wlan-ng.c

Go to the documentation of this file.

/* Linux Prism II Stumbler - Utility Scan for 802_11 networks under Linux
 * 
 * File : wlan-ng.c
 * Project : WifiScanner (c) 2002 Hervé Schauer Consultants
 * Usage : This utility is written for use with IEEE 802.11 adapters based
 * on Intersil's PRISM II chipset (PCMCIA).
 * 
 * Base code was from prismstumbler Jan Fernquist <Jan.B.Fernquist@telia.com>
 * and wlanctl from www.linux-wlan.com
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 2
 * of the License, or (at your option) any later version.
 * 
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 * 
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA
 *
 * $Id: wlan-ng.c 178 2007-08-11 16:57:24Z poggij $
 */

#include <include.h>
#include <src/interface.h>
#include <src/crt_io.h>
#include <src/wlan-ng.h>
#include <src/driver.h>
#include <src/functions.h>

static char *ID = "$Id: wlan-ng.c 178 2007-08-11 16:57:24Z poggij $";

//#define I_WANT_TO_DEBUG

extern WINDOW *Sum_WND, *RealTime_WND;
extern ScanResult_t Res;

static CaptureArg ca;
static char errbuf[PCAP_ERRBUF_SIZE];

#ifdef LWNG_15
extern p80211_caphdr_t wlan_header;

//UINT8 wlan_payload[WLAN_A4FR_MAXLEN];
//static UINT8 wlan_payload[MAX_BUFFER_SIZE];
#endif                          /* ifdef LWNG_15 */

#ifndef WITH_SYSTEMCALL
/* Why I put this data in static ? 
   because if it's not, ioctl can't access it !  */
static p80211msg_lnxreq_wlansniff_t lnxreq_wlansniff;
static p80211msg_lnxreq_ifstate_t lnxreq_ifstate;
#endif

#ifndef WITH_SYSTEMCALL
// Function to dump in hexa the message send or sent to the driver
//  Only for DEBUG
void dump_msg(void *msg)
{
  p80211msgd_t *msgp = msg;
  int i;
  int bodylen;

  debug(3, "  msgcode=0x%08lx  msglen=%lu  devname=%s\n",
        msgp->msgcode, msgp->msglen, msgp->devname);
  debug(3, "body: ");
  bodylen =
      msgp->msglen - (sizeof(msgp->msgcode) + sizeof(msgp->msglen) +
                      sizeof(msgp->devname));
  for (i = 0; i < bodylen; i += 4) {
    debug(3, "%02x%02x%02x%02x ", msgp->args[i],
          msgp->args[i + 1], msgp->args[i + 2], msgp->args[i + 3]);
  }
  debug(3, "\n");
}

/*----------------------------------------------------------------
* do_ioctl
*
* Send command to driver with ioctl
*
* Arguments:
*       char *devname : device name
*       UINT8 * msg   : the message to send to driver
*
* Returns: 
*       0       - success 
*       ~0      - failure
----------------------------------------------------------------*/
int do_ioctl(char *devname, UINT8 * msg, size_t size)
{
  register int result = -1;
  register int fd;
  p80211ioctl_req_t req;
  UINT8 *msg_local = NULL;

  // In my config with wlan-ng 0.2.1_pre23 it's needed, because ioctl can't access
  //   to msg directly ... perharps some GRSEC pretections :-)
  msg_local = malloc(size);
  if (msg_local == NULL) {
    warning("ioctl error : malloc of %d can't be done", size);
    return (result);
  }
  memcpy(msg_local, msg, size);

  /* set the magic */
  req.magic = P80211_IOCTL_MAGIC;

  /* get a socket */
  fd = socket(AF_INET, SOCK_STREAM, 0);
  if (fd == -1) {
    warning("ioctl error : socket can't open\n");
    return (result);
  }
  // prepare request
  req.len = MSG_BUFF_LEN;
  req.data = msg_local;
  strncpy(req.name, devname, DEVNAME_LEN - 1);
  req.result = 0;

