wlan-ng.c

Go to the documentation of this file.

/* Linux Prism II Stumbler - Utility Scan for 802_11 networks under Linux
 * 
 * File : wlan-ng.c
 * Project : WifiScanner (c) 2002 Hervé Schauer Consultants
 * Usage : This utility is written for use with IEEE 802.11 adapters based
 * on Intersil's PRISM II chipset (PCMCIA).
 * 
 * Base code was from prismstumbler Jan Fernquist <Jan.B.Fernquist@telia.com>
 * and wlanctl from www.linux-wlan.com
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 2
 * of the License, or (at your option) any later version.
 * 
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 * 
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA
 *
 * $Id: wlan-ng.c,v 1.31 2005/02/23 11:36:53 poggij Exp $
 */

#include <include.h>
#include <src/interface.h>
#include <src/crt_io.h>
#include <src/wlan-ng.h>
#include <src/driver.h>

static char *ID = "$Id: wlan-ng.c,v 1.31 2005/02/23 11:36:53 poggij Exp $";

//#define I_WANT_TO_DEBUG

extern WINDOW *Sum_WND, *RealTime_WND;
extern ScanResult_t Res;

static CaptureArg ca;
static char errbuf[PCAP_ERRBUF_SIZE];

#ifdef LWNG_15
extern p80211_caphdr_t wlan_header;

//UINT8 wlan_payload[WLAN_A4FR_MAXLEN];
static UINT8 wlan_payload[MAX_BUFFER_SIZE];
#endif                          /* ifdef LWNG_15 */

#ifndef WITH_SYSTEMCALL
/* Why I put this data in static ? 
   because if it's not, ioctl can't access it !  */
static p80211msg_lnxreq_wlansniff_t lnxreq_wlansniff;
static p80211msg_lnxreq_ifstate_t lnxreq_ifstate;
#endif

#ifndef WITH_SYSTEMCALL
// Function to dump in hexa the message send or sent to the driver
//  Only for DEBUG
void dump_msg(void *msg)
{
  p80211msgd_t *msgp = msg;
  int i;
  int bodylen;

  debug(3, "  msgcode=0x%08lx  msglen=%lu  devname=%s\n",
        msgp->msgcode, msgp->msglen, msgp->devname);
  debug(3, "body: ");
  bodylen =
      msgp->msglen - (sizeof(msgp->msgcode) + sizeof(msgp->msglen) +
                      sizeof(msgp->devname));
  for (i = 0; i < bodylen; i += 4) {
    debug(3, "%02x%02x%02x%02x ", msgp->args[i],
          msgp->args[i + 1], msgp->args[i + 2], msgp->args[i + 3]);
  }
  debug(3, "\n");
}

/*----------------------------------------------------------------
* do_ioctl
*
* Send command to driver with ioctl
*
* Arguments:
*       char *devname : device name
*       UINT8 * msg   : the message to send to driver
*
* Returns: 
*       0       - success 
*       ~0      - failure
----------------------------------------------------------------*/
int do_ioctl(char *devname, UINT8 * msg, size_t size)
{
  register int result = -1;
  register int fd;
  p80211ioctl_req_t req;
  UINT8 *msg_local = NULL;

  // In my config with wlan-ng 0.2.1_pre23 it's needed, because ioctl can't access
  //   to msg directly ... perharps some GRSEC pretections :-)
  msg_local = malloc(size);
  if (msg_local == NULL) {
    warning("ioctl error : malloc of %d can't be done", size);
    return (result);
  }
  memcpy(msg_local, msg, size);

  /* set the magic */
  req.magic = P80211_IOCTL_MAGIC;

  /* get a socket */
  fd = socket(AF_INET, SOCK_STREAM, 0);
  if (fd == -1) {
    warning("ioctl error : socket can't open\n");
    return (result);
  }
  // prepare request
  req.len = MSG_BUFF_LEN;
  req.data = msg_local;
  strncpy(req.name, devname, DEVNAME_LEN - 1);
  req.result = 0;

#ifdef I_WANT_TO_DEBUG
  dump_msg(msg);
#endif

  // Send request
  //debugTS(0, "Debut ioctl\n");
  result = ioctl(fd, P80211_IFREQ, &req);
  //debugTS(0, "Fin   ioctl\n");

