summaryrefslogtreecommitdiff
authormax <max>2002-11-11 15:37:18 (UTC)
committer max <max>2002-11-11 15:37:18 (UTC)
commit2870d8cba649ab744d0e48a2bcc537ea753f842f (patch) (unidiff)
tree42976a62e43264f281eccb297bee414d6f28cbf9
parent6c6a3870a3deddc8cf66c60d37d12c1763b087b4 (diff)
downloadopie-2870d8cba649ab744d0e48a2bcc537ea753f842f.zip
opie-2870d8cba649ab744d0e48a2bcc537ea753f842f.tar.gz
opie-2870d8cba649ab744d0e48a2bcc537ea753f842f.tar.bz2
beacon-decode first
Diffstat (more/less context) (ignore whitespace changes)
-rw-r--r--noncore/net/wellenreiter/daemon/source/README5
-rw-r--r--noncore/net/wellenreiter/daemon/source/extract.h57
-rw-r--r--noncore/net/wellenreiter/daemon/source/ieee802_11.h245
-rw-r--r--noncore/net/wellenreiter/daemon/source/sniffer.c437
-rw-r--r--noncore/net/wellenreiter/daemon/source/sniffer.h102
5 files changed, 846 insertions, 0 deletions
diff --git a/noncore/net/wellenreiter/daemon/source/README b/noncore/net/wellenreiter/daemon/source/README
new file mode 100644
index 0000000..249d950
--- a/dev/null
+++ b/noncore/net/wellenreiter/daemon/source/README
@@ -0,0 +1,5 @@
1compile it using:
2
3gcc -o sniffer ./sniffer.c -lpcap
4
5
diff --git a/noncore/net/wellenreiter/daemon/source/extract.h b/noncore/net/wellenreiter/daemon/source/extract.h
new file mode 100644
index 0000000..c1bcdcd
--- a/dev/null
+++ b/noncore/net/wellenreiter/daemon/source/extract.h
@@ -0,0 +1,57 @@
1/*
2 * Copyright (c) 1992, 1993, 1994, 1995, 1996
3 *The Regents of the University of California. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that: (1) source code distributions
7 * retain the above copyright notice and this paragraph in its entirety, (2)
8 * distributions including binary code include the above copyright notice and
9 * this paragraph in its entirety in the documentation or other materials
10 * provided with the distribution, and (3) all advertising materials mentioning
11 * features or use of this software display the following acknowledgement:
12 * ``This product includes software developed by the University of California,
13 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
14 * the University nor the names of its contributors may be used to endorse
15 * or promote products derived from this software without specific prior
16 * written permission.
17 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
18 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
19 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
20 *
21 * @(#) $Header$ (LBL)
22 */
23
24/* Network to host order macros */
25
26#ifdef LBL_ALIGN
27#define EXTRACT_16BITS(p) \
28 ((u_int16_t)((u_int16_t)*((const u_int8_t *)(p) + 0) << 8 | \
29 (u_int16_t)*((const u_int8_t *)(p) + 1)))
30#define EXTRACT_32BITS(p) \
31 ((u_int32_t)((u_int32_t)*((const u_int8_t *)(p) + 0) << 24 | \
32 (u_int32_t)*((const u_int8_t *)(p) + 1) << 16 | \
33 (u_int32_t)*((const u_int8_t *)(p) + 2) << 8 | \
34 (u_int32_t)*((const u_int8_t *)(p) + 3)))
35#else
36#define EXTRACT_16BITS(p) \
