projects / openwrt / svn-archive / packages.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
bandwidthd: moved to github
[openwrt/svn-archive/packages.git] / net / reaver / patches / 0001-wpscrack-big-endian-fixes.patch
1 From 4e7af9f022996cb0a03b30f6af265b757807dfa2 Mon Sep 17 00:00:00 2001
2 From: Paul Fertser <fercerpav@gmail.com>
3 Date: Wed, 27 Jun 2012 17:44:55 +0400
4 Subject: [PATCH 1/3] wpscrack: big-endian fixes
5
6 This should fix access to the radiotap, 802.11, LLC/SNAP and WFA
7 headers' fields. Run-time tested on an ar71xx BE system.
8
9 Signed-off-by: Paul Fertser <fercerpav@gmail.com>
10 ---
11 src/80211.c | 65 +++++++++++++++++++------------
12 src/builder.c | 23 +++++------
13 src/defs.h | 116 +++++++++++++++++++++++++++++++++++++++-----------------
14 src/exchange.c | 23 ++++++-----
15 src/wpsmon.c | 13 ++++--
16 5 files changed, 151 insertions(+), 89 deletions(-)
17
18 diff --git a/src/80211.c b/src/80211.c
19 index c2aff59..19f1e92 100644
20 --- a/src/80211.c
21 +++ b/src/80211.c
22 @@ -90,17 +90,19 @@ void read_ap_beacon()
23 if(header.len >= MIN_BEACON_SIZE)
24 {
25 rt_header = (struct radio_tap_header *) radio_header(packet, header.len);
26 - frame_header = (struct dot11_frame_header *) (packet + rt_header->len);
27 -
28 + size_t rt_header_len = __le16_to_cpu(rt_header->len);
29 + frame_header = (struct dot11_frame_header *) (packet + rt_header_len);
30 +
31 if(is_target(frame_header))
32 {
33 - if(frame_header->fc.type == MANAGEMENT_FRAME && frame_header->fc.sub_type == SUBTYPE_BEACON)
34 + if((frame_header->fc & __cpu_to_le16(IEEE80211_FCTL_FTYPE | IEEE80211_FCTL_STYPE)) ==
35 + __cpu_to_le16(IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_BEACON))
36 {
37 - beacon = (struct beacon_management_frame *) (packet + rt_header->len + sizeof(struct dot11_frame_header));
38 + beacon = (struct beacon_management_frame *) (packet + rt_header_len + sizeof(struct dot11_frame_header));
39 set_ap_capability(beacon->capability);
40
41 /* Obtain the SSID and channel number from the beacon packet */
42 - tag_offset = rt_header->len + sizeof(struct dot11_frame_header) + sizeof(struct beacon_management_frame);
43 + tag_offset = rt_header_len + sizeof(struct dot11_frame_header) + sizeof(struct beacon_management_frame);
44 channel = parse_beacon_tags(packet, header.len);
45
46 /* If no channel was manually specified, switch to the AP's current channel */
47 @@ -135,29 +137,31 @@ int8_t signal_strength(const u_char *packet, size_t len)
48 {
49 header = (struct radio_tap_header *) packet;
50
51 - if((header->flags & SSI_FLAG) == SSI_FLAG)
52 + uint32_t flags = __le32_to_cpu(header->flags);
53 +
54 + if((flags & SSI_FLAG) == SSI_FLAG)
55 {
56 - if((header->flags & TSFT_FLAG) == TSFT_FLAG)
57 + if((flags & TSFT_FLAG) == TSFT_FLAG)
58 {
59 offset += TSFT_SIZE;
60 }
61
62 - if((header->flags & FLAGS_FLAG) == FLAGS_FLAG)
63 + if((flags & FLAGS_FLAG) == FLAGS_FLAG)
64 {
65 offset += FLAGS_SIZE;
66 }
67
68 - if((header->flags & RATE_FLAG) == RATE_FLAG)
