wlantest: Add send command for injecting raw frames

This can be used by external programs (e.g., wlantest_cli) to inject raw frames (hex dump of the frame header and body). The data can be requested to be sent as-is or protected with the current key.
2010-12-16 16:11:54 +02:00 · 2010-12-16 16:11:54 +02:00 · b3a6d9d400
commit b3a6d9d400
parent b993e77b5b
6 changed files with 250 additions and 5 deletions
--- a/src/utils/common.c
+++ b/src/utils/common.c
@ -29,7 +29,7 @@ static int hex2num(char c)
 }
-static int hex2byte(const char *hex)
+int hex2byte(const char *hex)
 {
 	int a, b;
 	a = hex2num(*hex++);
--- a/src/utils/common.h
+++ b/src/utils/common.h
@ -437,6 +437,7 @@ typedef u64 __bitwise le64;
 int hwaddr_aton(const char *txt, u8 *addr);
 int hwaddr_aton2(const char *txt, u8 *addr);
 int hex2byte(const char *hex);
 int hexstr2bin(const char *hex, u8 *buf, size_t len);
 void inc_byte_array(u8 *counter, size_t len);
 void wpa_get_ntp_timestamp(u8 *buf);
--- a/wlantest/ctrl.c
+++ b/wlantest/ctrl.c
@ -962,6 +962,87 @@ static void ctrl_info_bss(struct wlantest *wt, int sock, u8 *cmd, size_t clen)
 }
 static void ctrl_send_(struct wlantest *wt, int sock, u8 *cmd, size_t clen)
 {
 	struct wlantest_bss *bss;
 	struct wlantest_sta *sta;
 	u8 *bssid, *sta_addr;
 	int prot;
 	u8 *frame;
 	size_t frame_len;
 	int ret = 0;
 	struct ieee80211_hdr *hdr;
 	u16 fc;
 	frame = attr_get(cmd, clen, WLANTEST_ATTR_FRAME, &frame_len);
 	prot = attr_get_int(cmd, clen, WLANTEST_ATTR_INJECT_PROTECTION);
 	if (frame == NULL || frame_len < 24 || prot < 0) {
 		wpa_printf(MSG_INFO, "Invalid send command parameters");
 		ctrl_send_simple(wt, sock, WLANTEST_CTRL_INVALID_CMD);
 		return;
 	}
 	hdr = (struct ieee80211_hdr *) frame;
 	fc = le_to_host16(hdr->frame_control);
 	switch (WLAN_FC_GET_TYPE(fc)) {
 	case WLAN_FC_TYPE_MGMT:
 		bssid = hdr->addr3;
 		if (os_memcmp(hdr->addr2, hdr->addr3, ETH_ALEN) == 0)
 			sta_addr = hdr->addr1;
 		else
 			sta_addr = hdr->addr2;
 		break;
 	case WLAN_FC_TYPE_DATA:
 		switch (fc & (WLAN_FC_TODS | WLAN_FC_FROMDS)) {
 		case 0:
 			bssid = hdr->addr3;
 			sta_addr = hdr->addr2;
 			break;
 		case WLAN_FC_TODS:
 			bssid = hdr->addr1;
 			sta_addr = hdr->addr2;
 			break;
 		case WLAN_FC_FROMDS:
 			bssid = hdr->addr2;
 			sta_addr = hdr->addr1;
 			break;
 		default:
 			wpa_printf(MSG_INFO, "Unsupported inject frame");
 			ctrl_send_simple(wt, sock, WLANTEST_CTRL_FAILURE);
 			return;
 		}
 		break;
 	default:
 		wpa_printf(MSG_INFO, "Unsupported inject frame");
 		ctrl_send_simple(wt, sock, WLANTEST_CTRL_FAILURE);
 		return;
 	}
 	bss = bss_find(wt, bssid);
 	if (bss == NULL) {
 		wpa_printf(MSG_INFO, "Unknown BSSID");
 		ctrl_send_simple(wt, sock, WLANTEST_CTRL_FAILURE);
 		return;
 	}
 	sta = sta_find(bss, sta_addr);
 	if (sta == NULL) {
 		wpa_printf(MSG_INFO, "Unknown STA address");
 		ctrl_send_simple(wt, sock, WLANTEST_CTRL_FAILURE);
 		return;
 	}
 	ret = wlantest_inject(wt, bss, sta, frame, frame_len, prot);
 	if (ret)
 		wpa_printf(MSG_INFO, "Failed to inject frame");
 	else
 		wpa_printf(MSG_INFO, "Frame injected successfully");
 	ctrl_send_simple(wt, sock, ret == 0 ? WLANTEST_CTRL_SUCCESS :
 			 WLANTEST_CTRL_FAILURE);
 }
