hak5 fixes
authorRuss Handorf <rhandorf@handorf.org>
Fri, 3 Mar 2017 02:27:32 +0000 (21:27 -0500)
committerRuss Handorf <rhandorf@handorf.org>
Fri, 3 Mar 2017 02:27:32 +0000 (21:27 -0500)
client-wifi/sohosigint/Makefile [new file with mode: 0644]
client-wifi/sohosigint/platform.h [new file with mode: 0644]
client-wifi/sohosigint/radiotap.c [new file with mode: 0644]
client-wifi/sohosigint/radiotap.h [new file with mode: 0644]
client-wifi/sohosigint/radiotap_iter.h [new file with mode: 0644]
client-wifi/sohosigint/sohosigint-wifi.c [new file with mode: 0644]

diff --git a/client-wifi/sohosigint/Makefile b/client-wifi/sohosigint/Makefile
new file mode 100644 (file)
index 0000000..279925e
--- /dev/null
@@ -0,0 +1,14 @@
+CFLAGS= -std=gnu99
+DEPS = endian.h 
+LIBS=$(LDFLAGS) -L. -lpcap -lcurl -ljson-c -lssl -lorcon2 `pkg-config --libs libnl-3.0 libnl-genl-3.0`
+OBJ = sohosigint-wifi.o radiotap.o
+
+%.o: %.c $(DEPS)
+       $(CC) -c -o $@ $<
+
+soho-sigint-wifi: $(OBJ)
+       $(CC) -o $@ $^ $(CFLAGS) $(LIBS)
+
+clean:
+       rm -rf *.o 
+       rm -rf sohosigint-wifi
diff --git a/client-wifi/sohosigint/platform.h b/client-wifi/sohosigint/platform.h
new file mode 100644 (file)
index 0000000..980fe6f
--- /dev/null
@@ -0,0 +1,23 @@
+#include <stddef.h>
+#include <errno.h>
+#ifndef _BSD_SOURCE
+#define _BSD_SOURCE
+#endif
+#ifdef __FreeBSD__
+        #include <sys/endian.h>
+#else
+        #include <endian.h>
+#endif
+
+#define le16_to_cpu             le16toh
+#define le32_to_cpu             le32toh
+#define get_unaligned(p)                                        \
+({                                                              \
+        struct packed_dummy_struct {                            \
+                typeof(*(p)) __val;                             \
+        } __attribute__((packed)) *__ptr = (void *) (p);        \
+                                                                \
+        __ptr->__val;                                           \
+})
+#define get_unaligned_le16(p)   le16_to_cpu(get_unaligned((uint16_t *)(p)))
+#define get_unaligned_le32(p)   le32_to_cpu(get_unaligned((uint32_t *)(p)))
diff --git a/client-wifi/sohosigint/radiotap.c b/client-wifi/sohosigint/radiotap.c
new file mode 100644 (file)
index 0000000..8827a86
--- /dev/null
@@ -0,0 +1,396 @@
+/*
+ * Radiotap parser
+ *
+ * Copyright 2007               Andy Green <andy@warmcat.com>
+ * Copyright 2009               Johannes Berg <johannes@sipsolutions.net>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License version 2 as
+ * published by the Free Software Foundation.
+ *
+ * Alternatively, this software may be distributed under the terms of BSD
+ * license.
+ *
+ * See COPYING for more details.
+ */
+#include "radiotap_iter.h"
+#include "platform.h"
+#if defined(ANDROID) || defined(__ANDROID__)
+        #include "../byteorder.h"
+#endif
+
+/* function prototypes and related defs are in radiotap_iter.h */
+
+static const struct radiotap_align_size rtap_namespace_sizes[] = {
+        [IEEE80211_RADIOTAP_TSFT] = { .align = 8, .size = 8, },
+        [IEEE80211_RADIOTAP_FLAGS] = { .align = 1, .size = 1, },
+        [IEEE80211_RADIOTAP_RATE] = { .align = 1, .size = 1, },
+        [IEEE80211_RADIOTAP_CHANNEL] = { .align = 2, .size = 4, },
+        [IEEE80211_RADIOTAP_FHSS] = { .align = 2, .size = 2, },
+        [IEEE80211_RADIOTAP_DBM_ANTSIGNAL] = { .align = 1, .size = 1, },
+        [IEEE80211_RADIOTAP_DBM_ANTNOISE] = { .align = 1, .size = 1, },
+        [IEEE80211_RADIOTAP_LOCK_QUALITY] = { .align = 2, .size = 2, },
+        [IEEE80211_RADIOTAP_TX_ATTENUATION] = { .align = 2, .size = 2, },
+        [IEEE80211_RADIOTAP_DB_TX_ATTENUATION] = { .align = 2, .size = 2, },
+        [IEEE80211_RADIOTAP_DBM_TX_POWER] = { .align = 1, .size = 1, },
+        [IEEE80211_RADIOTAP_ANTENNA] = { .align = 1, .size = 1, },
+        [IEEE80211_RADIOTAP_DB_ANTSIGNAL] = { .align = 1, .size = 1, },
+        [IEEE80211_RADIOTAP_DB_ANTNOISE] = { .align = 1, .size = 1, },
+        [IEEE80211_RADIOTAP_RX_FLAGS] = { .align = 2, .size = 2, },
+        [IEEE80211_RADIOTAP_TX_FLAGS] = { .align = 2, .size = 2, },
+        [IEEE80211_RADIOTAP_RTS_RETRIES] = { .align = 1, .size = 1, },
+        [IEEE80211_RADIOTAP_DATA_RETRIES] = { .align = 1, .size = 1, },
+        [IEEE80211_RADIOTAP_MCS] = { .align = 1, .size = 3, },
+        [IEEE80211_RADIOTAP_AMPDU_STATUS] = { .align = 4, .size = 8, },
+        /*
+         * add more here as they are defined in radiotap.h
+         */
+};
+
+static const struct ieee80211_radiotap_namespace radiotap_ns = {
+        .n_bits = sizeof(rtap_namespace_sizes) / sizeof(rtap_namespace_sizes[0]),
+        .align_size = rtap_namespace_sizes,
+};
+
+/**
+ * ieee80211_radiotap_iterator_init - radiotap parser iterator initialization
+ * @iterator: radiotap_iterator to initialize
+ * @radiotap_header: radiotap header to parse
+ * @max_length: total length we can parse into (eg, whole packet length)
+ *
+ * Returns: 0 or a negative error code if there is a problem.
+ *
+ * This function initializes an opaque iterator struct which can then
+ * be passed to ieee80211_radiotap_iterator_next() to visit every radiotap
+ * argument which is present in the header.  It knows about extended
+ * present headers and handles them.
+ *
+ * How to use:
+ * call __ieee80211_radiotap_iterator_init() to init a semi-opaque iterator
+ * struct ieee80211_radiotap_iterator (no need to init the struct beforehand)
+ * checking for a good 0 return code.  Then loop calling
+ * __ieee80211_radiotap_iterator_next()... it returns either 0,
+ * -ENOENT if there are no more args to parse, or -EINVAL if there is a problem.
+ * The iterator's @this_arg member points to the start of the argument
+ * associated with the current argument index that is present, which can be
+ * found in the iterator's @this_arg_index member.  This arg index corresponds
+ * to the IEEE80211_RADIOTAP_... defines.
