| #include <net/if.h> |
| #include <errno.h> |
| #include <string.h> |
| #include <ctype.h> |
| #include <stdbool.h> |
| |
| #include <netlink/genl/genl.h> |
| #include <netlink/genl/family.h> |
| #include <netlink/genl/ctrl.h> |
| #include <netlink/msg.h> |
| #include <netlink/attr.h> |
| |
| #include "nl80211.h" |
| #include "iw.h" |
| |
| #define WLAN_CAPABILITY_ESS (1<<0) |
| #define WLAN_CAPABILITY_IBSS (1<<1) |
| #define WLAN_CAPABILITY_CF_POLLABLE (1<<2) |
| #define WLAN_CAPABILITY_CF_POLL_REQUEST (1<<3) |
| #define WLAN_CAPABILITY_PRIVACY (1<<4) |
| #define WLAN_CAPABILITY_SHORT_PREAMBLE (1<<5) |
| #define WLAN_CAPABILITY_PBCC (1<<6) |
| #define WLAN_CAPABILITY_CHANNEL_AGILITY (1<<7) |
| #define WLAN_CAPABILITY_SPECTRUM_MGMT (1<<8) |
| #define WLAN_CAPABILITY_QOS (1<<9) |
| #define WLAN_CAPABILITY_SHORT_SLOT_TIME (1<<10) |
| #define WLAN_CAPABILITY_APSD (1<<11) |
| #define WLAN_CAPABILITY_DSSS_OFDM (1<<13) |
| |
| static unsigned char ms_oui[3] = { 0x00, 0x50, 0xf2 }; |
| static unsigned char ieee80211_oui[3] = { 0x00, 0x0f, 0xac }; |
| static unsigned char wfa_oui[3] = { 0x50, 0x6f, 0x9a }; |
| |
| struct scan_params { |
| bool unknown; |
| enum print_ie_type type; |
| bool show_both_ie_sets; |
| }; |
| |
| #define IEEE80211_COUNTRY_EXTENSION_ID 201 |
| |
| union ieee80211_country_ie_triplet { |
| struct { |
| __u8 first_channel; |
| __u8 num_channels; |
| __s8 max_power; |
| } __attribute__ ((packed)) chans; |
| struct { |
| __u8 reg_extension_id; |
| __u8 reg_class; |
| __u8 coverage_class; |
| } __attribute__ ((packed)) ext; |
| } __attribute__ ((packed)); |
| |
| static int handle_scan(struct nl80211_state *state, |
| struct nl_cb *cb, |
| struct nl_msg *msg, |
| int argc, char **argv) |
| { |
| struct nl_msg *ssids = NULL, *freqs = NULL; |
| char *eptr; |
| int err = -ENOBUFS; |
| int i; |
| enum { |
| NONE, |
| FREQ, |
| IES, |
| SSID, |
| DONE, |
| } parse = NONE; |
| int freq; |
| bool passive = false, have_ssids = false, have_freqs = false; |
| size_t tmp; |
| unsigned char *ies; |
| |
| ssids = nlmsg_alloc(); |
| if (!ssids) |
| return -ENOMEM; |
| |
| freqs = nlmsg_alloc(); |
| if (!freqs) { |
| nlmsg_free(ssids); |
| return -ENOMEM; |
| } |
| |
| for (i = 0; i < argc; i++) { |
| switch (parse) { |
| case NONE: |
| if (strcmp(argv[i], "freq") == 0) { |
| parse = FREQ; |
| have_freqs = true; |
| break; |
| } else if (strcmp(argv[i], "ies") == 0) { |
| parse = IES; |
| break; |
| } else if (strcmp(argv[i], "ssid") == 0) { |
| parse = SSID; |
| have_ssids = true; |
| break; |
| } else if (strcmp(argv[i], "passive") == 0) { |
| parse = DONE; |
| passive = true; |
| break; |
| } |
| case DONE: |
| return 1; |
| case FREQ: |
| freq = strtoul(argv[i], &eptr, 10); |
| if (eptr != argv[i] + strlen(argv[i])) { |
| /* failed to parse as number -- maybe a tag? */ |
| i--; |
| parse = NONE; |
| continue; |
| } |
| NLA_PUT_U32(freqs, i, freq); |
| break; |
| case IES: |
| ies = parse_hex(argv[i], &tmp); |
| if (!ies) |
| goto nla_put_failure; |
| NLA_PUT(msg, NL80211_ATTR_IE, tmp, ies); |
| free(ies); |
| parse = NONE; |
| break; |
| case SSID: |
| NLA_PUT(ssids, i, strlen(argv[i]), argv[i]); |
| break; |
| } |
| } |
| |
| if (!have_ssids) |
| NLA_PUT(ssids, 1, 0, ""); |
| if (!passive) |
| nla_put_nested(msg, NL80211_ATTR_SCAN_SSIDS, ssids); |
| |
| if (have_freqs) |
| nla_put_nested(msg, NL80211_ATTR_SCAN_FREQUENCIES, freqs); |
| |
| err = 0; |
| nla_put_failure: |
| nlmsg_free(ssids); |
| nlmsg_free(freqs); |
| return err; |
| } |
| |
| static void tab_on_first(bool *first) |
| { |
| if (!*first) |
| printf("\t"); |
| else |
| *first = false; |
| } |
| |
| static void print_ssid(const uint8_t type, uint8_t len, const uint8_t *data) |
| { |
| printf(" "); |
| print_ssid_escaped(len, data); |
| printf("\n"); |
| } |
| |
| static void print_supprates(const uint8_t type, uint8_t len, const uint8_t *data) |
| { |
| int i; |
| |
| printf(" "); |
| |
| for (i = 0; i < len; i++) { |
| int r = data[i] & 0x7f; |
| printf("%d.%d%s ", r/2, 5*(r&1), data[i] & 0x80 ? "*":""); |
| } |
| printf("\n"); |
| } |
| |
| static void print_ds(const uint8_t type, uint8_t len, const uint8_t *data) |
| { |
| printf(" channel %d\n", data[0]); |
| } |
| |
| static const char *country_env_str(char environment) |
| { |
| switch (environment) { |
| case 'I': |
