int cygwin_set_chan(int chan)
{
// Make sure a valid channel is given
if (chan <= 0)
return -1;
if(!AirpcapSetDeviceChannel(airpcap_handle, chan))
{
printf("Error setting the channel to %d: %s\n", chan, AirpcapGetLastError(airpcap_handle));
return -1;
}
return 0;
}
static int printErrorCloseAndReturn(const char * err, int retValue)
{
if (err && airpcap_handle)
{
if (strlen(err))
{
if (airpcap_handle)
fprintf( stderr, err, AirpcapGetLastError(airpcap_handle));
else
fprintf( stderr, err);
}
}
cygwin_close();
return retValue;
}
int airpcap_open(struct tx80211 *in_tx)
{
struct airpcap_data *apcap = in_tx->extra;
apcap->ad = AirpcapOpen(in_tx->ifname, apcap->errstr);
if (apcap->ad == NULL) {
snprintf(in_tx->errstr, TX80211_STATUS_MAX,
"Unable to open airpcap interface: %s",
apcap->errstr);
return TX80211_ENOOPENINT;
}
/* Set the link type to standard 802.11 header */
if (!AirpcapSetLinkType(apcap->ad, AIRPCAP_LT_802_11_PLUS_RADIO)) {
snprintf(in_tx->errstr, TX80211_STATUS_MAX,
"Unable to set airpcap link type: %s",
AirpcapGetLastError(apcap->ad));
return TX80211_ENOOPENINT;
}
return TX80211_ENOERR;
}
int main()
{
pcap_t *winpcap_adapter;
u_int32_t inum, i, j;
char errbuf[PCAP_ERRBUF_SIZE];
u_int32_t freq_chan;
PAirpcapHandle airpcap_handle;
pcap_if_t *alldevs, *d;
PPI_PACKET_HEADER *radio_header;
u_int32_t tchannel = 1;
AirpcapChannelInfo tchaninfo;
//
// Get the device list
//
if(pcap_findalldevs(&alldevs, errbuf) == -1)
{
fprintf(stderr,"Error in pcap_findalldevs_ex: %s\n", errbuf);
return -1;
}
//
// Make sure that the device list is valid
//
if(alldevs == NULL)
{
printf("No interfaces found! Make sure the winpcap software is installed and your adapter is properly plugged in.\n");
return -1;
}
//
// Print the list and ask for a selection
//
for(d = alldevs, i = 0; d; d=d->next)
{
printf("%d. %s\n ", ++i, d->name);
if (d->description)
printf(" (%s)\n", d->description);
else
printf(" (No description available)\n");
}
if(i==0)
{
printf("\nNo interfaces found! Make sure WinPcap is installed.\n");
pcap_freealldevs(alldevs);
return -1;
}
printf("Enter the interface number (1-%d):",i);
scanf("%d", &inum);
//
// Check if the user specified a valid adapter
//
if(inum < 1 || inum > i)
{
printf("\nInterface number out of range.\n");
pcap_freealldevs(alldevs);
return -1;
}
//
// Jump to the selected adapter
//
for(d = alldevs, i = 0; i < inum-1 ;d = d->next, i++);
//
// Ask for a channel to listen to
//
printf("Enter the channel or frequency:",i);
scanf("%d", &freq_chan);
//
// Check if the user specified a valid channel
//
if(freq_chan < 1 || freq_chan > 8000)
{
printf("\nChannel or frequency out of range.\n");
pcap_freealldevs(alldevs);
return -1;
}
//
// Open the adapter with WinPcap
//
if((winpcap_adapter = pcap_open_live(d->name, // name of the device
65536, // portion of the packet to capture.
// 65536 grants that the whole packet will be captured on all the MACs.
1, // promiscuous mode (nonzero means promiscuous)
1000, // read timeout, in ms
errbuf // error buffer
)) == NULL)
{
printf("Error opening adapter with winpcap (%s)\n", errbuf);
pcap_freealldevs(alldevs);
return -1;
}
//
// We don't need the device list any more, free it
//
pcap_freealldevs(alldevs);
//
// Get the airpcap handle so we can change wireless-specific settings
//
airpcap_handle = (PAirpcapHandle)pcap_get_airpcap_handle(winpcap_adapter);
if(airpcap_handle == NULL)
{
printf("This adapter doesn't have wireless extensions. Quitting\n");
pcap_close(winpcap_adapter);
return -1;
}
//
// Configure the AirPcap adapter
//
// Set the channel.