+ *
+ * Radiotap header length:
+ * You can find the CPU-endian total radiotap header length in
+ * iterator->max_length after executing ieee80211_radiotap_iterator_init()
+ * successfully.
+ *
+ * Alignment Gotcha:
+ * You must take care when dereferencing iterator.this_arg
+ * for multibyte types... the pointer is not aligned.  Use
+ * get_unaligned((type *)iterator.this_arg) to dereference
+ * iterator.this_arg for type "type" safely on all arches.
+ *
+ * Example code: parse.c
+ */
+
+int ieee80211_radiotap_iterator_init(
+        struct ieee80211_radiotap_iterator *iterator,
+        struct ieee80211_radiotap_header *radiotap_header,
+        int max_length, const struct ieee80211_radiotap_vendor_namespaces *vns)
+{
+        /* must at least have the radiotap header */
+        if (max_length < (int)sizeof(struct ieee80211_radiotap_header))
+                return -EINVAL;
+
+        /* Linux only supports version 0 radiotap format */
+        if (radiotap_header->it_version)
+                return -EINVAL;
+
+        /* sanity check for allowed length and radiotap length field */
+        if (max_length < get_unaligned_le16(&radiotap_header->it_len))
+                return -EINVAL;
+
+        iterator->_rtheader = radiotap_header;
+        iterator->_max_length = get_unaligned_le16(&radiotap_header->it_len);
+        iterator->_arg_index = 0;
+        iterator->_bitmap_shifter = get_unaligned_le32(&radiotap_header->it_present);
+        iterator->_arg = (uint8_t *)radiotap_header + sizeof(*radiotap_header);
+        iterator->_reset_on_ext = 0;
+        iterator->_next_bitmap = &radiotap_header->it_present;
+        iterator->_next_bitmap++;
+        iterator->_vns = vns;
+        iterator->current_namespace = &radiotap_ns;
+        iterator->is_radiotap_ns = 1;
+#ifdef RADIOTAP_SUPPORT_OVERRIDES
+        iterator->n_overrides = 0;
+        iterator->overrides = NULL;
+#endif
+
+        /* find payload start allowing for extended bitmap(s) */
+
+        if (iterator->_bitmap_shifter & (1<<IEEE80211_RADIOTAP_EXT)) {
+                if ((unsigned long)iterator->_arg -
+                    (unsigned long)iterator->_rtheader + sizeof(uint32_t) >
+                    (unsigned long)iterator->_max_length)
+                        return -EINVAL;
+                while (get_unaligned_le32(iterator->_arg) &
+                                        (1 << IEEE80211_RADIOTAP_EXT)) {
+                        iterator->_arg += sizeof(uint32_t);
+
+                        /*
+                         * check for insanity where the present bitmaps
+                         * keep claiming to extend up to or even beyond the
+                         * stated radiotap header length
+                         */
+
+                        if ((unsigned long)iterator->_arg -
+                            (unsigned long)iterator->_rtheader +
+                            sizeof(uint32_t) >
+                            (unsigned long)iterator->_max_length)
+                                return -EINVAL;
+                }
+
+                iterator->_arg += sizeof(uint32_t);
+
+                /*
+                 * no need to check again for blowing past stated radiotap
+                 * header length, because ieee80211_radiotap_iterator_next
+                 * checks it before it is dereferenced
+                 */
+        }
+
+        iterator->this_arg = iterator->_arg;
+
+        /* we are all initialized happily */
+
+        return 0;
+}
+
+static void find_ns(struct ieee80211_radiotap_iterator *iterator,
+                    uint32_t oui, uint8_t subns)
+{
+        int i;
+
+        iterator->current_namespace = NULL;
+
+        if (!iterator->_vns)
+                return;
+
+        for (i = 0; i < iterator->_vns->n_ns; i++) {
+                if (iterator->_vns->ns[i].oui != oui)
+                        continue;
+                if (iterator->_vns->ns[i].subns != subns)
+                        continue;
+
+                iterator->current_namespace = &iterator->_vns->ns[i];
+                break;
+        }
+}
+
+#ifdef RADIOTAP_SUPPORT_OVERRIDES
+static int find_override(struct ieee80211_radiotap_iterator *iterator,
+                         int *align, int *size)
+{
+        int i;
+
+        if (!iterator->overrides)
+                return 0;
+
+        for (i = 0; i < iterator->n_overrides; i++) {
+                if (iterator->_arg_index == iterator->overrides[i].field) {
+                        *align = iterator->overrides[i].align;
+                        *size = iterator->overrides[i].size;
+                        if (!*align) /* erroneous override */
+                                return 0;
+                        return 1;
+                }
+        }
+
+        return 0;
+}
+#endif
+
+
+/**
+ * ieee80211_radiotap_iterator_next - return next radiotap parser iterator arg
+ * @iterator: radiotap_iterator to move to next arg (if any)
+ *
+ * Returns: 0 if there is an argument to handle,
+ * -ENOENT if there are no more args or -EINVAL
+ * if there is something else wrong.
+ *
+ * This function provides the next radiotap arg index (IEEE80211_RADIOTAP_*)
+ * in @this_arg_index and sets @this_arg to point to the
+ * payload for the field.  It takes care of alignment handling and extended
+ * present fields.  @this_arg can be changed by the caller (eg,
+ * incremented to move inside a compound argument like
+ * IEEE80211_RADIOTAP_CHANNEL).  The args pointed to are in
+ * little-endian format whatever the endianess of your CPU.
+ *
+ * Alignment Gotcha:
+ * You must take care when dereferencing iterator.this_arg
+ * for multibyte types... the pointer is not aligned.  Use
+ * get_unaligned((type *)iterator.this_arg) to dereference
+ * iterator.this_arg for type "type" safely on all arches.
+ */
+
+int ieee80211_radiotap_iterator_next(
+        struct ieee80211_radiotap_iterator *iterator)
+{
+        while (1) {
+                int hit = 0;
+                int pad, align, size, subns;
+                uint32_t oui;
+
+                /* if no more EXT bits, that's it */
+                if ((iterator->_arg_index % 32) == IEEE80211_RADIOTAP_EXT &&
+                    !(iterator->_bitmap_shifter & 1))
+                        return -ENOENT;
+
+                if (!(iterator->_bitmap_shifter & 1))
+                        goto next_entry; /* arg not present */
+
+                /* get alignment/size of data */
+                switch (iterator->_arg_index % 32) {
+                case IEEE80211_RADIOTAP_RADIOTAP_NAMESPACE:
+                case IEEE80211_RADIOTAP_EXT:
+                        align = 1;
+                        size = 0;
+                        break;
+                case IEEE80211_RADIOTAP_VENDOR_NAMESPACE:
+                        align = 2;
+                        size = 6;
+                        break;
+                default:
+#ifdef RADIOTAP_SUPPORT_OVERRIDES
+                        if (find_override(iterator, &align, &size)) {
+                                /* all set */
+                        } else
+#endif
+                        if (!iterator->current_namespace ||
+                            iterator->_arg_index >= iterator->current_namespace->n_bits) {
+                                if (iterator->current_namespace == &radiotap_ns)
+                                        return -ENOENT;
+                                align = 0;
+                        } else {
+                                align = iterator->current_namespace->align_size[iterator->_arg_index].align;
+                                size = iterator->current_namespace->align_size[iterator->_arg_index].size;
+                        }
+                        if (!align) {
+                                /* skip all subsequent data */
+                                iterator->_arg = iterator->_next_ns_data;
+                                /* give up on this namespace */
+                                iterator->current_namespace = NULL;
+                                goto next_entry;
+                        }
+                        break;
+                }
+
+                /*
+                 * arg is present, account for alignment padding
+                 *
+                 * Note that these alignments are relative to the start
+                 * of the radiotap header.  There is no guarantee
+                 * that the radiotap header itself is aligned on any
+                 * kind of boundary.