37 ((u_int16_t)ntohs(*(const u_int16_t *)(p)))
38#define EXTRACT_32BITS(p) \
39 ((u_int32_t)ntohl(*(const u_int32_t *)(p)))
40#endif
41
42#define EXTRACT_24BITS(p) \
43 ((u_int32_t)((u_int32_t)*((const u_int8_t *)(p) + 0) << 16 | \
44 (u_int32_t)*((const u_int8_t *)(p) + 1) << 8 | \
45 (u_int32_t)*((const u_int8_t *)(p) + 2)))
46
47/* Little endian protocol host order macros */
48
49#define EXTRACT_LE_8BITS(p) (*(p))
50#define EXTRACT_LE_16BITS(p) \
51 ((u_int16_t)((u_int16_t)*((const u_int8_t *)(p) + 1) << 8 | \
52 (u_int16_t)*((const u_int8_t *)(p) + 0)))
53#define EXTRACT_LE_32BITS(p) \
54 ((u_int32_t)((u_int32_t)*((const u_int8_t *)(p) + 3) << 24 | \
55 (u_int32_t)*((const u_int8_t *)(p) + 2) << 16 | \
56 (u_int32_t)*((const u_int8_t *)(p) + 1) << 8 | \
57 (u_int32_t)*((const u_int8_t *)(p) + 0)))
diff --git a/noncore/net/wellenreiter/daemon/source/ieee802_11.h b/noncore/net/wellenreiter/daemon/source/ieee802_11.h
new file mode 100644
index 0000000..497e6ed
--- a/dev/null
+++ b/noncore/net/wellenreiter/daemon/source/ieee802_11.h
@@ -0,0 +1,245 @@
1/* @(#) $Header$ (LBL) */
2/*
3 * Copyright (c) 2001
4 *Fortress Technologies
5 * Charlie Lenahan ( clenahan@fortresstech.com )
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that: (1) source code distributions
9 * retain the above copyright notice and this paragraph in its entirety, (2)
10 * distributions including binary code include the above copyright notice and
11 * this paragraph in its entirety in the documentation or other materials
12 * provided with the distribution, and (3) all advertising materials mentioning
13 * features or use of this software display the following acknowledgement:
14 * ``This product includes software developed by the University of California,
15 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
16 * the University nor the names of its contributors may be used to endorse
17 * or promote products derived from this software without specific prior
18 * written permission.
19 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
20 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
21 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
22 */
23
24 #define IEEE802_11_FC_LEN2
25
26#define T_MGMT 0x0 /* management */
27#define T_CTRL 0x1 /* control */
28#define T_DATA 0x2 /* data */
29#define T_RESV 0x3 /* reserved */
30
31 #define ST_ASSOC_REQUEST 0x0
32 #define ST_ASSOC_RESPONSE 0x1
33 #define ST_REASSOC_REQUEST 0x2
34 #define ST_REASSOC_RESPONSE 0x3
35 #define ST_PROBE_REQUEST 0x4
36 #define ST_PROBE_RESPONSE 0x5
37 /* RESERVED 0x6 */
38 /* RESERVED 0x7 */
39 #define ST_BEACON 0x8
40 #define ST_ATIM 0x9
41 #define ST_DISASSOC 0xA
42 #define ST_AUTH 0xB
43 #define ST_DEAUTH 0xC
44 /* RESERVED 0xD */
45 /* RESERVED 0xE */
46 /* RESERVED 0xF */
47
48
49 #define CTRL_PS_POLL0xA
50 #define CTRL_RTS0xB
51 #define CTRL_CTS0xC
52 #define CTRL_ACK0xD
53 #define CTRL_CF_END0xE
54 #define CTRL_END_ACK0xF
55
56/*
57 * Bits in the frame control field.
