/*
* Waits for a beacon packet from the target AP and populates the globule->ap_capabilities field.
* This is used for obtaining the capabilities field and AP SSID.
*/
void read_ap_beacon()
{
struct pcap_pkthdr header;
const unsigned char *packet = NULL;
struct radio_tap_header *rt_header = NULL;
struct dot11_frame_header *frame_header = NULL;
struct beacon_management_frame *beacon = NULL;
int channel = 0;
size_t tag_offset = 0;
time_t start_time = 0;
set_ap_capability(0);
start_time = time(NULL);
while(get_ap_capability() == 0)
{
packet = next_packet(&header);
if(packet == NULL)
{
break;
}
if(header.len >= MIN_BEACON_SIZE)
{
rt_header = (struct radio_tap_header *) radio_header(packet, header.len);
size_t rt_header_len = end_le16toh(rt_header->len);
frame_header = (struct dot11_frame_header *) (packet + rt_header_len);
if(is_target(frame_header))
{
if((frame_header->fc & end_htole16(IEEE80211_FCTL_FTYPE | IEEE80211_FCTL_STYPE)) ==
end_htole16(IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_BEACON))
{
beacon = (struct beacon_management_frame *) (packet + rt_header_len + sizeof(struct dot11_frame_header));
set_ap_capability(end_le16toh(beacon->capability));
/* Obtain the SSID and channel number from the beacon packet */
tag_offset = rt_header_len + sizeof(struct dot11_frame_header) + sizeof(struct beacon_management_frame);
channel = parse_beacon_tags(packet, header.len);
/* If no channel was manually specified, switch to the AP's current channel */
if(!get_fixed_channel() && get_auto_channel_select() && channel > 0 && channel != get_channel())
{
change_channel(channel);
set_channel(channel);
}
break;
}
}
}
/* If we haven't seen any beacon packets from the target within BEACON_WAIT_TIME seconds, try another channel */
if((time(NULL) - start_time) >= BEACON_WAIT_TIME)
{
next_channel();
start_time = time(NULL);
}
}
}
/* Given the tagged parameter sets from a beacon packet, locate the AP's SSID and return its current channel number */
int parse_beacon_tags(const u_char *packet, size_t len)
{
char *ssid = NULL;
const u_char *tag_data = NULL;
unsigned char *ie = NULL, *channel_data = NULL;
size_t ie_len = 0, ie_offset = 0, tag_len = 0, tag_offset = 0;
int channel = 0;
struct radio_tap_header *rt_header = NULL;
rt_header = (struct radio_tap_header *) radio_header(packet, len);
tag_offset = rt_header->len + sizeof(struct dot11_frame_header) + sizeof(struct beacon_management_frame);
if(tag_offset < len)
{
tag_len = (len - tag_offset);
tag_data = (const u_char *) (packet + tag_offset);
/* If no SSID was manually specified, parse and save the AP SSID */
if(get_ssid() == NULL)
{
ie = parse_ie_data(tag_data, tag_len, (uint8_t) SSID_TAG_NUMBER, &ie_len, &ie_offset);
if(ie)
{
/* Return data is not null terminated; allocate ie_len+1 and memcpy string */
ssid = malloc(ie_len+1);
if(ssid)
{
memset(ssid, 0, (ie_len+1));
memcpy(ssid, ie, ie_len);
set_ssid(ssid);
free(ssid);
}
free(ie);
}
}
ie = parse_ie_data(tag_data, tag_len, (uint8_t) RATES_TAG_NUMBER, &ie_len, &ie_offset);
if(ie)
{
set_ap_rates(ie, ie_len);
free(ie);
}
channel_data = parse_ie_data(tag_data, tag_len, (uint8_t) CHANNEL_TAG_NUMBER, &ie_len, &ie_offset);
if(channel_data)
{
if(ie_len == 1)
{
memcpy((int *) &channel, channel_data, ie_len);
}
free(channel_data);
}
}
return channel;
}
/*
* Waits for a beacon packet from the target AP and populates the globule->ap_capabilities field.
* This is used for obtaining the capabilities field and AP SSID.
