aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJouni Malinen <jouni.malinen@atheros.com>2010-12-16 16:11:54 +0200
committerJouni Malinen <j@w1.fi>2010-12-16 16:11:54 +0200
commitb3a6d9d40064e15720c3bbd6cfbfbf970a770a03 (patch)
treec96ab043c722a2e5c82c2307e800ded3ceda2867
parentb993e77b5b9c3f2c6a42aa76e0d5a0ef0cf34f54 (diff)
downloadexternal_wpa_supplicant_8_ti-b3a6d9d40064e15720c3bbd6cfbfbf970a770a03.zip
external_wpa_supplicant_8_ti-b3a6d9d40064e15720c3bbd6cfbfbf970a770a03.tar.gz
external_wpa_supplicant_8_ti-b3a6d9d40064e15720c3bbd6cfbfbf970a770a03.tar.bz2
wlantest: Add send command for injecting raw frames
This can be used by external programs (e.g., wlantest_cli) to inject raw frames (hex dump of the frame header and body). The data can be requested to be sent as-is or protected with the current key.
-rw-r--r--src/utils/common.c2
-rw-r--r--src/utils/common.h1
-rw-r--r--wlantest/ctrl.c84
-rw-r--r--wlantest/inject.c42
-rw-r--r--wlantest/wlantest_cli.c124
-rw-r--r--wlantest/wlantest_ctrl.h2
6 files changed, 250 insertions, 5 deletions
diff --git a/src/utils/common.c b/src/utils/common.c
index 1b8ea80..718be4a 100644
--- a/src/utils/common.c
+++ b/src/utils/common.c
@@ -29,7 +29,7 @@ static int hex2num(char c)
}
-static int hex2byte(const char *hex)
+int hex2byte(const char *hex)
{
int a, b;
a = hex2num(*hex++);
diff --git a/src/utils/common.h b/src/utils/common.h
index babfc7b..4b50b2b 100644
--- a/src/utils/common.h
+++ b/src/utils/common.h
@@ -437,6 +437,7 @@ typedef u64 __bitwise le64;
int hwaddr_aton(const char *txt, u8 *addr);
int hwaddr_aton2(const char *txt, u8 *addr);
+int hex2byte(const char *hex);
int hexstr2bin(const char *hex, u8 *buf, size_t len);
void inc_byte_array(u8 *counter, size_t len);
void wpa_get_ntp_timestamp(u8 *buf);
diff --git a/wlantest/ctrl.c b/wlantest/ctrl.c
index d5c7148..01449cb 100644
--- a/wlantest/ctrl.c
+++ b/wlantest/ctrl.c
@@ -962,6 +962,87 @@ static void ctrl_info_bss(struct wlantest *wt, int sock, u8 *cmd, size_t clen)
}
+static void ctrl_send_(struct wlantest *wt, int sock, u8 *cmd, size_t clen)
+{
+ struct wlantest_bss *bss;
+ struct wlantest_sta *sta;
+ u8 *bssid, *sta_addr;
+ int prot;
+ u8 *frame;
+ size_t frame_len;
+ int ret = 0;
+ struct ieee80211_hdr *hdr;
+ u16 fc;
+
+ frame = attr_get(cmd, clen, WLANTEST_ATTR_FRAME, &frame_len);
+ prot = attr_get_int(cmd, clen, WLANTEST_ATTR_INJECT_PROTECTION);
+ if (frame == NULL || frame_len < 24 || prot < 0) {
+ wpa_printf(MSG_INFO, "Invalid send command parameters");
+ ctrl_send_simple(wt, sock, WLANTEST_CTRL_INVALID_CMD);
+ return;
+ }
+
+ hdr = (struct ieee80211_hdr *) frame;