#ifdef I_WANT_TO_DEBUG
  dump_msg(msg);
#endif

  // Send request
  //debugTS(0, "Debut ioctl\n");
  result = ioctl(fd, P80211_IFREQ, &req);
  //debugTS(0, "Fin   ioctl\n");

  // check the result and send a warning if problem
  //   The caller choice what to do if error
  if (result == -1) {
    warning("ioctl error : \"%s\"(%d) - req=0x%X \n", strerror(errno),
            errno, &req);
#ifdef I_WANT_TO_DEBUG
    dump_msg(msg);
#endif
  }
  close(fd);
  free(msg_local);
  return result;
}

#endif                          // ifndef WITH_SYSTEMCALL

/*----------------------------------------------------------------
* selectChannelWLAN
*
* Select channel on a wlan-ng card
*
* Arguments:
*       char *devname : device name
*       int channel   : channel (not checked !) 
*
* Returns: 
*       0       - success 
*       ~0      - failure
----------------------------------------------------------------*/
int selectChannelWLAN(char *devname, int channel)
{
  INT result = 0;

#ifdef WITH_SYSTEMCALL
  char CmdSystem[128];
#endif

  debug(3, "%s#%d : devname=%s , channel=%02d\n", __FUNCTION__, __LINE__,
        devname, channel);

  PrintScaleChannel(channel);

  debug(3, "%s#%d : Define SChannel = %02d\n", __FUNCTION__, __LINE__,
        channel);
  Res.SChannel = channel;

/*  No more stop monitor mode before change channel
#ifdef LWNG_20

#ifndef WITH_SYSTEMCALL
  // Stop Sniff function if wlan-ng driver version is greater or egual to 0.2.0
  memset (&lnxreq_wlansniff, 0, sizeof (p80211msg_lnxreq_wlansniff_t));
  lnxreq_wlansniff.msgcode = DIDmsg_lnxreq_wlansniff;
  lnxreq_wlansniff.msglen = sizeof (p80211msg_lnxreq_wlansniff_t);
  strncpy ((char *) lnxreq_wlansniff.devname, devname, DEVNAME_LEN - 1);

  lnxreq_wlansniff.enable.did = DIDmsg_lnxreq_wlansniff_enable;
  lnxreq_wlansniff.enable.data = P80211ENUM_truth_false;
  lnxreq_wlansniff.enable.len = 4;

  lnxreq_wlansniff.channel.did = DIDmsg_lnxreq_wlansniff_channel;
  lnxreq_wlansniff.channel.status = P80211ENUM_msgitem_status_no_value;
  lnxreq_wlansniff.channel.len = 4;

  lnxreq_wlansniff.prismheader.did = DIDmsg_lnxreq_wlansniff_prismheader;
  lnxreq_wlansniff.prismheader.status = P80211ENUM_msgitem_status_no_value;
  lnxreq_wlansniff.prismheader.len = 4;

  lnxreq_wlansniff.wlanheader.did = DIDmsg_lnxreq_wlansniff_wlanheader;
  lnxreq_wlansniff.wlanheader.status = P80211ENUM_msgitem_status_no_value;
  lnxreq_wlansniff.wlanheader.len = 4;

  lnxreq_wlansniff.keepwepflags.did = DIDmsg_lnxreq_wlansniff_keepwepflags;
  lnxreq_wlansniff.keepwepflags.status = P80211ENUM_msgitem_status_no_value;
  lnxreq_wlansniff.keepwepflags.len = 4;

  lnxreq_wlansniff.stripfcs.did = DIDmsg_lnxreq_wlansniff_stripfcs;
  lnxreq_wlansniff.stripfcs.status = P80211ENUM_msgitem_status_no_value;
  lnxreq_wlansniff.stripfcs.len = 4;

  lnxreq_wlansniff.packet_trunc.did = DIDmsg_lnxreq_wlansniff_packet_trunc;
  lnxreq_wlansniff.packet_trunc.status = P80211ENUM_msgitem_status_no_value;
  lnxreq_wlansniff.packet_trunc.len = 4;