+                 *
+                 * The above is why get_unaligned() is used to dereference
+                 * multibyte elements from the radiotap area.
+                 */
+
+                pad = ((unsigned long)iterator->_arg -
+                       (unsigned long)iterator->_rtheader) & (align - 1);
+
+                if (pad)
+                        iterator->_arg += align - pad;
+
+                if (iterator->_arg_index % 32 == IEEE80211_RADIOTAP_VENDOR_NAMESPACE) {
+                        int vnslen;
+
+                        if ((unsigned long)iterator->_arg + size -
+                            (unsigned long)iterator->_rtheader >
+                            (unsigned long)iterator->_max_length)
+                                return -EINVAL;
+
+                        oui = (*iterator->_arg << 16) |
+                                (*(iterator->_arg + 1) << 8) |
+                                *(iterator->_arg + 2);
+                        subns = *(iterator->_arg + 3);
+
+                        find_ns(iterator, oui, subns);
+
+                        vnslen = get_unaligned_le16(iterator->_arg + 4);
+                        iterator->_next_ns_data = iterator->_arg + size + vnslen;
+                        if (!iterator->current_namespace)
+                                size += vnslen;
+                }
+
+                /*
+                 * this is what we will return to user, but we need to
+                 * move on first so next call has something fresh to test
+                 */
+                iterator->this_arg_index = iterator->_arg_index;
+                iterator->this_arg = iterator->_arg;
+                iterator->this_arg_size = size;
+
+                /* internally move on the size of this arg */
+                iterator->_arg += size;
+
+                /*
+                 * check for insanity where we are given a bitmap that
+                 * claims to have more arg content than the length of the
+                 * radiotap section.  We will normally end up equalling this
+                 * max_length on the last arg, never exceeding it.
+                 */
+
+                if ((unsigned long)iterator->_arg -
+                    (unsigned long)iterator->_rtheader >
+                    (unsigned long)iterator->_max_length)
+                        return -EINVAL;
+
+                /* these special ones are valid in each bitmap word */
+                switch (iterator->_arg_index % 32) {
+                case IEEE80211_RADIOTAP_VENDOR_NAMESPACE:
+                        iterator->_reset_on_ext = 1;
+
+                        iterator->is_radiotap_ns = 0;
+                        /*
+                         * If parser didn't register this vendor
+                         * namespace with us, allow it to show it
+                         * as 'raw. Do do that, set argument index
+                         * to vendor namespace.
+                         */
+                        iterator->this_arg_index =
+                                IEEE80211_RADIOTAP_VENDOR_NAMESPACE;
+                        if (!iterator->current_namespace)
+                                hit = 1;
+                        goto next_entry;
+                case IEEE80211_RADIOTAP_RADIOTAP_NAMESPACE:
+                        iterator->_reset_on_ext = 1;
+                        iterator->current_namespace = &radiotap_ns;
+                        iterator->is_radiotap_ns = 1;
+                        goto next_entry;
+                case IEEE80211_RADIOTAP_EXT:
+                        /*
+                         * bit 31 was set, there is more
+                         * -- move to next u32 bitmap
+                         */
+                        iterator->_bitmap_shifter =
+                                get_unaligned_le32(iterator->_next_bitmap);
+                        iterator->_next_bitmap++;
+                        if (iterator->_reset_on_ext)
+                                iterator->_arg_index = 0;
+                        else
+                                iterator->_arg_index++;
+                        iterator->_reset_on_ext = 0;
+                        break;
+                default:
+                        /* we've got a hit! */
+                        hit = 1;
+ next_entry:
+                        iterator->_bitmap_shifter >>= 1;
+                        iterator->_arg_index++;
+                }
+
+                /* if we found a valid arg earlier, return it now */
+                if (hit)
+                        return 0;
+        }
+}
diff --git a/client-wifi/sohosigint/radiotap.h b/client-wifi/sohosigint/radiotap.h
new file mode 100644 (file)
index 0000000..fb5ea68
--- /dev/null
@@ -0,0 +1,290 @@
+/*-
+ * Copyright (c) 2003, 2004 David Young.  All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. The name of David Young may not be used to endorse or promote
+ *    products derived from this software without specific prior
+ *    written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY DAVID YOUNG ``AS IS'' AND ANY
+ * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL DAVID
+ * YOUNG BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
+ * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+ * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
+ * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
+ * OF SUCH DAMAGE.
+ */
+
+/*
+ * Modifications to fit into the linux IEEE 802.11 stack,
+ * Mike Kershaw (dragorn@kismetwireless.net)
+ */
+
+#ifndef IEEE80211RADIOTAP_H
+#define IEEE80211RADIOTAP_H
+
+#include <stdint.h>
+
+/* Base version of the radiotap packet header data */
+#define PKTHDR_RADIOTAP_VERSION         0
+
+/* A generic radio capture format is desirable. There is one for
+ * Linux, but it is neither rigidly defined (there were not even
+ * units given for some fields) nor easily extensible.
+ *
+ * I suggest the following extensible radio capture format. It is
+ * based on a bitmap indicating which fields are present.
+ *
+ * I am trying to describe precisely what the application programmer
+ * should expect in the following, and for that reason I tell the
+ * units and origin of each measurement (where it applies), or else I
+ * use sufficiently weaselly language ("is a monotonically nondecreasing
+ * function of...") that I cannot set false expectations for lawyerly
+ * readers.
+ */
+
+/* The radio capture header precedes the 802.11 header.
+ * All data in the header is little endian on all platforms.
+ */
+struct ieee80211_radiotap_header {
+        uint8_t it_version;     /* Version 0. Only increases
+                                 * for drastic changes,
+                                 * introduction of compatible
+                                 * new fields does not count.
+                                 */
+        uint8_t it_pad;
+        uint16_t it_len;        /* length of the whole
+                                 * header in bytes, including
+                                 * it_version, it_pad,
+                                 * it_len, and data fields.
+                                 */
+        uint32_t it_present;    /* A bitmap telling which
+                                 * fields are present. Set bit 31
+                                 * (0x80000000) to extend the
+                                 * bitmap by another 32 bits.
+                                 * Additional extensions are made
+                                 * by setting bit 31.
+                                 */
+};
+
+/* Name                                 Data type    Units
+ * ----                                 ---------    -----
+ *
+ * IEEE80211_RADIOTAP_TSFT              __le64       microseconds
+ *
+ *      Value in microseconds of the MAC's 64-bit 802.11 Time
+ *      Synchronization Function timer when the first bit of the
+ *      MPDU arrived at the MAC. For received frames, only.
+ *
+ * IEEE80211_RADIOTAP_CHANNEL           2 x uint16_t   MHz, bitmap
+ *
+ *      Tx/Rx frequency in MHz, followed by flags (see below).