69 + if((flags & RATE_FLAG) == RATE_FLAG)
70 {
71 offset += RATE_SIZE;
72 }
73
74 - if((header->flags & CHANNEL_FLAG) == CHANNEL_FLAG)
75 + if((flags & CHANNEL_FLAG) == CHANNEL_FLAG)
76 {
77 offset += CHANNEL_SIZE;
78 }
79
80 - if((header->flags & FHSS_FLAG) == FHSS_FLAG)
81 + if((flags & FHSS_FLAG) == FHSS_FLAG)
82 {
83 offset += FHSS_FLAG;
84 }
85 @@ -196,11 +200,13 @@ int is_wps_locked()
86 if(header.len >= MIN_BEACON_SIZE)
87 {
88 rt_header = (struct radio_tap_header *) radio_header(packet, header.len);
89 - frame_header = (struct dot11_frame_header *) (packet + rt_header->len);
90 + size_t rt_header_len = __le16_to_cpu(rt_header->len);
91 + frame_header = (struct dot11_frame_header *) (packet + rt_header_len);
92
93 if(memcmp(frame_header->addr3, get_bssid(), MAC_ADDR_LEN) == 0)
94 {
95 - if(frame_header->fc.type == MANAGEMENT_FRAME && frame_header->fc.sub_type == SUBTYPE_BEACON)
96 + if((frame_header->fc & __cpu_to_le16(IEEE80211_FCTL_FTYPE | IEEE80211_FCTL_STYPE)) ==
97 + __cpu_to_le16(IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_BEACON))
98 {
99 if(parse_wps_parameters(packet, header.len, &wps))
100 {
101 @@ -411,24 +417,30 @@ int associate_recv_loop()
102 if(header.len >= MIN_AUTH_SIZE)
103 {
104 rt_header = (struct radio_tap_header *) radio_header(packet, header.len);
105 - dot11_frame = (struct dot11_frame_header *) (packet + rt_header->len);
106 + size_t rt_header_len = __le16_to_cpu(rt_header->len);
107 + dot11_frame = (struct dot11_frame_header *) (packet + rt_header_len);
108
109 if((memcmp(dot11_frame->addr3, get_bssid(), MAC_ADDR_LEN) == 0) &&
110 (memcmp(dot11_frame->addr1, get_mac(), MAC_ADDR_LEN) == 0))
111 {
112 - if(dot11_frame->fc.type == MANAGEMENT_FRAME)
113 + if((dot11_frame->fc & __cpu_to_le16(IEEE80211_FCTL_FTYPE)) ==
114 + __cpu_to_le16(IEEE80211_FTYPE_MGMT))
115 {
116 - auth_frame = (struct authentication_management_frame *) (packet + sizeof(struct dot11_frame_header) + rt_header->len);
117 - assoc_frame = (struct association_response_management_frame *) (packet + sizeof(struct dot11_frame_header) + rt_header->len);
118 + auth_frame = (struct authentication_management_frame *) (packet + sizeof(struct dot11_frame_header) + rt_header_len);
119 + assoc_frame = (struct association_response_management_frame *) (packet + sizeof(struct dot11_frame_header) + rt_header_len);
120
121 /* Did we get an authentication packet with a successful status? */
122 - if((dot11_frame->fc.sub_type == SUBTYPE_AUTHENTICATION) && (auth_frame->status == AUTHENTICATION_SUCCESS))
123 + if((dot11_frame->fc & __cpu_to_le16(IEEE80211_FCTL_STYPE)) ==
124 + __cpu_to_le16(IEEE80211_STYPE_AUTH)
125 + && (auth_frame->status == __cpu_to_le16(AUTHENTICATION_SUCCESS)))
126 {
127 ret_val = AUTH_OK;
128 break;
129 }
130 /* Did we get an association packet with a successful status? */
131 - else if((dot11_frame->fc.sub_type == SUBTYPE_ASSOCIATION) && (assoc_frame->status == ASSOCIATION_SUCCESS))
132 + else if((dot11_frame->fc & __cpu_to_le16(IEEE80211_FCTL_STYPE)) ==