  lnxreq_wlansniff.resultcode.did = DIDmsg_lnxreq_wlansniff_resultcode;
  lnxreq_wlansniff.resultcode.status = P80211ENUM_msgitem_status_no_value;
  lnxreq_wlansniff.resultcode.len = 4;

  result = do_ioctl (devname, (UINT8 *) & lnxreq_wlansniff, sizeof(p80211msg_lnxreq_wlansniff_t));
#else
  sprintf (CmdSystem,
     "wlanctl-ng %s lnxreq_wlansniff enable=false > /dev/null",
     devname);
  result = system (CmdSystem);
#endif  // WITH_SYSTEMCALL

  debug (3, "#%d : lnxreq_wlansniff enable=false\n", __LINE__);

  if (result) {
    warning ("Warning : Exit from monitor mode failed\n");
  }
#endif  // LWNG_20
*/

  // Second part
  // put in monitor mode with the good channel

#ifndef WITH_SYSTEMCALL
  memset(&lnxreq_wlansniff, 0, sizeof(p80211msg_lnxreq_wlansniff_t));
  lnxreq_wlansniff.msgcode = DIDmsg_lnxreq_wlansniff;
  lnxreq_wlansniff.msglen = sizeof(p80211msg_lnxreq_wlansniff_t);

  strncpy((char *) lnxreq_wlansniff.devname, devname, DEVNAME_LEN - 1);

  lnxreq_wlansniff.enable.did = DIDmsg_lnxreq_wlansniff_enable;
  lnxreq_wlansniff.enable.data = P80211ENUM_truth_true;
  lnxreq_wlansniff.enable.len = 4;

  lnxreq_wlansniff.channel.did = DIDmsg_lnxreq_wlansniff_channel;
  lnxreq_wlansniff.channel.data = channel;
  lnxreq_wlansniff.channel.len = 4;

  lnxreq_wlansniff.prismheader.did = DIDmsg_lnxreq_wlansniff_prismheader;
  lnxreq_wlansniff.prismheader.data = P80211ENUM_truth_true;
  lnxreq_wlansniff.prismheader.len = 4;

  lnxreq_wlansniff.keepwepflags.did = DIDmsg_lnxreq_wlansniff_keepwepflags;
  lnxreq_wlansniff.keepwepflags.data = P80211ENUM_truth_false;
  lnxreq_wlansniff.keepwepflags.len = 4;

  lnxreq_wlansniff.resultcode.did = DIDmsg_lnxreq_wlansniff_resultcode;
  lnxreq_wlansniff.resultcode.status = P80211ENUM_msgitem_status_no_value;
  lnxreq_wlansniff.resultcode.len = 4;

  result =
      do_ioctl(devname, (UINT8 *) & lnxreq_wlansniff,
               sizeof(p80211msg_lnxreq_wlansniff_t));
#else
  sprintf(CmdSystem,
          "wlanctl-ng %s lnxreq_wlansniff enable=true channel=%d "
          "keepwepflags=false prismheader=true > /dev/null", devname,
          channel);
  result = system(CmdSystem);

#endif

  debug(3,
        "%s#%d : lnxreq_wlansniff enable=true channel=%02d "
        "keepwepflags=false prismheader=true\n", __FUNCTION__, __LINE__,
        channel);

  // Check result
  if (result) {
    fatal
        (ERROR_CANT_SET_CHANNEL, "Fatal error : change to Channel %d failed (%s:%d)\n",
         channel, __FUNCTION__, __LINE__);
  }

  return result;
}

/***
 * Function needed to stop correctly the monitor mode
 ***/
int shutCardWLAN(char *devname)
{
  INT result = 0;
#ifdef WITH_SYSTEMCALL
  char CmdSystem[128];
#endif

  /* Down interface */
  IfconfigSetFlags(devname, 0);