+ *
+ * IEEE80211_RADIOTAP_FHSS              uint16_t       see below
+ *
+ *      For frequency-hopping radios, the hop set (first byte)
+ *      and pattern (second byte).
+ *
+ * IEEE80211_RADIOTAP_RATE              u8           500kb/s
+ *
+ *      Tx/Rx data rate
+ *
+ * IEEE80211_RADIOTAP_DBM_ANTSIGNAL     s8           decibels from
+ *                                                   one milliwatt (dBm)
+ *
+ *      RF signal power at the antenna, decibel difference from
+ *      one milliwatt.
+ *
+ * IEEE80211_RADIOTAP_DBM_ANTNOISE      s8           decibels from
+ *                                                   one milliwatt (dBm)
+ *
+ *      RF noise power at the antenna, decibel difference from one
+ *      milliwatt.
+ *
+ * IEEE80211_RADIOTAP_DB_ANTSIGNAL      u8           decibel (dB)
+ *
+ *      RF signal power at the antenna, decibel difference from an
+ *      arbitrary, fixed reference.
+ *
+ * IEEE80211_RADIOTAP_DB_ANTNOISE       u8           decibel (dB)
+ *
+ *      RF noise power at the antenna, decibel difference from an
+ *      arbitrary, fixed reference point.
+ *
+ * IEEE80211_RADIOTAP_LOCK_QUALITY      uint16_t       unitless
+ *
+ *      Quality of Barker code lock. Unitless. Monotonically
+ *      nondecreasing with "better" lock strength. Called "Signal
+ *      Quality" in datasheets.  (Is there a standard way to measure
+ *      this?)
+ *
+ * IEEE80211_RADIOTAP_TX_ATTENUATION    uint16_t       unitless
+ *
+ *      Transmit power expressed as unitless distance from max
+ *      power set at factory calibration.  0 is max power.
+ *      Monotonically nondecreasing with lower power levels.
+ *
+ * IEEE80211_RADIOTAP_DB_TX_ATTENUATION uint16_t       decibels (dB)
+ *
+ *      Transmit power expressed as decibel distance from max power
+ *      set at factory calibration.  0 is max power.  Monotonically
+ *      nondecreasing with lower power levels.
+ *
+ * IEEE80211_RADIOTAP_DBM_TX_POWER      s8           decibels from
+ *                                                   one milliwatt (dBm)
+ *
+ *      Transmit power expressed as dBm (decibels from a 1 milliwatt
+ *      reference). This is the absolute power level measured at
+ *      the antenna port.
+ *
+ * IEEE80211_RADIOTAP_FLAGS             u8           bitmap
+ *
+ *      Properties of transmitted and received frames. See flags
+ *      defined below.
+ *
+ * IEEE80211_RADIOTAP_ANTENNA           u8           antenna index
+ *
+ *      Unitless indication of the Rx/Tx antenna for this packet.
+ *      The first antenna is antenna 0.
+ *
+ * IEEE80211_RADIOTAP_RX_FLAGS          uint16_t       bitmap
+ *
+ *     Properties of received frames. See flags defined below.
+ *
+ * IEEE80211_RADIOTAP_TX_FLAGS          uint16_t       bitmap
+ *
+ *     Properties of transmitted frames. See flags defined below.
+ *
+ * IEEE80211_RADIOTAP_RTS_RETRIES       u8           data
+ *
+ *     Number of rts retries a transmitted frame used.
+ *
+ * IEEE80211_RADIOTAP_DATA_RETRIES      u8           data
+ *
+ *     Number of unicast retries a transmitted frame used.
+ *
+ * IEEE80211_RADIOTAP_MCS       u8, u8, u8              unitless
+ *
+ *     Contains a bitmap of known fields/flags, the flags, and
+ *     the MCS index.
+ *
+ * IEEE80211_RADIOTAP_AMPDU_STATUS      u32, u16, u8, u8        unitlesss
+ *
+ *      Contains the AMPDU information for the subframe.
+ */
+enum ieee80211_radiotap_type {
+        IEEE80211_RADIOTAP_TSFT = 0,
+        IEEE80211_RADIOTAP_FLAGS = 1,
+        IEEE80211_RADIOTAP_RATE = 2,
+        IEEE80211_RADIOTAP_CHANNEL = 3,
+        IEEE80211_RADIOTAP_FHSS = 4,
+        IEEE80211_RADIOTAP_DBM_ANTSIGNAL = 5,
+        IEEE80211_RADIOTAP_DBM_ANTNOISE = 6,
+        IEEE80211_RADIOTAP_LOCK_QUALITY = 7,
+        IEEE80211_RADIOTAP_TX_ATTENUATION = 8,
+        IEEE80211_RADIOTAP_DB_TX_ATTENUATION = 9,
+        IEEE80211_RADIOTAP_DBM_TX_POWER = 10,
+        IEEE80211_RADIOTAP_ANTENNA = 11,
+        IEEE80211_RADIOTAP_DB_ANTSIGNAL = 12,
+        IEEE80211_RADIOTAP_DB_ANTNOISE = 13,
+        IEEE80211_RADIOTAP_RX_FLAGS = 14,
+        IEEE80211_RADIOTAP_TX_FLAGS = 15,
+        IEEE80211_RADIOTAP_RTS_RETRIES = 16,
+        IEEE80211_RADIOTAP_DATA_RETRIES = 17,
+
+        IEEE80211_RADIOTAP_MCS = 19,
+        IEEE80211_RADIOTAP_AMPDU_STATUS = 20,
+
+        /* valid in every it_present bitmap, even vendor namespaces */
+        IEEE80211_RADIOTAP_RADIOTAP_NAMESPACE = 29,
+        IEEE80211_RADIOTAP_VENDOR_NAMESPACE = 30,
+        IEEE80211_RADIOTAP_EXT = 31
+};
+
+/* Channel flags. */
+#define IEEE80211_CHAN_TURBO    0x0010  /* Turbo channel */
+#define IEEE80211_CHAN_CCK      0x0020  /* CCK channel */
+#define IEEE80211_CHAN_OFDM     0x0040  /* OFDM channel */
+#define IEEE80211_CHAN_2GHZ     0x0080  /* 2 GHz spectrum channel. */
+#define IEEE80211_CHAN_5GHZ     0x0100  /* 5 GHz spectrum channel */
+#define IEEE80211_CHAN_PASSIVE  0x0200  /* Only passive scan allowed */
+#define IEEE80211_CHAN_DYN      0x0400  /* Dynamic CCK-OFDM channel */
+#define IEEE80211_CHAN_GFSK     0x0800  /* GFSK channel (FHSS PHY) */
+
+/* For IEEE80211_RADIOTAP_FLAGS */
+#define IEEE80211_RADIOTAP_F_CFP        0x01    /* sent/received
+                                                 * during CFP
+                                                 */
+#define IEEE80211_RADIOTAP_F_SHORTPRE   0x02    /* sent/received
+                                                 * with short