+ fc = le_to_host16(hdr->frame_control);
+ switch (WLAN_FC_GET_TYPE(fc)) {
+ case WLAN_FC_TYPE_MGMT:
+ bssid = hdr->addr3;
+ if (os_memcmp(hdr->addr2, hdr->addr3, ETH_ALEN) == 0)
+ sta_addr = hdr->addr1;
+ else
+ sta_addr = hdr->addr2;
+ break;
+ case WLAN_FC_TYPE_DATA:
+ switch (fc & (WLAN_FC_TODS | WLAN_FC_FROMDS)) {
+ case 0:
+ bssid = hdr->addr3;
+ sta_addr = hdr->addr2;
+ break;
+ case WLAN_FC_TODS:
+ bssid = hdr->addr1;
+ sta_addr = hdr->addr2;
+ break;
+ case WLAN_FC_FROMDS:
+ bssid = hdr->addr2;
+ sta_addr = hdr->addr1;
+ break;
+ default:
+ wpa_printf(MSG_INFO, "Unsupported inject frame");
+ ctrl_send_simple(wt, sock, WLANTEST_CTRL_FAILURE);
+ return;
+ }
+ break;
+ default:
+ wpa_printf(MSG_INFO, "Unsupported inject frame");
+ ctrl_send_simple(wt, sock, WLANTEST_CTRL_FAILURE);
+ return;
+ }
+
+ bss = bss_find(wt, bssid);
+ if (bss == NULL) {
+ wpa_printf(MSG_INFO, "Unknown BSSID");
+ ctrl_send_simple(wt, sock, WLANTEST_CTRL_FAILURE);
+ return;
+ }
+
+ sta = sta_find(bss, sta_addr);
+ if (sta == NULL) {
+ wpa_printf(MSG_INFO, "Unknown STA address");
+ ctrl_send_simple(wt, sock, WLANTEST_CTRL_FAILURE);
+ return;
+ }
+
+ ret = wlantest_inject(wt, bss, sta, frame, frame_len, prot);
+
+ if (ret)
+ wpa_printf(MSG_INFO, "Failed to inject frame");
+ else
+ wpa_printf(MSG_INFO, "Frame injected successfully");
+ ctrl_send_simple(wt, sock, ret == 0 ? WLANTEST_CTRL_SUCCESS :
+ WLANTEST_CTRL_FAILURE);
+}
+
+
static void ctrl_read(int sock, void *eloop_ctx, void *sock_ctx)
{
struct wlantest *wt = eloop_ctx;
@@ -1036,6 +1117,9 @@ static void ctrl_read(int sock, void *eloop_ctx, void *sock_ctx)
case WLANTEST_CTRL_INFO_BSS:
ctrl_info_bss(wt, sock, buf + 4, len - 4);
break;
+ case WLANTEST_CTRL_SEND:
+ ctrl_send_(wt, sock, buf + 4, len - 4);
+ break;
default:
ctrl_send_simple(wt, sock, WLANTEST_CTRL_UNKNOWN_CMD);
break;
diff --git a/wlantest/inject.c b/wlantest/inject.c
index 23642a8..20ec344 100644
--- a/wlantest/inject.c
+++ b/wlantest/inject.c
@@ -209,12 +209,37 @@ static int wlantest_inject_prot(struct wlantest *wt, struct wlantest_bss *bss,
int tid = 0;
u8 *qos = NULL;
int hdrlen;
+ struct wlantest_tdls *tdls = NULL;
+ const u8 *tk = NULL;
hdr = (struct ieee80211_hdr *) frame;
hdrlen = 24;
fc = le_to_host16(hdr->frame_control);
- if (sta == NULL) {
+ if ((fc & (WLAN_FC_TODS | WLAN_FC_FROMDS)) == 0) {
+ struct wlantest_sta *sta2;
+ bss = bss_get(wt, hdr->addr3);
+ if (bss == NULL)
+ return -1;
+ sta = sta_find(bss, hdr->addr2);
+ sta2 = sta_find(bss, hdr->addr1);
+ if (sta == NULL || sta2 == NULL)
+ return -1;
+ dl_list_for_each(tdls, &bss->tdls, struct wlantest_tdls, list)