 static void ctrl_read(int sock, void *eloop_ctx, void *sock_ctx)
 {
 	struct wlantest *wt = eloop_ctx;
@ -1036,6 +1117,9 @@ static void ctrl_read(int sock, void *eloop_ctx, void *sock_ctx)
 	case WLANTEST_CTRL_INFO_BSS:
 		ctrl_info_bss(wt, sock, buf + 4, len - 4);
 		break;
 	case WLANTEST_CTRL_SEND:
 		ctrl_send_(wt, sock, buf + 4, len - 4);
 		break;
 	default:
 		ctrl_send_simple(wt, sock, WLANTEST_CTRL_UNKNOWN_CMD);
 		break;
--- a/wlantest/inject.c
+++ b/wlantest/inject.c
@ -209,12 +209,37 @@ static int wlantest_inject_prot(struct wlantest *wt, struct wlantest_bss *bss,
 	int tid = 0;
 	u8 *qos = NULL;
 	int hdrlen;
 	struct wlantest_tdls *tdls = NULL;
 	const u8 *tk = NULL;
 	hdr = (struct ieee80211_hdr *) frame;
 	hdrlen = 24;
 	fc = le_to_host16(hdr->frame_control);
-	if (sta == NULL) {
+	if ((fc & (WLAN_FC_TODS | WLAN_FC_FROMDS)) == 0) {
 		struct wlantest_sta *sta2;
 		bss = bss_get(wt, hdr->addr3);
 		if (bss == NULL)
 			return -1;
 		sta = sta_find(bss, hdr->addr2);
 		sta2 = sta_find(bss, hdr->addr1);
 		if (sta == NULL || sta2 == NULL)
 			return -1;
 		dl_list_for_each(tdls, &bss->tdls, struct wlantest_tdls, list)
 		{
 			if ((tdls->init == sta && tdls->resp == sta2) ||
 			    (tdls->init == sta2 && tdls->resp == sta)) {
 				if (!tdls->link_up)
 					wpa_printf(MSG_DEBUG, "TDLS: Link not "
 						   "up, but injecting Data "
 						   "frame on direct link");
 				tk = tdls->tpk.tk;
 				break;
 			}
 		}
 	}
 	if (tk == NULL && sta == NULL) {
 		if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT)
 			return wlantest_inject_bip(wt, bss, frame, len,
 						   incorrect_key);
@ -222,7 +247,7 @@ static int wlantest_inject_prot(struct wlantest *wt, struct wlantest_bss *bss,
 					       incorrect_key);
 	}
-	if (!sta->ptk_set)
+	if (tk == NULL && !sta->ptk_set)
 		return -1;
 	if (WLAN_FC_GET_TYPE(fc) == WLAN_FC_TYPE_MGMT)
@ -237,14 +262,23 @@ static int wlantest_inject_prot(struct wlantest *wt, struct wlantest_bss *bss,
 			tid = qos[0] & 0x0f;
 		}
 	}
-	if (os_memcmp(hdr->addr2, bss->bssid, ETH_ALEN) == 0)
+	if (tk) {
 		if (os_memcmp(hdr->addr2, tdls->init->addr, ETH_ALEN) == 0)
 			pn = tdls->rsc_init[tid];
 		else
 			pn = tdls->rsc_resp[tid];
 	} else if (os_memcmp(hdr->addr2, bss->bssid, ETH_ALEN) == 0)
 		pn = sta->rsc_fromds[tid];
 	else
 		pn = sta->rsc_tods[tid];
 	inc_byte_array(pn, 6);
 	os_memset(dummy, 0x11, sizeof(dummy));
-	if (sta->pairwise_cipher == WPA_CIPHER_TKIP)
+	if (tk) 
 		crypt = ccmp_encrypt(incorrect_key ? dummy : tk,
 				     frame, len, hdrlen, qos, pn, 0,
 				     &crypt_len);
 	else if (sta->pairwise_cipher == WPA_CIPHER_TKIP)
 		crypt = tkip_encrypt(incorrect_key ? dummy : sta->ptk.tk1,
 				     frame, len, hdrlen, qos, pn, 0,
 				     &crypt_len);
--- a/wlantest/wlantest_cli.c
+++ b/wlantest/wlantest_cli.c
@ -817,6 +817,127 @@ static char ** complete_inject(int s, const char *str, int pos)
 }
 static u8 * add_hex(u8 *pos, u8 *end, const char *str)
 {
 	const char *s;
 	int val;
 	s = str;
 	while (*s) {
 		while (*s == ' ' || *s == '\t' || *s == '\r' || *s == '\n' ||
 		       *s == ':')
 			s++;
 		if (*s == '\0')
 			break;
 		if (*s == '#') {
 			while (*s != '\0' && *s != '\r' && *s != '\n')