58 */
59 #define FC_VERSION(fc) ((fc) & 0x3)
60 #define FC_TYPE(fc) (((fc) >> 2) & 0x3)
61 #define FC_SUBTYPE(fc) (((fc) >> 4) & 0xF)
62 #define FC_TO_DS(fc) ((fc) & 0x0100)
63 #define FC_FROM_DS(fc) ((fc) & 0x0200)
64 #define FC_MORE_FLAG(fc)((fc) & 0x0400)
65 #define FC_RETRY(fc) ((fc) & 0x0800)
66 #define FC_POWER_MGMT(fc)((fc) & 0x1000)
67 #define FC_MORE_DATA(fc)((fc) & 0x2000)
68 #define FC_WEP(fc) ((fc) & 0x4000)
69 #define FC_ORDER(fc) ((fc) & 0x8000)
70
71struct mgmt_header_t {
72 u_int16_tfc;
73 u_int16_t duration;
74 u_int8_tda[6];
75 u_int8_tsa[6];
76 u_int8_tbssid[6];
77 u_int16_tseq_ctrl;
78};
79
80 #define MGMT_HEADER_LEN(2+2+6+6+6+2)
81
82 #define CAPABILITY_ESS(cap)((cap) & 0x0001)
83 #define CAPABILITY_IBSS(cap)((cap) & 0x0002)
84 #define CAPABILITY_CFP(cap)((cap) & 0x0004)
85 #define CAPABILITY_CFP_REQ(cap)((cap) & 0x0008)
86 #define CAPABILITY_PRIVACY(cap)((cap) & 0x0010)
87
88struct ssid_t {
89 u_int8_telement_id;
90 u_int8_tlength;
91 u_char ssid[33]; /* 32 + 1 for null */
92} ;
93
94struct rates_t {
95 u_int8_telement_id;
96 u_int8_tlength;
97 u_int8_trate[8];
98};
99
100struct challenge_t {
101 u_int8_telement_id;
102 u_int8_tlength;
103 u_int8_ttext[254]; /* 1-253 + 1 for null */
104};
105struct fh_t {
106 u_int8_telement_id;
107 u_int8_tlength;
108 u_int16_tdwell_time;
109 u_int8_thop_set;
110 u_int8_t hop_pattern;
111 u_int8_thop_index;
112};
113
114struct ds_t {
115 u_int8_telement_id;
116 u_int8_tlength;
117 u_int8_tchannel;
118};
119
120struct cf_t {
121 u_int8_telement_id;
122 u_int8_tlength;
123 u_int8_tcount;
124 u_int8_tperiod;
125 u_int16_tmax_duration;
126 u_int16_tdur_remaing;
127};
128
129struct tim_t {
130 u_int8_telement_id;
131 u_int8_tlength;
132 u_int8_tcount;
133 u_int8_tperiod;
134 u_int8_tbitmap_control;
135 u_int8_tbitmap[251];
136};
137
138 #define E_SSID 0
139 #define E_RATES 1
140 #define E_FH 2
141 #define E_DS 3
142 #define E_CF 4
143 #define E_TIM 5
144 #define E_IBSS 6
145 #define E_CISCO 133
146 /* reserved 7 */
147 /* reserved 8 */
148 /* reserved 9 */
149 /* reserved 10 */
150 /* reserved 11 */
151 /* reserved 12 */
152 /* reserved 13 */
153 /* reserved 14 */
154 /* reserved 15 */
155 /* reserved 16 */
156
157 #define E_CHALLENGE 16
158 /* reserved 17 */
159 /* reserved 18 */
160 /* reserved 19 */
161 /* reserved 16 */
162 /* reserved 16 */
163
164
165struct mgmt_body_t {
166 u_int8_t timestamp[8];
167 u_int16_t beacon_interval;
168 u_int16_t listen_interval;
169 u_int16_t status_code;
170 u_int16_t aid;
171 u_char ap[6];
172 u_int16_treason_code;
173 u_int16_tauth_alg;
174 u_int16_tauth_trans_seq_num;
175 struct challenge_t challenge;
176 u_int16_tcapability_info;
177 struct ssid_tssid;
178 struct rates_t rates;
179 struct ds_tds;
180 struct cf_tcf;
181 struct fh_tfh;
182 struct tim_ttim;
183};
184
185struct ctrl_rts_t {
186 u_int16_tfc;
187 u_int16_tduration;
188 u_int8_tra[6];
189 u_int8_tta[6];
190 u_int8_tfcs[4];
191};
192
193 #define CTRL_RTS_LEN(2+2+6+6+4)
194
195struct ctrl_cts_t {
196 u_int16_tfc;
197 u_int16_tduration;
198 u_int8_tra[6];
199 u_int8_tfcs[4];
200};
201
202 #define CTRL_CTS_LEN(2+2+6+4)
203