// If the user provides a value below 500, we assume it's a channel number, otherwise we assume it's a frequency.
if(freq_chan < 500)
{
if(!AirpcapSetDeviceChannel(airpcap_handle, freq_chan))
{
printf("Error setting the channel: %s\n", AirpcapGetLastError(airpcap_handle));
pcap_close(winpcap_adapter);
return -1;
}
}
else
{
memset(&tchaninfo, 0, sizeof(tchaninfo));
tchaninfo.Frequency = freq_chan;
if(!AirpcapSetDeviceChannelEx(airpcap_handle, tchaninfo))
{
printf("Error setting the channel: %s\n", AirpcapGetLastError(airpcap_handle));
pcap_close(winpcap_adapter);
return -1;
}
}
////////////////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////////////////
// First, we transmit the packet without PPI information.
// Not using the PPI header makes packet crafting process simpler, because we just
// but we don't provide the packet data in a buffer. However, we don't have
// control on the tx rate: the packets will always go out at 1 Mbps.
////////////////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////////////////
//
// Set the link layer to bare 802.11
//
if(!AirpcapSetLinkType(airpcap_handle, AIRPCAP_LT_802_11))
{
printf("Error setting the link layer: %s\n", AirpcapGetLastError(airpcap_handle));
pcap_close(winpcap_adapter);
return -1;
}
//
// Initialize the Tx packet with an increasing value
//
for(i = 0; i < TX_PACKET_LEN; i++)
{
TxPacket[i] = i & 0xff;
}
//
// Now transmit the packet the specified number of times
//
for(i = 0; i < N_TX_REPETITIONS; i++)
{
if(pcap_sendpacket(winpcap_adapter, TxPacket, (TX_PACKET_LEN)) != 0)
{
printf("Error sending the packet: %s\n", pcap_geterr(winpcap_adapter));
pcap_close(winpcap_adapter);
return -1;
}
}
//
// Notify the user that all went well
//
printf("Successfully sent the raw 802.11 packet %u times.\n", N_TX_REPETITIONS);
////////////////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////////////////
// Second, we transmit the packet with PPI information.
// This allows us to specify the tx rate. We repeat the transmission for all the
// rates specified in the TestTxRatesToTest array
////////////////////////////////////////////////////////////////////////////////////
////////////////////////////////////////////////////////////////////////////////////
for(j = 0; j < sizeof(TestTxRatesToTest) / sizeof(TestTxRatesToTest[0]); j++)
{
//
// Set the link layer to 802.11 + PPI
//
if(!AirpcapSetLinkType(airpcap_handle, AIRPCAP_LT_802_11_PLUS_PPI))
{
printf("Error setting the link layer: %s\n", AirpcapGetLastError(airpcap_handle));
pcap_close(winpcap_adapter);
return -1;
}
//
// Create the PPI header
//
radio_header = (PPI_PACKET_HEADER*)TxPacket;
radio_header->PphDlt = 105; // 802.11
radio_header->PphLength = sizeof(PPI_PACKET_HEADER); // header len: 32 bytes
radio_header->PfhType = PPI_PFHTYPE_80211COMMON; // Common header is the first header
radio_header->PfhLength = PPI_PFHTYPE_80211COMMON_SIZE; // Common header size is 20
radio_header->Rate = (UCHAR)(TestTxRatesToTest[j] * 2); // Frame rate
radio_header->DbmAntSignal = 0; // Currently not supported
//
// Initialize the Tx packet buffer with the transmission rate.