*/
void read_ap_beacon()
{
struct pcap_pkthdr header;
const u_char *packet = NULL;
struct radio_tap_header *rt_header = NULL;
struct dot11_frame_header *frame_header = NULL;
struct beacon_management_frame *beacon = NULL;
int channel = 0;
time_t start_time = 0;
set_ap_capability(0);
start_time = time(NULL);
while(get_ap_capability() == 0)
{
packet = next_packet(&header);
if(packet == NULL)
{
break;
}
if(header.len >= MIN_BEACON_SIZE)
{
rt_header = (struct radio_tap_header *) radio_header(packet, header.len);
frame_header = (struct dot11_frame_header *) (packet + rt_header->len);
if(is_target(frame_header))
{
if(frame_header->fc.type == MANAGEMENT_FRAME && frame_header->fc.sub_type == SUBTYPE_BEACON)
{
beacon = (struct beacon_management_frame *) (packet + rt_header->len + sizeof(struct dot11_frame_header));
set_ap_capability(beacon->capability);
/* Obtain the SSID and channel number from the beacon packet */
channel = parse_beacon_tags(packet, header.len);
/* If no channel was manually specified, switch to the AP's current channel */
if(!get_fixed_channel() && get_auto_channel_select() && channel > 0 && channel != get_channel())
{
change_channel(channel);
set_channel(channel);
}
break;
}
}
}
/* If we haven't seen any beacon packets from the target within BEACON_WAIT_TIME seconds, try another channel */
if((time(NULL) - start_time) >= BEACON_WAIT_TIME)
{
next_channel();
start_time = time(NULL);
}
}
}
/* Given a beacon / probe response packet, returns the reported encryption type (WPA, WEP, NONE)
THIS IS BROKE!!! DO NOT USE!!!
*/
enum encryption_type supported_encryption(const unsigned char *packet, size_t len)
{
enum encryption_type enc = NONE;
const unsigned char *tag_data = NULL;
struct radio_tap_header *rt_header = NULL;
size_t vlen = 0, voff = 0, tag_offset = 0, tag_len = 0, offset = 0;
struct beacon_management_frame *beacon = NULL;
if(len > MIN_BEACON_SIZE)
{
rt_header = (struct radio_tap_header *) radio_header(packet, len);
size_t rt_header_len = end_le16toh(rt_header->len);
beacon = (struct beacon_management_frame *) (packet + rt_header_len + sizeof(struct dot11_frame_header));
offset = tag_offset = rt_header_len + sizeof(struct dot11_frame_header) + sizeof(struct beacon_management_frame);
tag_len = len - tag_offset;
tag_data = (const unsigned char *) (packet + tag_offset);
if((end_le16toh(beacon->capability) & CAPABILITY_WEP) == CAPABILITY_WEP)
{
enc = WEP;
tag_data = parse_ie_data(tag_data, tag_len, (uint8_t) RSN_TAG_NUMBER, &vlen, &voff);
if(tag_data && vlen > 0)
{
enc = WPA;
free((void *) tag_data);
}
else
{
while(offset < len)
{
tag_len = len - offset;
tag_data = (const unsigned char *) (packet + offset);
tag_data = parse_ie_data(tag_data, tag_len, (uint8_t) VENDOR_SPECIFIC_TAG, &vlen, &voff);
if(vlen > WPA_IE_ID_LEN)
{
if(memcmp(tag_data, WPA_IE_ID, WPA_IE_ID_LEN) == 0)
{
enc = WPA;
break;
}
free((void *) tag_data);
}
offset = tag_offset + voff + vlen;
}
}
}
}
return enc;
}
/* Waits for authentication and association responses from the target AP */
static int process_authenticate_associate_resp(int want_assoc)
{
struct pcap_pkthdr header;
unsigned char *packet;
struct radio_tap_header *rt_header;
struct dot11_frame_header *dot11_frame;
struct authentication_management_frame *auth_frame;
struct association_response_management_frame *assoc_frame;
int ret_val = 0;
start_timer();
while(!get_out_of_time())
{
if((packet = next_packet(&header)) == NULL) break;
if(header.len < MIN_AUTH_SIZE) continue;
rt_header = (void*) radio_header(packet, header.len);
size_t rt_header_len = end_le16toh(rt_header->len);
dot11_frame = (void*)(packet + rt_header_len);
if((memcmp(dot11_frame->addr3, get_bssid(), MAC_ADDR_LEN) != 0) ||
