now counts mgmt beacons

AUTHORS

@@ -1,20 +1,21 @@
-New Primary Maintainer:
-  Simson L. Garfinkel <[email protected]>
-  http://www.simson.net/
+MAINTAINER
+==========
+Simson L. Garfinkel <[email protected]>
 
-Original author:
-  Jeremy Elson <[email protected]>
-  http://www.circlemud.org/~jelson
 
+ACKNOWLEDGEMENTS
+================
+Thanks to:
+* Jeffrey Pang, for the radiotap implementation
+* Doug Madory, for the  Wifi parser
+* Jeremy Elson, for the original idea and initial tcp/ip implementation
 
-Contributions were made by:
+Additional and thanks:
 
--- Johnny Tevessen <[email protected]>, for Linux systems still
-   using libc5.
+* Johnny Tevessen <[email protected]>, for Linux systems still using libc5.
 
--- Ross Golder <[email protected]>, for a spec file for generating
-   tcpflow RPMs.
+* Ross Golder <[email protected]>, for a spec file for generating tcpflow RPMs.
 
--- Jose M. Alcaide <[email protected]>, patch for the -r option
+* Jose M. Alcaide <[email protected]>, patch for the -r option
 
 

ChangeLog

@@ -1,5 +1,7 @@
 2013-11-18  Basic  <[email protected]>
 
+	* src/wifipcap/wifipcap.cpp (WifipcapCallbacks::decode_data_frame): now calls Handle80211Data() for all data packets
+
 	* configure.ac: changes to test per Ryan Schmidt <[email protected]>
 
 2013-11-17  Basic  <[email protected]>

src/datalink.cpp

@@ -60,7 +60,7 @@ void dl_null(u_char *user, const struct pcap_pkthdr *h, const u_char *p)
 }
 #pragma GCC diagnostic warning "-Wcast-align"
 
-uint64_t counter=0;
+static uint64_t counter=0;
 /* DLT_RAW: just a raw IP packet, no encapsulation or link-layer
  * headers.  Used for PPP connections under some OSs including Linux
  * and IRIX. */

src/datalink_wifi.cpp

@@ -5,128 +5,63 @@
  */ 
 
 #include "tcpflow.h"
-#include "wifipcap.h"
-#include <algorithm>
-#include <map>
-
-
-bool opt_enforce_80211_frame_checksum = true; // by default, only give good checksums
+#include "datalink_wifi.h"
 
 /**
  * TFCB --- TCPFLOW callbacks for wifippcap
  */
 
-class TFCB : public WifipcapCallbacks {
-private:
-    bool fcs_ok;                        // framechecksum is okay!
-    typedef pair<const WifipcapCallbacks::MAC *,const char *> mac_ssid_pair;
-    typedef struct {
-        bool operator() (const mac_ssid_pair &a, const mac_ssid_pair &b) const {
-            if (*(a.first) < (*(b.first))) return true;
-            if (*(b.first) < (*(a.first))) return false;
-            return strcmp(a.second,b.second) < 0;
-        }
-    } mac_ssid_pair_lt;
-    typedef std::set<mac_ssid_pair,mac_ssid_pair_lt> mac_ssids_seen_t;
-    mac_ssids_seen_t mac_ssids_seen;
-
-public:
-    TFCB():fcs_ok(),mac_ssids_seen(){};
-
-#define DEBUG_WIFI
-#ifdef DEBUG_WIFI
-    void PacketBegin(const struct timeval& t, const u_char *pkt, u_int len, int origlen) {
-	cout << t << " {" << endl;
-    }
-    void PacketEnd() {
-	cout << "}" << endl;
-    }
-#endif
-
-    bool Check80211FCS() { return opt_enforce_80211_frame_checksum; } // check the frame checksums
-    void Handle80211(const struct timeval& t, u_int16_t fc, const MAC& sa, const MAC& da, const MAC& ra, const MAC& ta,
+void TFCB::Handle80211(const struct timeval& t, u_int16_t fc, const MAC& sa, const MAC& da, const MAC& ra, const MAC& ta,
                      const u_char *ptr, u_int len, bool flag) {
-	this->fcs_ok = flag;
-    }
-
-    void HandleLLC(const struct timeval& t, const struct llc_hdr_t *hdr, const u_char *rest, u_int len) {
-        if (opt_enforce_80211_frame_checksum && !fcs_ok) return;
 #ifdef DEBUG_WIFI
-        cout << "  " << "802.11 LLC :\t" << "len=" << len << endl;
+        cout << "  Handle80211( fcs=" << (int)flag << " len=" << len << ") ";
 #endif
+	this->fcs_ok = flag;            // the frame checksum
     }
 