//
for(i = sizeof(PPI_PACKET_HEADER); i < TX_PACKET_LEN + sizeof(PPI_PACKET_HEADER); i++)
{
TxPacket[i] = (UCHAR)TestTxRatesToTest[j];
}
//
// Now transmit the packet the specified number of times
//
for(i = 0; i < N_TX_REPETITIONS; i++)
{
if(pcap_sendpacket(winpcap_adapter,
TxPacket,
TX_PACKET_LEN + sizeof(PPI_PACKET_HEADER)) != 0)
{
printf("Error sending the packet: %s\n", pcap_geterr(winpcap_adapter));
pcap_close(winpcap_adapter);
return -1;
}
}
//
// Notify the user that all went well
//
printf("Successfully sent the PPI 802.11 packet %u times at %u Mbps.\n", N_TX_REPETITIONS, (u_int32_t)TestTxRatesToTest[j]);
}
//
// Close the libpcap handler. Note that We don't need to close the AirPcap handler, because
// pcap_close takes care of it.
//
pcap_close(winpcap_adapter);
return 0;
}
int airpcap_send(struct tx80211 *in_tx, struct tx80211_packet *in_pkt)
{
struct airpcap_data *apcap = in_tx->extra;
struct tx80211_radiotap_header *rtaphdr;
PCHAR pkt;
int channel;
ULONG len;
len = (in_pkt->plen + TX80211_RTAP_LEN);
pkt = malloc(len);
if (pkt == NULL) {
snprintf(in_tx->errstr, TX80211_STATUS_MAX,
"Unable to allocate memory buffer "
"for send function");
return TX80211_ENOMEM;
}
memset(pkt, 0, len);
channel = tx80211_getchannel(in_tx);
/* Setup radiotap header */
rtaphdr = (struct tx80211_radiotap_header *)pkt;
rtaphdr->it_version = 0;
rtaphdr->it_pad = 0;
rtaphdr->it_len = tx80211_le16(TX80211_RTAP_LEN);
rtaphdr->it_present = tx80211_le32(TX80211_RTAP_PRESENT);
rtaphdr->wr_flags = 0;
if (in_pkt->txrate == 0) {
/* Airpcap can't handle a rate of 0, set to 2 Mbps as default */
rtaphdr->wr_rate = TX80211_RATE_2MB;
} else {
rtaphdr->wr_rate = in_pkt->txrate;
}
rtaphdr->wr_chan_freq = tx80211_chan2mhz(channel);
switch(in_pkt->modulation) {
case TX80211_MOD_DEFAULT:
rtaphdr->wr_chan_flags = 0;
break;
case TX80211_MOD_DSSS:
rtaphdr->wr_chan_flags =
tx80211_le16(TX80211_RTAP_CHAN_B);
break;
case TX80211_MOD_OFDM:
/* OFDM can be 802.11g or 802.11a */
if (channel <= 14) {
/* 802.11g network */
rtaphdr->wr_chan_flags =
tx80211_le16(TX80211_RTAP_CHAN_G);
} else {
rtaphdr->wr_chan_flags =
tx80211_le16(TX80211_RTAP_CHAN_A);
}
break;
case TX80211_MOD_TURBO:
/* Turbo can be 802.11g or 802.11a */
if (channel <= 14) {
/* 802.11g network */
rtaphdr->wr_chan_flags =
tx80211_le16(TX80211_RTAP_CHAN_TG);
} else {
rtaphdr->wr_chan_flags =
tx80211_le16(TX80211_RTAP_CHAN_TA);
}
break;
default:
snprintf(in_tx->errstr, TX80211_STATUS_MAX,
"Unsupported modulation mechanism "
"specified in send function.");
return TX80211_ENOTSUPP;
}
memcpy(pkt + TX80211_RTAP_LEN, in_pkt->packet, in_pkt->plen);
if (AirpcapWrite(apcap->ad, pkt, len) != 1) {
free(pkt);
snprintf(in_tx->errstr, TX80211_STATUS_MAX,
"Error sending packet: %s",
AirpcapGetLastError(apcap->ad));
return TX80211_ETXFAILED;
}
free(pkt);
return (len - TX80211_RTAP_LEN);
}
////////////////////////////////////////////////////////////////////////
// main
////////////////////////////////////////////////////////////////////////
int main(int argc, char **argv)
{
PAirpcapHandle Ad;
u_int channel;
char name[255];
char* p;
beacon_total_length = 0;
probe_total_length = 0;
//
// Ask the user to select an adapter. Configure it and open it.