  // check the result and send a warning if problem
  //   The caller choice what to do if error
  if (result == -1) {
    warning("ioctl error : \"%s\"(%d) - req=0x%X \n", strerror(errno),
            errno, &req);
#ifdef I_WANT_TO_DEBUG
    dump_msg(msg);
#endif
  }
  close(fd);
  free(msg_local);
  return result;
}

#endif                          // ifndef WITH_SYSTEMCALL

/*----------------------------------------------------------------
* selectChannelWLAN
*
* Select channel on a wlan-ng card
*
* Arguments:
*       char *devname : device name
*       int channel   : channel (not checked !) 
*
* Returns: 
*       0       - success 
*       ~0      - failure
----------------------------------------------------------------*/
int selectChannelWLAN(char *devname, int channel)
{
  INT result = 0;

#ifdef WITH_SYSTEMCALL
  char CmdSystem[128];
#endif

  debug(3, "%s#%d : devname=%s , channel=%02d\n", __FUNCTION__, __LINE__,
        devname, channel);

  PrintScaleChannel(channel);

  debug(3, "%s#%d : Define SChannel = %02d\n", __FUNCTION__, __LINE__,
        channel);
  Res.SChannel = channel;

/*  No more stop monitor mode before change channel
#ifdef LWNG_2_0

#ifndef WITH_SYSTEMCALL
  // Stop Sniff function if wlan-ng driver version is greater or egual to 0.2.0
  memset (&lnxreq_wlansniff, 0, sizeof (p80211msg_lnxreq_wlansniff_t));
  lnxreq_wlansniff.msgcode = DIDmsg_lnxreq_wlansniff;
  lnxreq_wlansniff.msglen = sizeof (p80211msg_lnxreq_wlansniff_t);
  strncpy ((char *) lnxreq_wlansniff.devname, devname, DEVNAME_LEN - 1);

  lnxreq_wlansniff.enable.did = DIDmsg_lnxreq_wlansniff_enable;
  lnxreq_wlansniff.enable.data = P80211ENUM_truth_false;
  lnxreq_wlansniff.enable.len = 4;

  lnxreq_wlansniff.channel.did = DIDmsg_lnxreq_wlansniff_channel;
  lnxreq_wlansniff.channel.status = P80211ENUM_msgitem_status_no_value;
  lnxreq_wlansniff.channel.len = 4;

  lnxreq_wlansniff.prismheader.did = DIDmsg_lnxreq_wlansniff_prismheader;
  lnxreq_wlansniff.prismheader.status = P80211ENUM_msgitem_status_no_value;
  lnxreq_wlansniff.prismheader.len = 4;

  lnxreq_wlansniff.wlanheader.did = DIDmsg_lnxreq_wlansniff_wlanheader;
  lnxreq_wlansniff.wlanheader.status = P80211ENUM_msgitem_status_no_value;
  lnxreq_wlansniff.wlanheader.len = 4;

  lnxreq_wlansniff.keepwepflags.did = DIDmsg_lnxreq_wlansniff_keepwepflags;
  lnxreq_wlansniff.keepwepflags.status = P80211ENUM_msgitem_status_no_value;
  lnxreq_wlansniff.keepwepflags.len = 4;

  lnxreq_wlansniff.stripfcs.did = DIDmsg_lnxreq_wlansniff_stripfcs;
  lnxreq_wlansniff.stripfcs.status = P80211ENUM_msgitem_status_no_value;
  lnxreq_wlansniff.stripfcs.len = 4;

  lnxreq_wlansniff.packet_trunc.did = DIDmsg_lnxreq_wlansniff_packet_trunc;
  lnxreq_wlansniff.packet_trunc.status = P80211ENUM_msgitem_status_no_value;
  lnxreq_wlansniff.packet_trunc.len = 4;

  lnxreq_wlansniff.resultcode.did = DIDmsg_lnxreq_wlansniff_resultcode;
  lnxreq_wlansniff.resultcode.status = P80211ENUM_msgitem_status_no_value;
  lnxreq_wlansniff.resultcode.len = 4;

  result = do_ioctl (devname, (UINT8 *) & lnxreq_wlansniff, sizeof(p80211msg_lnxreq_wlansniff_t));
#else
  sprintf (CmdSystem,
           "wlanctl-ng %s lnxreq_wlansniff enable=false > /dev/null",
           devname);
  result = system (CmdSystem);
#endif  // WITH_SYSTEMCALL

  debug (3, "#%d : lnxreq_wlansniff enable=false\n", __LINE__);

  if (result) {
    warning ("Warning : Exit from monitor mode failed\n");
  }
#endif  // LWNG_2_0
*/