-    void Handle80211DataFromAP(const struct timeval& t, const data_hdr_t *hdr, const u_char *rest, u_int len) {
+void TFCB::HandleLLC(const struct timeval& t, const struct llc_hdr_t *hdr, const u_char *rest, u_int len) {
+        struct timeval tv;
         if (opt_enforce_80211_frame_checksum && !fcs_ok) return;
 #ifdef DEBUG_WIFI
-        cout << hdr->sa;
-        cout << "  " << "802.11 data from AP:\t" 
-             << hdr->sa << " -> " << hdr->da << "\t" << len << endl;
+        cout << "  HandleLLC(len=" << len << ") ";
 #endif
-        struct timeval tv;
-        /* TK1: Does the pcap header make sense? */
-        /* TK2: How do we get and preserve the the three MAC addresses? */
-
         sbuf_t sb(pos0_t(),rest,len,len,0);
-        sb.hex_dump(std::cout);
 
-        rest += 10;                     // where does 10 come from? 
-        len -= 10;
-
-        be13::packet_info pi(DLT_IEEE802_11,(const pcap_pkthdr *)0,(const u_char *)0,tvshift(tv,t),rest,len);
-        printf("pi.ip_version=%d\n",pi.ip_version());
-        be13::plugin::process_packet(pi);
-    }
-    void Handle80211DataToAP(const struct timeval& t, const data_hdr_t *hdr, const u_char *rest, u_int len) {
-        if (opt_enforce_80211_frame_checksum && !fcs_ok) return;
-#ifdef DEBUG_WIFI
-        cout << "  " << "802.11 data to AP:\t" 
-             << hdr->sa << " -> " << hdr->da << "\t" << len << endl;
-#endif
-        struct timeval tv;
-        /* TK1: Does the pcap header make sense? */
-        /* TK2: How do we get and preserve the the three MAC addresses? */
         be13::packet_info pi(DLT_IEEE802_11,(const pcap_pkthdr *)0,(const u_char *)0,tvshift(tv,t),rest,len);
         be13::plugin::process_packet(pi);
     }
 
-    /* This implementation only cares about beacons, so that's all we record */
-    void Handle80211MgmtBeacon(const struct timeval& t, const mgmt_header_t *hdr, const mgmt_body_t *body) {
-        if (opt_enforce_80211_frame_checksum && !fcs_ok) return;
+void TFCB::Handle80211MgmtBeacon(const struct timeval& t, const mgmt_header_t *hdr, const mgmt_body_t *body)
+{
+    if (opt_enforce_80211_frame_checksum && fcs_ok==0) return;
 #ifdef DEBUG_WIFI
-        cout << "  " << "802.11 mgmt:\t" 
-             << hdr->sa << "\tbeacon\t\"" << body->ssid.ssid << "\"" << endl;
+    std::cerr << "  " << "802.11 mgmt: " << hdr->sa << " beacon " << body->ssid.ssid << "\"";
 #endif
-        mac_ssid_pair ptest(&hdr->sa,body->ssid.ssid);
-
-        //cout << "check " << hdr->sa << " to " << body->ssid.ssid << "\n";
-
-
-        if(mac_ssids_seen.find(ptest)==mac_ssids_seen.end()){
-            const MAC *m2 = new MAC(hdr->sa);
-            const char *s2 = strdup(body->ssid.ssid);
-            mac_ssid_pair pi(m2,s2);
-
-            cout << "new mapping " << *ptest.first << "->" << ptest.second << "\n";
-            mac_ssids_seen.insert(pi);
-            /* TK3: How do we get this into the XML? */
-        }
+    mac_ssid bcn(hdr->sa,std::string(body->ssid.ssid,body->ssid.length));
+    mac_to_ssid[bcn] += 1;
+    for(mac_ssid_map_t::const_iterator it=mac_to_ssid.begin();it!=mac_to_ssid.end();it++){
+        std::cerr << (*it).first.mac << " => " << (*it).first.ssid << " (" << (*it).second << ")\n";
     }
-};
+    std::cerr << "\n";
+}
+
 