+                                                 * preamble
+                                                 */
+#define IEEE80211_RADIOTAP_F_WEP        0x04    /* sent/received
+                                                 * with WEP encryption
+                                                 */
+#define IEEE80211_RADIOTAP_F_FRAG       0x08    /* sent/received
+                                                 * with fragmentation
+                                                 */
+#define IEEE80211_RADIOTAP_F_FCS        0x10    /* frame includes FCS */
+#define IEEE80211_RADIOTAP_F_DATAPAD    0x20    /* frame has padding between
+                                                 * 802.11 header and payload
+                                                 * (to 32-bit boundary)
+                                                 */
+#define IEEE80211_RADIOTAP_F_BADFCS     0x40    /* frame failed FCS check */
+
+/* For IEEE80211_RADIOTAP_RX_FLAGS */
+#define IEEE80211_RADIOTAP_F_RX_BADPLCP 0x0002 /* bad PLCP */
+
+/* For IEEE80211_RADIOTAP_TX_FLAGS */
+#define IEEE80211_RADIOTAP_F_TX_FAIL    0x0001  /* failed due to excessive
+                                                 * retries */
+#define IEEE80211_RADIOTAP_F_TX_CTS     0x0002  /* used cts 'protection' */
+#define IEEE80211_RADIOTAP_F_TX_RTS     0x0004  /* used rts/cts handshake */
+
+/* For IEEE80211_RADIOTAP_AMPDU_STATUS */
+#define IEEE80211_RADIOTAP_AMPDU_REPORT_ZEROLEN         0x0001
+#define IEEE80211_RADIOTAP_AMPDU_IS_ZEROLEN             0x0002
+#define IEEE80211_RADIOTAP_AMPDU_LAST_KNOWN             0x0004
+#define IEEE80211_RADIOTAP_AMPDU_IS_LAST                0x0008
+#define IEEE80211_RADIOTAP_AMPDU_DELIM_CRC_ERR          0x0010
+#define IEEE80211_RADIOTAP_AMPDU_DELIM_CRC_KNOWN        0x0020
+
+/* For IEEE80211_RADIOTAP_MCS */
+#define IEEE80211_RADIOTAP_MCS_HAVE_BW          0x01
+#define IEEE80211_RADIOTAP_MCS_HAVE_MCS         0x02
+#define IEEE80211_RADIOTAP_MCS_HAVE_GI          0x04
+#define IEEE80211_RADIOTAP_MCS_HAVE_FMT         0x08
+#define IEEE80211_RADIOTAP_MCS_HAVE_FEC         0x10
+#define IEEE80211_RADIOTAP_MCS_HAVE_STBC        0x20
+#define IEEE80211_RADIOTAP_MCS_HAVE_NESS        0x40
+#define IEEE80211_RADIOTAP_MCS_NESS_BIT1        0x80
+
+
+#define IEEE80211_RADIOTAP_MCS_BW_MASK          0x03
+#define         IEEE80211_RADIOTAP_MCS_BW_20    0
+#define         IEEE80211_RADIOTAP_MCS_BW_40    1
+#define         IEEE80211_RADIOTAP_MCS_BW_20L   2
+#define         IEEE80211_RADIOTAP_MCS_BW_20U   3
+#define IEEE80211_RADIOTAP_MCS_SGI              0x04
+#define IEEE80211_RADIOTAP_MCS_FMT_GF           0x08
+#define IEEE80211_RADIOTAP_MCS_FEC_LDPC         0x10
+#define IEEE80211_RADIOTAP_MCS_STBC_MASK        0x60
+#define IEEE80211_RADIOTAP_MCS_STBC_SHIFT       5
+#define         IEEE80211_RADIOTAP_MCS_STBC_1   1
+#define         IEEE80211_RADIOTAP_MCS_STBC_2   2
+#define         IEEE80211_RADIOTAP_MCS_STBC_3   3
+#define IEEE80211_RADIOTAP_MCS_NESS_BIT0        0x80
+
+#endif                          /* IEEE80211_RADIOTAP_H */
diff --git a/client-wifi/sohosigint/radiotap_iter.h b/client-wifi/sohosigint/radiotap_iter.h
new file mode 100644 (file)
index 0000000..5ee4cfb
--- /dev/null
@@ -0,0 +1,96 @@
+#ifndef __RADIOTAP_ITER_H
+#define __RADIOTAP_ITER_H
+
+#include <stdint.h>
+#include "radiotap.h"
+
+/* Radiotap header iteration
+ *   implemented in radiotap.c
+ */
+
+struct radiotap_override {
+        uint8_t field;
+        uint8_t align:4, size:4;
+};
+
+struct radiotap_align_size {
+        uint8_t align:4, size:4;
+};
+
+struct ieee80211_radiotap_namespace {
+        const struct radiotap_align_size *align_size;
+        int n_bits;
+        uint32_t oui;
+        uint8_t subns;
+};
+
+struct ieee80211_radiotap_vendor_namespaces {
+        const struct ieee80211_radiotap_namespace *ns;
+        int n_ns;
+};
+
+/**
+ * struct ieee80211_radiotap_iterator - tracks walk thru present radiotap args
+ * @this_arg_index: index of current arg, valid after each successful call
+ *      to ieee80211_radiotap_iterator_next()
+ * @this_arg: pointer to current radiotap arg; it is valid after each
+ *      call to ieee80211_radiotap_iterator_next() but also after
+ *      ieee80211_radiotap_iterator_init() where it will point to
+ *      the beginning of the actual data portion
+ * @this_arg_size: length of the current arg, for convenience
+ * @current_namespace: pointer to the current namespace definition
+ *      (or internally %NULL if the current namespace is unknown)
+ * @is_radiotap_ns: indicates whether the current namespace is the default
+ *      radiotap namespace or not
+ *
+ * @overrides: override standard radiotap fields
+ * @n_overrides: number of overrides
+ *
+ * @_rtheader: pointer to the radiotap header we are walking through
+ * @_max_length: length of radiotap header in cpu byte ordering
+ * @_arg_index: next argument index
+ * @_arg: next argument pointer
+ * @_next_bitmap: internal pointer to next present u32
+ * @_bitmap_shifter: internal shifter for curr u32 bitmap, b0 set == arg present
+ * @_vns: vendor namespace definitions
+ * @_next_ns_data: beginning of the next namespace's data
+ * @_reset_on_ext: internal; reset the arg index to 0 when going to the
+ *      next bitmap word
+ *
+ * Describes the radiotap parser state. Fields prefixed with an underscore
+ * must not be used by users of the parser, only by the parser internally.
