wifi80211.c

FERRET - a broadcast analysis tool This tool is designed to demonstrate the problem of "data seap

	if (length < 28) {
		FRAMERR(frame, "wifi: truncated\n");
		return;
	}

	memcpy(wifimgmt.destination, px+4, 6);
	memcpy(wifimgmt.source, px+10, 6);
	memcpy(wifimgmt.bss_id, px+16, 6);


	process_wifi_fields(seap, frame, px, length, 28, &wifimgmt);

	{
		char maxrate[32];
		if (wifimgmt.maxrate%10)
			_snprintf(maxrate, sizeof(maxrate),"%d.%d-mbps", wifimgmt.maxrate/10, wifimgmt.maxrate%10);
		else
			_snprintf(maxrate, sizeof(maxrate),"%d-mbps", wifimgmt.maxrate/10);


		process_record(seap,
			"proto",	REC_SZ,			"WiFi",				-1,
			"op",		REC_SZ,			"associate",		-1,
			"macaddr",	REC_MACADDR,	wifimgmt.source,			6,
			"SSID",		REC_PRINTABLE,	wifimgmt.ssid,				wifimgmt.ssid_length,
			"BSS",		REC_MACADDR,	wifimgmt.bss_id,			6,
			"maxrate",	REC_SZ,			maxrate,					-1,
			0);
	}
}
void process_wifi_disassociate_request(struct Seaper *seap, struct NetFrame *frame, const unsigned char *px, unsigned length)
{
	struct	WIFI_MGMT wifimgmt;
	unsigned reason;
	memset(&wifimgmt, 0, sizeof(wifimgmt));

	if (length < 26) {
		FRAMERR(frame, "wifi: truncated\n");
		return;
	}

	memcpy(wifimgmt.destination, px+4, 6);
	memcpy(wifimgmt.source, px+10, 6);
	memcpy(wifimgmt.bss_id, px+16, 6);
	reason = ex16le(px+24);

	process_record(seap,
		"proto",	REC_SZ,			"WiFi",				-1,
		"op",		REC_SZ,			"disassociate",		-1,
		"macaddr",	REC_MACADDR,	wifimgmt.source,			6,
		"BSS",		REC_MACADDR,	wifimgmt.bss_id,			6,
		"reason",	REC_UNSIGNED,	&reason, sizeof(reason),
		0);
}

void process_wifi_deauthentication(struct Seaper *seap, struct NetFrame *frame, const unsigned char *px, unsigned length)
{
	struct	WIFI_MGMT wifimgmt;
	unsigned reason;
	memset(&wifimgmt, 0, sizeof(wifimgmt));

	if (length < 26) {
		FRAMERR(frame, "wifi: truncated\n");
		return;
	}

	memcpy(wifimgmt.destination, px+4, 6);
	memcpy(wifimgmt.source, px+10, 6);
	memcpy(wifimgmt.bss_id, px+16, 6);
	reason = ex16le(px+24);

	process_record(seap,
		"proto",	REC_SZ,			"WiFi",				-1,
		"op",		REC_SZ,			"deauthentication",		-1,
		"macaddr",	REC_MACADDR,	wifimgmt.source,			6,
		"BSS",		REC_MACADDR,	wifimgmt.bss_id,			6,
		"reason",	REC_UNSIGNED,	&reason, sizeof(reason),
		0);
}

void process_wifi_beacon(struct Seaper *seap, struct NetFrame *frame, const unsigned char *px, unsigned length)
{
	unsigned offset;

	struct	WIFI_MGMT wifimgmt;
	memset(&wifimgmt, 0, sizeof(wifimgmt));

	if (length < 24) {
		FRAMERR(frame, "wifi: truncated\n");
		return;
	}

	memcpy(wifimgmt.source, px+10, 6);

	/* Process variable tags */
	offset = 24;

	offset += 8; /* timestamp */

	offset += 2; /* beacon interval */

	offset += 2; /* capability information */

	process_wifi_fields(seap, frame, px, length, offset, &wifimgmt);

	{
		char maxrate[32];
		if (wifimgmt.maxrate%10)
			_snprintf(maxrate, sizeof(maxrate),"%d.%d-mbps", wifimgmt.maxrate/10, wifimgmt.maxrate%10);
		else
			_snprintf(maxrate, sizeof(maxrate),"%d-mbps", wifimgmt.maxrate/10);

		process_record(seap,
			"proto",	REC_SZ,			"WiFi",				-1,
			"op",		REC_SZ,			"beacon",		-1,
			"macaddr",	REC_MACADDR,	wifimgmt.source,			6,
			"SSID",		REC_PRINTABLE,	wifimgmt.ssid,				wifimgmt.ssid_length,
			"maxrate",	REC_SZ,			maxrate,					-1,
			"channel",	REC_UNSIGNED,	&wifimgmt.channel,			sizeof(wifimgmt.channel),
			0);
	}
}

void process_wifi_data(struct Seaper *seap, struct NetFrame *frame, const unsigned char *px, unsigned length)
{
	unsigned offset;
	unsigned ethertype;
	unsigned oui;

	if (length <= 24) {
		; //FRAMERR(frame, "wifi.data: too short\n");
		return;
	}

	if (px[1] & 0x01) {
		frame->bss_mac = px+4;
		frame->src_mac = px+10;
		frame->dst_mac = px+16;
	} else {
		frame->dst_mac = px+4;
		frame->bss_mac = px+10;
		frame->src_mac = px+16;
	}

