From e0585c09c6eca4aa0af0a5a658e6e711fb76d3a5 Mon Sep 17 00:00:00 2001
From: hackbard <hackbard>
Date: Wed, 1 Jun 2005 22:21:18 +0000
Subject: [PATCH] begin to parse frame ctl hdr + listing sta's

---
 main.c  |  27 +++++++++++----
 main.h  |   6 ++--
 parse.c |  45 ++++++++++++++-----------
 parse.h | 103 +++++++++++++++++++++++++++++++++++++++++++++++++++++---
 4 files changed, 148 insertions(+), 33 deletions(-)

diff --git a/main.c b/main.c
index 2c5a41f..699eeac 100644
--- a/main.c
+++ b/main.c
@@ -103,6 +103,7 @@ int usage(void) {
   puts("\t\t-d <device> \twlan0,eth0");
   puts("\t\t-l <logfile>");
   puts("\t\t-k <key> \t(string)");
+  puts("\t\t-D <file> \t(dump packages to file)");
   puts("\t\t-h \tdisplay this help message");
   puts("");
 
@@ -166,12 +167,19 @@ int main(int argc, char **argv) {
      ++i;
      break;
     case 'l':
-     if ((info.logfile_fd=open(argv[i+1],O_RDWR|O_CREAT))!=0)
+     if((info.log_fd=open(argv[i+1],O_RDWR|O_CREAT))!=0)
       printf("logfile -> %s\n",argv[i+1]);
      else
       puts("warning: can't write to logfile.");
      ++i;
      break;
+    case 'D':
+     if((info.dump_fd=open(argv[i+1],O_RDWR|O_CREAT))!=0)
+      printf("dump file -> %s\n",argv[i+1]);
+     else
+      puts("warning: can't dump to file.");
+     ++i;
+     break;
     case 'd':
      strncpy(info.device,argv[i+1],MAX_DEV_CHARS);
      ++i;
@@ -196,8 +204,13 @@ int main(int argc, char **argv) {
  puts("setting up device ...");
  system(sys_call);
 
- // todo
- logfd=open("/tmp/hdw-sniff.log",O_WRONLY|O_CREAT);
+ if(info.log_fd==0) {
+ if((info.log_fd=open("/tmp/hdw-sniff.log",O_RDWR|O_CREAT))!=0)
+   puts("using logfile /tmp/hdw-sniff.log ...");
+ else {
+   puts("failed to open logfile ...");
+   return -23;
+ }
 
  /* pcap */
  if((info.pcap_handle=pcap_open_live(info.device,BUFSIZ,1,-1,pcap_error))==NULL)
@@ -211,18 +224,20 @@ int main(int argc, char **argv) {
  /* socket fd for channel hopping */
  info.channel_hop_fd=socket(AF_INET,SOCK_DGRAM,0);
 
- display_init(&(info.display),logfd);
+ display_init(&(info.display),info.log_fd);
 
- input_init(&(info.input),logfd);
+ input_init(&(info.input),info.log_fd);
  //input.mode=CONTENT_BUFFER;
  input_ios_init(&info.input);
 
- event_init(&(info.event),logfd);
+ event_init(&(info.event),info.log_fd);
  event_set_timeout(&(info.event),HOP_SEC,HOP_USEC);
 
  event_math(0,&(info.event),READ,ADD);
  event_math(pcap_fd,&(info.event),READ,ADD);
 
+ list_init(&(info.sniffed_sta),info.log_fd);
+
  display_console(&info,"foo");
 
  event_start(&(info.event),&info,react_on_event,hop_channel);
diff --git a/main.h b/main.h
index 0a39b7b..9c2387a 100644
--- a/main.h
+++ b/main.h
@@ -57,13 +57,13 @@ typedef struct s_info {
   int count; /* count packages */
   unsigned char mode; /* monitoring/managed mode */
   char device[MAX_DEV_CHARS]; /* sniffed devie */
-  int logfile_fd; /* file descriptof for logfile */
+  int log_fd; /* file descriptor for logfile */
   int pcap_fd; /* fd for reading pcap events */
+  int dump_fd; /* fd for dumping received packages */
   int current_channel;
   int channel_hop_fd;
-  char key[13]; /* wep key */
   pcap_t *pcap_handle;
-  t_data data;
+  t_list sniffed_sta;
   int view_table;
 } t_info;
 
diff --git a/parse.c b/parse.c
index f60dc04..bae6cd9 100644
--- a/parse.c
+++ b/parse.c
@@ -16,25 +16,30 @@
 
 void parse_package(unsigned char *ptr,const struct pcap_pkthdr *pcap_header,const unsigned char *package) {
 
- t_info *info;
- int i;
-
- info=(t_info *)ptr;
-
- info->count++;
-
- printf("---> package %d --- %s\n",
-	info->count,
-	ctime((const time_t*)&(pcap_header->ts.tv_sec)));
- if(info->mode&MODE_ASCIIOUT) {
-  puts("content in ascii:");
-  for(i=0;i<pcap_header->caplen;i++) printf("%c ",package[i]);
-  puts("");
- }
- if(info->mode&MODE_HEXOUT) {
-  puts("content in ascii:");
-  for(i=0;i<pcap_header->caplen;i++) printf("%x ",package[i]);
-  puts("");
- }
+  t_info *info;
+  int i;
+  t_sta sniffed_sta;
+  int ret;
+
+  info=(t_info *)ptr;
+
+  info->count++;
+
+  if(info->dump_fd!=0) {
+    ret=write(info->dump_fd,pcap_header,sizeof(struct pcap_pkthdr));
+    if(ret!=sizeof(struct pcap_pkthdr))
+      display_console(info->display,"warning, pcap header write failed!");
+    ret=write(info->dump_fd,package,pcap_header->caplen);
+    if(ret!=pcap_header->caplen)
+      display_console(info->display,"warning, package write failed!");
+  }
+  
+  /* maybe there is offset to the actual ieee802.11 frame,
+     for example prism header ... */
+
+
+  /* go on parsing frame ctl header here ... */
+
+  return 23;
 