204struct ctrl_ack_t {
205 u_int16_tfc;
206 u_int16_tduration;
207 u_int8_tra[6];
208 u_int8_tfcs[4];
209};
210
211 #define CTRL_ACK_LEN(2+2+6+4)
212
213struct ctrl_ps_poll_t {
214 u_int16_tfc;
215 u_int16_taid;
216 u_int8_tbssid[6];
217 u_int8_tta[6];
218 u_int8_tfcs[4];
219};
220
221 #define CTRL_PS_POLL_LEN(2+2+6+6+4)
222
223struct ctrl_end_t {
224 u_int16_tfc;
225 u_int16_tduration;
226 u_int8_tra[6];
227 u_int8_tbssid[6];
228 u_int8_tfcs[4];
229};
230
231 #define CTRL_END_LEN(2+2+6+6+4)
232
233struct ctrl_end_ack_t {
234 u_int16_tfc;
235 u_int16_tduration;
236 u_int8_tra[6];
237 u_int8_tbssid[6];
238 u_int8_tfcs[4];
239};
240
241 #define CTRL_END_ACK_LEN(2+2+6+6+4)
242
243 #define IV_IV(iv)((iv) & 0xFFFFFF)
244 #define IV_PAD(iv)(((iv) >> 24) & 0x3F)
245 #define IV_KEYID(iv)(((iv) >> 30) & 0x03)
diff --git a/noncore/net/wellenreiter/daemon/source/sniffer.c b/noncore/net/wellenreiter/daemon/source/sniffer.c
new file mode 100644
index 0000000..6f40503
--- a/dev/null
+++ b/noncore/net/wellenreiter/daemon/source/sniffer.c
@@ -0,0 +1,437 @@
1/* Its just a simple rfmon mode sniffer
2 i hope my C is at last a bit better then in my
3 early days :-).
4 This works only with cisco wireless cards with an rfmon
5 able driver and not with wifi stuff.
6 Btw. did i mention that i hate C?
7
8 To compile use:
9 gcc wlan-sniffer.c -o wlan-sniffer -lpcap
10
11 use it like this:
12 wlan-sniffer interface
13
14*/
15#include "sniffer.h"
16
17int main(int argc, char **argv)
18{
19 int ret; /* return code */
20 ret = card_into_monitormode (SNIFFER_DEVICE, CARD_TYPE_NG);
21 if (ret == -1)
22 {
23 exit(-1);
24 }
25 start_sniffing (SNIFFER_DEVICE);
26
27 return 0;
28}
29
30int card_into_monitormode (char * device, int cardtype)
31{
32 int ret = -1;
33 int datalink; /* used for getting the pcap datalink type */
34 char CiscoRFMON[35] = "/proc/driver/aironet/";
35 FILE *CISCO_CONFIG_FILE;
36 char errbuf[PCAP_ERRBUF_SIZE];
37 pcap_t *handle;
38
39 /* Checks if we have a device to sniff on */
40 if(device == NULL)
41 {
42 printf ("Fatal error i did not have any interfaces to sniff on\n");
43 exit(1);
44 }
45
46 /* Setting the prmiscous and up flag to the interface */
47 if (card_set_promisc_up (device) == 0)
48 {
49 printf ("Interface flags correctly set using ifconfig\n");
50 }
51
52 /* Check the cardtype and executes the commands to go into monitor mode */
53 if (cardtype == CARD_TYPE_CISCO) /* I got a cisco card */
54 {
55 /* bring the sniffer into rfmon mode */
56 snprintf(CiscoRFMON, sizeof(CiscoRFMON),DEFAULT_PATH, device);
57 CISCO_CONFIG_FILE = fopen(CiscoRFMON,"w");
58 fputs ("Mode: r",CISCO_CONFIG_FILE);
59 fputs ("Mode: y",CISCO_CONFIG_FILE);
60 fputs ("XmitPower: 1",CISCO_CONFIG_FILE);
61 fclose(CISCO_CONFIG_FILE);
62 }
63 else if (cardtype == CARD_TYPE_NG)
64 {
65 char wlanngcmd[62];
66 snprintf(wlanngcmd, sizeof(wlanngcmd),"%s %s lnxreq_wlansniff channel=1 enable=true",WLANCTL_PATH,device);
67 if (ret = (system (wlanngcmd)) != 0)
68 {
69 printf ("\n Fatal error could not set %s in raw mode, check cardtype\n",device);
70 exit(1);
71 }
72 }
73 else if (cardtype == CARD_TYPE_HOSTAP)
74 {