#ifndef WITH_SYSTEMCALL
  /* Stop Sniff function */
  memset(&lnxreq_wlansniff, 0, sizeof(p80211msg_lnxreq_wlansniff_t));

  lnxreq_wlansniff.msgcode = DIDmsg_lnxreq_wlansniff;
  lnxreq_wlansniff.msglen = sizeof(p80211msg_lnxreq_wlansniff_t);

  strncpy((char *) lnxreq_wlansniff.devname, devname, DEVNAME_LEN - 1);

  lnxreq_wlansniff.enable.did = DIDmsg_lnxreq_wlansniff_enable;
  lnxreq_wlansniff.enable.data = P80211ENUM_truth_false;
  lnxreq_wlansniff.enable.len = 4;

  lnxreq_wlansniff.channel.did = DIDmsg_lnxreq_wlansniff_channel;
  lnxreq_wlansniff.channel.status = P80211ENUM_msgitem_status_no_value;
  lnxreq_wlansniff.channel.len = 4;

  lnxreq_wlansniff.resultcode.did = DIDmsg_lnxreq_wlansniff_resultcode;
  lnxreq_wlansniff.resultcode.status = P80211ENUM_msgitem_status_no_value;
  lnxreq_wlansniff.resultcode.len = 4;

  result =
      do_ioctl(lnxreq_wlansniff.devname, (UINT8 *) & lnxreq_wlansniff,
               sizeof(p80211msg_lnxreq_wlansniff_t));
#else
  sprintf(CmdSystem,
          "wlanctl-ng %s lnxreq_wlansniff enable=false > /dev/null",
          dev, channel);
  result = system(CmdSystem);
#endif

  debug(3, "%s#%d : lnxreq_wlansniff enable=false\n", __FUNCTION__,
        __LINE__);

  return result;

}

int openCardWLAN(char *devname)
{
  INT result = 0;
#ifdef WITH_SYSTEMCALL
  char CmdSystem[32];
#endif

#ifndef WITH_SYSTEMCALL
  /* put interface state UP  */
  memset(&lnxreq_ifstate, 0, sizeof(p80211msg_lnxreq_ifstate_t));
  lnxreq_ifstate.msgcode = DIDmsg_lnxreq_ifstate;
  lnxreq_ifstate.msglen = sizeof(p80211msg_lnxreq_ifstate_t);

  strncpy((char *) lnxreq_ifstate.devname, devname, DEVNAME_LEN - 1);

  lnxreq_ifstate.ifstate.did = DIDmsg_lnxreq_ifstate_ifstate;
  lnxreq_ifstate.ifstate.len = 4;
  lnxreq_ifstate.ifstate.data = P80211ENUM_ifstate_enable;

  lnxreq_ifstate.resultcode.did = DIDmsg_lnxreq_ifstate_resultcode;
  lnxreq_ifstate.resultcode.len = 4;
  lnxreq_ifstate.resultcode.status = P80211ENUM_msgitem_status_no_value;

  result =
      do_ioctl(devname, (UINT8 *) & lnxreq_ifstate,
               sizeof(p80211msg_lnxreq_ifstate_t));
#else
  sprintf(CmdSystem,
          "wlanctl-ng %s lnxreq_ifstate ifstate=enable > /dev/null",
          dev, channel);
  result = system(CmdSystem);
#endif

  debug(3, "%s#%d : lnxreq_ifstate ifstate=enable\n", __FUNCTION__,
        __LINE__);
  // Check result
  if (result) {
    fatal(ERROR_IF_CANT_INIT, "Warning : Change state of interface to enable failed\n");
  }
#ifndef WITH_SYSTEMCALL