//
Ad = getAirPcapAdapter();
if (Ad == NULL)
{
exitApp(-1);
}
//
// Get adapter channel
//
if (!AirpcapGetDeviceChannel(Ad, &channel))
{
printf("Error: error getting adapter channel.");
exitApp(-1);
}
while(TRUE)
{
//
// Get AP name from user
//
printf("AP Name: ");
flushall(); /* kill any characters left in buffer */
fgets(name, sizeof(name), stdin);
//
// Remove the ending \n from the string
//
if((p = strchr(name, '\n')) != NULL)
*p = '\0';
//
// Max length of AP name is 32 characters
//
if (strlen(name) <= 32)
{
break;
}
else
{
printf("Error: AP name too long. Name must be 32 characters or less.\n\n");
}
}
//
// Now that we know the AP name and channel we
// can make the beacon and probe response packets.
//
makePackets(name, (u_int8)channel);
//
// Start the listening thread
//
_beginthread(listenForProbeRequest, 0, Ad);
//
// Start looking for user exit key
//
_beginthread(waitForExit, 0, NULL);
//
// Notify the user that we are up and running
//
printf("\nStarted on channel %u!\n", channel);
while (TRUE)
{
//
// Send off a beacon
//
if (!AirpcapWrite(Ad, (char*)beacon, beacon_total_length))
{
printf("\nError sending beacon: %s\n", AirpcapGetLastError(Ad));
exitApp(-1);
}
//
// Wait 50ms
//
Sleep(50);
}
return 0;
}
////////////////////////////////////////////////////////////////////////
// getAirPcapAdapter
////////////////////////////////////////////////////////////////////////
// Lists the adapters and asks the user to select and adapter and a
// frequency.
//
// Returns - Handle to the selected adapter with the channel already
// set and PPI selected.
////////////////////////////////////////////////////////////////////////
PAirpcapHandle getAirPcapAdapter()
{
PAirpcapHandle Ad;
CHAR Ebuf[AIRPCAP_ERRBUF_SIZE];
UINT freq_chan = 8;
UINT i, Inum, range;
AirpcapDeviceDescription *AllDevs, *TmpDev;
AirpcapChannelInfo tchaninfo;
//
// Get the device list
//
if(!AirpcapGetDeviceList(&AllDevs, Ebuf))
{
printf("Unable to retrieve the device list: %s\n", Ebuf);
return NULL;
}
//
// Make sure that the device list is valid
//
if(AllDevs == NULL)
{
printf("No interfaces found! Make sure the airpcap software is installed and your adapter is properly plugged in.\n");
return NULL;
}
//
// Print the list
//
for(TmpDev = AllDevs, i = 0; TmpDev; TmpDev = TmpDev->next)
{
printf("%d. ", ++i);
//
// If the adapter is a Tx adapter, say so.
//
if (isTxAdapter(TmpDev->Name))
{
printf("Tx - ");
}
//
// Print adapter name and description
//
printf("%s", TmpDev->Name);
if(TmpDev->Description)
{
printf(" (%s)\n", TmpDev->Description);
}
else
{
printf(" (No description available)\n");
}
}
printf("\n");
//
// Store the range of valid adapters for future use.
//
range = i;
//
// If there are no valid adapters
//
if(range == 0)
{
printf("\nNo interfaces found! Make sure the airpcap software is installed and your adapter is properly plugged in.\n");
AirpcapFreeDeviceList(AllDevs);
return NULL;
}
//
// Loop because the user may have selected an invalid adapter.
//
while (1)
{
//
// Ask for the user to select an adapter.
//
printf("Enter the adapter number (1-%d): ",range);
flushall(); /* kill any characters left in buffer */
scanf("%d", &Inum);
//
// Check if the user specified a valid adapter
//
if(Inum < 1 || Inum > range)
{
printf("Error: Invalid adapter selection.\n\n");
continue;
}
//
// Jump to the selected adapter
//
for(TmpDev = AllDevs, i = 0; i < Inum-1 ;TmpDev = TmpDev->next, i++);
//
// Make sure the adapter is a Tx capable one.
//
if (!isTxAdapter(TmpDev->Name))
{
printf("Error: The selected adapter does not support transmission.\n\n");
}
else
{
break;
}
}
//
// Loop, as the user may specify an invalid channel.