	/* Fragment control */
	{
		unsigned more_data = ((px[1] & 0x20)>0);
		unsigned fragment_number;

		more_data;fragment_number;
	}
	offset = 24;
	if (px[0] == 0x88)
		offset+=2;


	/* Look for SAP header */
	if (offset + 6 >= length) {
		FRAMERR(frame, "wifi.sap: too short\n");
		return;
	}

	if (memcmp(px+offset, "\xaa\xaa\x03", 3) != 0) {
		process_record(seap,
			"proto",	REC_SZ,			"WiFi",				-1,
			"op",		REC_SZ,			"data.unknown",		-1,
			"wifi.data",REC_PRINTABLE,	px+offset,				length-offset,
			0);
		return;
	}
	offset +=3 ;

	oui = ex24be(px+offset);
	SAMPLE("SAP", "ethertype", REC_UNSIGNED, &oui, sizeof(oui));

	/* Look for OUI code */
	switch (oui){
	case 0x000000:
		/* fall through below */
		break;
	case 0x004096: /* Cisco Wireless */
		return;
		break;
	case 0x00000c:
		offset +=3;
		if (offset < length)
		process_cisco00000c(seap, frame, px+offset, length-offset);
		return;
	case 0x080007:
		break; /*apple*/
	default:
		FRAMERR(frame, "Unknown SAP OUI: 0x%06x\n", oui);
		return;
	}
	offset +=3;

	/* EtherType */
	if (offset+2 >= length) {
		FRAMERR(frame, "ethertype: packet too short\n");
		return;
	}

	ethertype = ex16be(px+offset);
	offset += 2;

	switch (ethertype) {
	case 0x0800:
		process_ip(seap, frame, px+offset, length-offset);
		break;
	case 0x0806:
		process_arp(seap, frame, px+offset, length-offset);
		break;
	case 0x888e: /*802.11x authentication*/
		process_802_1x_auth(seap, frame, px+offset, length-offset);
		break;
	case 0x86dd: /* IPv6*/
		process_ipv6(seap, frame, px+offset, length-offset);
		break;
	case 0x809b:
		process_ipv6(seap, frame, px+offset, length-offset);
		break;
	case 0x872d: /* Cisco OWL */
		break;

	default:
		if (ethertype == length-offset && ex16be(px+offset) == 0xAAAA) {
			;
		}
		else
			FRAMERR_BADVAL(frame, "ethertype", ethertype);
	}
}

void process_wifi_frame(struct Seaper *seap, struct NetFrame *frame, const unsigned char *px, unsigned length)
{
	switch (px[0]) {
	case 0x00: /* association request */
		process_wifi_associate_request(seap, frame, px, length);
		break;
	case 0xa0:
		process_wifi_disassociate_request(seap, frame, px, length);
		break;
	case 0xc0:
		process_wifi_deauthentication(seap, frame, px, length);
		break;

	case 0x10: /*assocation response */
		break;
	case 0xD4: /*acknowledgement*/
		break;
	case 0x80: /*beacon*/
		process_wifi_beacon(seap, frame, px, length);
		break;
	case 0x40:
		process_wifi_probe(seap, frame, px, length);
		break;
	case 0x50:
		process_wifi_proberesponse(seap, frame, px, length);
		break;
	case 0x08: /*data*/
		if (px[1] & 0x40)
			break;
		process_wifi_data(seap, frame, px, length);
		break;
	case 0x88: /* QoS data */
		if (px[1] & 0x40)
			break;
		process_wifi_data(seap, frame, px, length);
		break;
	case 0x48: /*NULL function*/
		break;
	case 0xb0: /*authentication*/
		break;
	case 0xb4: /*request to send*/
		break;
	case 0xC4: /*clear to send */
		break;
	case 0x30: /*reassociation response*/
		break;
	case 0xc8: /*QoS Null function*/
		break;
	case 0xa4: /*Power Save Poll */
		break;
	case 0x20: /* Reassociation Request */
		break;
	default:
		FRAMERR(frame, "unknown wifi packet [0x%02x]\n", px[0]);

	}
}