| return "Indoor only"; |
| case 'O': |
| return "Outdoor only"; |
| case ' ': |
| return "Indoor/Outdoor"; |
| default: |
| return "bogus"; |
| } |
| } |
| |
| static void print_country(const uint8_t type, uint8_t len, const uint8_t *data) |
| { |
| printf(" %.*s", 2, data); |
| |
| printf("\tEnvironment: %s\n", country_env_str(data[2])); |
| |
| data += 3; |
| len -= 3; |
| |
| if (len < 3) { |
| printf("\t\tNo country IE triplets present\n"); |
| return; |
| } |
| |
| while (len >= 3) { |
| int end_channel; |
| union ieee80211_country_ie_triplet *triplet = (void *) data; |
| |
| if (triplet->ext.reg_extension_id >= IEEE80211_COUNTRY_EXTENSION_ID) { |
| printf("\t\tExtension ID: %d Regulatory Class: %d Coverage class: %d (up to %dm)\n", |
| triplet->ext.reg_extension_id, |
| triplet->ext.reg_class, |
| triplet->ext.coverage_class, |
| triplet->ext.coverage_class * 450); |
| |
| data += 3; |
| len -= 3; |
| continue; |
| } |
| |
| /* 2 GHz */ |
| if (triplet->chans.first_channel <= 14) |
| end_channel = triplet->chans.first_channel + (triplet->chans.num_channels - 1); |
| else |
| end_channel = triplet->chans.first_channel + (4 * (triplet->chans.num_channels - 1)); |
| |
| printf("\t\tChannels [%d - %d] @ %d dBm\n", triplet->chans.first_channel, end_channel, triplet->chans.max_power); |
| |
| data += 3; |
| len -= 3; |
| } |
| |
| return; |
| } |
| |
| static void print_powerconstraint(const uint8_t type, uint8_t len, const uint8_t *data) |
| { |
| printf(" %d dB\n", data[0]); |
| } |
| |
| static void print_erp(const uint8_t type, uint8_t len, const uint8_t *data) |
| { |
| if (data[0] == 0x00) |
| printf(" <no flags>"); |
| if (data[0] & 0x01) |
| printf(" NonERP_Present"); |
| if (data[0] & 0x02) |
| printf(" Use_Protection"); |
| if (data[0] & 0x04) |
| printf(" Barker_Preamble_Mode"); |
| printf("\n"); |
| } |
| |
| static void print_cipher(const uint8_t *data) |
| { |
| if (memcmp(data, ms_oui, 3) == 0) { |
| switch (data[3]) { |
| case 0: |
| printf("Use group cipher suite"); |
| break; |
| case 1: |
| printf("WEP-40"); |
| break; |
| case 2: |
| printf("TKIP"); |
| break; |
| case 4: |
| printf("CCMP"); |
| break; |
| case 5: |
| printf("WEP-104"); |
| break; |
| default: |
| printf("%.02x-%.02x-%.02x:%d", |
| data[0], data[1] ,data[2], data[3]); |
| break; |
| } |
| } else if (memcmp(data, ieee80211_oui, 3) == 0) { |
| switch (data[3]) { |
| case 0: |
| printf("Use group cipher suite"); |
| break; |
| case 1: |
| printf("WEP-40"); |
| break; |
| case 2: |
| printf("TKIP"); |
| break; |
| case 4: |
| printf("CCMP"); |
| break; |
| case 5: |
| printf("WEP-104"); |
| break; |
| case 6: |
| printf("AES-128-CMAC"); |
| break; |
| default: |
| printf("%.02x-%.02x-%.02x:%d", |
| data[0], data[1] ,data[2], data[3]); |
| break; |
| } |
| } else |
| printf("%.02x-%.02x-%.02x:%d", |
| data[0], data[1] ,data[2], data[3]); |
| } |
| |
| static void print_auth(const uint8_t *data) |
| { |
| if (memcmp(data, ms_oui, 3) == 0) { |
| switch (data[3]) { |
| case 1: |
| printf("IEEE 802.1X"); |
| break; |
| case 2: |
| printf("PSK"); |
| break; |
| default: |
| printf("%.02x-%.02x-%.02x:%d", |
| data[0], data[1] ,data[2], data[3]); |
| break; |
| } |
| } else if (memcmp(data, ieee80211_oui, 3) == 0) { |
| switch (data[3]) { |
| case 1: |
| printf("IEEE 802.1X"); |
| break; |
| case 2: |
| printf("PSK"); |
| break; |
| case 3: |
| printf("FT/IEEE 802.1X"); |
| break; |
| case 4: |
| printf("FT/PSK"); |
| break; |
| case 5: |
| printf("IEEE 802.1X/SHA-256"); |
| break; |
| case 6: |
| printf("PSK/SHA-256"); |
| break; |
| default: |
| printf("%.02x-%.02x-%.02x:%d", |
| data[0], data[1] ,data[2], data[3]); |
| break; |
| } |
| } else |
| printf("%.02x-%.02x-%.02x:%d", |
| data[0], data[1] ,data[2], data[3]); |
| } |
| |
| static void print_rsn_ie(const char *defcipher, const char *defauth, |
| uint8_t len, const uint8_t *data) |
| { |
| bool first = true; |
| __u16 version, count, capa; |
| int i; |
| |
| version = data[0] + (data[1] << 8); |
| tab_on_first(&first); |
| printf("\t * Version: %d\n", version); |
| |
| data += 2; |
| len -= 2; |
| |
| if (len < 4) { |
| tab_on_first(&first); |
| printf("\t * Group cipher: %s\n", defcipher); |
| printf("\t * Pairwise ciphers: %s\n", defcipher); |
| return; |
| } |
| |
| tab_on_first(&first); |
| printf("\t * Group cipher: "); |