(memcmp(dot11_frame->addr1, get_mac(), MAC_ADDR_LEN) != 0))
continue;
int isMgmtFrame = (dot11_frame->fc & end_htole16(IEEE80211_FCTL_FTYPE)) == end_htole16(IEEE80211_FTYPE_MGMT);
if(!isMgmtFrame) continue;
void *ptr = (packet + sizeof(struct dot11_frame_header) + rt_header_len);
auth_frame = ptr;
assoc_frame = ptr;
int isAuthResp = (dot11_frame->fc & end_htole16(IEEE80211_FCTL_STYPE)) == end_htole16(IEEE80211_STYPE_AUTH);
int isAssocResp = (dot11_frame->fc & end_htole16(IEEE80211_FCTL_STYPE)) == end_htole16(IEEE80211_STYPE_ASSOC_RESP);
if(!isAuthResp && !isAssocResp) continue;
if(isAuthResp && want_assoc) continue;
/* Did we get an authentication packet with a successful status? */
if(isAuthResp && (auth_frame->status == end_htole16(AUTHENTICATION_SUCCESS))) {
ret_val = AUTH_OK;
break;
}
/* Did we get an association packet with a successful status? */
else if(isAssocResp && (assoc_frame->status == end_htole16(ASSOCIATION_SUCCESS))) {
ret_val = ASSOCIATE_OK;
break;
}
}
return ret_val;
}
/* Waits for authentication and association responses from the target AP */
int associate_recv_loop()
{
struct pcap_pkthdr header;
const u_char *packet = NULL;
struct radio_tap_header *rt_header = NULL;
struct dot11_frame_header *dot11_frame = NULL;
struct authentication_management_frame *auth_frame = NULL;
struct association_response_management_frame *assoc_frame = NULL;
int ret_val = 0, start_time = 0;
start_time = time(NULL);
while((time(NULL) - start_time) < ASSOCIATE_WAIT_TIME)
{
packet = next_packet(&header);
if(packet == NULL)
{
break;
}
if(header.len >= MIN_AUTH_SIZE)
{
rt_header = (struct radio_tap_header *) radio_header(packet, header.len);
dot11_frame = (struct dot11_frame_header *) (packet + rt_header->len);
if((memcmp(dot11_frame->addr3, get_bssid(), MAC_ADDR_LEN) == 0) &&
(memcmp(dot11_frame->addr1, get_mac(), MAC_ADDR_LEN) == 0))
{
if(dot11_frame->fc.type == MANAGEMENT_FRAME)
{
auth_frame = (struct authentication_management_frame *) (packet + sizeof(struct dot11_frame_header) + rt_header->len);
assoc_frame = (struct association_response_management_frame *) (packet + sizeof(struct dot11_frame_header) + rt_header->len);
/* Did we get an authentication packet with a successful status? */
if((dot11_frame->fc.sub_type == SUBTYPE_AUTHENTICATION) && (auth_frame->status == AUTHENTICATION_SUCCESS))
{
ret_val = AUTH_OK;
break;
}
/* Did we get an association packet with a successful status? */
else if((dot11_frame->fc.sub_type == SUBTYPE_ASSOCIATION) && (assoc_frame->status == ASSOCIATION_SUCCESS))
{
ret_val = ASSOCIATE_OK;
break;
}
}
}
}
}
return ret_val;
}
/*
* Determines if the target AP has locked its WPS state or not.
* Returns 0 if not locked, 1 if locked.
*/
int is_wps_locked()
{
int locked = 0;
struct libwps_data wps = { 0 };
struct pcap_pkthdr header;
const unsigned char *packet = NULL;
struct radio_tap_header *rt_header = NULL;
struct dot11_frame_header *frame_header = NULL;
while(1)
{
packet = next_packet(&header);
if(packet == NULL)
{
break;
}
if(header.len >= MIN_BEACON_SIZE)
{
rt_header = (struct radio_tap_header *) radio_header(packet, header.len);
size_t rt_header_len = end_le16toh(rt_header->len);
frame_header = (struct dot11_frame_header *) (packet + rt_header_len);
if(memcmp(frame_header->addr3, get_bssid(), MAC_ADDR_LEN) == 0)
{
if((frame_header->fc & end_htole16(IEEE80211_FCTL_FTYPE | IEEE80211_FCTL_STYPE)) ==
end_htole16(IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_BEACON))
{
if(parse_wps_parameters(packet, header.len, &wps))
{
if(wps.locked == WPSLOCKED)
{
locked = 1;
}
break;
}
}
}
}
}
return locked;
}
/*
* Determines if the target AP has locked its WPS state or not.
* Returns 0 if not locked, 1 if locked.