+ {
+ if ((tdls->init == sta && tdls->resp == sta2) ||
+ (tdls->init == sta2 && tdls->resp == sta)) {
+ if (!tdls->link_up)
+ wpa_printf(MSG_DEBUG, "TDLS: Link not "
+ "up, but injecting Data "
+ "frame on direct link");
+ tk = tdls->tpk.tk;
+ break;
+ }
+ }
+ }
+
+ if (tk == NULL && sta == NULL) {
if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT)
return wlantest_inject_bip(wt, bss, frame, len,
incorrect_key);
@@ -222,7 +247,7 @@ static int wlantest_inject_prot(struct wlantest *wt, struct wlantest_bss *bss,
incorrect_key);
}
- if (!sta->ptk_set)
+ if (tk == NULL && !sta->ptk_set)
return -1;
if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT)
@@ -237,14 +262,23 @@ static int wlantest_inject_prot(struct wlantest *wt, struct wlantest_bss *bss,
tid = qos[0] & 0x0f;
}
}
- if (os_memcmp(hdr->addr2, bss->bssid, ETH_ALEN) == 0)
+ if (tk) {
+ if (os_memcmp(hdr->addr2, tdls->init->addr, ETH_ALEN) == 0)
+ pn = tdls->rsc_init[tid];
+ else
+ pn = tdls->rsc_resp[tid];
+ } else if (os_memcmp(hdr->addr2, bss->bssid, ETH_ALEN) == 0)
pn = sta->rsc_fromds[tid];
else
pn = sta->rsc_tods[tid];
inc_byte_array(pn, 6);
os_memset(dummy, 0x11, sizeof(dummy));
- if (sta->pairwise_cipher == WPA_CIPHER_TKIP)
+ if (tk)
+ crypt = ccmp_encrypt(incorrect_key ? dummy : tk,
+ frame, len, hdrlen, qos, pn, 0,
+ &crypt_len);
+ else if (sta->pairwise_cipher == WPA_CIPHER_TKIP)
crypt = tkip_encrypt(incorrect_key ? dummy : sta->ptk.tk1,
frame, len, hdrlen, qos, pn, 0,
&crypt_len);
diff --git a/wlantest/wlantest_cli.c b/wlantest/wlantest_cli.c
index b8aa043..81768a8 100644
--- a/wlantest/wlantest_cli.c
+++ b/wlantest/wlantest_cli.c
@@ -817,6 +817,127 @@ static char ** complete_inject(int s, const char *str, int pos)
}
+static u8 * add_hex(u8 *pos, u8 *end, const char *str)
+{
+ const char *s;
+ int val;
+
+ s = str;
+ while (*s) {
+ while (*s == ' ' || *s == '\t' || *s == '\r' || *s == '\n' ||
+ *s == ':')
+ s++;
+ if (*s == '\0')
+ break;
+ if (*s == '#') {
+ while (*s != '\0' && *s != '\r' && *s != '\n')
+ s++;
+ continue;
+ }
+
+ val = hex2byte(s);
+ if (val < 0) {
+ printf("Invalid hex encoding '%s'\n", s);
+ return NULL;
+ }
+ if (pos == end) {
+ printf("Too long frame\n");
+ return NULL;
+ }
+ *pos++ = val;
+ s += 2;
+ }
+
+ return pos;
+}
+
+
+static int cmd_send(int s, int argc, char *argv[])
+{
+ u8 resp[WLANTEST_CTRL_MAX_RESP_LEN];
+ u8 buf[WLANTEST_CTRL_MAX_CMD_LEN], *end, *pos, *len_pos;
+ int rlen;
+ enum wlantest_inject_protection prot;
+ int arg;
+
+ /* <prot> <raw frame as hex dump> */
+
+ if (argc < 2) {
+ printf("send needs two arguments: protected/unprotected, "