  // Second part
  // put in monitor mode with the good channel

#ifndef WITH_SYSTEMCALL
  memset(&lnxreq_wlansniff, 0, sizeof(p80211msg_lnxreq_wlansniff_t));
  lnxreq_wlansniff.msgcode = DIDmsg_lnxreq_wlansniff;
  lnxreq_wlansniff.msglen = sizeof(p80211msg_lnxreq_wlansniff_t);

  strncpy((char *) lnxreq_wlansniff.devname, devname, DEVNAME_LEN - 1);

  lnxreq_wlansniff.enable.did = DIDmsg_lnxreq_wlansniff_enable;
  lnxreq_wlansniff.enable.data = P80211ENUM_truth_true;
  lnxreq_wlansniff.enable.len = 4;

  lnxreq_wlansniff.channel.did = DIDmsg_lnxreq_wlansniff_channel;
  lnxreq_wlansniff.channel.data = channel;
  lnxreq_wlansniff.channel.len = 4;

  lnxreq_wlansniff.prismheader.did = DIDmsg_lnxreq_wlansniff_prismheader;
  lnxreq_wlansniff.prismheader.data = P80211ENUM_truth_true;
  lnxreq_wlansniff.prismheader.len = 4;

  lnxreq_wlansniff.keepwepflags.did = DIDmsg_lnxreq_wlansniff_keepwepflags;
  lnxreq_wlansniff.keepwepflags.data = P80211ENUM_truth_false;
  lnxreq_wlansniff.keepwepflags.len = 4;

  lnxreq_wlansniff.resultcode.did = DIDmsg_lnxreq_wlansniff_resultcode;
  lnxreq_wlansniff.resultcode.status = P80211ENUM_msgitem_status_no_value;
  lnxreq_wlansniff.resultcode.len = 4;

  result =
      do_ioctl(devname, (UINT8 *) & lnxreq_wlansniff,
               sizeof(p80211msg_lnxreq_wlansniff_t));
#else
  sprintf(CmdSystem,
          "wlanctl-ng %s lnxreq_wlansniff enable=true channel=%d "
          "keepwepflags=false prismheader=true > /dev/null", devname,
          channel);
  result = system(CmdSystem);

#endif

  debug(3,
        "%s#%d : lnxreq_wlansniff enable=true channel=%02d "
        "keepwepflags=false prismheader=true\n", __FUNCTION__, __LINE__,
        channel);

  // Check result
  if (result) {
    fatal
        ("Fatal error : change to Channel %d failed (%s:%d)\n",
         channel, __FUNCTION__, __LINE__);
  }

  return result;
}

/***
 * Function needed to stop correctly the monitor mode
 ***/
int shutCardWLAN(char *devname)
{
  INT result = 0;
  char CmdSystem[128];

  /* Down interface */
  snprintf(CmdSystem, 32, "ifconfig %s down", devname);
  system(CmdSystem);

#ifndef WITH_SYSTEMCALL
  /* Stop Sniff function */
  memset(&lnxreq_wlansniff, 0, sizeof(p80211msg_lnxreq_wlansniff_t));

  lnxreq_wlansniff.msgcode = DIDmsg_lnxreq_wlansniff;
  lnxreq_wlansniff.msglen = sizeof(p80211msg_lnxreq_wlansniff_t);

  strncpy((char *) lnxreq_wlansniff.devname, devname, DEVNAME_LEN - 1);

  lnxreq_wlansniff.enable.did = DIDmsg_lnxreq_wlansniff_enable;
  lnxreq_wlansniff.enable.data = P80211ENUM_truth_false;
  lnxreq_wlansniff.enable.len = 4;

  lnxreq_wlansniff.channel.did = DIDmsg_lnxreq_wlansniff_channel;
  lnxreq_wlansniff.channel.status = P80211ENUM_msgitem_status_no_value;
  lnxreq_wlansniff.channel.len = 4;

  lnxreq_wlansniff.resultcode.did = DIDmsg_lnxreq_wlansniff_resultcode;
  lnxreq_wlansniff.resultcode.status = P80211ENUM_msgitem_status_no_value;
  lnxreq_wlansniff.resultcode.len = 4;

  result =
      do_ioctl(lnxreq_wlansniff.devname, (UINT8 *) & lnxreq_wlansniff,
               sizeof(p80211msg_lnxreq_wlansniff_t));
#else
  sprintf(CmdSystem,
          "wlanctl-ng %s lnxreq_wlansniff enable=false > /dev/null",
          dev, channel);
  result = system(CmdSystem);
#endif

  debug(3, "%s#%d : lnxreq_wlansniff enable=false\n", __FUNCTION__,
        __LINE__);

  return result;

