author | max <max> | 2002-11-11 15:37:18 (UTC) |
---|---|---|
committer | max <max> | 2002-11-11 15:37:18 (UTC) |
commit | 2870d8cba649ab744d0e48a2bcc537ea753f842f (patch) (side-by-side diff) | |
tree | 42976a62e43264f281eccb297bee414d6f28cbf9 | |
parent | 6c6a3870a3deddc8cf66c60d37d12c1763b087b4 (diff) | |
download | opie-2870d8cba649ab744d0e48a2bcc537ea753f842f.zip opie-2870d8cba649ab744d0e48a2bcc537ea753f842f.tar.gz opie-2870d8cba649ab744d0e48a2bcc537ea753f842f.tar.bz2 |
beacon-decode first
-rw-r--r-- | noncore/net/wellenreiter/daemon/source/README | 5 | ||||
-rw-r--r-- | noncore/net/wellenreiter/daemon/source/extract.h | 57 | ||||
-rw-r--r-- | noncore/net/wellenreiter/daemon/source/ieee802_11.h | 245 | ||||
-rw-r--r-- | noncore/net/wellenreiter/daemon/source/sniffer.c | 437 | ||||
-rw-r--r-- | noncore/net/wellenreiter/daemon/source/sniffer.h | 102 |
5 files changed, 846 insertions, 0 deletions
diff --git a/noncore/net/wellenreiter/daemon/source/README b/noncore/net/wellenreiter/daemon/source/README new file mode 100644 index 0000000..249d950 --- a/dev/null +++ b/noncore/net/wellenreiter/daemon/source/README @@ -0,0 +1,5 @@ +compile it using: + +gcc -o sniffer ./sniffer.c -lpcap + + diff --git a/noncore/net/wellenreiter/daemon/source/extract.h b/noncore/net/wellenreiter/daemon/source/extract.h new file mode 100644 index 0000000..c1bcdcd --- a/dev/null +++ b/noncore/net/wellenreiter/daemon/source/extract.h @@ -0,0 +1,57 @@ +/* + * Copyright (c) 1992, 1993, 1994, 1995, 1996 + * The Regents of the University of California. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that: (1) source code distributions + * retain the above copyright notice and this paragraph in its entirety, (2) + * distributions including binary code include the above copyright notice and + * this paragraph in its entirety in the documentation or other materials + * provided with the distribution, and (3) all advertising materials mentioning + * features or use of this software display the following acknowledgement: + * ``This product includes software developed by the University of California, + * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of + * the University nor the names of its contributors may be used to endorse + * or promote products derived from this software without specific prior + * written permission. + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED + * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. + * + * @(#) $Header$ (LBL) + */ + +/* Network to host order macros */ + +#ifdef LBL_ALIGN +#define EXTRACT_16BITS(p) \ + ((u_int16_t)((u_int16_t)*((const u_int8_t *)(p) + 0) << 8 | \ + (u_int16_t)*((const u_int8_t *)(p) + 1))) +#define EXTRACT_32BITS(p) \ + ((u_int32_t)((u_int32_t)*((const u_int8_t *)(p) + 0) << 24 | \ + (u_int32_t)*((const u_int8_t *)(p) + 1) << 16 | \ + (u_int32_t)*((const u_int8_t *)(p) + 2) << 8 | \ + (u_int32_t)*((const u_int8_t *)(p) + 3))) +#else +#define EXTRACT_16BITS(p) \ + ((u_int16_t)ntohs(*(const u_int16_t *)(p))) +#define EXTRACT_32BITS(p) \ + ((u_int32_t)ntohl(*(const u_int32_t *)(p))) +#endif + +#define EXTRACT_24BITS(p) \ + ((u_int32_t)((u_int32_t)*((const u_int8_t *)(p) + 0) << 16 | \ + (u_int32_t)*((const u_int8_t *)(p) + 1) << 8 | \ + (u_int32_t)*((const u_int8_t *)(p) + 2))) + +/* Little endian protocol host order macros */ + +#define