parse.c

   1 /*
   2  * parse.c - parsing of pcap packages
   3  *
   4  * author: hackbard@hackdaworld.dyndns.org
   5  *
   6  */
   7
   8 #include "parse.h"
   9 #include "main.h"
  10
  11 /* all the parsing stuff will go here
  12  *
  13  * different protocols should get to seperated files though ...
  14  */
  15
  16 int switch_active_state(char *state) {
  17
  18   switch(*state) {
  19     case '-':
  20       *state='\\';
  21       break;
  22     case '\\':
  23       *state='|';
  24       break;
  25     case '|':
  26       *state='/';
  27       break;
  28     default:
  29       *state='-';
  30       break;
  31   }
  32
  33   return 23;
  34 }
  35
  36 void parse_package(unsigned char *ptr,const struct pcap_pkthdr *pcap_header,const unsigned char *package) {
  37
  38   t_info *info;
  39   int i;
  40   t_sta new_sta;
  41   t_sta *sta;
  42   //t_frame4_hdr *f4hdr;
  43   t_frame3_hdr *f3hdr;
  44   //t_frame2_hdr *f2hdr;
  45   //t_frame1_hdr *f1hdr;
  46   t_beacon_fb *beacon_fb;
  47   int ret;
  48   char string[MESSAGE_MAX];
  49   char sc[MAX_SYSCALL_CHARS];
  50   unsigned char new;
  51
  52   info=(t_info *)ptr;
  53
  54   info->count++;
  55
  56   memset(&new_sta,0,sizeof(t_sta));
  57   new=0;
  58
  59   if(info->dump_fd!=0) {
  60     ret=write(info->dump_fd,pcap_header,sizeof(struct pcap_pkthdr));
  61     if(ret!=sizeof(struct pcap_pkthdr))
  62       display_console(info,"warning, pcap header write failed!");
  63     ret=write(info->dump_fd,package,pcap_header->caplen);
  64     if(ret!=pcap_header->caplen)
  65       display_console(info,"warning, package write failed!");
  66   }
  67
  68   /* maybe there is offset to the actual ieee802.11 frame,
  69      for example prism header ...
  70      in that case, hack the source! */
  71
  72   /* management */
  73   if(FCTL_TYPE(package[0])==FCTL_TYPE_MGMT) {
  74     info->count_m++;
  75
  76     /* beacon frames */
  77     if(FCTL_STYPE(package[0])==FCTL_STYPE_BEACON) {
  78       f3hdr=(t_frame3_hdr *)package;
  79       beacon_fb=(t_beacon_fb *)(package+sizeof(t_frame3_hdr));
  80       // check sta
  81       memcpy(new_sta.addr,f3hdr->addr2,ADDR_LEN);
  82       ret=list_search_data(&(info->sniffed_sta),&new_sta,ADDR_LEN);
  83       if((ret==L_EMPTY_LIST)|(ret==L_NO_SUCH_ELEMENT)) {
  84         list_add_element(&(info->sniffed_sta),&new_sta,sizeof(t_sta));
  85         sta=(t_sta *)info->sniffed_sta.current->data;
  86         new=1;
  87       }
  88       else sta=(t_sta *)info->sniffed_sta.current->data;
  89       // fill in stuff ...
  90       memcpy(sta->ssid,beacon_fb->ssid,beacon_fb->ssid_length);
  91       if((CAP_INFO_ESS(beacon_fb->cap_info))&
  92          (CAP_INFO_IBSS(beacon_fb->cap_info)==0)) sta->ap=AP;
  93       if(CAP_INFO_PRIVACY(beacon_fb->cap_info)) sta->wep=WEP;
  94       sta->count_mgmt++;
  95       switch_active_state(&(sta->active));
  96       strncpy(string,"last: beacon, source: ",MESSAGE_MAX);
  97       for(i=0;i<ADDR_LEN;i++)
  98         snprintf(&string[22+3*i],4,"%02x%c",sta->addr[i],
  99                  (i==ADDR_LEN-1)?'.':':');
 100       string[22+3*ADDR_LEN+1]=0;
 101       display_console(info,string);
 102       if(new) {
 103         snprintf(sc,MAX_SYSCALL_CHARS,
 104                  "flite 'access point found: %s'",
 105                  sta->ssid);
 106         system(sc);
 107         if(sta->wep&WEP) strncpy(sc,"flite ' crypted'",MAX_SYSCALL_CHARS);
 108         else strncpy(sc,"flite 'not crypted'",MAX_SYSCALL_CHARS);
 109         system(sc);
 110       }
 111     }
 112
 113   }
 114
 115   /* control */
 116   else if(FCTL_TYPE(package[0])==FCTL_TYPE_CTRL) {
 117     info->count_c++;
 118     display_console(info,"last: got control frame");
 119   }
 120
 121   /* data */
 122   else if(FCTL_TYPE(package[0])==FCTL_TYPE_DATA) {
 123     info->count_d++;
 124     display_console(info,"last: got data frame");
 125   }
 126
 127
 128 }