parse.c

   1 /*
   2  * parse.c - parsing of pcap packages
   3  *
   4  * author: hackbard@hackdaworld.dyndns.org
   5  *
   6  */
   7
   8 #include "parse.h"
   9 #include "main.h"
  10
  11 /* all the parsing stuff will go here
  12  *
  13  * different protocols should get to seperated files though ...
  14  */
  15
  16 unsigned int int_s(unsigned int val) {
  17
  18   unsigned int swapped;
  19
  20   swapped=(val&0x000000ff)<<24;
  21   swapped|=(val&0x0000ff00)<<8;
  22   swapped|=(val&0x00ff0000)>>8;
  23   swapped|=(val&0xff000000)>>24;
  24
  25   return swapped;
  26 }
  27
  28 int switch_active_state(char *state) {
  29
  30   switch(*state) {
  31     case '-':
  32       *state='\\';
  33       break;
  34     case '\\':
  35       *state='|';
  36       break;
  37     case '|':
  38       *state='/';
  39       break;
  40     default:
  41       *state='-';
  42       break;
  43   }
  44
  45   return 23;
  46 }
  47
  48 void parse_package(unsigned char *ptr,const struct pcap_pkthdr *pcap_header,const unsigned char *pkg) {
  49
  50   t_info *info;
  51   int i;
  52   t_sta new_sta;
  53   t_sta *cmp_sta;
  54   t_sta *sta;
  55   unsigned char *package=NULL;
  56   t_frame4_hdr *f4hdr;
  57   t_frame3_hdr *f3hdr;
  58   //t_frame2_hdr *f2hdr;
  59   //t_frame1_hdr *f1hdr;
  60   t_beacon_fb *beacon_fb;
  61   unsigned char *data;
  62   t_prism_hdr *prismhdr=NULL;
  63   int ret;
  64   char string[MESSAGE_MAX];
  65   char sc[MAX_SYSCALL_CHARS];
  66   unsigned char new;
  67   unsigned char foo;
  68
  69   info=(t_info *)ptr;
  70
  71   info->count++;
  72
  73   memset(&new_sta,0,sizeof(t_sta));
  74   new=0;
  75   foo=0;
  76
  77   /* prism or ieee802.11 header ? */
  78   if(info->mode&MODE_IEEE80211) {
  79     package=(unsigned char *)pkg;
  80     prismhdr=NULL;
  81   }
  82   else if(info->mode&MODE_PRISM) {
  83     package=(unsigned char *)pkg+sizeof(t_prism_hdr);
  84     prismhdr=(t_prism_hdr *)pkg;
  85   }
  86
  87   /* management */
  88   if(FCTL_TYPE(package[0])==FCTL_TYPE_MGMT) {
  89     info->count_m++;
  90
  91     /* beacon frames */
  92     if(FCTL_STYPE(package[0])==FCTL_STYPE_BEACON) {
  93       f3hdr=(t_frame3_hdr *)package;
  94       beacon_fb=(t_beacon_fb *)(package+sizeof(t_frame3_hdr));
  95       // check sta
  96       memcpy(new_sta.addr,f3hdr->addr2,ADDR_LEN);
  97       memcpy(new_sta.bssid,f3hdr->addr3,ADDR_LEN);
  98       ret=list_search_data(&(info->sniffed_sta),&new_sta,ADDR_LEN);
  99       if((ret==L_EMPTY_LIST)|(ret==L_NO_SUCH_ELEMENT)) {
 100         list_add_element(&(info->sniffed_sta),&new_sta,sizeof(t_sta));
 101         sta=(t_sta *)info->sniffed_sta.current->data;
 102         new=1;
 103       }
 104       else sta=(t_sta *)info->sniffed_sta.current->data;
 105       // fill in stuff ...