EXTRACT_LE_8BITS(p) (*(p)) +#define EXTRACT_LE_16BITS(p) \ + ((u_int16_t)((u_int16_t)*((const u_int8_t *)(p) + 1) << 8 | \ + (u_int16_t)*((const u_int8_t *)(p) + 0))) +#define EXTRACT_LE_32BITS(p) \ + ((u_int32_t)((u_int32_t)*((const u_int8_t *)(p) + 3) << 24 | \ + (u_int32_t)*((const u_int8_t *)(p) + 2) << 16 | \ + (u_int32_t)*((const u_int8_t *)(p) + 1) << 8 | \ + (u_int32_t)*((const u_int8_t *)(p) + 0))) diff --git a/noncore/net/wellenreiter/daemon/source/ieee802_11.h b/noncore/net/wellenreiter/daemon/source/ieee802_11.h new file mode 100644 index 0000000..497e6ed --- a/dev/null +++ b/noncore/net/wellenreiter/daemon/source/ieee802_11.h @@ -0,0 +1,245 @@ +/* @(#) $Header$ (LBL) */ +/* + * Copyright (c) 2001 + * Fortress Technologies + * Charlie Lenahan ( clenahan@fortresstech.com ) + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that: (1) source code distributions + * retain the above copyright notice and this paragraph in its entirety, (2) + * distributions including binary code include the above copyright notice and + * this paragraph in its entirety in the documentation or other materials + * provided with the distribution, and (3) all advertising materials mentioning + * features or use of this software display the following acknowledgement: + * ``This product includes software developed by the University of California, + * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of + * the University nor the names of its contributors may be used to endorse + * or promote products derived from this software without specific prior + * written permission. + * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED + * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. + */ + +#define IEEE802_11_FC_LEN 2 + +#define T_MGMT 0x0 /* management */ +#define T_CTRL 0x1 /* control */ +#define T_DATA 0x2 /* data */ +#define T_RESV 0x3 /* reserved */ + +#define ST_ASSOC_REQUEST 0x0 +#define ST_ASSOC_RESPONSE 0x1 +#define ST_REASSOC_REQUEST 0x2 +#define ST_REASSOC_RESPONSE 0x3 +#define ST_PROBE_REQUEST 0x4 +#define ST_PROBE_RESPONSE 0x5 +/* RESERVED 0x6 */ +/* RESERVED 0x7 */ +#define ST_BEACON 0x8 +#define ST_ATIM 0x9 +#define ST_DISASSOC 0xA +#define ST_AUTH 0xB +#define ST_DEAUTH 0xC +/* RESERVED 0xD */ +/* RESERVED 0xE */ +/* RESERVED 0xF */ + + +#define CTRL_PS_POLL 0xA +#define CTRL_RTS 0xB +#define CTRL_CTS 0xC +#define CTRL_ACK 0xD +#define CTRL_CF_END 0xE +#define CTRL_END_ACK 0xF + +/* + * Bits in the frame control field. + */ +#define FC_VERSION(fc) ((fc) & 0x3) +#define FC_TYPE(fc) (((fc) >> 2) & 0x3) +#define FC_SUBTYPE(fc) (((fc) >> 4) & 0xF) +#define FC_TO_DS(fc) ((fc) & 0x0100) +#define FC_FROM_DS(fc) ((fc) & 0x0200) +#define FC_MORE_FLAG(fc) ((fc) & 0x0400) +#define FC_RETRY(fc) ((fc) & 0x0800) +#define FC_POWER_MGMT(fc) ((fc) & 0x1000) +#define FC_MORE_DATA(fc) ((fc) & 0x2000) +#define FC_WEP(fc) ((fc) & 0x4000) +#define FC_ORDER(fc) ((fc) & 0x8000) + +struct mgmt_header_t { + u_int16_t fc; + u_int16_t duration; + u_int8_t da[6]; + u_int8_t sa[6]; + u_int8_t bssid[6]; + u_int16_t seq_ctrl; +}; + +#define MGMT_HEADER_LEN (2+2+6+6+6+2) + +#define CAPABILITY_ESS(cap) ((cap) & 0x0001) +#define CAPABILITY_IBSS(cap) ((cap) & 0x0002) +#define CAPABILITY_CFP(cap) ((cap) & 0x0004) +#define CAPABILITY_CFP_REQ(cap) ((cap) & 0x0008) +#define CAPABILITY_PRIVACY(cap) ((cap) & 0x0010) + +struct ssid_t { + u_int8_t