75 printf ("Got a host-ap card, nothing is implemented now\n");
76 }
77
78
79 /* Check the interface if it is in the correct raw mode */
80 handle = pcap_open_live(device, BUFSIZ, 1, 0, errbuf);
81
82 /* getting the datalink type */
83 datalink = pcap_datalink(handle);
84
85 if (datalink == DLT_IEEE802_11) /* Rawmode is IEEE802_11 */
86 {
87 printf ("Your successfully listen on %s in 802.11 raw mode\n",device);
88 pcap_close(handle);
89 return (0);
90
91 }
92 else
93 {
94 printf ("Fatal error, cannot continue, your interface %s does not work in the correct 802.11 raw mode, check you driver please\n",device);
95 pcap_close(handle);
96 exit(1);
97 }
98}
99
100int card_set_promisc_up (char * device)
101{
102 int ret;
103 char ifconfigcmd[32];
104 snprintf(ifconfigcmd,sizeof(ifconfigcmd),SBIN_PATH, device);
105 ret = system (ifconfigcmd);
106 if (ret > 0)
107 {
108 printf ("\nFatal error, could not execute %s please check your card,binary location and permission\n",ifconfigcmd);
109 exit(1);
110 }
111 return(0);
112}
113
114int start_sniffing (char * device)
115{
116 int ret; /* return code */
117 pcap_t *handletopcap;
118 char errbuf[PCAP_ERRBUF_SIZE];
119 struct pcap_pkthdr header; /* The header that pcap gives us */
120 const u_char *packet; /* The actual packet */
121
122 /* opening the pcap for sniffing */
123 handletopcap = pcap_open_live(device, BUFSIZ, 1, 1000, errbuf);
124
125 /* Next few lines a taken out of kismet */
126 #ifdef HAVE_PCAP_NONBLOCK
127 pcap_setnonblock(handletopcap, 1, errstr);
128 #endif
129
130 /*start scanning */
131 pcap_loop(handletopcap,-1,process_packets,NULL);
132
133 printf("\nDone processing packets... wheew!\n");
134 return 0;
135}
136
137void process_packets(u_char *useless,const struct pcap_pkthdr* pkthdr,const u_char* packet)
138{
139 u_int caplen = pkthdr->caplen;
140 u_int length = pkthdr->len;
141 u_int16_t fc;
142 u_int HEADER_LENGTH;
143 u_short extracted_ethertype;
144 int snapend;
145 int ret;
146 /* pinfo holds all interresting information for us */
147 struct packetinfo pinfo;
148 struct packetinfo *pinfoptr;
149 pinfoptr=&pinfo;
150
151 pinfoptr->isvalid = 0;
152 pinfoptr->pktlen = pkthdr->len;
153 if (caplen < IEEE802_11_FC_LEN)
154 {
155 /* This is a garbage packet, because is does not long enough
156 to hold a 802.11b header */
157 pinfoptr->isvalid = 0;
158 return;
159 }
160
161 /* Gets the framecontrol bits (2bytes long) */
162 fc = EXTRACT_LE_16BITS(packet);
163
164 HEADER_LENGTH = GetHeaderLength(fc);
165
166 if (caplen < HEADER_LENGTH)
167 {
168 /* This is a garbage packet, because it is not long enough
169 to hold a correct header of its type */
170 pinfoptr->isvalid = 0;
171 return;
172 }
173
174 /* Decode 802.11b header out of the packet */
175 if (decode_80211b_hdr(packet,pinfoptr) == 0)
176 {
177 /* Justification of the ofset to further process the packet */
178 length -= HEADER_LENGTH;
179 caplen -= HEADER_LENGTH;
180 packet += HEADER_LENGTH;
181 }
182 else
183 { /* Something is wrong,could not be a correct packet */
184 return;
185 }
186
187 switch (FC_TYPE(fc))
188 {
189 /* Is it a managemnet frame? */
190 case T_MGMT:
191 switch (FC_SUBTYPE(fc))