| print_cipher(data); |
| printf("\n"); |
| |
| data += 4; |
| len -= 4; |
| |
| if (len < 2) { |
| tab_on_first(&first); |
| printf("\t * Pairwise ciphers: %s\n", defcipher); |
| return; |
| } |
| |
| count = data[0] | (data[1] << 8); |
| if (2 + (count * 4) > len) |
| goto invalid; |
| |
| tab_on_first(&first); |
| printf("\t * Pairwise ciphers:"); |
| for (i = 0; i < count; i++) { |
| printf(" "); |
| print_cipher(data + 2 + (i * 4)); |
| } |
| printf("\n"); |
| |
| data += 2 + (count * 4); |
| len -= 2 + (count * 4); |
| |
| if (len < 2) { |
| tab_on_first(&first); |
| printf("\t * Authentication suites: %s\n", defauth); |
| return; |
| } |
| |
| count = data[0] | (data[1] << 8); |
| if (2 + (count * 4) > len) |
| goto invalid; |
| |
| tab_on_first(&first); |
| printf("\t * Authentication suites:"); |
| for (i = 0; i < count; i++) { |
| printf(" "); |
| print_auth(data + 2 + (i * 4)); |
| } |
| printf("\n"); |
| |
| data += 2 + (count * 4); |
| len -= 2 + (count * 4); |
| |
| if (len >= 2) { |
| capa = data[0] | (data[1] << 8); |
| tab_on_first(&first); |
| printf("\t * Capabilities:"); |
| if (capa & 0x0001) |
| printf(" PreAuth"); |
| if (capa & 0x0002) |
| printf(" NoPairwise"); |
| switch ((capa & 0x000c) >> 2) { |
| case 0: |
| break; |
| case 1: |
| printf(" 2-PTKSA-RC"); |
| break; |
| case 2: |
| printf(" 4-PTKSA-RC"); |
| break; |
| case 3: |
| printf(" 16-PTKSA-RC"); |
| break; |
| } |
| switch ((capa & 0x0030) >> 4) { |
| case 0: |
| break; |
| case 1: |
| printf(" 2-GTKSA-RC"); |
| break; |
| case 2: |
| printf(" 4-GTKSA-RC"); |
| break; |
| case 3: |
| printf(" 16-GTKSA-RC"); |
| break; |
| } |
| if (capa & 0x0040) |
| printf(" MFP-required"); |
| if (capa & 0x0080) |
| printf(" MFP-capable"); |
| if (capa & 0x0200) |
| printf(" Peerkey-enabled"); |
| if (capa & 0x0400) |
| printf(" SPP-AMSDU-capable"); |
| if (capa & 0x0800) |
| printf(" SPP-AMSDU-required"); |
| printf(" (0x%.4x)\n", capa); |
| data += 2; |
| len -= 2; |
| } |
| |
| if (len >= 2) { |
| int pmkid_count = data[0] | (data[1] << 8); |
| |
| if (len >= 2 + 16 * pmkid_count) { |
| tab_on_first(&first); |
| printf("\t * %d PMKIDs\n", pmkid_count); |
| /* not printing PMKID values */ |
| data += 2 + 16 * pmkid_count; |
| len -= 2 + 16 * pmkid_count; |
| } else |
| goto invalid; |
| } |
| |
| if (len >= 4) { |
| tab_on_first(&first); |
| printf("\t * Group mgmt cipher suite: "); |
| print_cipher(data); |
| printf("\n"); |
| data += 4; |
| len -= 4; |
| } |
| |
| invalid: |
| if (len != 0) { |
| printf("\t\t * bogus tail data (%d):", len); |
| while (len) { |
| printf(" %.2x", *data); |
| data++; |
| len--; |
| } |
| printf("\n"); |
| } |
| } |
| |
| static void print_rsn(const uint8_t type, uint8_t len, const uint8_t *data) |
| { |
| print_rsn_ie("CCMP", "IEEE 802.1X", len, data); |
| } |
| |
| static void print_ht_capa(const uint8_t type, uint8_t len, const uint8_t *data) |
| { |
| printf("\n"); |
| print_ht_capability(data[0] | (data[1] << 8)); |
| print_ampdu_length(data[2] & 3); |
| print_ampdu_spacing((data[2] >> 2) & 7); |
| print_ht_mcs(data + 3); |
| } |
| |
| static void print_ht_op(const uint8_t type, uint8_t len, const uint8_t *data) |
| { |
| static const char *offset[4] = { |
| "no secondary", |
| "above", |
| "[reserved!]", |
| "below", |
| }; |
| static const char *protection[4] = { |
| "no", |
| "nonmember", |
| "20 MHz", |
| "non-HT mixed", |
| }; |
| static const char *sta_chan_width[2] = { |
| "20 MHz", |
| "any", |
| }; |
| |
| printf("\n"); |
| printf("\t\t * primary channel: %d\n", data[0]); |
| printf("\t\t * secondary channel offset: %s\n", |
| offset[data[1] & 0x3]); |
| printf("\t\t * STA channel width: %s\n", sta_chan_width[(data[1] & 0x4)>>2]); |
| printf("\t\t * RIFS: %d\n", (data[1] & 0x8)>>3); |
| printf("\t\t * HT protection: %s\n", protection[data[2] & 0x3]); |
| printf("\t\t * non-GF present: %d\n", (data[2] & 0x4) >> 2); |
| printf("\t\t * OBSS non-GF present: %d\n", (data[2] & 0x10) >> 4); |
| printf("\t\t * dual beacon: %d\n", (data[4] & 0x40) >> 6); |
| printf("\t\t * dual CTS protection: %d\n", (data[4] & 0x80) >> 7); |
| printf("\t\t * STBC beacon: %d\n", data[5] & 0x1); |
| printf("\t\t * L-SIG TXOP Prot: %d\n", (data[5] & 0x2) >> 1); |
| printf("\t\t * PCO active: %d\n", (data[5] & 0x4) >> 2); |