element_id; + u_int8_t length; + u_char ssid[33]; /* 32 + 1 for null */ +} ; + +struct rates_t { + u_int8_t element_id; + u_int8_t length; + u_int8_t rate[8]; +}; + +struct challenge_t { + u_int8_t element_id; + u_int8_t length; + u_int8_t text[254]; /* 1-253 + 1 for null */ +}; +struct fh_t { + u_int8_t element_id; + u_int8_t length; + u_int16_t dwell_time; + u_int8_t hop_set; + u_int8_t hop_pattern; + u_int8_t hop_index; +}; + +struct ds_t { + u_int8_t element_id; + u_int8_t length; + u_int8_t channel; +}; + +struct cf_t { + u_int8_t element_id; + u_int8_t length; + u_int8_t count; + u_int8_t period; + u_int16_t max_duration; + u_int16_t dur_remaing; +}; + +struct tim_t { + u_int8_t element_id; + u_int8_t length; + u_int8_t count; + u_int8_t period; + u_int8_t bitmap_control; + u_int8_t bitmap[251]; +}; + +#define E_SSID 0 +#define E_RATES 1 +#define E_FH 2 +#define E_DS 3 +#define E_CF 4 +#define E_TIM 5 +#define E_IBSS 6 +#define E_CISCO 133 +/* reserved 7 */ +/* reserved 8 */ +/* reserved 9 */ +/* reserved 10 */ +/* reserved 11 */ +/* reserved 12 */ +/* reserved 13 */ +/* reserved 14 */ +/* reserved 15 */ +/* reserved 16 */ + +#define E_CHALLENGE 16 +/* reserved 17 */ +/* reserved 18 */ +/* reserved 19 */ +/* reserved 16 */ +/* reserved 16 */ + + +struct mgmt_body_t { + u_int8_t timestamp[8]; + u_int16_t beacon_interval; + u_int16_t listen_interval; + u_int16_t status_code; + u_int16_t aid; + u_char ap[6]; + u_int16_t reason_code; + u_int16_t auth_alg; + u_int16_t auth_trans_seq_num; + struct challenge_t challenge; + u_int16_t capability_info; + struct ssid_t ssid; + struct rates_t rates; + struct ds_t ds; + struct cf_t cf; + struct fh_t fh; + struct tim_t tim; +}; + +struct ctrl_rts_t { + u_int16_t fc; + u_int16_t duration; + u_int8_t ra[6]; + u_int8_t ta[6]; + u_int8_t fcs[4]; +}; + +#define CTRL_RTS_LEN (2+2+6+6+4) + +struct ctrl_cts_t { + u_int16_t fc; + u_int16_t duration; + u_int8_t ra[6]; + u_int8_t fcs[4]; +}; + +#define CTRL_CTS_LEN (2+2+6+4) + +struct ctrl_ack_t { + u_int16_t fc; + u_int16_t duration; + u_int8_t ra[6]; + u_int8_t fcs[4]; +}; + +#define CTRL_ACK_LEN (2+2+6+4) + +struct ctrl_ps_poll_t { + u_int16_t fc; + u_int16_t aid; + u_int8_t bssid[6]; + u_int8_t ta[6]; + u_int8_t fcs[4]; +}; + +#define CTRL_PS_POLL_LEN (2+2+6+6+4) + +struct ctrl_end_t { + u_int16_t fc; + u_int16_t duration; + u_int8_t ra[6]; + u_int8_t bssid[6]; + u_int8_t fcs[4]; +}; + +#define CTRL_END_LEN (2+2+6+6+4) + +struct ctrl_end_ack_t { + u_int16_t fc; + u_int16_t duration; + u_int8_t ra[6]; + u_int8_t bssid[6]; + u_int8_t fcs[4]; +}; + +#define CTRL_END_ACK_LEN (2+2+6+6+4) + +#define IV_IV(iv) ((iv) & 0xFFFFFF) +#define IV_PAD(iv) (((iv) >> 24) & 0x3F) +#define IV_KEYID(iv) (((iv) >> 30) & 0x03) diff --git a/noncore/net/wellenreiter/daemon/source/sniffer.c b/noncore/net/wellenreiter/daemon/source/sniffer.c new file mode 100644 index 0000000..6f40503 --- a/dev/null +++ b/noncore/net/wellenreiter/daemon/source/sniffer.c @@ -0,0 +1,437 @@ +/* Its just a simple rfmon mode sniffer + i hope my C is at last a bit better then in my + early days :-). + This works only with cisco wireless cards with an rfmon + able driver and not with wifi stuff. + Btw. did i mention that i hate C? + + To compile use: + gcc wlan-sniffer.c -o wlan-sniffer -lpcap + + use it like this: + wlan-sniffer interface + +*/ +#include "sniffer.h" + +int main(int argc, char **argv) +{ + int ret; /* return code */ + ret = card_into_monitormode (SNIFFER_DEVICE, CARD_TYPE_NG); + if (ret == -1) + { + exit(-1); + } + start_sniffing (SNIFFER_DEVICE); + + return 0; +} + +int card_into_monitormode (char * device, int cardtype) +{ + int ret = -1; + int datalink; /* used for getting the pcap datalink type */ + char CiscoRFMON[35] = "/proc/driver/aironet/"; + FILE *CISCO_CONFIG_FILE; + char errbuf[PCAP_ERRBUF_SIZE]; + pcap_t *handle; + + /* Checks if we have a device to sniff on */ + if(device == NULL) + { + printf ("Fatal error i did not have any interfaces to sniff on\n"); + exit(1); + } + + /* Setting the prmiscous and up flag to the interface */ + if (card_set_promisc_up (device) == 0) + { + printf ("Interface flags correctly set using ifconfig\n"); + } + + /* Check the cardtype and executes the commands to go into monitor mode */ + if (cardtype == CARD_TYPE_CISCO) /* I got a cisco card */ + { + /* bring the sniffer into rfmon mode */ + snprintf(CiscoRFMON, sizeof(CiscoRFMON),DEFAULT_PATH, device); + CISCO_CONFIG_FILE = fopen(CiscoRFMON,"w"); + fputs ("Mode: r",CISCO_CONFIG_FILE); + fputs ("Mode: y",CISCO_CONFIG_FILE); + fputs ("XmitPower: 1",CISCO_CONFIG_FILE); + fclose(CISCO_CONFIG_FILE); + } + else if (cardtype == CARD_TYPE_NG) + { + char wlanngcmd[62]; + snprintf(wlanngcmd, sizeof(wlanngcmd),"%s %s lnxreq_wlansniff channel=1 enable=true",WLANCTL_PATH,device); + if (ret = (system (wlanngcmd)) != 0) + { + printf ("\n Fatal error could not set %s in raw mode, check cardtype\n",device); + exit(1); + } + } + else if (cardtype == CARD_TYPE_HOSTAP) + { + printf ("Got a host-ap card, nothing is implemented now\n"); + } + + + /* Check the interface if it is in the correct raw mode */ + handle = pcap_open_live(device, BUFSIZ, 1, 0, errbuf); + + /* getting the datalink type */ + datalink = pcap_datalink(handle); + + if (datalink == DLT_IEEE802_11) /* Rawmode is IEEE802_11 */ + { + printf ("Your successfully listen on %s in 802.11 raw mode\n",device); + pcap_close(handle); + return (0); + + } + else + { + printf ("Fatal error, cannot continue, your interface %s does not work in the correct 802.11 raw mode, check you driver please\n",device); + pcap_close(handle); + exit(1); + } +} + +int card_set_promisc_up (char * device) +{ + int ret; + char ifconfigcmd[32]; + snprintf(ifconfigcmd,sizeof(ifconfigcmd),SBIN_PATH, device); + ret = system (ifconfigcmd); + if (ret > 0) + { + printf ("\nFatal error, could not execute %s please check your card,binary location and permission\n",ifconfigcmd); + exit(1); + } + return(0); +} + +int start_sniffing (char * device) +{ + int ret; /* return code */ + pcap_t *handletopcap; + char errbuf[PCAP_ERRBUF_SIZE]; + struct pcap_pkthdr header; /* The header that pcap gives us */ + const u_char *packet; /* The actual packet */ + + /* opening the pcap for sniffing */ + handletopcap = pcap_open_live(device, BUFSIZ, 1, 1000, errbuf); + + /* Next few lines a taken out of kismet */ + #ifdef HAVE_PCAP_NONBLOCK + pcap_setnonblock(handletopcap, 1, errstr); + #endif + + /*start scanning */ + pcap_loop(handletopcap,-1,process_packets,NULL); + + printf("\nDone processing packets... wheew!