 106       memcpy(sta->ssid,beacon_fb->ssid,beacon_fb->ssid_length);
 107       if((CAP_INFO_ESS(beacon_fb->cap_info))&
 108          (CAP_INFO_IBSS(beacon_fb->cap_info)==0)) sta->ap=AP;
 109       if(CAP_INFO_PRIVACY(beacon_fb->cap_info)) sta->wep=WEP;
 110       sta->count_mgmt++;
 111       switch_active_state(&(sta->active));
 112       if(info->mode&MODE_IEEE80211) sta->sq=0;
 113       else if(info->mode&MODE_PRISM)
 114         sta->sq=(prismhdr->signal.data)-(prismhdr->noise.data);
 115       strncpy(string,"last: beacon, source: ",MESSAGE_MAX);
 116       for(i=0;i<ADDR_LEN;i++)
 117         snprintf(&string[22+3*i],4,"%02x%c",sta->addr[i],
 118                  (i==ADDR_LEN-1)?'.':':');
 119       string[22+3*ADDR_LEN+1]=0;
 120       display_console(info,string);
 121       if(new) {
 122         snprintf(sc,MAX_SYSCALL_CHARS,
 123                  "flite 'access point found: %s'",
 124                  sta->ssid);
 125         system(sc);
 126         if(sta->wep&WEP) strncpy(sc,"flite ' crypted'",MAX_SYSCALL_CHARS);
 127         else strncpy(sc,"flite 'not crypted'",MAX_SYSCALL_CHARS);
 128         system(sc);
 129       }
 130     }
 131
 132   }
 133
 134   /* control */
 135   else if(FCTL_TYPE(package[0])==FCTL_TYPE_CTRL) {
 136     info->count_c++;
 137     display_console(info,"last: got control frame");
 138   }
 139
 140   /* data */
 141   else if(FCTL_TYPE(package[0])==FCTL_TYPE_DATA) {
 142     info->count_d++;
 143
 144     //if(FCTL_STYPE(package[0])==FCTL_STYPE_DATA) {
 145       if(FCTL_TODS(package[0])&FCTL_FROMDS(package[0])) {
 146         f4hdr=(t_frame4_hdr *)package;
 147         data=package+sizeof(t_frame4_hdr);
 148         memcpy(new_sta.addr,f4hdr->addr4,ADDR_LEN);
 149         foo=1;
 150       }
 151       else {
 152         f3hdr=(t_frame3_hdr *)package;
 153         data=package+sizeof(t_frame3_hdr);
 154         if(FCTL_TODS(package[0])) {
 155           memcpy(new_sta.addr,f3hdr->addr2,ADDR_LEN);
 156           memcpy(new_sta.bssid,f3hdr->addr1,ADDR_LEN);
 157         }
 158         else if(FCTL_FROMDS(package[0])) {
 159           memcpy(new_sta.addr,f3hdr->addr3,ADDR_LEN);
 160           memcpy(new_sta.bssid,f3hdr->addr2,ADDR_LEN);
 161         }
 162         else {
 163           memcpy(new_sta.addr,f3hdr->addr2,ADDR_LEN);
 164           memcpy(new_sta.bssid,f3hdr->addr3,ADDR_LEN);
 165         }
 166       }
 167
 168       ret=list_search_data(&(info->sniffed_sta),&new_sta,ADDR_LEN);
 169       if((ret==L_EMPTY_LIST)|(ret==L_NO_SUCH_ELEMENT)) {
 170         list_add_element(&(info->sniffed_sta),&new_sta,sizeof(t_sta));
 171         sta=(t_sta *)info->sniffed_sta.current->data;
 172         new=1;
 173       }
 174       else sta=(t_sta *)info->sniffed_sta.current->data;
 175       if(!(sta->ap)) {
 176         ret=list_count(&(info->sniffed_sta));
 177         list_reset(&(info->sniffed_sta));
 178         for(i=0;i<ret;i++) {
 179           cmp_sta=(t_sta *)info->sniffed_sta.current->data;
 180           if(!memcmp(cmp_sta->bssid,sta->bssid,ADDR_LEN)) {
 181             if(FCTL_FROMDS(package[0]))
 182               snprintf(sta->ssid,MAX_SSID_LEN,"<- %s",cmp_sta->ssid);
 183             else if(FCTL_TODS(package[0]))
 184               snprintf(sta->ssid,MAX_SSID_LEN,"-> %s",cmp_sta->ssid);
 185             else
 186               snprintf(sta->ssid,MAX_SSID_LEN,"<> %s",cmp_sta->ssid);
 187             break;
 188           }
 189           list_next(&(info->sniffed_sta));
 190         }
 191       }
 192       // fill in stuff ...
 193       sta->count_data++;
 194       switch_active_state(&(sta->active));
 195       if(info->mode&MODE_IEEE80211) sta->sq=0;
 196       else if(info->mode&MODE_PRISM)
 197         sta->sq=(prismhdr->signal.data)-(prismhdr->noise.data);
 198       if(new) {
 199         strcpy(sc,"flite 'station found by data package'");
 200         system(sc);
 201         if(foo) {
 202           sta->wds=1;
 203           strcpy(sc,"flite 'wds package'");
 204           system(sc);
 205         }
 206         memcpy(sta->snap,data,10);
 207         if((data[0]==0xaa)&(data[1]==0xaa)&(data[2]==0x03)&
 208            (data[3]==0x00)&(data[4]==0x00)&(data[5]==0x00)) {
 209           sta->wep=0;
 210           strcpy(sc,"flite 'not crypted'");
 211           system(sc);
 212         }
 213         else {
 214           sta->wep=WEP;
 215           strcpy(sc,"flite ' crypted'");
 216           system(sc);
 217         }
 218       }
 219
 220     //}
 221
 222     display_console(info,"last: got data frame");
 223   }
 224
 225   if(info->dump_handle!=NULL) pcap_dump((unsigned char *)(info->dump_handle),pcap_header,pkg);
 226
 227 }