| printf("\t\t * PCO phase: %d\n", (data[5] & 0x8) >> 3); |
| } |
| |
| static void print_capabilities(const uint8_t type, uint8_t len, const uint8_t *data) |
| { |
| int i, base, bit; |
| bool first = true; |
| |
| |
| for (i = 0; i < len; i++) { |
| base = i * 8; |
| |
| for (bit = 0; bit < 8; bit++) { |
| if (!(data[i] & (1 << bit))) |
| continue; |
| |
| if (!first) |
| printf(","); |
| else |
| first = false; |
| |
| switch (bit + base) { |
| case 0: |
| printf(" HT Information Exchange Supported"); |
| break; |
| case 1: |
| printf(" On-demand Beacon"); |
| break; |
| case 2: |
| printf(" Extended Channel Switching"); |
| break; |
| case 3: |
| printf(" Wave Indication"); |
| break; |
| case 4: |
| printf(" PSMP Capability"); |
| break; |
| case 5: |
| printf(" Service Interval Granularity"); |
| break; |
| case 6: |
| printf(" S-PSMP Capability"); |
| break; |
| default: |
| printf(" %d", bit); |
| break; |
| } |
| } |
| } |
| |
| printf("\n"); |
| } |
| |
| static void print_tim(const uint8_t type, uint8_t len, const uint8_t *data) |
| { |
| printf(" DTIM Count %u DTIM Period %u Bitmap Control 0x%x " |
| "Bitmap[0] 0x%x", |
| data[0], data[1], data[2], data[3]); |
| if (len - 4) |
| printf(" (+ %u octet%s)", len - 4, len - 4 == 1 ? "" : "s"); |
| printf("\n"); |
| } |
| |
| struct ie_print { |
| const char *name; |
| void (*print)(const uint8_t type, uint8_t len, const uint8_t *data); |
| uint8_t minlen, maxlen; |
| uint8_t flags; |
| }; |
| |
| static void print_ie(const struct ie_print *p, const uint8_t type, |
| uint8_t len, const uint8_t *data) |
| { |
| int i; |
| |
| if (!p->print) |
| return; |
| |
| printf("\t%s:", p->name); |
| if (len < p->minlen || len > p->maxlen) { |
| if (len > 1) { |
| printf(" <invalid: %d bytes:", len); |
| for (i = 0; i < len; i++) |
| printf(" %.02x", data[i]); |
| printf(">\n"); |
| } else if (len) |
| printf(" <invalid: 1 byte: %.02x>\n", data[0]); |
| else |
| printf(" <invalid: no data>\n"); |
| return; |
| } |
| |
| p->print(type, len, data); |
| } |
| |
| #define PRINT_IGN { \ |
| .name = "IGNORE", \ |
| .print = NULL, \ |
| .minlen = 0, \ |
| .maxlen = 255, \ |
| } |
| |
| static const struct ie_print ieprinters[] = { |
| [0] = { "SSID", print_ssid, 0, 32, BIT(PRINT_SCAN) | BIT(PRINT_LINK), }, |
| [1] = { "Supported rates", print_supprates, 0, 255, BIT(PRINT_SCAN), }, |
| [3] = { "DS Parameter set", print_ds, 1, 1, BIT(PRINT_SCAN), }, |
| [5] = { "TIM", print_tim, 4, 255, BIT(PRINT_SCAN), }, |
| [7] = { "Country", print_country, 3, 255, BIT(PRINT_SCAN), }, |
| [32] = { "Power constraint", print_powerconstraint, 1, 1, BIT(PRINT_SCAN), }, |
| [42] = { "ERP", print_erp, 1, 255, BIT(PRINT_SCAN), }, |
| [45] = { "HT capabilities", print_ht_capa, 26, 26, BIT(PRINT_SCAN), }, |
| [61] = { "HT operation", print_ht_op, 22, 22, BIT(PRINT_SCAN), }, |
| [48] = { "RSN", print_rsn, 2, 255, BIT(PRINT_SCAN), }, |
| [50] = { "Extended supported rates", print_supprates, 0, 255, BIT(PRINT_SCAN), }, |
| [127] = { "Extended capabilities", print_capabilities, 0, 255, BIT(PRINT_SCAN), }, |
| }; |
| |
| static void print_wifi_wpa(const uint8_t type, uint8_t len, const uint8_t *data) |
| { |
| print_rsn_ie("TKIP", "IEEE 802.1X", len, data); |
| } |
| |
| static bool print_wifi_wmm_param(const uint8_t *data, uint8_t len) |
| { |
| int i; |
| static const char *aci_tbl[] = { "BE", "BK", "VI", "VO" }; |
| |
| if (len < 19) |
| goto invalid; |
| |
| if (data[0] != 1) { |
| printf("Parameter: not version 1: "); |
| return false; |
| } |
| |
| printf("\t * Parameter version 1"); |
| |
| data++; |
| |
| if (data[0] & 0x80) |
| printf("\n\t\t * u-APSD"); |
| |
| data += 2; |
| |
| for (i = 0; i < 4; i++) { |
| printf("\n\t\t * %s:", aci_tbl[(data[0] >> 5) & 3]); |
| if (data[4] & 0x10) |
| printf(" acm"); |
| printf(" CW %d-%d", (1 << (data[1] & 0xf)) - 1, |
| (1 << (data[1] >> 4)) - 1); |
| printf(", AIFSN %d", data[0] & 0xf); |
| if (data[2] | data[3]) |
| printf(", TXOP %d usec", (data[2] + (data[3] << 8)) * 32); |
| data += 4; |
| } |
| |
| printf("\n"); |
| return true; |
| |
| invalid: |
| printf("invalid: "); |
| return false; |
| } |
| |
| static void print_wifi_wmm(const uint8_t type, uint8_t len, const uint8_t *data) |
| { |
| int i; |
| |
| switch (data[0]) { |
| case 0x00: |
| printf(" information:"); |
| break; |
| case 0x01: |