+ */
+
+struct ieee80211_radiotap_iterator {
+        struct ieee80211_radiotap_header *_rtheader;
+        const struct ieee80211_radiotap_vendor_namespaces *_vns;
+        const struct ieee80211_radiotap_namespace *current_namespace;
+
+        unsigned char *_arg, *_next_ns_data;
+        uint32_t *_next_bitmap;
+
+        unsigned char *this_arg;
+#ifdef RADIOTAP_SUPPORT_OVERRIDES
+        const struct radiotap_override *overrides;
+        int n_overrides;
+#endif
+        int this_arg_index;
+        int this_arg_size;
+
+        int is_radiotap_ns;
+
+        int _max_length;
+        int _arg_index;
+        uint32_t _bitmap_shifter;
+        int _reset_on_ext;
+};
+
+extern int ieee80211_radiotap_iterator_init(
+        struct ieee80211_radiotap_iterator *iterator,
+        struct ieee80211_radiotap_header *radiotap_header,
+        int max_length, const struct ieee80211_radiotap_vendor_namespaces *vns);
+
+extern int ieee80211_radiotap_iterator_next(
+        struct ieee80211_radiotap_iterator *iterator);
+
+#endif /* __RADIOTAP_ITER_H */
diff --git a/client-wifi/sohosigint/sohosigint-wifi.c b/client-wifi/sohosigint/sohosigint-wifi.c
new file mode 100644 (file)
index 0000000..b675f0d
--- /dev/null
@@ -0,0 +1,558 @@
+#include <pcap.h>
+#include <pcap.h>
+#include <stdio.h>
+#include <string.h>
+#include <stdlib.h>
+#include <errno.h>
+#include <sys/socket.h>
+#include <ctype.h>
+#include <unistd.h>
+#include "radiotap.h"
+#include "radiotap_iter.h"
+#include <curl/curl.h>
+#include <json-c/json.h>
+#include <stdbool.h>
+#include <lorcon2/lorcon.h>
+
+const struct pcap_pkthdr* callback_header;
+
+time_t start = 0;
+int element = -1;
+int changechan=1;
+char *ssid_buf[50][2] = { NULL, NULL };
+char *probe_resp_buf[50][3] = { NULL, NULL };
+char *probe_buf[50][2] = { NULL, NULL };
+
+lorcon_t *context;
+int lchannel = 1;
+
+//char post_url[255] = "http://intranet.spangdorfia.com/butler/sohoinput.php";
+char *post_url = NULL;
+
+static uint8_t insecure = 0;
+
+static const struct radiotap_align_size align_size_000000_00[] = {
+  [0] = { .align = 1, .size = 4, },
+  [52] = { .align = 1, .size = 4, },
+};
+
+typedef struct {
+  u_int8_t        it_version;
+  u_int8_t        it_pad;
+  u_int16_t       it_len;
+  u_int32_t       it_present;
+
+  u_int32_t       pad;
+  u_int8_t        flags;
+  u_int8_t        rate;
+  u_int16_t       wr_chan_freq;
+  int8_t          ant_sig;
+  int8_t          lock_quality;
+  u_int8_t        ant;
+
+} __attribute__((__packed__)) ieee80211_radiotap;
+
+struct json_object *obj1, *obj2, *array, *tmp1, *tmp2;
+
+/*
+int change_chan(context) {
+  if (changechan==1) {
+    int gchannel=0;
+    changechan=0;
+    gchannel=lorcon_get_channel(context);
+    printf("got channel %d", gchannel);
+    lchannel=gchannel+1;
+    if (lchannel == 14) {
+      lchannel=1;
+    }
+    printf("Setting channel %d\n", lchannel);
+    lorcon_set_channel(context, lchannel);
+    changechan=1;
+  }
+}
+*/
+
+void send_data(json_object *array) {
+
+  //printf("curl start\n");
+  CURL *curl;
+  CURLcode res;
+
+  struct curl_slist *headers = NULL;
+
+  headers = curl_slist_append(headers, "Accept: application/json");
+  headers = curl_slist_append(headers, "Content-Type: application/json");
+
+  //json_object *obj1 = json_object_new_object();
+  //json_object *jvs = json_object_new_string("1");
+  //json_object *japmac = json_object_new_string(ap_mac);
+  //json_object *jlat = json_object_new_double(lat);
+  //json_object *jlng = json_object_new_double(lng);
+
+  //json_object_object_add(obj1,"v", jvs);
+  //json_object_object_add(obj1,"ap_mac", japmac);
+  //json_object_object_add(obj1,"data", array);
+  //json_object_object_add(obj1,"lat", jlat);
+  //json_object_object_add(obj1,"lng", jlng);
+
+  curl = curl_easy_init();
+
+  if(curl) {
+
+    curl_easy_setopt(curl, CURLOPT_WRITEFUNCTION, NULL);
+    curl_easy_setopt(curl, CURLOPT_URL, post_url);
+    curl_easy_setopt(curl, CURLOPT_HTTPHEADER, headers);
+    curl_easy_setopt(curl, CURLOPT_CUSTOMREQUEST, "POST");
+    curl_easy_setopt(curl, CURLOPT_USERAGENT, "SoHoSIGINT");
+    curl_easy_setopt(curl, CURLOPT_POSTFIELDS, json_object_to_json_string(array));
+
+    if (insecure) {
+      curl_easy_setopt(curl, CURLOPT_SSL_VERIFYPEER, FALSE);
+    }
+
+    //printf("Sending this: %s\n",json_object_to_json_string(array));
+
+    //openlog(SYSLOG_NAME, LOG_PID|LOG_CONS, LOG_USER);
+    res = curl_easy_perform(curl);
+
+    if(res != CURLE_OK) {
+      printf("There was a problem sending to %s\n", post_url);
+      //syslog (LOG_INFO, "couldn't send JSON.");
+    } else {
+      //printf("sent JSON to %s\n", post_url);
+    }
+    //closelog ();
+    curl_easy_cleanup(curl);
+    curl_slist_free_all(headers);
+    //json_object_put(obj1);
+  }
+
+  curl_global_cleanup();
+  //printf("curl end\n");
+}
+
+
+void my_callback(u_char *args,const struct pcap_pkthdr* pkthdr,const u_char* packet) {
+
+  int err, radiotap_header_len, ssid_len, i;
+  int8_t rssi, rate, flags, fcsfail;
+  u_int16_t channel;
+  char client_mac[18];
+  char bssid_mac[18];
+  char ssid[32];
+  char tmp_channel[2];
+  char tmp_rssi[1];
+  
+  int diff;
+
+  if (start == 0) {
+    start = time(0);
+  }
+
+  time_t t0 = time(0);
+
+  if ( json_object_get_type(array) != json_type_array) {
+    //printf("type of json= %d\n", json_object_get_type(array) == json_type_array);
+    array = json_object_new_array();
+  };
+
+  struct ieee80211_radiotap_iterator iter;
+
+  radiotap_header_len = iter._max_length;
+
+  err = ieee80211_radiotap_iterator_init(&iter, (void*)packet, pkthdr->caplen, NULL);
+  if (err > 0) {
+  }
+
+  radiotap_header_len = iter._max_length;
+
+  fcsfail = 0;
+  while (!(err = ieee80211_radiotap_iterator_next(&iter))) {
+    if (iter.this_arg_index == IEEE80211_RADIOTAP_DBM_ANTSIGNAL) {
+      rssi = (int8_t)iter.this_arg[0];
+    }
+    if (iter.this_arg_index == IEEE80211_RADIOTAP_CHANNEL) {
+      channel = (*(uint16_t *)iter.this_arg);
+    }
+    if (iter.this_arg_index == IEEE80211_RADIOTAP_RATE) {
+      rate = (u_int8_t)iter.this_arg[0];
+    }
+    if (iter.this_arg_index == IEEE80211_RADIOTAP_FLAGS) {
+      flags = (*(u_int8_t *)iter.this_arg);
+      if (flags & IEEE80211_RADIOTAP_F_BADFCS) {
+        printf("bad fcs\n");
+        fcsfail=1;
