1 /* 2 This file is part of Kismet 3 4 Kismet is free software; you can redistribute it and/or modify 5 it under the terms of the GNU General Public License as published by 6 the Free Software Foundation; either version 2 of the License, or 7 (at your option) any later version. 8 9 Kismet is distributed in the hope that it will be useful, 10 but WITHOUT ANY WARRANTY; without even the implied warranty of 11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 GNU General Public License for more details. 13 14 You should have received a copy of the GNU General Public License 15 along with Kismet; if not, write to the Free Software 16 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA 17 */ 18 19 #ifndef __PACKET_H__ 20 #define __PACKET_H__ 21 22 #include "config.h" 23 24 #ifdef HAVE_STDINT_H 25 #include <stdint.h> 26 #endif 27 #ifdef HAVE_INTTYPES_H 28 #include <inttypes.h> 29 #endif 30 31 #include <algorithm> 32 #include <string> 33 #include <vector> 34 #include <map> 35 36 #include "macaddr.h" 37 #include "packet_ieee80211.h" 38 39 // This is the main switch for how big the vector is. If something ever starts 40 // bumping up against this we'll need to increase it, but that'll slow down 41 // generating a packet (slightly) so I'm leaving it relatively low. 42 #define MAX_PACKET_COMPONENTS 64 43 44 // Maximum length of a frame 45 #define MAX_PACKET_LEN 8192 46 47 // Same as defined in libpcap/system, but we need to know the basic dot11 DLT 48 // even when we don't have pcap 49 #define KDLT_IEEE802_11 105 50 51 // High-level packet component so that we can provide our own destructors 52 class packet_component { 53 public: packet_component()54 packet_component() { self_destruct = 1; }; ~packet_component()55 virtual ~packet_component() { } 56 int self_destruct; 57 }; 58 59 // Overall packet container that holds packet information 60 class kis_packet { 61 public: 62 // Time of packet creation 63 struct timeval ts; 64 65 // Do we know this is in error from the capture source 66 // itself? 67 int error; 68 69 // Actual vector of bits in the packet 70 vector<packet_component *> content_vec; 71 72 // Init stuff kis_packet()73 kis_packet() { 74 error = 0; 75 76 // Stock and init the content vector 77 content_vec.resize(MAX_PACKET_COMPONENTS, NULL); 78 /* 79 for (unsigned int y = 0; y < MAX_PACKET_COMPONENTS; y++) 80 content_vec[y] = NULL; 81 */ 82 } 83 ~kis_packet()84 ~kis_packet() { 85 // Delete everything we contain when we die. I hope whomever put 86 // it there expected this. 87 for (unsigned int y = 0; y < MAX_PACKET_COMPONENTS; y++) { 88 packet_component *pcm = content_vec[y]; 89 90 if (pcm == NULL) 91 continue; 92 93 // If it's marked for self-destruction, delete it. Otherwise, 94 // someone else is responsible for removing it. 95 if (pcm->self_destruct) 96 delete pcm; 97 98 content_vec[y] = NULL; 99 } 100 } 101 insert(const unsigned int index,packet_component * data)102 inline void insert(const unsigned int index, packet_component *data) { 103 if (index >= MAX_PACKET_COMPONENTS) 104 return; 105 content_vec[index] = data; 106 } fetch(const unsigned int index)107 inline void *fetch(const unsigned int index) { 108 if (index >= MAX_PACKET_COMPONENTS) 109 return NULL; 110 111 return content_vec[index]; 112 } erase(const unsigned int index)113 inline void erase(const unsigned int index) { 114 if (index >= MAX_PACKET_COMPONENTS) 