| if (print_wifi_wmm_param(data + 1, len - 1)) |
| return; |
| break; |
| default: |
| printf(" type %d:", data[0]); |
| break; |
| } |
| |
| for(i = 1; i < len; i++) |
| printf(" %.02x", data[i]); |
| printf("\n"); |
| } |
| |
| static const char * wifi_wps_dev_passwd_id(uint16_t id) |
| { |
| switch (id) { |
| case 0: |
| return "Default (PIN)"; |
| case 1: |
| return "User-specified"; |
| case 2: |
| return "Machine-specified"; |
| case 3: |
| return "Rekey"; |
| case 4: |
| return "PushButton"; |
| case 5: |
| return "Registrar-specified"; |
| default: |
| return "??"; |
| } |
| } |
| |
| static void print_wifi_wps(const uint8_t type, uint8_t len, const uint8_t *data) |
| { |
| bool first = true; |
| __u16 subtype, sublen; |
| |
| while (len >= 4) { |
| subtype = (data[0] << 8) + data[1]; |
| sublen = (data[2] << 8) + data[3]; |
| if (sublen > len) |
| break; |
| |
| switch (subtype) { |
| case 0x104a: |
| tab_on_first(&first); |
| printf("\t * Version: %d.%d\n", data[4] >> 4, data[4] & 0xF); |
| break; |
| case 0x1011: |
| tab_on_first(&first); |
| printf("\t * Device name: %.*s\n", sublen, data + 4); |
| break; |
| case 0x1012: { |
| uint16_t id; |
| tab_on_first(&first); |
| if (sublen != 2) { |
| printf("\t * Device Password ID: (invalid " |
| "length %d)\n", sublen); |
| break; |
| } |
| id = data[4] << 8 | data[5]; |
| printf("\t * Device Password ID: %u (%s)\n", |
| id, wifi_wps_dev_passwd_id(id)); |
| break; |
| } |
| case 0x1021: |
| tab_on_first(&first); |
| printf("\t * Manufacturer: %.*s\n", sublen, data + 4); |
| break; |
| case 0x1023: |
| tab_on_first(&first); |
| printf("\t * Model: %.*s\n", sublen, data + 4); |
| break; |
| case 0x1024: |
| tab_on_first(&first); |
| printf("\t * Model Number: %.*s\n", sublen, data + 4); |
| break; |
| case 0x103b: { |
| __u8 val = data[4]; |
| tab_on_first(&first); |
| printf("\t * Response Type: %d%s\n", |
| val, val == 3 ? " (AP)" : ""); |
| break; |
| } |
| case 0x103c: { |
| __u8 val = data[4]; |
| tab_on_first(&first); |
| printf("\t * RF Bands: 0x%x\n", val); |
| break; |
| } |
| case 0x1041: { |
| __u8 val = data[4]; |
| tab_on_first(&first); |
| printf("\t * Selected Registrar: 0x%x\n", val); |
| break; |
| } |
| case 0x1042: |
| tab_on_first(&first); |
| printf("\t * Serial Number: %.*s\n", sublen, data + 4); |
| break; |
| case 0x1044: { |
| __u8 val = data[4]; |
| tab_on_first(&first); |
| printf("\t * Wi-Fi Protected Setup State: %d%s%s\n", |
| val, |
| val == 1 ? " (Unconfigured)" : "", |
| val == 2 ? " (Configured)" : ""); |
| break; |
| } |
| case 0x1047: |
| tab_on_first(&first); |
| printf("\t * UUID: "); |
| if (sublen != 16) { |
| printf("(invalid, length=%d)\n", sublen); |
| break; |
| } |
| printf("%02x%02x%02x%02x-%02x%02x-%02x%02x-" |
| "%02x%02x-%02x%02x%02x%02x%02x%02x\n", |
| data[4], data[5], data[6], data[7], |
| data[8], data[9], data[10], data[11], |
| data[12], data[13], data[14], data[15], |
| data[16], data[17], data[18], data[19]); |
| break; |
| case 0x1054: { |
| tab_on_first(&first); |
| if (sublen != 8) { |
| printf("\t * Primary Device Type: (invalid " |
| "length %d)\n", sublen); |
| break; |
| } |
| printf("\t * Primary Device Type: " |
| "%u-%02x%02x%02x%02x-%u\n", |
| data[4] << 8 | data[5], |
| data[6], data[7], data[8], data[9], |
| data[10] << 8 | data[11]); |
| break; |
| } |
| case 0x1057: { |
| __u8 val = data[4]; |
| tab_on_first(&first); |
| printf("\t * AP setup locked: 0x%.2x\n", val); |
| break; |
| } |
| case 0x1008: |
| case 0x1053: { |
| __u16 meth = (data[4] << 8) + data[5]; |
| bool comma = false; |
| tab_on_first(&first); |
| printf("\t * %sConfig methods:", |
| subtype == 0x1053 ? "Selected Registrar ": ""); |
| #define T(bit, name) do { \ |
| if (meth & (1<<bit)) { \ |
| if (comma) \ |
| printf(","); \ |
| comma = true; \ |
| printf(" " name); \ |
| } } while (0) |
| T(0, "USB"); |
| T(1, "Ethernet"); |
| T(2, "Label"); |
| T(3, "Display"); |
| T(4, "Ext. NFC"); |
| T(5, "Int. NFC"); |
| T(6, "NFC Intf."); |
| T(7, "PBC"); |
| T(8, "Keypad"); |
| printf("\n"); |
| break; |
| #undef T |
| } |
| default: { |
| const __u8 *subdata = data + 4; |
| __u16 tmplen = sublen; |
| |
| tab_on_first(&first); |
| printf("\t * Unknown TLV (%#.4x, %d bytes):", |
| subtype, tmplen); |
| while (tmplen) { |
| printf(" %.2x", *subdata); |
| subdata++; |
| tmplen--; |
| } |