133 + __cpu_to_le16(IEEE80211_STYPE_ASSOC_RESP)
134 + && (assoc_frame->status == __cpu_to_le16(ASSOCIATION_SUCCESS)))
135 {
136 ret_val = ASSOCIATE_OK;
137 break;
138 @@ -455,13 +467,14 @@ enum encryption_type supported_encryption(const u_char *packet, size_t len)
139 if(len > MIN_BEACON_SIZE)
140 {
141 rt_header = (struct radio_tap_header *) radio_header(packet, len);
142 - beacon = (struct beacon_management_frame *) (packet + rt_header->len + sizeof(struct dot11_frame_header));
143 - offset = tag_offset = rt_header->len + sizeof(struct dot11_frame_header) + sizeof(struct beacon_management_frame);
144 + size_t rt_header_len = __le16_to_cpu(rt_header->len);
145 + beacon = (struct beacon_management_frame *) (packet + rt_header_len + sizeof(struct dot11_frame_header));
146 + offset = tag_offset = rt_header_len + sizeof(struct dot11_frame_header) + sizeof(struct beacon_management_frame);
147
148 tag_len = len - tag_offset;
149 tag_data = (const u_char *) (packet + tag_offset);
150
151 - if((beacon->capability & CAPABILITY_WEP) == CAPABILITY_WEP)
152 + if((__le16_to_cpu(beacon->capability) & CAPABILITY_WEP) == CAPABILITY_WEP)
153 {
154 enc = WEP;
155
156 @@ -509,7 +522,7 @@ int parse_beacon_tags(const u_char *packet, size_t len)
157 struct radio_tap_header *rt_header = NULL;
158
159 rt_header = (struct radio_tap_header *) radio_header(packet, len);
160 - tag_offset = rt_header->len + sizeof(struct dot11_frame_header) + sizeof(struct beacon_management_frame);
161 + tag_offset = __le16_to_cpu(rt_header->len) + sizeof(struct dot11_frame_header) + sizeof(struct beacon_management_frame);
162
163 if(tag_offset < len)
164 {
165 @@ -548,7 +561,7 @@ int parse_beacon_tags(const u_char *packet, size_t len)
166 {
167 if(ie_len == 1)
168 {
169 - memcpy((int *) &channel, channel_data, ie_len);
170 + channel = *(uint8_t*)channel_data;
171 }
172 free(channel_data);
173 }
174 @@ -603,13 +616,13 @@ int check_fcs(const u_char *packet, size_t len)
175 if(len > 4)
176 {
177 /* Get the packet's reported FCS (last 4 bytes of the packet) */
178 - memcpy((uint32_t *) &fcs, (packet + (len-4)), 4);
179 + fcs = __le32_to_cpu(*(uint32_t*)(packet + (len-4)));
180
181 /* FCS is not calculated over the radio tap header */
182 if(has_rt_header())
183 {
184 rt_header = (struct radio_tap_header *) packet;
185 - offset += rt_header->len;
186 + offset += __le16_to_cpu(rt_header->len);
187 }
188
189 if(len > offset)
190 diff --git a/src/builder.c b/src/builder.c
191 index 37f2de7..6bf89e7 100644
192 --- a/src/builder.c
193 +++ b/src/builder.c
194 @@ -44,9 +44,8 @@ const void *build_radio_tap_header(size_t *len)
195 memset((void *) buf, 0, sizeof(struct radio_tap_header));
196 rt_header = (struct radio_tap_header *) buf;
197
198 - rt_header->len = sizeof(struct radio_tap_header);
199 -
200 - *len = rt_header->len;
201 + *len = sizeof(struct radio_tap_header);
202 + rt_header->len = __cpu_to_le16(*len);
203 }
204
205 return buf;
206 @@ -67,9 +66,9 @@ const void *build_dot11_frame_header(uint16_t fc, size_t *len)
207
