madwifi-ng.c

Go to the documentation of this file.

/* Linux Prism II Stumbler - Utility Scan for 802_11 networks under Linux
 * 
 * File : $Name$
 * Project : WifiScanner (c) 2002 Hervé Schauer Consultants
 * Usage : This utility is written for use with IEEE 802.11 adapters based
 * on Intersil's PRISM II chipset (PCMCIA).
 * 
 * Base code was from prismstumbler Jan Fernquist <Jan.B.Fernquist@telia.com>
 * and wlanctl from www.linux-wlan.com
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 2
 * of the License, or (at your option) any later version.
 * 
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 * 
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
 *
 * $Id: MADWIFI-NG.c 145 2006-04-10 08:13:38Z poggij $
 */


// A lot of think is get from kismet
//  http://www.kismetwireless.net/

#include <include.h>
#include <src/madwifi-ng.h>
#include <src/wlan-ng.h>
#include <src/crt_io.h>
#include <src/functions.h>
#include <dirent.h>

static char *ID = "$Id: MADWIFI-NG.c 145 2006-04-10 08:13:38Z poggij $";

// All extern value you want
//extern unsigned int DebugLevel;
//extern UINT8 SingleChannel;
//extern UINT8 TypeOfCard;
extern ConfigStruct config;
extern WINDOW *Sum_WND, *RealTime_WND;

static CaptureArg ca;
static char errbuf[PCAP_ERRBUF_SIZE];

static char devname1[DEVNAME_LEN];      // for madwifi-ng driver, it's ath?
static char devname2[DEVNAME_LEN];      // for madwifi-ng driver, it's wifi?

int DestroyVAP_MADWIFI_NG(char *ifname);

#define STR_MAX 256

//-------------
int selectChannelMADWIFI_NG(char *devname, int channel)
{
  int result = 0;

  result = IwconfigSetChannel(devname, channel);

  //return NO_ERROR;                     // XXX no error if channel is forbidden
  return result;
}

int shutCardMADWIFI_NG(char *devname)
{
  // Destroy the created VAP
  return (DestroyVAP_MADWIFI_NG(devname));
}

int DestroyVAP_MADWIFI_NG(char *ifname)
{
  struct ifreq ifr;
  int sock;

  // Connect to the madwifidriver
  if ((sock = socket(AF_INET, SOCK_DGRAM, 0)) < 0) {
    warning("Failed to create socket to madwifi: %s\n", strerror(errno));
    return MADWIFING_ERROR_CANT_CREATE_SOCKET;
  }
  // Destroy the VAP
  memset(&ifr, 0, sizeof(ifr));
  strncpy(ifr.ifr_name, ifname, IFNAMSIZ);
  if (ioctl(sock, SIOC80211IFDESTROY, &ifr) < 0) {
    warning("Failed to destroy VAP: %s\n", strerror(errno));
    close(sock);
    return MADWIFING_ERROR_CANT_DESTROY_VAP;
  }
  close(sock);

  return 0;
}

int findAvailableIF(char *devname)
{
  UINT16 n = 0;
  struct ifreq ifr;
  int skfd;
  char tnam[IFNAMSIZ];

  if ((skfd = socket(AF_INET, SOCK_DGRAM, 0)) < 0) {
    warning("Failed to create AF_INET DGRAM socket.\n");
    return ERROR_CANT_CREATE_SOCKET;
  }

  tnam[0] = '\0';
  for (n = 0; (n < 10) && (tnam[0] == '\0'); n++) {
    snprintf(tnam, IFNAMSIZ, "ath%d", n);

    memset(&ifr, 0, sizeof(ifr));
    strncpy(ifr.ifr_name, tnam, sizeof(ifr.ifr_name) - 1);
    if (ioctl(skfd, SIOCGIFFLAGS, &ifr) < 0) {
      debug(3, "Interface %s is free\n", tnam);
      // Good it's not an existant IF, so its a free named IF
      strncpy(devname, tnam, IFNAMSIZ);
      close(skfd);
      return NO_ERROR;
    } else {
      // FOUND an existant IF
      // try to find an another free
      tnam[0] = '\0';
    }
  }
  close(skfd);

  return ERROR_COULDNT_FIND_A_FREE_IFACE;
}

int openCardMADWIFI_NG(char *devname)
{
  char dirpath[STR_MAX];
  DIR *devdir;
  struct dirent *devfile;

  struct ieee80211_clone_params {
    char icp_name[IFNAMSIZ];
    UINT16 icp_opmode;
    UINT16 icp_flags;
  };

  struct ieee80211_clone_params cp;
  struct ifreq ifr;
  int sock;