| printf("\n"); |
| break; |
| } |
| } |
| |
| data += sublen + 4; |
| len -= sublen + 4; |
| } |
| |
| if (len != 0) { |
| printf("\t\t * bogus tail data (%d):", len); |
| while (len) { |
| printf(" %.2x", *data); |
| data++; |
| len--; |
| } |
| printf("\n"); |
| } |
| } |
| |
| static const struct ie_print wifiprinters[] = { |
| [1] = { "WPA", print_wifi_wpa, 2, 255, BIT(PRINT_SCAN), }, |
| [2] = { "WMM", print_wifi_wmm, 1, 255, BIT(PRINT_SCAN), }, |
| [4] = { "WPS", print_wifi_wps, 0, 255, BIT(PRINT_SCAN), }, |
| }; |
| |
| static inline void print_p2p(const uint8_t type, uint8_t len, const uint8_t *data) |
| { |
| bool first = true; |
| __u8 subtype; |
| __u16 sublen; |
| |
| while (len >= 3) { |
| subtype = data[0]; |
| sublen = (data[2] << 8) + data[1]; |
| |
| if (sublen > len - 3) |
| break; |
| |
| switch (subtype) { |
| case 0x02: /* capability */ |
| tab_on_first(&first); |
| if (sublen < 2) { |
| printf("\t * malformed capability\n"); |
| break; |
| } |
| printf("\t * Group capa: 0x%.2x, Device capa: 0x%.2x\n", |
| data[3], data[4]); |
| break; |
| case 0x0d: /* device info */ |
| if (sublen < 6 + 2 + 8 + 1) { |
| printf("\t * malformed device info\n"); |
| break; |
| } |
| /* fall through for now */ |
| case 0x00: /* status */ |
| case 0x01: /* minor reason */ |
| case 0x03: /* device ID */ |
| case 0x04: /* GO intent */ |
| case 0x05: /* configuration timeout */ |
| case 0x06: /* listen channel */ |
| case 0x07: /* group BSSID */ |
| case 0x08: /* ext listen timing */ |
| case 0x09: /* intended interface address */ |
| case 0x0a: /* manageability */ |
| case 0x0b: /* channel list */ |
| case 0x0c: /* NoA */ |
| case 0x0e: /* group info */ |
| case 0x0f: /* group ID */ |
| case 0x10: /* interface */ |
| case 0x11: /* operating channel */ |
| case 0x12: /* invitation flags */ |
| case 0xdd: /* vendor specific */ |
| default: { |
| const __u8 *subdata = data + 4; |
| __u16 tmplen = sublen; |
| |
| tab_on_first(&first); |
| printf("\t * Unknown TLV (%#.2x, %d bytes):", |
| subtype, tmplen); |
| while (tmplen) { |
| printf(" %.2x", *subdata); |
| subdata++; |
| tmplen--; |
| } |
| printf("\n"); |
| break; |
| } |
| } |
| |
| data += sublen + 3; |
| len -= sublen + 3; |
| } |
| |
| if (len != 0) { |
| tab_on_first(&first); |
| printf("\t * bogus tail data (%d):", len); |
| while (len) { |
| printf(" %.2x", *data); |
| data++; |
| len--; |
| } |
| printf("\n"); |
| } |
| } |
| |
| static const struct ie_print wfa_printers[] = { |
| [9] = { "P2P", print_p2p, 2, 255, BIT(PRINT_SCAN), }, |
| }; |
| |
| static void print_vendor(unsigned char len, unsigned char *data, |
| bool unknown, enum print_ie_type ptype) |
| { |
| int i; |
| |
| if (len < 3) { |
| printf("\tVendor specific: <too short> data:"); |
| for(i = 0; i < len; i++) |
| printf(" %.02x", data[i]); |
| printf("\n"); |
| return; |
| } |
| |
| if (len >= 4 && memcmp(data, ms_oui, 3) == 0) { |
| if (data[3] < ARRAY_SIZE(wifiprinters) && |
| wifiprinters[data[3]].name && |
| wifiprinters[data[3]].flags & BIT(ptype)) { |
| print_ie(&wifiprinters[data[3]], data[3], len - 4, data + 4); |
| return; |
| } |
| if (!unknown) |
| return; |
| printf("\tMS/WiFi %#.2x, data:", data[3]); |
| for(i = 0; i < len - 4; i++) |
| printf(" %.02x", data[i + 4]); |
| printf("\n"); |
| return; |
| } |
| |
| if (len >= 4 && memcmp(data, wfa_oui, 3) == 0) { |
| if (data[3] < ARRAY_SIZE(wfa_printers) && |
| wfa_printers[data[3]].name && |
| wfa_printers[data[3]].flags & BIT(ptype)) { |
| print_ie(&wfa_printers[data[3]], data[3], len - 4, data + 4); |
| return; |
| } |
| if (!unknown) |
| return; |
| printf("\tWFA %#.2x, data:", data[3]); |
| for(i = 0; i < len - 4; i++) |
| printf(" %.02x", data[i + 4]); |
| printf("\n"); |
| return; |
| } |
| |
| if (!unknown) |
| return; |
| |
| printf("\tVendor specific: OUI %.2x:%.2x:%.2x, data:", |
| data[0], data[1], data[2]); |
| for (i = 3; i < len; i++) |
| printf(" %.2x", data[i]); |
| printf("\n"); |
| } |
| |
| void print_ies(unsigned char *ie, int ielen, bool unknown, |
| enum print_ie_type ptype) |
| { |
| while (ielen >= 2 && ielen >= ie[1]) { |
| if (ie[0] < ARRAY_SIZE(ieprinters) && |
| ieprinters[ie[0]].name && |
| ieprinters[ie[0]].flags & BIT(ptype)) { |
| print_ie(&ieprinters[ie[0]], ie[0], ie[1], ie + 2); |
| } else if (ie[0] == 221 /* vendor */) { |