 }
diff --git a/parse.h b/parse.h
index 1bf727e..ef167ad 100644
--- a/parse.h
+++ b/parse.h
@@ -3,12 +3,107 @@
 #ifndef PARSE_H
 #define PARSE_H
 
-typedef struct s_data {
-  unsigned char **package;
-  int p_count;
+/* ieee802.11 stuff */
 
-} t_data; 
+#define ADDR_LEN 6
 
+typedef struct s_frame4_hdr {
+  u16 frame_ctl;
+  u16 duration_id;
+  u8 addr1[ADDR_LEN]; /* receiver */
+  u8 addr2[ADDR_LEN]; /* transmitter */
+  u8 addr3[ADDR_LEN]; /* destination */
+  u16 seq_ctrl;
+  u8 addr4[ADDR_LEN]; /* source */
+} __attribute__ ((packed)) t_frame4_hdr;
+
+typedef struct s_frame3_hdr {
+  u16 frame_ctl;
+  u16 duration_id;
+  u8 addr1[ADDR_LEN]; /* destination / bssid */
+  u8 addr2[ADDR_LEN]; /* source /bssid */
+  u8 addr3[ADDR_LEN]; /* bssid / source / destination */
+  u16 seq_ctrl;
+} __attribute__ ((packed)) t_frame3_hdr;
+
+typedef struct s_frame2_hdr {
+  u16 frame_ctl;
+  u16 duration_id;
+  u8 addr1[ADDR_LEN]; /* receiver / bssid / receiver */
+  u8 addr2[ADDR_LEN]; /* transmitter / transmitter / bssid */
+  u16 seq_ctrl;
+} __attribute__ ((packed)) t_frame2_hdr;
+
+typedef struct s_frame1_hdr {
+  u16 frame_ctl;
+  u16 duration_id;
+  u8 addr1[ADDR_LEN]; /* receiver */
+  u16 seq_ctrl;
+} __attribute__ ((packed)) t_frame1_hdr;
+
+#define FCTL_VER(X) ((X&0x0003))
+#define FCTL_TYPE(X) ((X&0x000c)>>2)
+#define FCTL_STYPE(X) ((X&0x00f0)>>4)
+#define FCTL_TODS(X) ((X&0x0100)>>8)
+#define FCTL_FROMDS(X) ((X&0x0200)>>9)
+#define FCTL_MOREFRAG(X) ((X&0x0400)>>10)
+#define FCTL_RETRY(X) ((X&0x0800)>>11)
+#define FCTL_PWRMGT(X) ((X&1000)>>12)
+#define FCTL_MOREDATA(X) ((X&0x2000)>>13)
+#define FCTL_WEP(X) ((X&0x4000)>>14)
+#define FCTL_ORDER(X) ((X&0x800)>>15)
+
+#define FCTL_TYPE_MGMT 0
+#define FCTL_TYPE_CTRL 1
+#define FCTL_TYPE_DATA 2
+
+#define FCTL_STYPE_ASSOC_REQ 0x0
+#define FCTL_STYPE_ASSOC_RESP 0x1
+#define FCTL_STYPE_REASSOC_REQ 0x2
+#define FCTL_STYPE_REASSOC_RESP 0x3
+#define FCTL_STYPE_PROBE_REQ 0x4
+#define FCTL_STYPE_PROBE_RESP 0x5
+#define FCTL_STYPE_BEACON 0x8
+#define FCTL_STYPE_ATIM 0x9
+#define FCTL_STYPE_DISASSOC 0xa
+#define FCTL_STYPE_AUTH 0xb
+#define FCTL_STYPE_DEAUTH 0xc
+
+#define FCTL_STYPE_PSPOLL 0xa
+#define FCTL_STYPE_RTS 0xb
+#define FCTL_STYPE_CTS 0xc
+#define FCTL_STYPE_ACK 0xd
+#define FCTL_STYPE_CFEND 0xe
+#define FCTL_STYPE_CFENDACK 0xf
+
+#define FCTL_STYPE_DATA 0x0
+#define FCTL_STYPE_DATA_CFACK 0x1
+#define FCTL_STYPE_DATA_CFPOLL 0x2
+#define FCTL_STYPE_DATA_CFACKPOLL 0x3
+#define FCTL_STYPE_NULLFUNC 0x4
+#define FCTL_STYPE_CFACK 0x5
+#define FCTL_STYPE_CFPOLL 0x6
+#define FCTL_STYPE_CFACKPOLL 0x7
+
+
+/* hdw-sniff stuff */
+
+#define MAX_SSID_LEN 32
+#define AP 1
+#define WEP 1
+#define WEP_MAX_DIGITS 13
+
+typedef struct s_sta {
+  u8 addr[ADDR_LEN];
+  char ssid[MAX_SSID_LEN];
+  u8 ap;
+  u8 wep;
+  int count_mgmt;
+  int count_ctrl;
+  int count_data;
+  char key[WEP_MAX_DIGITS];
+} t_sta;
+  
 /* function prototypes */
 
 #endif
-- 
2.20.1