  // -- Search if /sys arborescence is available
  snprintf(dirpath, STR_MAX, "/sys/class/net/%s/device/", devname);
  if ((devdir = opendir(dirpath)) == NULL) {
    warning("Device %s is not present !!!\n", devname);
    return MADWIFING_ERROR_NO_DEVICE_PRESENT;
  }
  // -- Determine ath and wifi interface number
  //    and destroy all VAP if exists
  while ((devfile = readdir(devdir)) != NULL) {
    if (strncmp("net:ath", devfile->d_name, 7) == 0) {
      strncpy(devname1, devfile->d_name + 4, IFNAMSIZ);
#if 0
      DestroyVAP_MADWIFI_NG(devname1);
      debug(3, "Interface %s is destroyed\n", devname1);
#else
      debug(3, "Interface %s is skiped\n", devname1);
#endif
    }

    if (strncmp("net:wifi", devfile->d_name, 8) == 0) {
      strncpy(devname2, devfile->d_name + 4, IFNAMSIZ);
      debug(3, "Found a good Interface %s\n", devname2);
    }
  }
  closedir(devdir);

  // Now all is clean
  // We can create a VAP

  // First Step : Find a ath? interface available
  if (findAvailableIF(devname1) != 0) {
    warning("No available VAP found :-(\n");
    return MADWIFING_ERROR_NO_INTERFACE_AVAILABLE;
  }
  // Master interface is now devname2
  strncpy(devname, devname2, IFNAMSIZ);
  debug(3,
        "We now use %s as the master insterface for madwifi-ng driver\n",
        devname);

  // Second Step Create VAP and put it in MONITOR mode
  memset(&cp, 0, sizeof(cp));
  strncpy(cp.icp_name, devname1, IFNAMSIZ);
  cp.icp_opmode = IEEE80211_M_MONITOR;
  cp.icp_flags = IEEE80211_CLONE_BSSID;

  memset(&ifr, 0, sizeof(ifr));
  strncpy(ifr.ifr_name, devname2, IFNAMSIZ);
  ifr.ifr_data = (caddr_t) & cp;

  if ((sock = socket(AF_INET, SOCK_DGRAM, 0)) < 0) {
    warning("Failed to create socket to madwifi: %s\n", strerror(errno));
    return MADWIFING_ERROR_CANT_CREATE_SOCKET;
  }

  if (ioctl(sock, SIOC80211IFCREATE, &ifr) < 0) {
    warning("Unable to create VAP: %s\n", strerror(errno));
    close(sock);
    return MADWIFING_ERROR_NO_VAP_CREATED;
  }

  strncpy(devname1, ifr.ifr_name, IFNAMSIZ);
  debug(3, "I create a VAP in monitor mode in %s\n", ifr.ifr_name);
  close(sock);

  // Slave interface and working interface is now the same
  strncpy(devname, devname1, IFNAMSIZ);
  debug(3, "We now use %s as the slave insterface for madwifi-ng driver\n",
        devname1);

  // last step : UP the interface
  return IfconfigSetFlags(devname, IFF_UP);
}

/*
 * Get packet from card
 * return the number of byte read
 */
int getPacketMADWIFI_NG(p80211_caphdr_t * wlan_header, UINT8 * buf, int maxlen)
{
  struct pcap_pkthdr pktHdr;
  u_char *RadioPacket;
  fd_set rs;
  int real_size_of_headers = 0;

  FD_ZERO(&rs);
  FD_SET(0, &rs);

  RadioPacket = (u_char *) pcap_next(ca.pcap, &pktHdr);

  if (RadioPacket != NULL) {
  // If no problem and packet is enought big (with data)
    if (pktHdr.len >= sizeof(p80211msg_lnxind_wlansniffrm_t)) {
      if (pktHdr.len > MAX_BUFFER_SIZE) {
  debug(1, "ERROR : Packet is TOOO BIG size=%d\n", pktHdr.len);
  //DumpHexPaquets(RealTime_WND, buf, 0x1B0);
  return 0;
      } else {
  real_size_of_headers = FillRadioData(wlan_header, ca.DataLink, RadioPacket, pktHdr.len);
  memcpy_buff(buf, (RadioPacket + real_size_of_headers), MIN_OF((pktHdr.len - real_size_of_headers), maxlen));
  return MAX_OF(0, (pktHdr.len - real_size_of_headers));
      }
    }
  }
  return (0);                   /* Noting to read */
}

int openPacketMADWIFI_NG(char *devname)
{
  ca.pcap = pcap_open_live(devname, 3000, 1, 0, errbuf);
  if (ca.pcap) {
    pcap_setnonblock(ca.pcap, 1, errbuf);
    ca.DataLink = pcap_datalink(ca.pcap);
    ca.offset = CalculateOffset(ca.DataLink);
    return NO_ERROR;
  }
  return ERROR_CANT_OPEN_PCAP;
}

void closePacketMADWIFI_NG(void)
{
  pcap_close(ca.pcap);
}

---