208 frag_seq += SEQ_MASK;
209
210 - header->duration = DEFAULT_DURATION;
211 - memcpy((void *) &header->fc, (void *) &fc, sizeof(struct frame_control));
212 - header->frag_seq = frag_seq;
213 + header->duration = __cpu_to_le16(DEFAULT_DURATION);
214 + header->fc = __cpu_to_le16(fc);
215 + header->frag_seq = __cpu_to_le16(frag_seq);
216
217 memcpy((void *) header->addr1, get_bssid(), MAC_ADDR_LEN);
218 memcpy((void *) header->addr2, get_mac(), MAC_ADDR_LEN);
219 @@ -91,8 +90,8 @@ const void *build_authentication_management_frame(size_t *len)
220 memset((void *) buf, 0, *len);
221 frame = (struct authentication_management_frame *) buf;
222
223 - frame->algorithm = OPEN_SYSTEM;
224 - frame->sequence = 1;
225 + frame->algorithm = __cpu_to_le16(OPEN_SYSTEM);
226 + frame->sequence = __cpu_to_le16(1);
227 frame->status = 0;
228 }
229
230 @@ -111,8 +110,8 @@ const void *build_association_management_frame(size_t *len)
231 memset((void *) buf, 0, *len);
232 frame = (struct association_request_management_frame *) buf;
233
234 - frame->capability = get_ap_capability();
235 - frame->listen_interval = LISTEN_INTERVAL;
236 + frame->capability = __cpu_to_le16(get_ap_capability());
237 + frame->listen_interval = __cpu_to_le16(LISTEN_INTERVAL);
238 }
239
240 return buf;
241 @@ -133,7 +132,7 @@ const void *build_llc_header(size_t *len)
242 header->dsap = LLC_SNAP;
243 header->ssap = LLC_SNAP;
244 header->control_field = UNNUMBERED_FRAME;
245 - header->type = DOT1X_AUTHENTICATION;
246 + header->type = __cpu_to_be16(DOT1X_AUTHENTICATION);
247
248 }
249
250 @@ -279,7 +278,7 @@ const void *build_wfa_header(uint8_t op_code, size_t *len)
251 header = (struct wfa_expanded_header *) buf;
252
253 memcpy(header->id, WFA_VENDOR_ID, sizeof(header->id));
254 - header->type = SIMPLE_CONFIG;
255 + header->type = __cpu_to_be32(SIMPLE_CONFIG);
256 header->opcode = op_code;
257 }
258
259 diff --git a/src/defs.h b/src/defs.h
260 index b2f45ea..0c628e7 100644
261 --- a/src/defs.h
262 +++ b/src/defs.h
263 @@ -41,6 +41,7 @@
264 #include <string.h>
265 #include <time.h>
266 #include <pcap.h>
267 +#include <asm/byteorder.h>
268
269 #include "wps.h"
270
271 @@ -65,10 +66,10 @@
272 #define MANAGEMENT_FRAME 0x00
273 #define SUBTYPE_BEACON 0x08
274
275 -#define DOT1X_AUTHENTICATION 0x8E88
276 +#define DOT1X_AUTHENTICATION 0x888E
277 #define DOT1X_EAP_PACKET 0x00
278
279 -#define SIMPLE_CONFIG 0x01000000
280 +#define SIMPLE_CONFIG 0x00000001
281
282 #define P1_SIZE 10000
283 #define P2_SIZE 1000
284 @@ -282,66 +283,111 @@ enum wfa_elements
285 WEP_TRANSMIT_KEY = 0x10064
286 };
287
288 +#define IEEE80211_FCTL_VERS 0x0003
289 +#define IEEE80211_FCTL_FTYPE 0x000c
290 +#define IEEE80211_FCTL_STYPE 0x00f0
291 +#define IEEE80211_FCTL_TODS 0x0100
292 +#define IEEE80211_FCTL_FROMDS 0x0200
293 +#define IEEE80211_FCTL_MOREFRAGS 0x0400
294 +#define IEEE80211_FCTL_RETRY 0x0800
295 +#define IEEE80211_FCTL_PM 0x1000
296 +#define IEEE80211_FCTL_MOREDATA 0x2000
297 +#define IEEE80211_FCTL_PROTECTED 0x4000
298 +#define IEEE80211_FCTL_ORDER 0x8000