192 { /* Is it a beacon frame? */
193 case ST_BEACON:
194 if (handle_beacon(fc, packet,pinfoptr) ==0)
195 {
196 if (!strcmp(pinfoptr->desthwaddr,"ff:ff:ff:ff:ff:ff") == 0)
197 {
198 /* Every beacon must have the broadcast as destination
199 so it must be a shitti packet */
200 pinfoptr->isvalid = 0;
201 return;
202 }
203 if (pinfoptr->cap_ESS == pinfoptr->cap_IBSS)
204 {
205 /* Only one of both are possible, so must be
206 a noise packet, if this comes up */
207 pinfoptr->isvalid = 0;
208 return;
209 }
210 if (pinfoptr->channel < 1 || pinfoptr->channel > 14)
211 {
212 /* Only channels between 1 and 14 are possible
213 others must be noise packets */
214 pinfoptr->isvalid = 0;
215 return;
216 }
217
218 /* Decoding successfull of beacon frame */
219 if (pinfoptr->cap_ESS == 1 &&pinfoptr->cap_IBSS ==0)
220 {
221 printf ("\nHave found an accesspoint:");
222 }
223 else if(pinfoptr->cap_ESS == 0 && pinfoptr->cap_IBSS == 1)
224 {
225 printf ("\nHave found an AD-HOC station:");
226
227 }
228 if (strcmp (pinfoptr->ssid,NONBROADCASTING) ==0)
229 {
230 printf ("\n\tOn a non-broadcasting network");
231 }
232 else
233 {
234 printf ("\n\tOn network : %s",pinfoptr->ssid);
235 }
236 printf ("\n\tLen SSID : %d",pinfoptr->ssid_len);
237 printf ("\n\tOn Channel : %d",pinfoptr->channel);
238 printf ("\n\tEncryption : %s", pinfoptr->cap_WEP ? "ON" : "OFF");
239 printf ("\n\tMacaddress : %s",pinfoptr->sndhwaddr);
240 printf ("\n\tBssid : %s",pinfoptr->bssid);
241 printf ("\n\tDest : %s\n",pinfoptr->desthwaddr);
242 }
243 break;
244 default:
245 printf("Unknown IEEE802.11 frame subtype (%d)",FC_SUBTYPE(fc));
246 break;
247 } /* End of switch over different mgt frame types */
248
249 break;
250 case T_CTRL:
251 //decode_control_frames(fc, packet);
252 printf ("Its a control frame");
253 break;
254 case T_DATA:
255 //decode_data_frames(fc, packet);
256 printf ("Its a date frame");
257 break;
258 default:
259 printf("Unknown IEEE802.11 frame type (%d)",FC_TYPE(fc));
260 break;
261 }
262}
263
264
265/* This decodes the 802.11b frame header out of the 802.11b packet
266 all the infos is placed into the packetinfo structure */
267int decode_80211b_hdr(const u_char *p,struct packetinfo *ppinfo)
268{
269 char * ret;
270 char testme[16];
271 const struct mgmt_header_t *mgthdr = (const struct mgmt_header_t *) p;
272 ppinfo->fcsubtype = FC_SUBTYPE(mgthdr->fc);
273
274 /* Get the sender, bssid and dest mac address */
275 etheraddr_string(mgthdr->bssid,ppinfo->bssid);
276 etheraddr_string(mgthdr->da,ppinfo->desthwaddr);
277 etheraddr_string(mgthdr->sa,ppinfo->sndhwaddr);
278 ppinfo->fc_wep = FC_WEP(mgthdr->fc);
279 return(0);
280}
281
282
283void etheraddr_string(register const u_char *ep,char * text)
284{
285 static char hex[] = "0123456789abcdef";
286 register u_int i, j;
287 register char *cp;
288 char buf[sizeof("00:00:00:00:00:00")];
289 cp = buf;
290 if ((j = *ep >> 4) != 0)
291 *cp++ = hex[j];
292 *cp++ = hex[*ep++ & 0xf];
293 for (i = 5; (int)--i >= 0;) {
294 *cp++ = ':';
295 if ((j = *ep >> 4) != 0)
296 *cp++ = hex[j];
297 *cp++ = hex[*ep++ & 0xf];
298 }
299 *cp = '\0';
300 strcpy(text,buf);
301 return;