115 return; 116 117 // Delete it if we can - both from our array and from 118 // memory. Whatever inserted it had better expect this 119 // to happen or it will be very unhappy 120 if (content_vec[index] != NULL) { 121 if (content_vec[index]->self_destruct) 122 delete content_vec[index]; 123 124 content_vec[index] = NULL; 125 } 126 } 127 inline packet_component *operator[] (const unsigned int& index) const { 128 if (index >= MAX_PACKET_COMPONENTS) 129 return NULL; 130 131 return content_vec[index]; 132 } 133 }; 134 135 // Arbitrary 802.11 data chunk 136 class kis_datachunk : public packet_component { 137 public: 138 uint8_t *data; 139 unsigned int length; 140 int dlt; 141 uint16_t source_id; 142 kis_datachunk()143 kis_datachunk() { 144 self_destruct = 1; // Our delete() handles everything 145 data = NULL; 146 length = 0; 147 source_id = 0; 148 } 149 ~kis_datachunk()150 virtual ~kis_datachunk() { 151 delete[] data; 152 length = 0; 153 } 154 }; 155 156 class kis_fcs_bytes : public packet_component { 157 public: kis_fcs_bytes()158 kis_fcs_bytes() { 159 self_destruct = 1; 160 fcs[0] = fcs[1] = fcs[2] = fcs[3] = 0; 161 fcsp = (uint32_t *) fcs; 162 fcsvalid = 0; 163 } 164 165 uint8_t fcs[4]; 166 uint32_t *fcsp; 167 int fcsvalid; 168 }; 169 170 // Dot11d struct 171 struct dot11d_range_info { dot11d_range_infodot11d_range_info172 dot11d_range_info() { 173 startchan = 0; 174 numchan = 0; 175 txpower = 0; 176 } 177 178 int startchan, numchan, txpower; 179 }; 180 181 182 // Info from the IEEE 802.11 frame headers for kismet 183 class kis_ieee80211_packinfo : public packet_component { 184 public: kis_ieee80211_packinfo()185 kis_ieee80211_packinfo() { 186 self_destruct = 1; // Our delete() handles this 187 corrupt = 0; 188 header_offset = 0; 189 type = packet_unknown; 190 subtype = packet_sub_unknown; 191 mgt_reason_code = 0; 192 ssid_len = 0; 193 ssid_blank = 0; 194 source_mac = mac_addr(0); 195 dest_mac = mac_addr(0); 196 bssid_mac = mac_addr(0); 197 other_mac = mac_addr(0); 198 distrib = distrib_unknown; 199 cryptset = 0; 200 decrypted = 0; 201 fuzzywep = 0; 202 fmsweak = 0; 203 ess = 0; 204 ibss = 0; 205 channel = 0; 206 encrypted = 0; 207 beacon_interval = 0; 208 maxrate = 0; 209 timestamp = 0; 210 sequence_number = 0; 211 frag_number = 0; 212 fragmented = 0; 213 retry = 0; 214 duration = 0; 215 datasize = 0; 216 qos = 0; 217 ssid_csum = 0; 218 dot11d_country = "XXX"; 219 wps = no_wps; 220 wps_manuf = ""; 221 wps_device_name = ""; 222 wps_model_name = ""; 223 wps_model_number = ""; 224 } 225 226 // Corrupt 802.11 frame 227 int corrupt; 228 229 // Offset to data components in frame 230 unsigned int header_offset; 231 232 ieee_80211_type type; 233 ieee_80211_subtype subtype; 234 235 uint8_t mgt_reason_code; 236 237 // Raw SSID 238 string ssid; 239 // Length of the SSID header field 240 int ssid_len; 241 // Is the SSID empty spaces? 242 int ssid_blank; 243 244 // Address set 245 mac_addr source_mac; 246 mac_addr dest_mac; 247 mac_addr bssid_mac; 248 mac_addr other_mac; 249 250 ieee_80211_disttype distrib; 251 252 uint64_t cryptset; 253 int decrypted; // Might as well put this in here? 254 int fuzzywep; 255 int fmsweak; 256 257 // Was it flagged as ess? (ap) 258 int ess; 259 int ibss; 260 261 // What channel does it report 262 int channel; 263 264 // Is this encrypted? 