- u8 u8aSendBuffer[500];
- char szErrbuf[PCAP_ERRBUF_SIZE];
- int nCaptureHeaderLength = 0, n80211HeaderLength = 0, nLinkEncap = 0;
- int nOrdinal = 0, r, nDelay = 100000;
- int nRateIndex = 0, retval, bytes;
- pcap_t *ppcap = NULL;
- struct bpf_program bpfprogram;
- char * szProgram = "", fBrokenSocket = 0;
- u16 u16HeaderLen;
- char szHostname[PATH_MAX];
-
- if (gethostname(szHostname, sizeof (szHostname) - 1)) {
- perror("unable to get hostname");
- }
- szHostname[sizeof (szHostname) - 1] = '\0';
-
-
- printf("Packetspammer (c)2007 Andy Green <andy@warmcat.com> GPL2\n");
-
- while (1) {
- int nOptionIndex;
- static const struct option optiona[] = {
- { "delay", required_argument, NULL, 'd' },
- { "fcs", no_argument, &flagMarkWithFCS, 1 },
- { "help", no_argument, &flagHelp, 1 },
- { "verbose", no_argument, &flagVerbose, 1},
- { 0, 0, 0, 0 }
- };
- int c = getopt_long(argc, argv, "d:hf",
- optiona, &nOptionIndex);
-
- if (c == -1)
- break;
- switch (c) {
- case 0: // long option
- break;
-
- case 'h': // help
- usage();
-
- case 'd': // delay
- nDelay = atoi(optarg);
- break;
-
- case 'f': // mark as FCS attached
- flagMarkWithFCS = 1;
- break;
-
- case 'v': //Verbose / readable output to cout
- flagVerbose = 1;
- break;
-
- default:
- printf("unknown switch %c\n", c);
- usage();
- break;
- }
- }
-
- if (optind >= argc)
- usage();
-
-
- // open the interface in pcap
-
- szErrbuf[0] = '\0';
- ppcap = pcap_open_live(argv[optind], 800, 1, 20, szErrbuf);
- if (ppcap == NULL) {
- printf("Unable to open interface %s in pcap: %s\n",
- argv[optind], szErrbuf);
- return (1);
- }
-
- //get mac from interface
-
- /*int sock, j, k;
- char mac[32];
-
- sock=socket(PF_INET, SOCK_STREAM, 0);
- if (-1==sock) {
- perror("can not open socket\n");
- return 1;
- }
-
- if (-1==ioctl(sock, SIOCGIFHWADDR, &ifr)) {
- perror("ioctl(SIOCGIFHWADDR) ");
- return 1;
- }
- for (j=0, k=0; j<6; j++) {
- k+=snprintf(mac+k, sizeof(mac)-k-1, j ? ":%02X" : "%02X",
- (int)(unsigned int)(unsigned char)ifr.ifr_hwaddr.sa_data[j]);
- }
- mac[sizeof(mac)-1]='\0';
- */
-
- //get header type
- nLinkEncap = pcap_datalink(ppcap);
- nCaptureHeaderLength = 0;
-
- switch (nLinkEncap) {
-
- case DLT_PRISM_HEADER:
- printf("DLT_PRISM_HEADER Encap\n");
- nCaptureHeaderLength = 0x40;
- n80211HeaderLength = 0x20; // ieee80211 comes after this
- szProgram = "radio[0x4a:4]==0x13223344";
- break;
-
- case DLT_IEEE802_11_RADIO:
- printf("DLT_IEEE802_11_RADIO Encap\n");
- nCaptureHeaderLength = 0x40;
- n80211HeaderLength = 0x18; // ieee80211 comes after this
- szProgram = "ether[0x0a:4]==0x13223344";
- break;
-
- default:
- printf("!!! unknown encapsulation on %s !\n", argv[1]);
- return (1);
-
- }
-
- if (pcap_compile(ppcap, &bpfprogram, szProgram, 1, 0) == -1) {
- puts(szProgram);
- puts(pcap_geterr(ppcap));
- return (1);
- } else {
- if (pcap_setfilter(ppcap, &bpfprogram) == -1) {
- puts(szProgram);