| print_vendor(ie[1], ie + 2, unknown, ptype); |
| } else if (unknown) { |
| int i; |
| |
| printf("\tUnknown IE (%d):", ie[0]); |
| for (i=0; i<ie[1]; i++) |
| printf(" %.2x", ie[2+i]); |
| printf("\n"); |
| } |
| ielen -= ie[1] + 2; |
| ie += ie[1] + 2; |
| } |
| } |
| |
| static int print_bss_handler(struct nl_msg *msg, void *arg) |
| { |
| struct nlattr *tb[NL80211_ATTR_MAX + 1]; |
| struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg)); |
| struct nlattr *bss[NL80211_BSS_MAX + 1]; |
| char mac_addr[20], dev[20]; |
| static struct nla_policy bss_policy[NL80211_BSS_MAX + 1] = { |
| [NL80211_BSS_TSF] = { .type = NLA_U64 }, |
| [NL80211_BSS_FREQUENCY] = { .type = NLA_U32 }, |
| [NL80211_BSS_BSSID] = { }, |
| [NL80211_BSS_BEACON_INTERVAL] = { .type = NLA_U16 }, |
| [NL80211_BSS_CAPABILITY] = { .type = NLA_U16 }, |
| [NL80211_BSS_INFORMATION_ELEMENTS] = { }, |
| [NL80211_BSS_SIGNAL_MBM] = { .type = NLA_U32 }, |
| [NL80211_BSS_SIGNAL_UNSPEC] = { .type = NLA_U8 }, |
| [NL80211_BSS_STATUS] = { .type = NLA_U32 }, |
| [NL80211_BSS_SEEN_MS_AGO] = { .type = NLA_U32 }, |
| [NL80211_BSS_BEACON_IES] = { }, |
| }; |
| struct scan_params *params = arg; |
| int show = params->show_both_ie_sets ? 2 : 1; |
| |
| nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0), |
| genlmsg_attrlen(gnlh, 0), NULL); |
| |
| if (!tb[NL80211_ATTR_BSS]) { |
| fprintf(stderr, "bss info missing!\n"); |
| return NL_SKIP; |
| } |
| if (nla_parse_nested(bss, NL80211_BSS_MAX, |
| tb[NL80211_ATTR_BSS], |
| bss_policy)) { |
| fprintf(stderr, "failed to parse nested attributes!\n"); |
| return NL_SKIP; |
| } |
| |
| if (!bss[NL80211_BSS_BSSID]) |
| return NL_SKIP; |
| |
| mac_addr_n2a(mac_addr, nla_data(bss[NL80211_BSS_BSSID])); |
| if_indextoname(nla_get_u32(tb[NL80211_ATTR_IFINDEX]), dev); |
| printf("BSS %s (on %s)", mac_addr, dev); |
| |
| if (bss[NL80211_BSS_STATUS]) { |
| switch (nla_get_u32(bss[NL80211_BSS_STATUS])) { |
| case NL80211_BSS_STATUS_AUTHENTICATED: |
| printf(" -- authenticated"); |
| break; |
| case NL80211_BSS_STATUS_ASSOCIATED: |
| printf(" -- associated"); |
| break; |
| case NL80211_BSS_STATUS_IBSS_JOINED: |
| printf(" -- joined"); |
| break; |
| default: |
| printf(" -- unknown status: %d", |
| nla_get_u32(bss[NL80211_BSS_STATUS])); |
| break; |
| } |
| } |
| printf("\n"); |
| |
| if (bss[NL80211_BSS_TSF]) { |
| unsigned long long tsf; |
| tsf = (unsigned long long)nla_get_u64(bss[NL80211_BSS_TSF]); |
| printf("\tTSF: %llu usec (%llud, %.2lld:%.2llu:%.2llu)\n", |
| tsf, tsf/1000/1000/60/60/24, (tsf/1000/1000/60/60) % 24, |
| (tsf/1000/1000/60) % 60, (tsf/1000/1000) % 60); |
| } |
| if (bss[NL80211_BSS_FREQUENCY]) |
| printf("\tfreq: %d\n", |
| nla_get_u32(bss[NL80211_BSS_FREQUENCY])); |
| if (bss[NL80211_BSS_BEACON_INTERVAL]) |
| printf("\tbeacon interval: %d\n", |
| nla_get_u16(bss[NL80211_BSS_BEACON_INTERVAL])); |
| if (bss[NL80211_BSS_CAPABILITY]) { |
| __u16 capa = nla_get_u16(bss[NL80211_BSS_CAPABILITY]); |
| printf("\tcapability:"); |
| if (capa & WLAN_CAPABILITY_ESS) |
| printf(" ESS"); |
| if (capa & WLAN_CAPABILITY_IBSS) |
| printf(" IBSS"); |
| if (capa & WLAN_CAPABILITY_PRIVACY) |
| printf(" Privacy"); |
| if (capa & WLAN_CAPABILITY_SHORT_PREAMBLE) |
| printf(" ShortPreamble"); |
| if (capa & WLAN_CAPABILITY_PBCC) |
| printf(" PBCC"); |
| if (capa & WLAN_CAPABILITY_CHANNEL_AGILITY) |
| printf(" ChannelAgility"); |
| if (capa & WLAN_CAPABILITY_SPECTRUM_MGMT) |
| printf(" SpectrumMgmt"); |
| if (capa & WLAN_CAPABILITY_QOS) |
| printf(" QoS"); |
| if (capa & WLAN_CAPABILITY_SHORT_SLOT_TIME) |
| printf(" ShortSlotTime"); |
| if (capa & WLAN_CAPABILITY_APSD) |
| printf(" APSD"); |
| if (capa & WLAN_CAPABILITY_DSSS_OFDM) |
| printf(" DSSS-OFDM"); |
| printf(" (0x%.4x)\n", capa); |
| } |
| if (bss[NL80211_BSS_SIGNAL_MBM]) { |
| int s = nla_get_u32(bss[NL80211_BSS_SIGNAL_MBM]); |
| printf("\tsignal: %d.%.2d dBm\n", s/100, s%100); |
| } |
| if (bss[NL80211_BSS_SIGNAL_UNSPEC]) { |
| unsigned char s = nla_get_u8(bss[NL80211_BSS_SIGNAL_UNSPEC]); |
| printf("\tsignal: %d/100\n", s); |
| } |
| if (bss[NL80211_BSS_SEEN_MS_AGO]) { |
| int age = nla_get_u32(bss[NL80211_BSS_SEEN_MS_AGO]); |
| printf("\tlast seen: %d ms ago\n", age); |
| } |
| |
| if (bss[NL80211_BSS_INFORMATION_ELEMENTS] && show--) { |
| if (bss[NL80211_BSS_BEACON_IES]) |