}

int openCardWLAN(char *devname)
{
  INT result = 0;
  char CmdSystem[32];

#ifndef WITH_SYSTEMCALL
  /* put interface state UP  */
  memset(&lnxreq_ifstate, 0, sizeof(p80211msg_lnxreq_ifstate_t));
  lnxreq_ifstate.msgcode = DIDmsg_lnxreq_ifstate;
  lnxreq_ifstate.msglen = sizeof(p80211msg_lnxreq_ifstate_t);

  strncpy((char *) lnxreq_ifstate.devname, devname, DEVNAME_LEN - 1);

  lnxreq_ifstate.ifstate.did = DIDmsg_lnxreq_ifstate_ifstate;
  lnxreq_ifstate.ifstate.len = 4;
  lnxreq_ifstate.ifstate.data = P80211ENUM_ifstate_enable;

  lnxreq_ifstate.resultcode.did = DIDmsg_lnxreq_ifstate_resultcode;
  lnxreq_ifstate.resultcode.len = 4;
  lnxreq_ifstate.resultcode.status = P80211ENUM_msgitem_status_no_value;

  result =
      do_ioctl(devname, (UINT8 *) & lnxreq_ifstate,
               sizeof(p80211msg_lnxreq_ifstate_t));
#else
  sprintf(CmdSystem,
          "wlanctl-ng %s lnxreq_ifstate ifstate=enable > /dev/null",
          dev, channel);
  result = system(CmdSystem);
#endif

  debug(3, "%s#%d : lnxreq_ifstate ifstate=enable\n", __FUNCTION__,
        __LINE__);
  // Check result
  if (result) {
    fatal("Warning : Change state of interface to enable failed\n");
  }
#ifndef WITH_SYSTEMCALL

  /* Stop Sniff function */
  memset(&lnxreq_wlansniff, 0, sizeof(p80211msg_lnxreq_wlansniff_t));
  lnxreq_wlansniff.msgcode = DIDmsg_lnxreq_wlansniff;
  lnxreq_wlansniff.msglen = sizeof(p80211msg_lnxreq_wlansniff_t);

  strncpy((char *) lnxreq_wlansniff.devname, devname, DEVNAME_LEN - 1);

  lnxreq_wlansniff.enable.did = DIDmsg_lnxreq_wlansniff_enable;
  lnxreq_wlansniff.enable.data = P80211ENUM_truth_false;
  lnxreq_wlansniff.enable.len = 4;

  lnxreq_wlansniff.channel.did = DIDmsg_lnxreq_wlansniff_channel;
  lnxreq_wlansniff.channel.status = P80211ENUM_msgitem_status_no_value;
  lnxreq_wlansniff.channel.len = 4;

  lnxreq_wlansniff.resultcode.did = DIDmsg_lnxreq_wlansniff_resultcode;
  lnxreq_wlansniff.resultcode.status = P80211ENUM_msgitem_status_no_value;
  lnxreq_wlansniff.resultcode.len = 4;

  result =
      do_ioctl(devname, (UINT8 *) & lnxreq_wlansniff,
               sizeof(p80211msg_lnxreq_wlansniff_t));
#else
  sprintf(CmdSystem,
          "wlanctl-ng %s lnxreq_wlansniff enable=false channel= > /dev/null");
  result = system(CmdSystem);
#endif
  debug(3, "%s#%d : lnxreq_wlansniff enable=false channel= \n",
        __FUNCTION__, __LINE__);
  if ((result)
      && (lnxreq_wlansniff.msgcode != P80211ENUM_resultcode_success)
      && (lnxreq_wlansniff.msgcode != P80211ENUM_resultcode_refused)) {
    warning("Warning : Exit from monitor mode failed\n");
  }
  // Put no IP, so better hide from hell ;)
  snprintf(CmdSystem, 32, "ifconfig %s 0", devname);
  system(CmdSystem);
  debug(3, "%s#%d : %s\n", __FUNCTION__, __LINE__, CmdSystem);
  // put interface up
  snprintf(CmdSystem, 32, "ifconfig %s up", devname);
  system(CmdSystem);
  debug(3, "%s#%d : %s\n", __FUNCTION__, __LINE__, CmdSystem);

  return result;
}


// Get packet from card and fill correctly radio structure
int getPacketWLAN(unsigned char *buf, int maxlen)
{
  struct pcap_pkthdr pktHdr;
  u_char *ret;
  fd_set rs;
  p80211msg_lnxind_wlansniffrm_t *Sniff_Frame;