\n"); + return 0; +} + +void process_packets(u_char *useless,const struct pcap_pkthdr* pkthdr,const u_char* packet) +{ + u_int caplen = pkthdr->caplen; + u_int length = pkthdr->len; + u_int16_t fc; + u_int HEADER_LENGTH; + u_short extracted_ethertype; + int snapend; + int ret; + /* pinfo holds all interresting information for us */ + struct packetinfo pinfo; + struct packetinfo *pinfoptr; + pinfoptr=&pinfo; + + pinfoptr->isvalid = 0; + pinfoptr->pktlen = pkthdr->len; + if (caplen < IEEE802_11_FC_LEN) + { + /* This is a garbage packet, because is does not long enough + to hold a 802.11b header */ + pinfoptr->isvalid = 0; + return; + } + + /* Gets the framecontrol bits (2bytes long) */ + fc = EXTRACT_LE_16BITS(packet); + + HEADER_LENGTH = GetHeaderLength(fc); + + if (caplen < HEADER_LENGTH) + { + /* This is a garbage packet, because it is not long enough + to hold a correct header of its type */ + pinfoptr->isvalid = 0; + return; + } + + /* Decode 802.11b header out of the packet */ + if (decode_80211b_hdr(packet,pinfoptr) == 0) + { + /* Justification of the ofset to further process the packet */ + length -= HEADER_LENGTH; + caplen -= HEADER_LENGTH; + packet += HEADER_LENGTH; + } + else + { /* Something is wrong,could not be a correct packet */ + return; + } + + switch (FC_TYPE(fc)) + { + /* Is it a managemnet frame? */ + case T_MGMT: + switch (FC_SUBTYPE(fc)) + { /* Is it a beacon frame? */ + case ST_BEACON: + if (handle_beacon(fc, packet,pinfoptr) ==0) + { + if (!strcmp(pinfoptr->desthwaddr,"ff:ff:ff:ff:ff:ff") == 0) + { + /* Every beacon must have the broadcast as destination + so it must be a shitti packet */ + pinfoptr->isvalid = 0; + return; + } + if (pinfoptr->cap_ESS == pinfoptr->cap_IBSS) + { + /* Only one of both are possible, so must be + a noise packet, if this comes up */ + pinfoptr->isvalid = 0; + return; + } + if (pinfoptr->channel < 1 || pinfoptr->channel > 14) + { + /* Only channels between 1 and 14 are possible + others must be noise packets */ + pinfoptr->isvalid = 0; + return; + } + + /* Decoding successfull of beacon frame */ + if (pinfoptr->cap_ESS == 1 &&pinfoptr->cap_IBSS ==0) + { + printf ("\nHave found an accesspoint:"); + } + else if(pinfoptr->cap_ESS == 0 && pinfoptr->cap_IBSS == 1) + { + printf ("\nHave found an AD-HOC station:"); + + } + if (strcmp (pinfoptr->ssid,NONBROADCASTING) ==0) + { + printf ("\n\tOn a non-broadcasting network"); + } + else + { + printf ("\n\tOn network : %s",pinfoptr->ssid); + } + printf ("\n\tLen SSID : %d",pinfoptr->ssid_len); + printf ("\n\tOn Channel : %d",pinfoptr->channel); + printf ("\n\tEncryption : %s", pinfoptr->cap_WEP ? "ON" : "OFF"); + printf ("\n\tMacaddress : %s",pinfoptr->sndhwaddr); + printf ("\n\tBssid : %s",pinfoptr->bssid); + printf ("\n\tDest : %s\n",pinfoptr->desthwaddr); + } + break; + default: + printf("Unknown IEEE802.11 frame subtype (%d)",FC_SUBTYPE(fc)); + break; + } /* End of switch over different mgt frame types */ + + break; + case T_CTRL: + // decode_control_frames(fc, packet); + printf ("Its a control frame"); + break; + case T_DATA: + // decode_data_frames(fc, packet); + printf ("Its a date frame"); + break; + default: + printf("Unknown IEEE802.11 frame type (%d)",FC_TYPE(fc)); + break; + } +} + + +/* This decodes the 802.11b frame header out of the 802.11b packet + all the infos is placed into the packetinfo structure */ +int decode_80211b_hdr(const u_char *p,struct packetinfo *ppinfo) +{ + char * ret; + char testme[16]; + const struct