; case CTRL_END_ACK: iLength = CTRL_END_ACK_LEN; break; default: iLength = 0; break; } break; case T_DATA: if (FC_TO_DS(fc) && FC_FROM_DS(fc)) iLength = 30; else iLength = 24; break; default: printf("unknown IEEE802.11 frame type (%d)", FC_TYPE(fc)); break; } return iLength; } diff --git a/noncore/net/wellenreiter/daemon/source/sniffer.hh b/noncore/net/wellenreiter/daemon/source/sniffer.hh index d262353..7e1e3be 100644 --- a/noncore/net/wellenreiter/daemon/source/sniffer.hh +++ b/noncore/net/wellenreiter/daemon/source/sniffer.hh @@ -1,70 +1,64 @@ /* $Id$ */ #ifndef SNIFFER_HH #define SNIFFER_HH #include <string.h> #include <stdio.h> #include <stdlib.h> #include <pcap.h> #include <errno.h> #include <sys/socket.h> #include <netinet/in.h> #include <arpa/inet.h> #include <net/bpf.h> - #define NONBROADCASTING "non-broadcasting" - /* holds all the interresting data */ struct packetinfo { int isvalid; int pktlen; int fctype; int fcsubtype; int fc_wep; int cap_WEP; int cap_IBSS; int cap_ESS; int channel; char bssid[sizeof("00:00:00:00:00:00")]; char desthwaddr[sizeof("00:00:00:00:00:00")]; char sndhwaddr[sizeof("00:00:00:00:00:00")]; char *ssid; int ssid_len; }; - -/* Prototypes */ -int sniffer(void); -int start_sniffing (char * device); void process_packets(u_char *useless,const struct pcap_pkthdr* pkthdr,const u_char* packet); int decode_80211b_hdr(const u_char *p,struct packetinfo *ppinfo); void etheraddr_string(register const u_char *ep,char * text); int handle_beacon(u_int16_t fc, const u_char *p,struct packetinfo *ppinfo); -static int GetHeaderLength(u_int16_t fc); +int GetHeaderLength(u_int16_t fc); /* * True if "l" bytes of "var" were captured. * * The "snapend - (l) <= snapend" checks to make sure "l" isn't so large * that "snapend - (l)" underflows. * * The check is for <= rather than < because "l" might be 0. */ #define TTEST2(var, l) (snapend - (l) <= snapend && \ (const u_char *)&(var) <= snapend - (l)) /* True if "var" was captured */ #define TTEST(var) TTEST2(var, sizeof(var)) /* Bail if "l" bytes of "var" were not captured */ #define TCHECK2(var, l) if (!TTEST2(var, l)) goto trunc /* Bail if "var" was not captured */ #define TCHECK(var) TCHECK2(var, sizeof(var)) #endif /* SNIFFER_HH */ |