  FD_ZERO(&rs);
  FD_SET(0, &rs);

  ret = (u_char *) pcap_next(ca.pcap, &pktHdr);
  //DEBUG 
  if (ret)
    debug(3, "Ret= %x  - pktHdr.len = %x\n", ret, pktHdr.len);
  // If no problem and packet is enought big (with data)
  if ((ret)
      && (pktHdr.len >= sizeof(p80211msg_lnxind_wlansniffrm_t))) {
    if (pktHdr.len > MAX_BUFFER_SIZE) {
      debug(1, "ERROR : Packet is TOOO BIG size=%d\n", pktHdr.len);
      // Sometimes Wlan-NG return an enormous empty packet ...
      //DumpHexPaquets(RealTime_WND, buf, 0x1B0);
      return 0;
    } else {
      if (memcpy_buff(buf, ret, pktHdr.len) == NULL)
        return 0;
      Sniff_Frame = (p80211msg_lnxind_wlansniffrm_t *) buf;
      // Fill Header
      wlan_header.version = 0;  // It's a reduced capture frame format
      wlan_header.length = 0;   // Not used for now
      wlan_header.mactime = Sniff_Frame->mactime.data;
      wlan_header.hosttime = Sniff_Frame->hosttime.data;
      wlan_header.phytype = phytype_dsss_dot11_b;       // Not used for now
      wlan_header.channel = Sniff_Frame->channel.data;
      wlan_header.datarate = Sniff_Frame->rate.data * 5;        // datarate is in units of 100kbps.
      wlan_header.antenna = 0;  // Not used for now
      wlan_header.priority = 0; // Not used for now
      wlan_header.ssi_type = 0; // Not used for now
      wlan_header.ssi_signal = Sniff_Frame->signal.data;
      wlan_header.ssi_noise = Sniff_Frame->noise.data;
      wlan_header.preamble = 0; // Not used for now
      wlan_header.encoding = 0; // Not used for now
      // Fill data frame
      if (memcpy_buff(wlan_payload,
                      &buf[sizeof(p80211msg_lnxind_wlansniffrm_t)],
                      pktHdr.len -
                      sizeof(p80211msg_lnxind_wlansniffrm_t)) == NULL)
        return 0;
      if (memcpy_buff(buf, wlan_payload,
                      maxlen - sizeof(p80211msg_lnxind_wlansniffrm_t)) ==
          NULL)
        return 0;

      if (pktHdr.len <= sizeof(p80211msg_lnxind_wlansniffrm_t))
        // Don't return negative value
        return 0;
      else
        return (pktHdr.len - sizeof(p80211msg_lnxind_wlansniffrm_t));
    }
  } else {
    return (0);                 /* Noting to read */
  }
}


// The packet catcher !
int openPacketWLAN(char *devname)
{
  int DataLink;

  ca.pcap = pcap_open_live(devname, 3000, 1, 1, errbuf);
  if (ca.pcap) {
    pcap_setnonblock(ca.pcap, 1, errbuf);
    DataLink = pcap_datalink(ca.pcap);
    switch (DataLink) {
    case DLT_PRISM_HEADER:
      debug(2,
            "pcap_datalink(ca.pcap) = %d = DLT_PRISM_HEADER\n", DataLink);
      ca.offset = 144;
      break;
    case DLT_IEEE802_11:
      debug(2, "pcap_datalink(ca.pcap) = %d = DLT_IEEE802_11\n", DataLink);
      ca.offset = 0;
      break;
    case DLT_AIRONET_HEADER:
      fatal
          ("pcap_datalink(ca.pcap) = %d = DLT_AIRONET_HEADER:\n",
           DataLink);
      break;
    default:                   //COOKED
      debug(2, "pcap_datalink(ca.pcap) = %d = COOKED:\n", DataLink);
      ca.offset = 160;
    }
    return 1;
  }
  return -1;
}

// Close pcap
void closePacketWLAN(void)
{
  pcap_close(ca.pcap);
}

---