+        break;
+      }
+      if (flags & IEEE80211_RADIOTAP_F_FRAG) {
+        printf("frag\n");
+      }
+      if (flags & IEEE80211_RADIOTAP_F_CFP) {
+        printf("cfp\n");
+      }
+    }
+  };
+
+  sprintf(tmp_channel, "%04x", channel);
+  sprintf(tmp_rssi, "%d", rssi);
+
+  int counter=0;
+  if (pkthdr->len >= 24) {
+    u_int8_t hlen;
+    //hlen = packet[2]+(packet[3]<<8); //Usually 18 or 13 in some cases
+    hlen=36+2;
+    //hlen=38;
+    switch (packet[hlen]) {
+      case 0x40: //probe request
+       printf("probe request\n");
+
+        //while (counter<pkthdr->len) {
+        //  printf("%02x",packet[counter]);
+        //  counter++;
+        //}
+        //printf("\n");
+
+        ssid_len=packet[61+2];
+
+       memset(ssid, 0, sizeof(ssid));
+
+       if (ssid_len>0) {
+          for (i=0;i<ssid_len;++i){
+            sprintf(ssid+i, "%c", packet[64+i]);
+          }
+         //printf("dongs %s  size %d\n", ssid, sizeof(ssid));
+        } else {
+          sprintf(ssid,"[HIDDEN]");
+        }
+
+        memset(client_mac, 0, sizeof(client_mac));
+        sprintf(client_mac, "%02x:%02x:%02x:%02x:%02x:%02x", packet[46+2], packet[47+2],packet[48+2],packet[49+2],packet[50+2],packet[51+2]);
+
+        for (i=0; i<50; i++) {
+          if (probe_buf[i][0] != NULL) {
+            if ((strcoll(probe_buf[i][0], ssid) == 0 && strcoll(probe_buf[i][1], client_mac) == 0)) {
+              break;
+            }
+          }
+          if (probe_buf[i][0] == NULL) {
+              if (element < i) {
+                element=i;
+              }
+             //printf("probe element: %d\n", element);
+              probe_buf[i][0] = strdup(ssid);
+              probe_buf[i][1] = strdup(client_mac);
+              obj2 = json_object_new_object();
+              json_object *type = json_object_new_string("40");
+              json_object *tssid = json_object_new_string(ssid);
+              json_object *tclient_mac = json_object_new_string(client_mac);
+              json_object *tchannel = json_object_new_string(tmp_channel);
+              json_object *jrssi = json_object_new_string(tmp_rssi);
+              json_object_object_add(obj2,"type", type);
+              json_object_object_add(obj2,"ssid", tssid);
+              json_object_object_add(obj2,"client_mac", tclient_mac);
+              json_object_object_add(obj2,"channel", tchannel);
+              json_object_object_add(obj2,"rssi", jrssi);
+              json_object_array_add(array,obj2);
+              break;
+            }
+        }
+        break;
+      case 0x50: //probe response
+       printf("probe response\n");
+
+        //while (counter<pkthdr->len) {
+          //printf("%02x",packet[counter]);
+          //counter++;
+        //}
+        //printf("\n");
+
+        ssid_len=packet[75];
+
+       memset(ssid, 0, sizeof(ssid));
+
+       if (ssid_len>0) {
+          for (i=0;i<ssid_len;++i){
+            sprintf(ssid+i, "%c", packet[76+i]);
+          }
+        } else {
+          sprintf(ssid,"[HIDDEN]");
+        }
+
+        //was 39-44
+        sprintf(client_mac, "%02x:%02x:%02x:%02x:%02x:%02x", packet[40+2], packet[41+2],packet[42+2],packet[43+2],packet[44+2],packet[45+2]);
+        sprintf(bssid_mac, "%02x:%02x:%02x:%02x:%02x:%02x", packet[52+2], packet[53+2],packet[54+2],packet[55+2],packet[56+2],packet[57+2]);
+
+        for (i=0; i<50; i++) {
+          if (probe_resp_buf[i][0] != NULL) {
+            if ((strcoll(probe_resp_buf[i][0], ssid) == 0 && strcoll(probe_resp_buf[i][1], client_mac) == 0)) {
+              break;
+            }
+          }
+          if (probe_resp_buf[i][0] == NULL) {
+              if (element < i) {
+                element=i;
+              }
+             //printf("probe response element: %d\n", element);
+              probe_resp_buf[i][0] = strdup(ssid);
+              probe_resp_buf[i][1] = strdup(client_mac);
+              probe_resp_buf[i][2] = strdup(bssid_mac);
+              obj2 = json_object_new_object();
+              json_object *type = json_object_new_string("50");
+              json_object *tssid = json_object_new_string(ssid);
+              json_object *tclient_mac = json_object_new_string(client_mac);
+              json_object *tbssid_mac = json_object_new_string(bssid_mac);
+              json_object *tchannel = json_object_new_string(tmp_channel);
+              json_object *jrssi = json_object_new_string(tmp_rssi);
+              json_object_object_add(obj2,"type", type);
+              json_object_object_add(obj2,"ssid", tssid);
+              json_object_object_add(obj2,"client_mac", tclient_mac);
+              json_object_object_add(obj2,"bssid_mac", tbssid_mac);
+              json_object_object_add(obj2,"channel", tchannel);
+              json_object_object_add(obj2,"rssi", jrssi);
+              json_object_array_add(array,obj2);
+              break;
+            }
+        }
+        break;
+      case 0x80: //beacon
+       //printf("beacon\n");
+        ssid_len=packet[73+2];
+       //printf("length %d\n", ssid_len);
+       //int counter=0;
+       //while (counter<pkthdr->len) {
+       //  printf("%02x",packet[counter]);
+       //  counter++;
+       //}
+       //printf("\n");
+
+       memset(ssid, 0, sizeof(ssid));
+       
+        if (ssid_len>0) {
+          for (i=0;i<ssid_len;++i){
+            sprintf(ssid+i, "%c", packet[76+i]);
+           //sprintf(ssid[i], "%c", packet[76+i]);
+          }
+        } else {
+          sprintf(ssid,"[HIDDEN]");
+        }
+
+        if (ssid_len == 15 && strlen(ssid) == 0) {
+          sprintf(ssid,"[truncated]");
+        } 
+        //printf("debug ssid: %s  fieldlen: %d strlen: %d\n", ssid, ssid_len, strlen(ssid));
+        sprintf(client_mac, "%02x:%02x:%02x:%02x:%02x:%02x", packet[52+2], packet[53+2],packet[54+2],packet[55+2],packet[56+2],packet[57+2]);
+
+        for (i=0; i<50; i++) {
+          if (ssid_buf[i][0] != NULL) {
+            if ((strcoll(ssid_buf[i][0], ssid) == 0 && strcoll(ssid_buf[i][1], client_mac) == 0)) {
+              break;
+            }
+          }
+          if (ssid_buf[i][0] == NULL) {
+              if (element < i) {
+                element=i;
+              }
+             //printf("ssid element: %d\n", element);
+              ssid_buf[i][0] = strdup(ssid);