//
while (1)
{
//
// Ask for a channel to listen to
//
printf("Enter the channel or frequency: ",i);
scanf("%d", &freq_chan);
//
// Check if the user specified a valid channel
//
if(freq_chan < 1 || freq_chan > 8000)
{
printf("\nChannel or frequency out of range.\n");
AirpcapFreeDeviceList(AllDevs);
return NULL;
}
//
// Make sure the user picked a valid Tx channel.
//
if (!isTxFrequencySupported(TmpDev->Name, freq_chan))
{
printf("\nThe selected frequency does not support transmission.\nPlease select from the list of supported channels below:\n\n");
//
// Print the list of channels the adapter supports Tx on.
//
printTxFrequenciesByName(TmpDev->Name);
printf("\n\n");
}
else
{
break;
}
}
//
// Open the adapter
//
Ad = AirpcapOpen(TmpDev->Name, Ebuf);
if(!Ad)
{
printf("Error opening the adapter: %s\n", Ebuf);
return NULL;
}
//
// We don't need the device list any more, free it
//
AirpcapFreeDeviceList(AllDevs);
//
// Set the link layer to 802.11 plus PPI headers
//
if(!AirpcapSetLinkType(Ad, AIRPCAP_LT_802_11_PLUS_PPI))
{
printf("Error setting the link layer: %s\n", AirpcapGetLastError(Ad));
AirpcapClose(Ad);
return NULL;
}
// Set the channel.
// If the user provides a value below 500, we assume it's a channel number, otherwise we assume it's a frequency.
if(freq_chan < 500)
{
if(!AirpcapSetDeviceChannel(Ad, freq_chan))
{
printf("Error setting the channel: %s\n", AirpcapGetLastError(Ad));
AirpcapClose(Ad);
return NULL;
}
}
else
{
memset(&tchaninfo, sizeof(tchaninfo), 0);
tchaninfo.Frequency = freq_chan;
if(!AirpcapSetDeviceChannelEx(Ad, tchaninfo))
{
printf("Error setting the channel: %s\n", AirpcapGetLastError(Ad));
AirpcapClose(Ad);
return NULL;
}
}
return Ad;
}
////////////////////////////////////////////////////////////////////////
// listenForProbeRequest
////////////////////////////////////////////////////////////////////////
// Listens for a probe request and sends the response.
//
// Params: Ad - An open handle to a device.
//
// Returns - None.
////////////////////////////////////////////////////////////////////////
void listenForProbeRequest(PAirpcapHandle Ad)
{
HANDLE ReadEvent;
p_ppi_packet_header p_ppi;
BYTE* PacketBuffer;
UINT BytesReceived;
//
// Get the read event
//
if(!AirpcapGetReadEvent(Ad, &ReadEvent))
{
printf("Error getting the read event: %s\n", AirpcapGetLastError(Ad));
AirpcapClose(Ad);
exitApp(-1);
}
//
// Allocate a 256k packet buffer
//
PacketBuffer = (BYTE*)malloc(PACKET_BUFFER_SIZE);
if(!PacketBuffer)
{
printf("No memory for the packet buffer\n");
AirpcapClose(Ad);
exitApp(-1);
}
//
// Everything is ok!
// Look for Probe Request
//
while (TRUE)
{
// capture the packets
if(!AirpcapRead(Ad,
PacketBuffer,
PACKET_BUFFER_SIZE,
&BytesReceived))
{
printf("Error receiving packets: %s\n", AirpcapGetLastError(Ad));
free(PacketBuffer);
AirpcapClose(Ad);
exitApp(-1);
}
// Look for Echo Request. When found, take it from there.
if(getProbeRequest(Ad, PacketBuffer, BytesReceived, &p_ppi))
{
sendProbeResponse(Ad, p_ppi);
}
// wait until some packets are available. This prevents polling and keeps the CPU low.
WaitForSingleObject(ReadEvent, WAIT_INTERVAL_MS);
}
//
// Make sure we clean up after
//
free(PacketBuffer);
//
// Exit, printing the exit message
//
exitApp(0);
}