299 +
300 +#define IEEE80211_SCTL_FRAG 0x000F
301 +#define IEEE80211_SCTL_SEQ 0xFFF0
302 +
303 +#define IEEE80211_FTYPE_MGMT 0x0000
304 +#define IEEE80211_FTYPE_CTL 0x0004
305 +#define IEEE80211_FTYPE_DATA 0x0008
306 +
307 +/* management */
308 +#define IEEE80211_STYPE_ASSOC_REQ 0x0000
309 +#define IEEE80211_STYPE_ASSOC_RESP 0x0010
310 +#define IEEE80211_STYPE_REASSOC_REQ 0x0020
311 +#define IEEE80211_STYPE_REASSOC_RESP 0x0030
312 +#define IEEE80211_STYPE_PROBE_REQ 0x0040
313 +#define IEEE80211_STYPE_PROBE_RESP 0x0050
314 +#define IEEE80211_STYPE_BEACON 0x0080
315 +#define IEEE80211_STYPE_ATIM 0x0090
316 +#define IEEE80211_STYPE_DISASSOC 0x00A0
317 +#define IEEE80211_STYPE_AUTH 0x00B0
318 +#define IEEE80211_STYPE_DEAUTH 0x00C0
319 +#define IEEE80211_STYPE_ACTION 0x00D0
320 +
321 +/* control */
322 +#define IEEE80211_STYPE_BACK_REQ 0x0080
323 +#define IEEE80211_STYPE_BACK 0x0090
324 +#define IEEE80211_STYPE_PSPOLL 0x00A0
325 +#define IEEE80211_STYPE_RTS 0x00B0
326 +#define IEEE80211_STYPE_CTS 0x00C0
327 +#define IEEE80211_STYPE_ACK 0x00D0
328 +#define IEEE80211_STYPE_CFEND 0x00E0
329 +#define IEEE80211_STYPE_CFENDACK 0x00F0
330 +
331 +/* data */
332 +#define IEEE80211_STYPE_DATA 0x0000
333 +#define IEEE80211_STYPE_DATA_CFACK 0x0010
334 +#define IEEE80211_STYPE_DATA_CFPOLL 0x0020
335 +#define IEEE80211_STYPE_DATA_CFACKPOLL 0x0030
336 +#define IEEE80211_STYPE_NULLFUNC 0x0040
337 +#define IEEE80211_STYPE_CFACK 0x0050
338 +#define IEEE80211_STYPE_CFPOLL 0x0060
339 +#define IEEE80211_STYPE_CFACKPOLL 0x0070
340 +#define IEEE80211_STYPE_QOS_DATA 0x0080
341 +#define IEEE80211_STYPE_QOS_DATA_CFACK 0x0090
342 +#define IEEE80211_STYPE_QOS_DATA_CFPOLL 0x00A0
343 +#define IEEE80211_STYPE_QOS_DATA_CFACKPOLL 0x00B0
344 +#define IEEE80211_STYPE_QOS_NULLFUNC 0x00C0
345 +#define IEEE80211_STYPE_QOS_CFACK 0x00D0
346 +#define IEEE80211_STYPE_QOS_CFPOLL 0x00E0
347 +#define IEEE80211_STYPE_QOS_CFACKPOLL 0x00F0
348 +
349 #pragma pack(1)
350 struct radio_tap_header
351 {
352 uint8_t revision;
353 uint8_t pad;
354 - uint16_t len;
355 - uint32_t flags;
356 -};
357 -
358 -struct frame_control
359 -{
360 - unsigned version : 2;
361 - unsigned type : 2;
362 - unsigned sub_type : 4;
363 -
364 - unsigned to_ds : 1;
365 - unsigned from_ds : 1;
366 - unsigned more_frag : 1;
367 - unsigned retry : 1;
368 - unsigned pwr_mgt : 1;
369 - unsigned more_data : 1;
370 - unsigned protected_frame : 1;
371 - unsigned order : 1;
372 + __le16 len;
373 + __le32 flags;
374 };
375
376 struct dot11_frame_header
377 {
378 - struct frame_control fc;
379 - uint16_t duration;
380 + __le16 fc;
381 + __le16 duration;
382 unsigned char addr1[MAC_ADDR_LEN];
383 unsigned char addr2[MAC_ADDR_LEN];
384 unsigned char addr3[MAC_ADDR_LEN];
385 - uint16_t frag_seq;
386 + __le16 frag_seq;
387 };
388
389 struct authentication_management_frame
390 {
391 - uint16_t algorithm;
392 - uint16_t sequence;
393 - uint16_t status;
394 + __le16 algorithm;
395 + __le16 sequence;
396 + __le16 status;
397 };
398