302}
303
304int handle_beacon(u_int16_t fc, const u_char *p,struct packetinfo *ppinfo)
305{
306 struct mgmt_body_t pbody;
307 int offset = 0;
308
309 /* Get the static informations out of the packet */
310 memset(&pbody, 0, sizeof(pbody));
311 memcpy(&pbody.timestamp, p, 8);
312 offset += 8;
313 pbody.beacon_interval = EXTRACT_LE_16BITS(p+offset);
314 offset += 2;
315 pbody.capability_info = EXTRACT_LE_16BITS(p+offset);
316 offset += 2;
317
318 /* Gets the different flags out of the capabilities */
319 ppinfo->cap_ESS = CAPABILITY_ESS(pbody.capability_info);
320 ppinfo->cap_IBSS = CAPABILITY_IBSS(pbody.capability_info);
321 ppinfo->cap_WEP = CAPABILITY_PRIVACY(pbody.capability_info);
322
323 /* Gets the tagged elements out of the packets */
324 while (offset + 1 < ppinfo->pktlen)
325 {
326 switch (*(p + offset))
327 {
328 case E_SSID:
329 memcpy(&(pbody.ssid),p+offset,2); offset += 2;
330 if (pbody.ssid.length > 0)
331 {
332 memcpy(&(pbody.ssid.ssid),p+offset,pbody.ssid.length); offset += pbody.ssid.length;
333 pbody.ssid.ssid[pbody.ssid.length]='\0';
334 if (strcmp(pbody.ssid.ssid,"")==0)
335 {
336 ppinfo->ssid = NONBROADCASTING;
337 }
338 else
339 {
340 ppinfo->ssid = pbody.ssid.ssid;
341 }
342 ppinfo->ssid_len = pbody.ssid.length;
343 }
344 break;
345 case E_CHALLENGE:
346 memcpy(&(pbody.challenge),p+offset,2); offset += 2;
347 if (pbody.challenge.length > 0)
348 {
349 memcpy(&(pbody.challenge.text),p+offset,pbody.challenge.length); offset += pbody.challenge.length;
350 pbody.challenge.text[pbody.challenge.length]='\0';
351 }
352 break;
353 case E_RATES:
354 memcpy(&(pbody.rates),p+offset,2); offset += 2;
355 if (pbody.rates.length > 0) {
356 memcpy(&(pbody.rates.rate),p+offset,pbody.rates.length); offset += pbody.rates.length;
357 }
358 break;
359 case E_DS:
360 memcpy(&(pbody.ds),p+offset,3); offset +=3;
361 ppinfo->channel = pbody.ds.channel;
362 break;
363 case E_CF:
364 memcpy(&(pbody.cf),p+offset,8); offset +=8;
365 break;
366 case E_TIM:
367 memcpy(&(pbody.tim),p+offset,2); offset +=2;
368 memcpy(&(pbody.tim.count),p+offset,3); offset +=3;
369 if ((pbody.tim.length -3) > 0)
370 {
371 memcpy((pbody.tim.bitmap),p+(pbody.tim.length -3),(pbody.tim.length -3));
372 offset += pbody.tim.length -3;
373 }
374 break;
375 default:
376#if 0
377 printf("(1) unhandled element_id (%d) ", *(p+offset) );
378#endif
379 offset+= *(p+offset+1) + 2;
380 break;
381 } /* end of switch*/
382 } /* end of for loop */
383 return(0);
384
385
386
387
388} /* End of handle_beacon */
389
390
391static int GetHeaderLength(u_int16_t fc)
392{
393 int iLength=0;
394
395 switch (FC_TYPE(fc)) {
396 case T_MGMT:
397 iLength = MGMT_HEADER_LEN;
398 break;
399 case T_CTRL:
400 switch (FC_SUBTYPE(fc)) {
401 case CTRL_PS_POLL:
402 iLength = CTRL_PS_POLL_LEN;
403 break;
404 case CTRL_RTS:
405 iLength = CTRL_RTS_LEN;
406 break;
407 case CTRL_CTS:
408 iLength = CTRL_CTS_LEN;
409 break;
410 case CTRL_ACK:
411 iLength = CTRL_ACK_LEN;
412 break;
413 case CTRL_CF_END:
414 iLength = CTRL_END_LEN;
415 break;
416 case CTRL_END_ACK:
417 iLength = CTRL_END_ACK_LEN;
418 break;
419 default:
420 iLength = 0;
421 break;
422 }
