/* * Goes to the next 802.11 channel. * This is mostly required for APs that hop channels, which usually hop between channels 1, 6, and 11. * We just hop channels until we successfully associate with the AP. * The AP's actual channel number is parsed and set by parse_beacon_tags() in 80211.c. */ int next_channel() { static int i; int n = 0; int bg_channels[] = BG_CHANNELS; int an_channels[] = AN_CHANNELS; int *channels = NULL; /* Select the appropriate channels for the target 802.11 band */ if(get_wifi_band() == AN_BAND) { channels = (int *) &an_channels; n = sizeof(an_channels) / sizeof(int); } else { channels = (int *) &bg_channels; n = sizeof(bg_channels) / sizeof(int); } /* Only switch channels if fixed channel operation is disabled */ if(!get_fixed_channel()) { i++; if((i >= n) || i < 0) { i = 0; } return change_channel(channels[i]); } return 0; }
/* * Waits for a beacon packet from the target AP and populates the globule->ap_capabilities field. * This is used for obtaining the capabilities field and AP SSID. */ void read_ap_beacon() { struct pcap_pkthdr header; const unsigned char *packet = NULL; struct radio_tap_header *rt_header = NULL; struct dot11_frame_header *frame_header = NULL; struct beacon_management_frame *beacon = NULL; int channel = 0; size_t tag_offset = 0; time_t start_time = 0; set_ap_capability(0); start_time = time(NULL); while(get_ap_capability() == 0) { packet = next_packet(&header); if(packet == NULL) { break; } if(header.len >= MIN_BEACON_SIZE) { rt_header = (struct radio_tap_header *) radio_header(packet, header.len); size_t rt_header_len = end_le16toh(rt_header->len); frame_header = (struct dot11_frame_header *) (packet + rt_header_len); if(is_target(frame_header)) { if((frame_header->fc & end_htole16(IEEE80211_FCTL_FTYPE | IEEE80211_FCTL_STYPE)) == end_htole16(IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_BEACON)) { beacon = (struct beacon_management_frame *) (packet + rt_header_len + sizeof(struct dot11_frame_header)); set_ap_capability(end_le16toh(beacon->capability)); /* Obtain the SSID and channel number from the beacon packet */ tag_offset = rt_header_len + sizeof(struct dot11_frame_header) + sizeof(struct beacon_management_frame); channel = parse_beacon_tags(packet, header.len); /* If no channel was manually specified, switch to the AP's current channel */ if(!get_fixed_channel() && get_auto_channel_select() && channel > 0 && channel != get_channel()) { change_channel(channel); set_channel(channel); } break; } } } /* If we haven't seen any beacon packets from the target within BEACON_WAIT_TIME seconds, try another channel */ if((time(NULL) - start_time) >= BEACON_WAIT_TIME) { next_channel(); start_time = time(NULL); } } }
/* * Waits for a beacon packet from the target AP and populates the globule->ap_capabilities field. * This is used for obtaining the capabilities field and AP SSID. */ void read_ap_beacon() { struct pcap_pkthdr header; const u_char *packet = NULL; struct radio_tap_header *rt_header = NULL; struct dot11_frame_header *frame_header = NULL; struct beacon_management_frame *beacon = NULL; int channel = 0; time_t start_time = 0; set_ap_capability(0); start_time = time(NULL); while(get_ap_capability() == 0) { packet = next_packet(&header); if(packet == NULL) { break; } if(header.len >= MIN_BEACON_SIZE) { rt_header = (struct radio_tap_header *) radio_header(packet, header.len); frame_header = (struct dot11_frame_header *) (packet + rt_header->len); if(is_target(frame_header)) { if(frame_header->fc.type == MANAGEMENT_FRAME && frame_header->fc.sub_type == SUBTYPE_BEACON) { beacon = (struct beacon_management_frame *) (packet + rt_header->len + sizeof(struct dot11_frame_header)); set_ap_capability(beacon->capability); /* Obtain the SSID and channel number from the beacon packet */ channel = parse_beacon_tags(packet, header.len); /* If no channel was manually specified, switch to the AP's current channel */ if(!get_fixed_channel() && get_auto_channel_select() && channel > 0 && channel != get_channel()) { change_channel(channel); set_channel(channel); } break; } } } /* If we haven't seen any beacon packets from the target within BEACON_WAIT_TIME seconds, try another channel */ if((time(NULL) - start_time) >= BEACON_WAIT_TIME) { next_channel(); start_time = time(NULL); } } }