399 struct association_request_management_frame
400 {
401 - uint16_t capability;
402 - uint16_t listen_interval;
403 + __le16 capability;
404 + __le16 listen_interval;
405 };
406
407 struct association_response_management_frame
408 {
409 - uint16_t capability;
410 - uint16_t status;
411 - uint16_t id;
412 + __le16 capability;
413 + __le16 status;
414 + __le16 id;
415 };
416
417 struct beacon_management_frame
418 {
419 unsigned char timestamp[TIMESTAMP_LEN];
420 - uint16_t beacon_interval;
421 - uint16_t capability;
422 + __le16 beacon_interval;
423 + __le16 capability;
424 };
425
426 struct llc_header
427 @@ -350,7 +396,7 @@ struct llc_header
428 uint8_t ssap;
429 uint8_t control_field;
430 unsigned char org_code[3];
431 - uint16_t type;
432 + __be16 type;
433 };
434
435 struct dot1X_header
436 @@ -371,7 +417,7 @@ struct eap_header
437 struct wfa_expanded_header
438 {
439 unsigned char id[3];
440 - uint32_t type;
441 + __be32 type;
442 uint8_t opcode;
443 uint8_t flags;
444 };
445 diff --git a/src/exchange.c b/src/exchange.c
446 index 23c87e9..4f9a82b 100644
447 --- a/src/exchange.c
448 +++ b/src/exchange.c
449 @@ -306,26 +306,27 @@ enum wps_type process_packet(const u_char *packet, struct pcap_pkthdr *header)
450
451 /* Cast the radio tap and 802.11 frame headers and parse out the Frame Control field */
452 rt_header = (struct radio_tap_header *) packet;
453 - frame_header = (struct dot11_frame_header *) (packet+rt_header->len);
454 + size_t rt_header_len = __le16_to_cpu(rt_header->len);
455 + frame_header = (struct dot11_frame_header *) (packet+rt_header_len);
456
457 /* Does the BSSID/source address match our target BSSID? */
458 if(memcmp(frame_header->addr3, get_bssid(), MAC_ADDR_LEN) == 0)
459 {
460 /* Is this a data packet sent to our MAC address? */
461 - if(frame_header->fc.type == DATA_FRAME &&
462 - frame_header->fc.sub_type == SUBTYPE_DATA &&
463 - (memcmp(frame_header->addr1, get_mac(), MAC_ADDR_LEN) == 0))
464 + if (((frame_header->fc & __cpu_to_le16(IEEE80211_FCTL_FTYPE | IEEE80211_FCTL_STYPE)) ==
465 + __cpu_to_le16(IEEE80211_FTYPE_DATA | IEEE80211_STYPE_DATA)) &&
466 + (memcmp(frame_header->addr1, get_mac(), MAC_ADDR_LEN) == 0))
467 {
468 llc = (struct llc_header *) (packet +
469 - rt_header->len +
470 + rt_header_len +
471 sizeof(struct dot11_frame_header)
472 );
473
474 /* All packets in our exchanges will be 802.1x */
475 - if(llc->type == DOT1X_AUTHENTICATION)
476 + if(llc->type == __cpu_to_be16(DOT1X_AUTHENTICATION))
477 {
478 dot1x = (struct dot1X_header *) (packet +
479 - rt_header->len +
480 + rt_header_len +
481 sizeof(struct dot11_frame_header) +
482 sizeof(struct llc_header)
483 );
484 @@ -334,7 +335,7 @@ enum wps_type process_packet(const u_char *packet, struct pcap_pkthdr *header)
485 if(dot1x->type == DOT1X_EAP_PACKET && (header->len >= EAP_PACKET_SIZE))
486 {
487 eap = (struct eap_header *) (packet +
488 - rt_header->len +
489 + rt_header_len +
490 sizeof(struct dot11_frame_header) +
491 sizeof(struct llc_header) +
492 sizeof(struct dot1X_header)