+ "raw frame as hex dump\n");
+ return -1;
+ }
+
+ pos = buf;
+ end = buf + sizeof(buf);
+ WPA_PUT_BE32(pos, WLANTEST_CTRL_SEND);
+ pos += 4;
+
+ if (os_strcasecmp(argv[0], "normal") == 0)
+ prot = WLANTEST_INJECT_NORMAL;
+ else if (os_strcasecmp(argv[0], "protected") == 0)
+ prot = WLANTEST_INJECT_PROTECTED;
+ else if (os_strcasecmp(argv[0], "unprotected") == 0)
+ prot = WLANTEST_INJECT_UNPROTECTED;
+ else if (os_strcasecmp(argv[0], "incorrect") == 0)
+ prot = WLANTEST_INJECT_INCORRECT_KEY;
+ else {
+ printf("Unknown protection type '%s'\n", argv[1]);
+ printf("Protection types: normal protected unprotected "
+ "incorrect\n");
+ return -1;
+ }
+ pos = attr_add_be32(pos, end, WLANTEST_ATTR_INJECT_PROTECTION, prot);
+
+ WPA_PUT_BE32(pos, WLANTEST_ATTR_FRAME);
+ pos += 4;
+ len_pos = pos;
+ pos += 4;
+
+ for (arg = 1; pos && arg < argc; arg++)
+ pos = add_hex(pos, end, argv[arg]);
+ if (pos == NULL)
+ return -1;
+
+ WPA_PUT_BE32(len_pos, pos - len_pos - 4);
+
+ rlen = cmd_send_and_recv(s, buf, pos - buf, resp, sizeof(resp));
+ if (rlen < 0)
+ return -1;
+ printf("OK\n");
+ return 0;
+}
+
+
+static char ** complete_send(int s, const char *str, int pos)
+{
+ int arg = get_cmd_arg_num(str, pos);
+ char **res = NULL;
+
+ switch (arg) {
+ case 1:
+ res = os_zalloc(5 * sizeof(char *));
+ if (res == NULL)
+ break;
+ res[0] = os_strdup("normal");
+ if (res[0] == NULL)
+ break;
+ res[1] = os_strdup("protected");
+ if (res[1] == NULL)
+ break;
+ res[2] = os_strdup("unprotected");
+ if (res[2] == NULL)
+ break;
+ res[3] = os_strdup("incorrect");
+ if (res[3] == NULL)
+ break;
+ break;
+ }
+
+ return res;
+}
+
+
static int cmd_version(int s, int argc, char *argv[])
{
u8 resp[WLANTEST_CTRL_MAX_RESP_LEN];
@@ -1121,6 +1242,9 @@ static const struct wlantest_cli_cmd wlantest_cli_commands[] = {
{ "inject", cmd_inject,
"<frame> <prot> <sender> <BSSID> <STA/ff:ff:ff:ff:ff:ff>",
complete_inject },
+ { "send", cmd_send,
+ "<prot> <raw frame as hex dump>",
+ complete_send },
{ "version", cmd_version, "= get wlantest version", NULL },
{ "add_passphrase", cmd_add_passphrase,
"<passphrase> = add a known passphrase", NULL },
diff --git a/wlantest/wlantest_ctrl.h b/wlantest/wlantest_ctrl.h
index 911ffaf..cd13c1c 100644
--- a/wlantest/wlantest_ctrl.h
+++ b/wlantest/wlantest_ctrl.h
@@ -38,6 +38,7 @@ enum wlantest_ctrl_cmd {
WLANTEST_CTRL_ADD_PASSPHRASE,
WLANTEST_CTRL_INFO_STA,
WLANTEST_CTRL_INFO_BSS,
+ WLANTEST_CTRL_SEND,
};
enum wlantest_ctrl_attr {
@@ -54,6 +55,7 @@ enum wlantest_ctrl_attr {
WLANTEST_ATTR_STA_INFO,
WLANTEST_ATTR_BSS_INFO,
WLANTEST_ATTR_INFO,
+ WLANTEST_ATTR_FRAME,
};
enum wlantest_bss_counter {