 				s++;
 			continue;
 		}
 		val = hex2byte(s);
 		if (val < 0) {
 			printf("Invalid hex encoding '%s'\n", s);
 			return NULL;
 		}
 		if (pos == end) {
 			printf("Too long frame\n");
 			return NULL;
 		}
 		*pos++ = val;
 		s += 2;
 	}
 	return pos;
 }
 static int cmd_send(int s, int argc, char *argv[])
 {
 	u8 resp[WLANTEST_CTRL_MAX_RESP_LEN];
 	u8 buf[WLANTEST_CTRL_MAX_CMD_LEN], *end, *pos, *len_pos;
 	int rlen;
 	enum wlantest_inject_protection prot;
 	int arg;
 	/* <prot> <raw frame as hex dump> */
 	if (argc < 2) {
 		printf("send needs two arguments: protected/unprotected, "
 		       "raw frame as hex dump\n");
 		return -1;
 	}
 	pos = buf;
 	end = buf + sizeof(buf);
 	WPA_PUT_BE32(pos, WLANTEST_CTRL_SEND);
 	pos += 4;
 	if (os_strcasecmp(argv[0], "normal") == 0)
 		prot = WLANTEST_INJECT_NORMAL;
 	else if (os_strcasecmp(argv[0], "protected") == 0)
 		prot = WLANTEST_INJECT_PROTECTED;
 	else if (os_strcasecmp(argv[0], "unprotected") == 0)
 		prot = WLANTEST_INJECT_UNPROTECTED;
 	else if (os_strcasecmp(argv[0], "incorrect") == 0)
 		prot = WLANTEST_INJECT_INCORRECT_KEY;
 	else {
 		printf("Unknown protection type '%s'\n", argv[1]);
 		printf("Protection types: normal protected unprotected "
 		       "incorrect\n");
 		return -1;
 	}
 	pos = attr_add_be32(pos, end, WLANTEST_ATTR_INJECT_PROTECTION, prot);
 	WPA_PUT_BE32(pos, WLANTEST_ATTR_FRAME);
 	pos += 4;
 	len_pos = pos;
 	pos += 4;
 	for (arg = 1; pos && arg < argc; arg++)
 		pos = add_hex(pos, end, argv[arg]);
 	if (pos == NULL)
 		return -1;
 	WPA_PUT_BE32(len_pos, pos - len_pos - 4);
 	rlen = cmd_send_and_recv(s, buf, pos - buf, resp, sizeof(resp));
 	if (rlen < 0)
 		return -1;
 	printf("OK\n");
 	return 0;
 }
 static char ** complete_send(int s, const char *str, int pos)
 {
 	int arg = get_cmd_arg_num(str, pos);
 	char **res = NULL;
 	switch (arg) {
 	case 1:
 		res = os_zalloc(5 * sizeof(char *));
 		if (res == NULL)
 			break;
 		res[0] = os_strdup("normal");
 		if (res[0] == NULL)
 			break;
 		res[1] = os_strdup("protected");
 		if (res[1] == NULL)
 			break;
 		res[2] = os_strdup("unprotected");
 		if (res[2] == NULL)
 			break;
 		res[3] = os_strdup("incorrect");
 		if (res[3] == NULL)
 			break;
 		break;
 	}
 	return res;
 }
 static int cmd_version(int s, int argc, char *argv[])
 {
 	u8 resp[WLANTEST_CTRL_MAX_RESP_LEN];
@ -1121,6 +1242,9 @@ static const struct wlantest_cli_cmd wlantest_cli_commands[] = {
 	{ "inject", cmd_inject,
 	  "<frame> <prot> <sender> <BSSID> <STA/ff:ff:ff:ff:ff:ff>",
 	  complete_inject },
 	{ "send", cmd_send,
 	  "<prot> <raw frame as hex dump>",
 	  complete_send },
 	{ "version", cmd_version, "= get wlantest version", NULL },
 	{ "add_passphrase", cmd_add_passphrase,
 	  "<passphrase> = add a known passphrase", NULL },
--- a/wlantest/wlantest_ctrl.h
+++ b/wlantest/wlantest_ctrl.h
@ -38,6 +38,7 @@ enum wlantest_ctrl_cmd {
 	WLANTEST_CTRL_ADD_PASSPHRASE,
 	WLANTEST_CTRL_INFO_STA,
 	WLANTEST_CTRL_INFO_BSS,
 	WLANTEST_CTRL_SEND,
 };
 enum wlantest_ctrl_attr {
@ -54,6 +55,7 @@ enum wlantest_ctrl_attr {
 	WLANTEST_ATTR_STA_INFO,
 	WLANTEST_ATTR_BSS_INFO,
 	WLANTEST_ATTR_INFO,
 	WLANTEST_ATTR_FRAME,
 };
 enum wlantest_bss_counter {