*/
int is_wps_locked()
{
int locked = 0;
struct libwps_data wps = { 0 };
struct pcap_pkthdr header;
const u_char *packet = NULL;
struct radio_tap_header *rt_header = NULL;
struct dot11_frame_header *frame_header = NULL;
while(1)
{
packet = next_packet(&header);
if(packet == NULL)
{
break;
}
if(header.len >= MIN_BEACON_SIZE)
{
rt_header = (struct radio_tap_header *) radio_header(packet, header.len);
frame_header = (struct dot11_frame_header *) (packet + rt_header->len);
if(memcmp(frame_header->addr3, get_bssid(), MAC_ADDR_LEN) == 0)
{
if(frame_header->fc.type == MANAGEMENT_FRAME && frame_header->fc.sub_type == SUBTYPE_BEACON)
{
if(parse_wps_parameters(packet, header.len, &wps))
{
if(wps.locked == WPSLOCKED)
{
locked = 1;
}
break;
}
}
}
}
}
return locked;
}
void parse_wps_settings(const u_char *packet, struct pcap_pkthdr *header, char *target, int passive, int mode, int source)
{
struct radio_tap_header *rt_header = NULL;
struct dot11_frame_header *frame_header = NULL;
struct libwps_data *wps = NULL;
enum encryption_type encryption = NONE;
char *bssid = NULL, *ssid = NULL, *lock_display = NULL;
int wps_parsed = 0, probe_sent = 0, channel = 0, rssi = 0;
static int channel_changed = 0;
wps = malloc(sizeof(struct libwps_data));
memset(wps, 0, sizeof(struct libwps_data));
if(packet == NULL || header == NULL || header->len < MIN_BEACON_SIZE)
{
goto end;
}
rt_header = (struct radio_tap_header *) radio_header(packet, header->len);
frame_header = (struct dot11_frame_header *) (packet + rt_header->len);
/* If a specific BSSID was specified, only parse packets from that BSSID */
if(!is_target(frame_header))
{
goto end;
}
set_ssid(NULL);
bssid = (char *) mac2str(frame_header->addr3, ':');
if(bssid)
{
if((target == NULL) ||
(target != NULL && strcmp(bssid, target) == 0))
{
channel = parse_beacon_tags(packet, header->len);
rssi = signal_strength(packet, header->len);
ssid = (char *) get_ssid();
if(target != NULL && channel_changed == 0)
{
ualarm(0, 0);
change_channel(channel);
channel_changed = 1;
}
if(frame_header->fc.sub_type == PROBE_RESPONSE ||
frame_header->fc.sub_type == SUBTYPE_BEACON)
{
wps_parsed = parse_wps_parameters(packet, header->len, wps);
}
if(!is_done(bssid) && (get_channel() == channel || source == PCAP_FILE || !get_channel()))
{
if(frame_header->fc.sub_type == SUBTYPE_BEACON &&
mode == SCAN &&
!passive &&
should_probe(bssid))
{
send_probe_request(get_bssid(), get_ssid());
probe_sent = 1;
}
if(!insert(bssid, ssid, wps, encryption, rssi))
{
update(bssid, ssid, wps, encryption);
}
else if(wps->version > 0)
{
switch(wps->locked)
{
case WPSLOCKED:
lock_display = YES;
break;
case UNLOCKED:
case UNSPECIFIED:
lock_display = NO;
break;
}
cprintf(INFO, "%17s %2d %.2d %d.%d %s %s\n", bssid, channel, rssi, (wps->version >> 4), (wps->version & 0x0F), lock_display, ssid);
}
if(probe_sent)
{
update_probe_count(bssid);
}
/*
* If there was no WPS information, then the AP does not support WPS and we should ignore it from here on.
* If this was a probe response, then we've gotten all WPS info we can get from this AP and should ignore it from here on.