+              ssid_buf[i][1] = strdup(client_mac);
+              obj2 = json_object_new_object();
+              json_object *type = json_object_new_string("80");
+              json_object *tssid = json_object_new_string(ssid);
+              json_object *tclient_mac = json_object_new_string(client_mac);
+              json_object *tchannel = json_object_new_string(tmp_channel);
+              json_object *jrssi = json_object_new_string(tmp_rssi);
+              json_object_object_add(obj2,"type", type);
+              json_object_object_add(obj2,"ssid", tssid);
+              json_object_object_add(obj2,"bssid", tclient_mac);
+              json_object_object_add(obj2,"channel", tchannel);
+              json_object_object_add(obj2,"rssi", jrssi);
+              json_object_array_add(array,obj2);
+              break;
+            }
+        }
+        break;
+      //default:
+        //printf("Got something different: %02x\n", packet[hlen]);
+        //printf("hlen: %d\n", hlen);
+        //break;
+    }
+  };
+
+  diff = (t0 - start);
+
+  if ((diff >= 5) || (element == 25)) {
+    printf("time to barf!\n");
+    //printf("size: %d\n", element);
+    //change_chan(context);
+    int gchannel=0;
+    gchannel=lorcon_get_channel(context);
+    //printf("got channel %d", gchannel);
+    lchannel=gchannel+1;
+    if (lchannel == 14) {
+      lchannel=1;
+    }
+    //printf("Setting channel %d\n", lchannel);
+    lorcon_set_channel(context, lchannel);
+
+    lorcon_set_channel(context, lchannel);
+    /*
+    for (i=0; i<34; i++) {
+      printf("barf beacons: buffer %d, ssid: %s \t\t mac: %s  channel: %s rssi: %s\n", i, ssid_buf[i][0], ssid_buf[i][1], ssid_buf[i][2], ssid_buf[i][3]);
+    }
+    for (i=0; i<34; i++) {
+      printf("barf probe reponses: buffer %d, ssid: %s \t mac: %s mac: %s  channel: %s rssi: %s\n", i, probe_resp_buf[i][0], probe_resp_buf[i][1], probe_resp_buf[i][2], probe_resp_buf[i][3], probe_resp_buf[i][4]);
+    }
+    for (i=0; i<34; i++) {
+      printf("barf probes: buffer %d, ssid: %s \t mac: %s channel: %s rssi: %s\n", i, probe_buf[i][0], probe_buf[i][1], probe_buf[i][2], probe_buf[i][3]);
+    }
+    */
+
+    if (element >= 0) {
+      //printf("barfing\n");
+      send_data(array);
+      //printf ("The json object created: %s\n",json_object_to_json_string(array));
+      json_object_put(array);
+
+      memset(ssid_buf, 0, sizeof(ssid_buf));
+      memset(probe_resp_buf, 0, sizeof(probe_resp_buf));
+      memset(probe_buf, 0, sizeof(probe_buf));
+      element=-1;
+    }
+    start = time(0);
+  }
+  //printf("rate: %d  channel: %04x  rssi: %d\n", rate, channel, rssi);
+}
+
+int main(int argc,char **argv)
+{
+  int c;
+  char *dev = NULL; 
+  char *interface = NULL;
+  lorcon_driver_t *drvlist, *driver;
+  //lorcon_t *context;
+  char errbuf[PCAP_ERRBUF_SIZE];
+  pcap_t* pcap;
+  struct bpf_program fp;      /* hold compiled program     */
+  bpf_u_int32 maskp;          /* subnet mask               */
+  bpf_u_int32 netp;           /* ip                        */
+  u_char* args = NULL;
+  char filter_exp[] = "";
+  char *totpacket = NULL;
+
+  while ((c = getopt (argc, argv, "ha:i:p:")) != -1)
+    switch (c) {
+      case 'a':
+        totpacket = optarg;
+        break;
+      case 'i':
+        interface = optarg;
+        break;
+      case 'p':
+        post_url = optarg;
+        break;
+      case 'h':
+        printf("./disect -a -i\n\t-a : number of packets to sniff. (default 10)\n\t-i : wlan interface.\n\t-p : URL for your collector.\n");
+        exit(0);
+      default:
+        return 0;
+     }
+
+  if (totpacket == NULL) {
+    totpacket="-1";
+    printf("-a not specified... looping forever.\n");
+  }
+
+  if (interface == NULL) {
+    printf("You forgot -i\n");
+    exit(0);
+  }
+
+  if (post_url == NULL) {
+    printf("You forgot -p\n");
+    exit(0);
+  }
+
+  //printf ("%s %s\n", totpacket, dev);
+
+  //if(interface == NULL) {
+  //  printf("%s\n",errbuf); 
+  //  exit(1); 
+  //}
+
+  if ( (driver = lorcon_auto_driver(interface)) == NULL) {
+    printf("[!] Could not determine the driver for %s\n",interface);
+    return -1;
+  } else {
+    printf("[+]\t Driver: %s\n",driver->name);
+  }
+
+  // Create LORCON context
+  if ((context = lorcon_create(interface, driver)) == NULL) {
+    printf("[!]\t Failed to create context");
+    return -1;
+  }
+
+  // Create Monitor Mode Interface
+  if (lorcon_open_monitor(context) < 0) {
+    printf("[!]\t Could not create Monitor Mode interface!\n");
+    return -1;
+  } else {
+    printf("[+]\t Monitor Mode VAP: %s\n",lorcon_get_vap(context));
+    lorcon_free_driver_list(driver);
+  }
+
+  // Set the channel we'll be injecting on
+  lorcon_set_channel(context, lchannel);
+
+  dev=lorcon_get_vap(context);
+
+  /* ask pcap for the network address and mask of the device */
+  pcap_lookupnet(dev,&netp,&maskp,errbuf);
+
+  /* open device for reading. NOTE: defaulting to
+   * promiscuous mode*/
+  pcap = pcap_open_live(dev,2346,1,1000,errbuf);
+  pcap_set_promisc(pcap, 1);
+
+  if(pcap == NULL) {
+    printf("pcap_open_live(): %s\n",errbuf); 
+    exit(1); 
+  }
+
+  pcap_set_datalink(pcap, DLT_IEEE802_11);
+  pcap_set_datalink(pcap, DLT_IEEE802_11_RADIO_AVS);
+  pcap_set_datalink(pcap, DLT_IEEE802_11_RADIO);
+
+  //pcap_setnonblock(pcap, 1, errbuf); 
+
+  int link_layer_type = pcap_datalink(pcap);
+
+  //printf("type: %d\n", link_layer_type);
+
+  if (link_layer_type == DLT_PRISM_HEADER ||
+      link_layer_type == DLT_IEEE802_11_RADIO ||
+      link_layer_type == DLT_IEEE802_11_RADIO_AVS ||
+      link_layer_type == DLT_IEEE802_11 ||
+      link_layer_type == DLT_PPI ||
+      link_layer_type == 127 ) {
+    if (pcap_compile(pcap, &fp, filter_exp, 0, netp) == -1) {
+      fprintf(stderr, "Couldn't parse filter %s: %s\n", filter_exp, pcap_geterr(pcap));
+      exit(EXIT_FAILURE);
+    }
+    if (pcap_setfilter(pcap, &fp) == -1) {
+      fprintf(stderr, "Couldn't install filter %s: %s\n",
+        filter_exp, pcap_geterr(pcap));
+      exit(EXIT_FAILURE);
+    }
+    printf("starting\n");
+
+    pcap_loop(pcap,atoi(totpacket),my_callback,NULL);
+  } else {
+    fprintf(stderr, "Not using the Wi-Fi interface, are you testing something?\n");
+  }
+  fprintf(stdout,"\nfinished\n");
+  return 0;
+}
+
+