- puts(pcap_geterr(ppcap));
- } else {
- printf("RX Filter applied\n");
- }
- pcap_freecode(&bpfprogram);
- }
-
- pcap_setnonblock(ppcap, 1, szErrbuf);
-
- printf(" (delay between packets %dus)\n", nDelay);
-
- memset(u8aSendBuffer, 0, sizeof (u8aSendBuffer));
-
- while (!fBrokenSocket) {
- u8 * pu8 = u8aSendBuffer;
- struct pcap_pkthdr * ppcapPacketHeader = NULL;
- struct ieee80211_radiotap_iterator rti;
- PENUMBRA_RADIOTAP_DATA prd;
- //init of the values
- prd.m_nRate = 255;
- prd.m_nChannel = 255;
- prd.m_nAntenna = 255;
- prd.m_nRadiotapFlags = 255;
- u8 * pu8Payload = u8aSendBuffer;
- int n, nRate;
-
- // receive
-
- retval = pcap_next_ex(ppcap, &ppcapPacketHeader,
- (const u_char**)&pu8Payload);
-
- if (retval < 0) {
- fBrokenSocket = 1;
- continue;
- }
-
- if (retval != 1)
- goto do_tx;
-
- u16HeaderLen = (pu8Payload[2] + (pu8Payload[3] << 8));
-
- printf("rtap: ");
- Dump(pu8Payload, u16HeaderLen);
-
- if (ppcapPacketHeader->len <
- (u16HeaderLen + n80211HeaderLength))
- continue;
-
- bytes = ppcapPacketHeader->len -
- (u16HeaderLen + n80211HeaderLength);
- if (bytes < 0)
- continue;
-
- if (ieee80211_radiotap_iterator_init(&rti,
- (struct ieee80211_radiotap_header *)pu8Payload,
- bytes) < 0)
- continue;
-
- while ((n = ieee80211_radiotap_iterator_next(&rti)) == 0) {
-
- switch (rti.this_arg_index) {
- case IEEE80211_RADIOTAP_RATE:
- prd.m_nRate = (*rti.this_arg);
- break;
-
- case IEEE80211_RADIOTAP_CHANNEL:
- prd.m_nChannel =
- le16_to_cpu(*((u16 *)rti.this_arg));
- prd.m_nChannelFlags =
- le16_to_cpu(*((u16 *)(rti.this_arg + 2)));
- break;
-
- case IEEE80211_RADIOTAP_ANTENNA:
- prd.m_nAntenna = (*rti.this_arg) + 1;
- break;
-
- case IEEE80211_RADIOTAP_FLAGS:
- prd.m_nRadiotapFlags = *rti.this_arg;
- break;
-
- }
- }
-
- pu8Payload += u16HeaderLen + n80211HeaderLength;
-
- if (prd.m_nRadiotapFlags & IEEE80211_RADIOTAP_F_FCS)
- bytes -= 4;
-
- printf("RX: Rate: %2d.%dMbps, Freq: %d.%dGHz, "
- "Ant: %d, Flags: 0x%X\n",
- prd.m_nRate / 2, 5 * (prd.m_nRate & 1),
- prd.m_nChannel / 1000,
- prd.m_nChannel - ((prd.m_nChannel / 1000) * 1000),
- prd.m_nAntenna,
- prd.m_nRadiotapFlags);
-
- Dump(pu8Payload, bytes);
-
- do_tx:
-
- // transmit
-
- memcpy(u8aSendBuffer, u8aRadiotapHeader,
- sizeof (u8aRadiotapHeader));
- if (flagMarkWithFCS)
- pu8[OFFSET_FLAGS] |= IEEE80211_RADIOTAP_F_FCS;
- nRate = pu8[OFFSET_RATE] = u8aRatesToUse[nRateIndex++];
- if (nRateIndex >= sizeof (u8aRatesToUse))
- nRateIndex = 0;
- pu8 += sizeof (u8aRadiotapHeader);
-
- memcpy(pu8, u8aIeeeHeader, sizeof (u8aIeeeHeader));
- pu8 += sizeof (u8aIeeeHeader);
-
- pu8 += sprintf((char *)u8aSendBuffer,
- "Packetspammer %02d"
- "broadcast packet"
- "#%05d -- :-D --%s ----",
- nRate/2, nOrdinal++, szHostname);
- r = pcap_inject(ppcap, u8aSendBuffer, pu8 - u8aSendBuffer);
- if (r != (pu8-u8aSendBuffer)) {
- perror("Trouble injecting packet");
- return (1);
- }
- if (nDelay)
- usleep(nDelay);
- }