*/
if(!wps_parsed || frame_header->fc.sub_type == PROBE_RESPONSE)
{
mark_ap_complete(bssid);
}
}
}
/* Only update received signal strength if we are on the same channel as the AP, otherwise power measurements are screwy */
if(channel == get_channel())
{
update_ap_power(bssid, rssi);
}
free(bssid);
bssid = NULL;
}
void parse_wps_settings(const u_char *packet, struct pcap_pkthdr *header, char *target, int passive, int mode, int source)
{
struct radio_tap_header *rt_header = NULL;
struct dot11_frame_header *frame_header = NULL;
struct libwps_data *wps = NULL;
enum encryption_type encryption = NONE;
char *bssid = NULL, *ssid = NULL, *lock_display = NULL;
int wps_parsed = 0, probe_sent = 0, channel = 0, rssi = 0;
static int channel_changed = 0;
char info_manufac[500];
char info_modelnum[500];
char info_modelserial[500];
wps = malloc(sizeof(struct libwps_data));
memset(wps, 0, sizeof(struct libwps_data));
if(packet == NULL || header == NULL || header->len < MIN_BEACON_SIZE)
{
goto end;
}
rt_header = (struct radio_tap_header *) radio_header(packet, header->len);
frame_header = (struct dot11_frame_header *) (packet + rt_header->len);
/* If a specific BSSID was specified, only parse packets from that BSSID */
if(!is_target(frame_header))
{
goto end;
}
set_ssid(NULL);
bssid = (char *) mac2str(frame_header->addr3, ':');
set_bssid((unsigned char *) frame_header->addr3);
if(bssid)
{
if((target == NULL) ||
(target != NULL && strcmp(bssid, target) == 0))
{
channel = parse_beacon_tags(packet, header->len);
rssi = signal_strength(packet, header->len);
ssid = (char *) get_ssid();
if(target != NULL && channel_changed == 0)
{
ualarm(0, 0);
change_channel(channel);
channel_changed = 1;
}
if(frame_header->fc.sub_type == PROBE_RESPONSE ||
frame_header->fc.sub_type == SUBTYPE_BEACON)
{
wps_parsed = parse_wps_parameters(packet, header->len, wps);
}
if(!is_done(bssid) && (get_channel() == channel || source == PCAP_FILE))
{
if(frame_header->fc.sub_type == SUBTYPE_BEACON &&
mode == SCAN &&
!passive &&
should_probe(bssid))
{
send_probe_request(get_bssid(), get_ssid());
probe_sent = 1;
}
if(!insert(bssid, ssid, wps, encryption, rssi))
{
update(bssid, ssid, wps, encryption);
}
else if(wps->version > 0)
{
switch(wps->locked)
{
case WPSLOCKED:
lock_display = YES;
break;
case UNLOCKED:
case UNSPECIFIED:
lock_display = NO;
break;
}
//ideas made by kcdtv
if(get_chipset_output == 1)
//if(1)
{
if (c_fix == 0)
{
//no use a fixed channel
cprintf(INFO,"Option (-g) REQUIRES a channel to be set with (-c)\n");
exit(0);
}
FILE *fgchipset=NULL;
char cmd_chipset[4000];
char cmd_chipset_buf[4000];
char buffint[5];
char *aux_cmd_chipset=NULL;
memset(cmd_chipset, 0, sizeof(cmd_chipset));
memset(cmd_chipset_buf, 0, sizeof(cmd_chipset_buf));
memset(info_manufac, 0, sizeof(info_manufac));
memset(info_modelnum, 0, sizeof(info_modelnum));
memset(info_modelserial, 0, sizeof(info_modelserial));
strcat(cmd_chipset,"reaver -0 -s y -vv -i "); //need option to stop reaver in m1 stage
strcat(cmd_chipset,get_iface());
strcat(cmd_chipset, " -b ");
strcat(cmd_chipset, mac2str(get_bssid(),':'));
strcat(cmd_chipset," -c ");
snprintf(buffint, sizeof(buffint), "%d",channel);
strcat(cmd_chipset, buffint);
//cprintf(INFO,"\n%s\n",cmd_chipset);
if ((fgchipset = popen(cmd_chipset, "r")) == NULL) {
printf("Error opening pipe!\n");
//return -1;
}
while (fgets(cmd_chipset_buf, 4000, fgchipset) != NULL)
{
//[P] WPS Manufacturer: xxx
//[P] WPS Model Number: yyy
//[P] WPS Model Serial Number: zzz
//cprintf(INFO,"\n%s\n",cmd_chipset_buf);
aux_cmd_chipset = strstr(cmd_chipset_buf,"[P] WPS Manufacturer:");