 /* Entrance point */
 static Wifipcap wcap;
-static TFCB tfcb;
+TFCB theTFCB;
+static int counter=0;
 void dl_ieee802_11_radio(u_char *user, const struct pcap_pkthdr *h, const u_char *p)
 {
-    Wifipcap::PcapUserData data(&wcap,&tfcb,DLT_IEEE802_11_RADIO);
-    Wifipcap::dl_ieee802_11_radio(reinterpret_cast<u_char *>(&data),h,p);
+    printf("counter=%d\n",counter++);
+    //WifipcapCallbacks::debug = 1;
+    Wifipcap::PcapUserData data(&wcap,&theTFCB,DLT_IEEE802_11_RADIO);
+    Wifipcap::dl_ieee802_11_radio(data,h,p);
 }    
 
 void dl_prism(u_char *user, const struct pcap_pkthdr *h, const u_char *p)
 {
-    Wifipcap::PcapUserData data(&wcap,&tfcb,DLT_PRISM_HEADER);
-    Wifipcap::dl_prism(reinterpret_cast<u_char *>(&data),h,p);
+    Wifipcap::PcapUserData data(&wcap,&theTFCB,DLT_PRISM_HEADER);
+    Wifipcap::dl_prism(data,h,p);
 }    
 
 

src/datalink_wifi.h

@@ -0,0 +1,61 @@
+#ifndef DATALINK_WIFI_H
+#define DATALINK_WIFI_H
+
+#include <algorithm>
+#include <map>
+#include "wifipcap.h"
+
+//#define DEBUG_WIFI
+
+class TFCB : public WifipcapCallbacks {
+private:
+
+public:
+    bool fcs_ok;                        // framechecksum is okay!
+    bool opt_enforce_80211_frame_checksum;
+
+    typedef struct mac_ssid {
+        mac_ssid(const WifipcapCallbacks::MAC &mac_,const std::string &ssid_):mac(mac_),ssid(ssid_){}
+        const WifipcapCallbacks::MAC mac;
+        const std::string ssid;
+        bool operator<(const struct mac_ssid &b) const{
+            if (mac < b.mac) return true;
+            if (b.mac < mac) return false;
+            return ssid < b.ssid;
+        };
+    } mac_ssid_t;
+
+
+
+    typedef struct {
+        bool operator() (const struct mac_ssid &a, const struct mac_ssid &b) const {
+            if (a.mac < b.mac) return true;
+            if (b.mac < a.mac) return false;
+            return a.ssid < b.ssid;
+        }
+    } mac_ssid_lt;
+    typedef std::set<mac_ssid_t,mac_ssid_lt> mac_ssid_set_t;
+    typedef std::map<mac_ssid_t,uint64_t> mac_ssid_map_t;
+    mac_ssid_map_t mac_to_ssid;        // mapping of macs to SSIDs
+
+    static TFCB   theTFCB;
+    TFCB():fcs_ok(),opt_enforce_80211_frame_checksum(true),mac_to_ssid(){}
+
+#ifdef DEBUG_WIFI
+    void PacketBegin(const struct timeval& t, const u_char *pkt, u_int len, int origlen) {
+	cout << t << " {";
+    }
+    void PacketEnd() {
+	cout << "}" << std::endl;
+    }
+#endif
+
+    bool Check80211FCS() { return true; }               // always check the frame checksums
+    void Handle80211(const struct timeval& t, u_int16_t fc, const MAC& sa, const MAC& da, const MAC& ra, const MAC& ta,
+                     const u_char *ptr, u_int len, bool flag);
+
+    void HandleLLC(const struct timeval& t, const struct llc_hdr_t *hdr, const u_char *rest, u_int len);
+    void Handle80211MgmtBeacon(const struct timeval& t, const mgmt_header_t *hdr, const mgmt_body_t *body);
+};
+
+#endif

src/wifipcap/README.txt

@@ -1,5 +1,17 @@
+MAINTAINER
+==========
+Simson L. Garfinkel <[email protected]>
+
+
+ACKNOWLEDGEMENTS
+================
+Thanks to:
+* Jeffrey Pang, for the radiotap implementation
+* Doug Madory, for the  Wifi parser
+* Jeremy Elson, for the original idea and initial tcp/ip implementation
+
 Title:   Wifipcap Library
-Authors: Jeff Pang <[email protected]>
+Authors: Jeff Pang, 
          Simson L. Garfinkel
 
 Description:

src/wifipcap/TimeVal.cpp

@@ -36,7 +36,7 @@ copyright       : (C) 2003      Jeff Pang        ( [email protected] )
 #include <cstdio>
 #include "TimeVal.h"
 
-using namespace std;
+                  //using namespace std;
 
 TimeVal TIME_NONE = {0,0};