mgmt_header_t *mgthdr = (const struct mgmt_header_t *) p; + ppinfo->fcsubtype = FC_SUBTYPE(mgthdr->fc); + + /* Get the sender, bssid and dest mac address */ + etheraddr_string(mgthdr->bssid,ppinfo->bssid); + etheraddr_string(mgthdr->da,ppinfo->desthwaddr); + etheraddr_string(mgthdr->sa,ppinfo->sndhwaddr); + ppinfo->fc_wep = FC_WEP(mgthdr->fc); + return(0); +} + + +void etheraddr_string(register const u_char *ep,char * text) +{ + static char hex[] = "0123456789abcdef"; + register u_int i, j; + register char *cp; + char buf[sizeof("00:00:00:00:00:00")]; + cp = buf; + if ((j = *ep >> 4) != 0) + *cp++ = hex[j]; + *cp++ = hex[*ep++ & 0xf]; + for (i = 5; (int)--i >= 0;) { + *cp++ = ':'; + if ((j = *ep >> 4) != 0) + *cp++ = hex[j]; + *cp++ = hex[*ep++ & 0xf]; + } + *cp = '\0'; + strcpy(text,buf); + return; +} + +int handle_beacon(u_int16_t fc, const u_char *p,struct packetinfo *ppinfo) +{ + struct mgmt_body_t pbody; + int offset = 0; + + /* Get the static informations out of the packet */ + memset(&pbody, 0, sizeof(pbody)); + memcpy(&pbody.timestamp, p, 8); + offset += 8; + pbody.beacon_interval = EXTRACT_LE_16BITS(p+offset); + offset += 2; + pbody.capability_info = EXTRACT_LE_16BITS(p+offset); + offset += 2; + + /* Gets the different flags out of the capabilities */ + ppinfo->cap_ESS = CAPABILITY_ESS(pbody.capability_info); + ppinfo->cap_IBSS = CAPABILITY_IBSS(pbody.capability_info); + ppinfo->cap_WEP = CAPABILITY_PRIVACY(pbody.capability_info); + + /* Gets the tagged elements out of the packets */ + while (offset + 1 < ppinfo->pktlen) + { + switch (*(p + offset)) + { + case E_SSID: + memcpy(&(pbody.ssid),p+offset,2); offset += 2; + if (pbody.ssid.length > 0) + { + memcpy(&(pbody.ssid.ssid),p+offset,pbody.ssid.length); offset += pbody.ssid.length; + pbody.ssid.ssid[pbody.ssid.length]='\0'; + if (strcmp(pbody.ssid.ssid,"")==0) + { + ppinfo->ssid = NONBROADCASTING; + } + else + { + ppinfo->ssid = pbody.ssid.ssid; + } + ppinfo->ssid_len = pbody.ssid.length; + } + break; + case E_CHALLENGE: + memcpy(&(pbody.challenge),p+offset,2); offset += 2; + if (pbody.challenge.length > 0) + { + memcpy(&(pbody.challenge.text),p+offset,pbody.challenge.length); offset += pbody.challenge.length; + pbody.challenge.text[pbody.challenge.length]='\0'; + } + break; + case E_RATES: + memcpy(&(pbody.rates),p+offset,2); offset += 2; + if (pbody.rates.length > 0) { + memcpy(&(pbody.rates.rate),p+offset,pbody.rates.length); offset += pbody.rates.length; + } + break; + case E_DS: + memcpy(&(pbody.ds),p+offset,3); offset +=3; + ppinfo->channel = pbody.ds.channel; + break; + case E_CF: + memcpy(&(pbody.cf),p+offset,8); offset +=8; + break; + case E_TIM: + memcpy(&(pbody.tim),p+offset,2); offset +=2; + memcpy(&(pbody.tim.count),p+offset,3); offset +=3; + if ((pbody.tim.length -3) > 0) + { + memcpy((pbody.tim.bitmap),p+(pbody.tim.length -3),(pbody.tim.length -3)); + offset += pbody.tim.length -3; + } + break; + default: +#if 0 + printf("(1) unhandled element_id (%d) ", *(p+offset) ); +#endif + offset+= *(p+offset+1) + 2; + break; + } /* end of switch*/ + } /* end of for loop */ + return(0); + + + + +} /* End of handle_beacon */ + + +static int GetHeaderLength(u_int16_t fc) +{ + int iLength=0; + + switch (FC_TYPE(fc)) { + case T_MGMT: + iLength = MGMT_HEADER_LEN; + break; + case T_CTRL: + switch (FC_SUBTYPE(fc)) { + case CTRL_PS_POLL: + iLength = CTRL_PS_POLL_LEN; + break; + case CTRL_RTS: + iLength = CTRL_RTS_LEN; + break; + case CTRL_CTS: + iLength = CTRL_CTS_LEN; + break; + case CTRL_ACK: + iLength = CTRL_ACK_LEN; + break; + case CTRL_CF_END: + iLength = CTRL_END_LEN; + break; + case CTRL_END_ACK: + iLength = CTRL_END_ACK_LEN; + break; + default: + iLength = 0; + break; + } + break; + case T_DATA: + if (FC_TO_DS(fc) && FC_FROM_DS(fc)) + iLength = 30; + else + iLength = 24; + break; + default: + printf("unknown IEEE802.11 frame type (%d)", + FC_TYPE(fc)); + break; + } + + return iLength; +} diff --git a/noncore/net/wellenreiter/daemon/source/sniffer.h b/noncore/net/wellenreiter/daemon/source/sniffer.h new file mode 100644 index 0000000..b880b68 --- a/dev/null +++ b/noncore/net/wellenreiter/daemon/source/sniffer.h @@ -0,0 +1,102 @@ +// Wellenreiter-sniffer-code header file + +#include <string.h> +#include <stdio.h> +#include <stdlib.h> +#include <pcap.h> +#include <errno.h> +#include <sys/socket.h> +#include <netinet/in.h> +#include <arpa/inet.h> +#include <net/bpf.h> +#include "ieee802_11.h" +#include "extract.h" + +#define DEFAULT_PATH "/proc/driver/aironet/%s/Config" +#define CARD_TYPE_CISCO 1 +#define CARD_TYPE_NG 2 +#define CARD_TYPE_HOSTAP 3 + +#define NONBROADCASTING "non-broadcasting" + +/* only for now, until we have the daemon running */ +/*the config file should provide these information */ +#define SNIFFER_DEVICE "wlan0" +#define CARD_TYPE CARD_TYPE_CISCO +#define SBIN_PATH "/sbin/ifconfig %s promisc up" +#define WLANCTL_PATH "/sbin/wlanctl-ng" + +/* holds all the interresting data */ +struct packetinfo +{ + int isvalid; + int pktlen; + int fctype; + int fcsubtype; + int fc_wep; + int cap_WEP; + int cap_IBSS; + int cap_ESS; + int channel; + char bssid[sizeof("00:00:00:00:00:00")]; + char desthwaddr[sizeof("00:00:00:00:00:00")]; + char sndhwaddr[sizeof("00:00:00:00:00:00")]; + char *ssid; + int ssid_len; +}; + + +/* Prototypes */ +int card_into_monitormode (char * device, int cardtype); + +int card_set_promisc_up (char * device); + +int start_sniffing (char * device); + +void process_packets(u_char *useless,const struct pcap_pkthdr* pkthdr,const u_char* packet); + +int decode_80211b_hdr(const u_char *p,struct packetinfo *ppinfo); + +void etheraddr_string(register const u_char *ep,char * text); + +int handle_beacon(u_int16_t fc, const u_char *p,struct packetinfo *ppinfo); + +static int GetHeaderLength(u_int16_t fc); + +static const char *subtype_text[]={ + "Assoc Request", + "Assoc Response", + "ReAssoc Request", + "ReAssoc Response", + "Probe Request", + "Probe Response", + "RESERVED", + "RESERVED", + "Beacon", + "ATIM", + "Disassociation", + "Authentication", + "DeAuthentication", + "RESERVED", + "RESERVED" +}; + +/* + * True if "l" bytes of "var" were captured. + * + * The "snapend - (l) <= snapend" checks to make sure "l" isn't so large + * that "snapend - (l)" underflows. + * + * The check is for <= rather than < because "l" might be 0. + */ +#define TTEST2(var, l) (snapend - (l) <= snapend && \ + (const u_char *)&(var) <= snapend - (l)) + +/* True if "var" was captured */ +#define TTEST(var) TTEST2(var, sizeof(var)) + +/* Bail if "l" bytes of "var" were not captured */ +#define TCHECK2(var, l) if (!TTEST2(var, l)) goto trunc + +/* Bail if "var" was not captured */ +#define TCHECK(var) TCHECK2(var, sizeof(var)) |