265 int encrypted; 266 int beacon_interval; 267 268 uint16_t qos; 269 270 // Some cisco APs seem to fill in this info field 271 string beacon_info; 272 273 double maxrate; 274 275 uint64_t timestamp; 276 int sequence_number; 277 int frag_number; 278 int fragmented; 279 int retry; 280 281 int duration; 282 283 int datasize; 284 285 uint32_t ssid_csum; 286 287 string dot11d_country; 288 vector<dot11d_range_info> dot11d_vec; 289 290 // WPS information 291 uint8_t wps; 292 // The field below is useful because some APs use 293 // a MAC address with 'Unknown' OUI but will 294 // tell their manufacturer in this field: 295 string wps_manuf; 296 // Some APs give out bogus information on these fields 297 string wps_device_name; 298 string wps_model_name; 299 string wps_model_number; 300 // There's also the serial number field but we don't care 301 // about it because it's almost always bogus. 302 }; 303 304 // some protocols we do try to track 305 enum kis_protocol_info_type { 306 proto_unknown, 307 proto_udp, 308 proto_tcp, 309 proto_arp, 310 proto_dhcp_offer, 311 proto_dhcp_discover, 312 proto_cdp, 313 proto_turbocell, 314 proto_netstumbler_probe, 315 proto_lucent_probe, 316 proto_iapp, 317 proto_leap, 318 proto_ttls, 319 proto_tls, 320 proto_peap, 321 proto_eap_unknown, 322 proto_isakmp, 323 proto_pptp, 324 }; 325 326 class kis_data_packinfo : public packet_component { 327 public: kis_data_packinfo()328 kis_data_packinfo() { 329 self_destruct = 1; // Safe to delete us 330 proto = proto_unknown; 331 ip_source_port = 0; 332 ip_dest_port = 0; 333 ip_source_addr.s_addr = 0; 334 ip_dest_addr.s_addr = 0; 335 ip_netmask_addr.s_addr = 0; 336 ip_gateway_addr.s_addr = 0; 337 field1 = 0; 338 ivset[0] = ivset[1] = ivset[2] = 0; 339 } 340 341 kis_protocol_info_type proto; 342 343 // IP info, we re-use a subset of the kis_protocol_info_type enum to fill 344 // in where we got our IP data from. A little klugey, but really no reason 345 // not to do it 346 int ip_source_port; 347 int ip_dest_port; 348 in_addr ip_source_addr; 349 in_addr ip_dest_addr; 350 in_addr ip_netmask_addr; 351 in_addr ip_gateway_addr; 352 kis_protocol_info_type ip_type; 353 354 // The two CDP fields we really care about for anything 355 string cdp_dev_id; 356 string cdp_port_id; 357 358 // DHCP Discover data 359 string discover_host, discover_vendor; 360 361 // IV 362 uint8_t ivset[3]; 363 364 // An extra field that can be filled in 365 int field1; 366 367 }; 368 369 // Layer 1 radio info record for kismet 370 class kis_layer1_packinfo : public packet_component { 371 public: kis_layer1_packinfo()372 kis_layer1_packinfo() { 373 self_destruct = 1; // Safe to delete us 374 signal_dbm = noise_dbm = 0; 375 signal_rssi = noise_rssi = 0; 376 carrier = carrier_unknown; 377 encoding = encoding_unknown; 378 datarate = 0; 379 freq_mhz = 0; 380 accuracy = 0; 381 } 382 383 // How "accurate" are we? Higher == better. Nothing uses this yet 384 // but we might as well track it here. 385 int accuracy; 386 387 // Frequency seen on 388 int freq_mhz; 389 390 // Connection info 391 int signal_dbm, signal_rssi; 392 int noise_dbm, noise_rssi; 393 394 // What carrier brought us this packet? 395 phy_carrier_type carrier; 396 397 // What encoding? 398 phy_encoding_type encoding; 399 400 // What data rate? 401 int datarate; 402 403 // Checksum, if checksumming is enabled; Only of the non-header 404 // data 405 uint32_t content_checkum; 406 }; 407 408 #endif 409 410