| printf("\tInformation elements from Probe Response " |
| "frame:\n"); |
| print_ies(nla_data(bss[NL80211_BSS_INFORMATION_ELEMENTS]), |
| nla_len(bss[NL80211_BSS_INFORMATION_ELEMENTS]), |
| params->unknown, params->type); |
| } |
| if (bss[NL80211_BSS_BEACON_IES] && show--) { |
| printf("\tInformation elements from Beacon frame:\n"); |
| print_ies(nla_data(bss[NL80211_BSS_BEACON_IES]), |
| nla_len(bss[NL80211_BSS_BEACON_IES]), |
| params->unknown, params->type); |
| } |
| |
| return NL_SKIP; |
| } |
| |
| static struct scan_params scan_params; |
| |
| static int handle_scan_dump(struct nl80211_state *state, |
| struct nl_cb *cb, |
| struct nl_msg *msg, |
| int argc, char **argv) |
| { |
| if (argc > 1) |
| return 1; |
| |
| memset(&scan_params, 0, sizeof(scan_params)); |
| |
| if (argc == 1 && !strcmp(argv[0], "-u")) |
| scan_params.unknown = true; |
| else if (argc == 1 && !strcmp(argv[0], "-b")) |
| scan_params.show_both_ie_sets = true; |
| |
| scan_params.type = PRINT_SCAN; |
| |
| nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM, print_bss_handler, |
| &scan_params); |
| return 0; |
| } |
| |
| static int handle_scan_combined(struct nl80211_state *state, |
| struct nl_cb *cb, |
| struct nl_msg *msg, |
| int argc, char **argv) |
| { |
| char **trig_argv; |
| static char *dump_argv[] = { |
| NULL, |
| "scan", |
| "dump", |
| NULL, |
| }; |
| static const __u32 cmds[] = { |
| NL80211_CMD_NEW_SCAN_RESULTS, |
| NL80211_CMD_SCAN_ABORTED, |
| }; |
| int trig_argc, dump_argc, err; |
| |
| if (argc >= 3 && !strcmp(argv[2], "-u")) { |
| dump_argc = 4; |
| dump_argv[3] = "-u"; |
| } else if (argc >= 3 && !strcmp(argv[2], "-b")) { |
| dump_argc = 4; |
| dump_argv[3] = "-b"; |
| } else |
| dump_argc = 3; |
| |
| trig_argc = 3 + (argc - 2) + (3 - dump_argc); |
| trig_argv = calloc(trig_argc, sizeof(*trig_argv)); |
| if (!trig_argv) |
| return -ENOMEM; |
| trig_argv[0] = argv[0]; |
| trig_argv[1] = "scan"; |
| trig_argv[2] = "trigger"; |
| int i; |
| for (i = 0; i < argc - 2 - (dump_argc - 3); i++) |
| trig_argv[i + 3] = argv[i + 2 + (dump_argc - 3)]; |
| err = handle_cmd(state, II_NETDEV, trig_argc, trig_argv); |
| free(trig_argv); |
| if (err) |
| return err; |
| |
| /* |
| * WARNING: DO NOT COPY THIS CODE INTO YOUR APPLICATION |
| * |
| * This code has a bug, which requires creating a separate |
| * nl80211 socket to fix: |
| * It is possible for a NL80211_CMD_NEW_SCAN_RESULTS or |
| * NL80211_CMD_SCAN_ABORTED message to be sent by the kernel |
| * before (!) we listen to it, because we only start listening |
| * after we send our scan request. |
| * |
| * Doing it the other way around has a race condition as well, |
| * if you first open the events socket you may get a notification |
| * for a previous scan. |
| * |
| * The only proper way to fix this would be to listen to events |
| * before sending the command, and for the kernel to send the |
| * scan request along with the event, so that you can match up |
| * whether the scan you requested was finished or aborted (this |
| * may result in processing a scan that another application |
| * requested, but that doesn't seem to be a problem). |
| * |
| * Alas, the kernel doesn't do that (yet). |
| */ |
| |
| if (listen_events(state, ARRAY_SIZE(cmds), cmds) == |
| NL80211_CMD_SCAN_ABORTED) { |
| printf("scan aborted!\n"); |
| return 0; |
| } |
| |
| dump_argv[0] = argv[0]; |
| return handle_cmd(state, II_NETDEV, dump_argc, dump_argv); |
| } |
| TOPLEVEL(scan, "[-u] [freq <freq>*] [ies <hex as 00:11:..>] [ssid <ssid>*|passive]", 0, 0, |
| CIB_NETDEV, handle_scan_combined, |
| "Scan on the given frequencies and probe for the given SSIDs\n" |
| "(or wildcard if not given) unless passive scanning is requested.\n" |
| "If -u is specified print unknown data in the scan results.\n" |
| "Specified (vendor) IEs must be well-formed."); |
| COMMAND(scan, dump, "[-u]", |
| NL80211_CMD_GET_SCAN, NLM_F_DUMP, CIB_NETDEV, handle_scan_dump, |
| "Dump the current scan results. If -u is specified, print unknown\n" |
| "data in scan results."); |
| COMMAND(scan, trigger, "[freq <freq>*] [ies <hex as 00:11:..>] [ssid <ssid>*|passive]", |
| NL80211_CMD_TRIGGER_SCAN, 0, CIB_NETDEV, handle_scan, |
| "Trigger a scan on the given frequencies with probing for the given\n" |
| "SSIDs (or wildcard if not given) unless passive scanning is requested."); |