if(aux_cmd_chipset != NULL)
{
//bug fix by alxchk
strncpy(info_manufac, aux_cmd_chipset+21, sizeof(info_manufac));
}
aux_cmd_chipset = strstr(cmd_chipset_buf,"[P] WPS Model Number:");
if(aux_cmd_chipset != NULL)
{
//bug fix by alxchk
strncpy(info_modelnum, aux_cmd_chipset+21, sizeof(info_modelnum));
}
aux_cmd_chipset = strstr(cmd_chipset_buf,"[P] WPS Model Serial Number:");
if(aux_cmd_chipset != NULL)
{
//bug fix by alxchk
strncpy(info_modelserial, aux_cmd_chipset+28, sizeof(info_modelserial));
}
}
//cprintf(INFO,"\n%s\n",info_manufac);
info_manufac[strcspn ( info_manufac, "\n" )] = '\0';
info_modelnum[strcspn ( info_modelnum, "\n" )] = '\0';
info_modelserial[strcspn ( info_modelserial, "\n" )] = '\0';
if(pclose(fgchipset)) {
//printf("Command not found or exited with error status\n");
//return -1;
}
}
if (o_file_p == 0)
{
cprintf(INFO, "%17s %2d %.2d %d.%d %s %s\n", bssid, channel, rssi, (wps->version >> 4), (wps->version & 0x0F), lock_display, ssid);
}
else
{
if(get_chipset_output == 1)
{
cprintf(INFO, "%17s|%2d|%.2d|%d.%d|%s|%s|%s|%s|%s\n", bssid, channel, rssi, (wps->version >> 4), (wps->version & 0x0F), lock_display, ssid, info_manufac, info_modelnum, info_modelserial);
}else
{
cprintf(INFO, "%17s|%2d|%.2d|%d.%d|%s|%s\n", bssid, channel, rssi, (wps->version >> 4), (wps->version & 0x0F), lock_display, ssid);
}
}
/* Given the tagged parameter sets from a beacon packet, locate the AP's SSID and return its current channel number */
int parse_beacon_tags(const unsigned char *packet, size_t len)
{
set_vendor(0, "\0\0\0");
char *ssid = NULL;
const unsigned char *tag_data = NULL;
unsigned char *ie = NULL, *channel_data = NULL;
size_t ie_len = 0, ie_offset = 0, tag_len = 0, tag_offset = 0;
int channel = 0;
struct radio_tap_header *rt_header = NULL;
rt_header = (struct radio_tap_header *) radio_header(packet, len);
tag_offset = end_le16toh(rt_header->len) + sizeof(struct dot11_frame_header) + sizeof(struct beacon_management_frame);
if(tag_offset < len)
{
tag_len = (len - tag_offset); /* this actually denotes length of the entire tag data area */
tag_data = (const unsigned char *) (packet + tag_offset);
/* If no SSID was manually specified, parse and save the AP SSID */
if(get_ssid() == NULL)
{
ie = parse_ie_data(tag_data, tag_len, (uint8_t) SSID_TAG_NUMBER, &ie_len, &ie_offset);
if(ie)
{
/* Return data is not null terminated; allocate ie_len+1 and memcpy string */
ssid = malloc(ie_len+1);
if(ssid)
{
memset(ssid, 0, (ie_len+1));
memcpy(ssid, ie, ie_len);
set_ssid(ssid);
free(ssid);
}
free(ie);
}
}
ie = parse_ie_data(tag_data, tag_len, HT_CAPS_TAG_NUMBER, &ie_len, &ie_offset);
if(ie)
{
set_ap_htcaps(ie, ie_len);
free(ie);
}
ie = parse_ie_data(tag_data, tag_len, (uint8_t) RATES_TAG_NUMBER, &ie_len, &ie_offset);
if(ie)
{
set_ap_rates(ie, ie_len);
free(ie);
}
ie = parse_ie_data(tag_data, tag_len, (uint8_t) ERATES_TAG_NUMBER, &ie_len, &ie_offset);
if(ie)
{
set_ap_ext_rates(ie, ie_len);
free(ie);
}
channel_data = parse_ie_data(tag_data, tag_len, (uint8_t) CHANNEL_TAG_NUMBER, &ie_len, &ie_offset);
if(channel_data)
{
if(ie_len == 1)
{
channel = *(uint8_t*)channel_data;
}
free(channel_data);
}
size_t ie_iterator = 0;
do {
const unsigned char *tag = tag_data + ie_iterator;
// check for the length of the tag, and that its not microsoft
if(tag[0] == VENDOR_SPECIFIC_TAG &&
ie_iterator+2+3 < tag_len &&
((tag[1] < 11 && memcmp(tag+2, "\x00\x14\x6c", 3) && memcmp(tag+2, "\x00\x50\xf2", 3)) ||
(tag[1] == 30 && !(memcmp(tag+2, "\x00\x26\x86", 3))))) {
set_vendor(1, tag + 2);
break;
}
} while(get_next_ie(tag_data, tag_len, &ie_iterator));
}
return channel;
}