423 break;
424 case T_DATA:
425 if (FC_TO_DS(fc) && FC_FROM_DS(fc))
426 iLength = 30;
427 else
428 iLength = 24;
429 break;
430 default:
431 printf("unknown IEEE802.11 frame type (%d)",
432 FC_TYPE(fc));
433 break;
434 }
435
436 return iLength;
437}
diff --git a/noncore/net/wellenreiter/daemon/source/sniffer.h b/noncore/net/wellenreiter/daemon/source/sniffer.h
new file mode 100644
index 0000000..b880b68
--- a/dev/null
+++ b/noncore/net/wellenreiter/daemon/source/sniffer.h
@@ -0,0 +1,102 @@
1// Wellenreiter-sniffer-code header file
2
3#include <string.h>
4#include <stdio.h>
5#include <stdlib.h>
6#include <pcap.h>
7#include <errno.h>
8#include <sys/socket.h>
9#include <netinet/in.h>
10#include <arpa/inet.h>
11#include <net/bpf.h>
12#include "ieee802_11.h"
13#include "extract.h"
14
15#define DEFAULT_PATH "/proc/driver/aironet/%s/Config"
16 #define CARD_TYPE_CISCO1
17 #define CARD_TYPE_NG2
18 #define CARD_TYPE_HOSTAP3
19
20#define NONBROADCASTING "non-broadcasting"
21
22/* only for now, until we have the daemon running */
23/*the config file should provide these information */
24 #define SNIFFER_DEVICE "wlan0"
25#define CARD_TYPE CARD_TYPE_CISCO
26 #define SBIN_PATH"/sbin/ifconfig %s promisc up"
27#define WLANCTL_PATH "/sbin/wlanctl-ng"
28
29/* holds all the interresting data */
30struct packetinfo
31{
32 int isvalid;
33 int pktlen;
34 int fctype;
35 int fcsubtype;
36 int fc_wep;
37 int cap_WEP;
38 int cap_IBSS;
39 int cap_ESS;
40 int channel;
41 char bssid[sizeof("00:00:00:00:00:00")];
42 char desthwaddr[sizeof("00:00:00:00:00:00")];
43 char sndhwaddr[sizeof("00:00:00:00:00:00")];
44 char *ssid;
45 int ssid_len;
46};
47
48
49/* Prototypes */
50int card_into_monitormode (char * device, int cardtype);
51
52int card_set_promisc_up (char * device);
53
54int start_sniffing (char * device);
55
56void process_packets(u_char *useless,const struct pcap_pkthdr* pkthdr,const u_char* packet);
57
58int decode_80211b_hdr(const u_char *p,struct packetinfo *ppinfo);
59
60void etheraddr_string(register const u_char *ep,char * text);
61
62int handle_beacon(u_int16_t fc, const u_char *p,struct packetinfo *ppinfo);
63
64static int GetHeaderLength(u_int16_t fc);
65
66static const char *subtype_text[]={
67 "Assoc Request",
68 "Assoc Response",
69 "ReAssoc Request",
70 "ReAssoc Response",
71 "Probe Request",
72 "Probe Response",
73 "RESERVED",
74 "RESERVED",
75 "Beacon",
76 "ATIM",
77 "Disassociation",
78 "Authentication",
79 "DeAuthentication",
80 "RESERVED",
81 "RESERVED"
82};
83
84/*
85 * True if "l" bytes of "var" were captured.
86 *
87 * The "snapend - (l) <= snapend" checks to make sure "l" isn't so large
88 * that "snapend - (l)" underflows.
89 *
90 * The check is for <= rather than < because "l" might be 0.
91 */
92#define TTEST2(var, l) (snapend - (l) <= snapend && \
93 (const u_char *)&(var) <= snapend - (l))
94
95/* True if "var" was captured */
96#define TTEST(var) TTEST2(var, sizeof(var))
97
98/* Bail if "l" bytes of "var" were not captured */
99#define TCHECK2(var, l) if (!TTEST2(var, l)) goto trunc
100
101/* Bail if "var" was not captured */
102#define TCHECK(var) TCHECK2(var, sizeof(var))