[my-code/hdw-sniff.git] / parse.c

/*
 * parse.c - parsing of pcap packages
 *
 * author: hackbard@hackdaworld.dyndns.org
 *
 */

#include "parse.h"
#include "main.h"

/* all the parsing stuff will go here
 *
 * different protocols should get to seperated files though ...
 */

unsigned int int_s(unsigned int val) {

  unsigned int swapped;

  swapped=(val&0x000000ff)<<24;
  swapped|=(val&0x0000ff00)<<8;
  swapped|=(val&0x00ff0000)>>8;
  swapped|=(val&0xff000000)>>24;

  return swapped;
}

int switch_active_state(char *state) {

  switch(*state) {
    case '-':
      *state='\\';
      break;
    case '\\':
      *state='|';
      break;
    case '|':
      *state='/';
      break;
    default:
      *state='-';
      break;
  }

  return 23;
}

void parse_package(unsigned char *ptr,const struct pcap_pkthdr *pcap_header,const unsigned char *pkg) {

  t_info *info;
  int i;
  t_sta new_sta;
  t_sta *sta;
  unsigned char *package=NULL;
  //t_frame4_hdr *f4hdr;
  t_frame3_hdr *f3hdr;
  //t_frame2_hdr *f2hdr;
  //t_frame1_hdr *f1hdr;
  t_beacon_fb *beacon_fb;
  t_prism_hdr *prismhdr=NULL;
  int ret;
  char string[MESSAGE_MAX];
  char sc[MAX_SYSCALL_CHARS];
  unsigned char new;

  info=(t_info *)ptr;

  info->count++;

  memset(&new_sta,0,sizeof(t_sta));
  new=0;

  if(info->dump_fd!=0) {
    ret=write(info->dump_fd,pcap_header,sizeof(struct pcap_pkthdr));
    if(ret!=sizeof(struct pcap_pkthdr))
      display_console(info,"warning, pcap header write failed!");
    ret=write(info->dump_fd,package,pcap_header->caplen);
    if(ret!=pcap_header->caplen)
      display_console(info,"warning, package write failed!");
  }
  
  /* maybe there is offset to the actual ieee802.11 frame,
     for example prism header ...
     in that case, hack the source! */
  if(info->mode&MODE_IEEE80211) {
    package=(unsigned char *)pkg;
    prismhdr=NULL;
  }
  else if(info->mode&MODE_PRISM) {
    package=(unsigned char *)pkg+sizeof(t_prism_hdr);
    prismhdr=(t_prism_hdr *)pkg;
  }

  /* management */
  if(FCTL_TYPE(package[0])==FCTL_TYPE_MGMT) {
    info->count_m++;

    /* beacon frames */
    if(FCTL_STYPE(package[0])==FCTL_STYPE_BEACON) {
      f3hdr=(t_frame3_hdr *)package;
      beacon_fb=(t_beacon_fb *)(package+sizeof(t_frame3_hdr));
      // check sta
      memcpy(new_sta.addr,f3hdr->addr2,ADDR_LEN);
      ret=list_search_data(&(info->sniffed_sta),&new_sta,ADDR_LEN);
      if((ret==L_EMPTY_LIST)|(ret==L_NO_SUCH_ELEMENT)) {
        list_add_element(&(info->sniffed_sta),&new_sta,sizeof(t_sta));
        sta=(t_sta *)info->sniffed_sta.current->data;
        new=1;
      }
      else sta=(t_sta *)info->sniffed_sta.current->data;
      // fill in stuff ...
      memcpy(sta->ssid,beacon_fb->ssid,beacon_fb->ssid_length);
      if((CAP_INFO_ESS(beacon_fb->cap_info))&
         (CAP_INFO_IBSS(beacon_fb->cap_info)==0)) sta->ap=AP;
      if(CAP_INFO_PRIVACY(beacon_fb->cap_info)) sta->wep=WEP;
      sta->count_mgmt++;
      switch_active_state(&(sta->active));
      if(info->mode&MODE_IEEE80211) sta->sq=0;
      else if(info->mode&MODE_PRISM)
        sta->sq=(prismhdr->signal.data)-(prismhdr->noise.data);
      strncpy(string,"last: beacon, source: ",MESSAGE_MAX);
      for(i=0;i<ADDR_LEN;i++)
        snprintf(&string[22+3*i],4,"%02x%c",sta->addr[i],
                 (i==ADDR_LEN-1)?'.':':');
      string[22+3*ADDR_LEN+1]=0;
      display_console(info,string);
      if(new) {
        snprintf(sc,MAX_SYSCALL_CHARS,
                 "flite 'access point found: %s'",
                 sta->ssid);
        system(sc);
        if(sta->wep&WEP) strncpy(sc,"flite ' crypted'",MAX_SYSCALL_CHARS);
        else strncpy(sc,"flite 'not crypted'",MAX_SYSCALL_CHARS);
        system(sc);
      } 
    }

  }

  /* control */
  else if(FCTL_TYPE(package[0])==FCTL_TYPE_CTRL) {
    info->count_c++;
    display_console(info,"last: got control frame");
  }

  /* data */
  else if(FCTL_TYPE(package[0])==FCTL_TYPE_DATA) {
    info->count_d++;
    display_console(info,"last: got data frame");
  }


}