493 @@ -366,7 +367,7 @@ enum wps_type process_packet(const u_char *packet, struct pcap_pkthdr *header)
494 else if((eap->type == EAP_EXPANDED) && (header->len > WFA_PACKET_SIZE))
495 {
496 wfa = (struct wfa_expanded_header *) (packet +
497 - rt_header->len +
498 + rt_header_len +
499 sizeof(struct dot11_frame_header) +
500 sizeof(struct llc_header) +
501 sizeof(struct dot1X_header) +
502 @@ -374,14 +375,14 @@ enum wps_type process_packet(const u_char *packet, struct pcap_pkthdr *header)
503 );
504
505 /* Verify that this is a WPS message */
506 - if(wfa->type == SIMPLE_CONFIG)
507 + if(wfa->type == __cpu_to_be32(SIMPLE_CONFIG))
508 {
509 wps_msg_len = (size_t) ntohs(eap->len) -
510 sizeof(struct eap_header) -
511 sizeof(struct wfa_expanded_header);
512
513 wps_msg = (const void *) (packet +
514 - rt_header->len +
515 + rt_header_len +
516 sizeof(struct dot11_frame_header) +
517 sizeof(struct llc_header) +
518 sizeof(struct dot1X_header) +
519 diff --git a/src/wpsmon.c b/src/wpsmon.c
520 index d976924..22a394f 100644
521 --- a/src/wpsmon.c
522 +++ b/src/wpsmon.c
523 @@ -295,7 +295,8 @@ void parse_wps_settings(const u_char *packet, struct pcap_pkthdr *header, char *
524 }
525
526 rt_header = (struct radio_tap_header *) radio_header(packet, header->len);
527 - frame_header = (struct dot11_frame_header *) (packet + rt_header->len);
528 + size_t rt_header_len = __le16_to_cpu(rt_header->len);
529 + frame_header = (struct dot11_frame_header *) (packet + rt_header_len);
530
531 /* If a specific BSSID was specified, only parse packets from that BSSID */
532 if(!is_target(frame_header))
533 @@ -323,15 +324,17 @@ void parse_wps_settings(const u_char *packet, struct pcap_pkthdr *header, char *
534 channel_changed = 1;
535 }
536
537 - if(frame_header->fc.sub_type == PROBE_RESPONSE ||
538 - frame_header->fc.sub_type == SUBTYPE_BEACON)
539 + unsigned fsub_type = frame_header->fc & __cpu_to_le16(IEEE80211_FCTL_STYPE);
540 +
541 + if(fsub_type == __cpu_to_le16(IEEE80211_STYPE_PROBE_RESP) ||
542 + fsub_type == __cpu_to_le16(IEEE80211_STYPE_BEACON))
543 {
544 wps_parsed = parse_wps_parameters(packet, header->len, wps);
545 }
546
547 if(!is_done(bssid) && (get_channel() == channel || source == PCAP_FILE))
548 {
549 - if(frame_header->fc.sub_type == SUBTYPE_BEACON &&
550 + if(fsub_type == __cpu_to_le16(IEEE80211_STYPE_BEACON) &&
551 mode == SCAN &&
552 !passive &&
553 should_probe(bssid))
554 @@ -369,7 +372,7 @@ void parse_wps_settings(const u_char *packet, struct pcap_pkthdr *header, char *
555 * If there was no WPS information, then the AP does not support WPS and we should ignore it from here on.
556 * If this was a probe response, then we've gotten all WPS info we can get from this AP and should ignore it from here on.
557 */
558 - if(!wps_parsed || frame_header->fc.sub_type == PROBE_RESPONSE)
559 + if(!wps_parsed || fsub_type == __cpu_to_le16(IEEE80211_STYPE_PROBE_RESP))
560 {
561 mark_ap_complete(bssid);
562 }
563 --
564 1.7.7
565
OpenWrt package feed branches, manually converted from SVN.