  /* Stop Sniff function */
  memset(&lnxreq_wlansniff, 0, sizeof(p80211msg_lnxreq_wlansniff_t));
  lnxreq_wlansniff.msgcode = DIDmsg_lnxreq_wlansniff;
  lnxreq_wlansniff.msglen = sizeof(p80211msg_lnxreq_wlansniff_t);

  strncpy((char *) lnxreq_wlansniff.devname, devname, DEVNAME_LEN - 1);

  lnxreq_wlansniff.enable.did = DIDmsg_lnxreq_wlansniff_enable;
  lnxreq_wlansniff.enable.data = P80211ENUM_truth_false;
  lnxreq_wlansniff.enable.len = 4;

  lnxreq_wlansniff.channel.did = DIDmsg_lnxreq_wlansniff_channel;
  lnxreq_wlansniff.channel.status = P80211ENUM_msgitem_status_no_value;
  lnxreq_wlansniff.channel.len = 4;

  lnxreq_wlansniff.resultcode.did = DIDmsg_lnxreq_wlansniff_resultcode;
  lnxreq_wlansniff.resultcode.status = P80211ENUM_msgitem_status_no_value;
  lnxreq_wlansniff.resultcode.len = 4;

  result =
      do_ioctl(devname, (UINT8 *) & lnxreq_wlansniff,
               sizeof(p80211msg_lnxreq_wlansniff_t));
#else
  sprintf(CmdSystem,
          "wlanctl-ng %s lnxreq_wlansniff enable=false channel= > /dev/null");
  result = system(CmdSystem);
#endif
  debug(3, "%s#%d : lnxreq_wlansniff enable=false channel= \n",
        __FUNCTION__, __LINE__);
  if ((result)
      && (lnxreq_wlansniff.msgcode != P80211ENUM_resultcode_success)
      && (lnxreq_wlansniff.msgcode != P80211ENUM_resultcode_refused)) {
    warning("Warning : Exit from monitor mode failed\n");
  }
  // Put no IP, so better hide from hell ;)
  // put interface up with addresse 0
  result += IfconfigSetFlags(devname, IFF_UP);

  return result;
}


// Get packet from card and fill correctly radio structure
int getPacketWLAN(p80211_caphdr_t * wlan_header, UINT8 * buf, int maxlen)
{
  struct pcap_pkthdr pktHdr;
  u_char *RadioPacket;
  fd_set rs;
  // p80211msg_lnxind_wlansniffrm_t *Sniff_Frame;

  FD_ZERO(&rs);
  FD_SET(0, &rs);

  RadioPacket = (u_char *) pcap_next(ca.pcap, &pktHdr);

  //DEBUG 
  if (RadioPacket != NULL) {
    debug(3, "RadioPacket= %x  - pktHdr.len = %x\n", RadioPacket,
          pktHdr.len);

    // If no problem and packet is enought big (with data)
    if (pktHdr.len >= sizeof(p80211msg_lnxind_wlansniffrm_t)) {
      if (pktHdr.len > MAX_BUFFER_SIZE) {
        debug(1, "ERROR : Packet is TOOO BIG size=%d\n", pktHdr.len);
        // Sometimes Wlan-NG return an enormous empty packet ...
        //DumpHexPaquets(RealTime_WND, buf, 0x1B0);
        return 0;
      } else {
        FillRadioData(&wlan_header, ca.DataLink, RadioPacket, pktHdr.len);
        memcpy_buff(buf, RadioPacket + ca.offset,
                    MIN_OF((pktHdr.len - ca.offset), maxlen));
        return MAX_OF(0,
                      (pktHdr.len -
                       sizeof(p80211msg_lnxind_wlansniffrm_t)));
      }
    }
  }
  return (0);                   /* Noting to read */
}


// The packet catcher !
int openPacketWLAN(char *devname)
{
  ca.pcap = pcap_open_live(devname, 3000, 1, 1, errbuf);
  if (ca.pcap) {
    pcap_setnonblock(ca.pcap, 1, errbuf);
    ca.DataLink = pcap_datalink(ca.pcap);
    ca.offset = CalculateOffset(ca.DataLink);
    return NO_ERROR;
  }
  return ERROR_CANT_OPEN_PCAP;
}

// Close pcap
void closePacketWLAN(void)
{
  pcap_close(ca.pcap);
}

---