0001-wpscrack-big-endian-fixes.patch 21 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565
  1. From 4e7af9f022996cb0a03b30f6af265b757807dfa2 Mon Sep 17 00:00:00 2001
  2. From: Paul Fertser <fercerpav@gmail.com>
  3. Date: Wed, 27 Jun 2012 17:44:55 +0400
  4. Subject: [PATCH 1/3] wpscrack: big-endian fixes
  5. This should fix access to the radiotap, 802.11, LLC/SNAP and WFA
  6. headers' fields. Run-time tested on an ar71xx BE system.
  7. Signed-off-by: Paul Fertser <fercerpav@gmail.com>
  8. ---
  9. src/80211.c | 65 +++++++++++++++++++------------
  10. src/builder.c | 23 +++++------
  11. src/defs.h | 116 +++++++++++++++++++++++++++++++++++++++-----------------
  12. src/exchange.c | 23 ++++++-----
  13. src/wpsmon.c | 13 ++++--
  14. 5 files changed, 151 insertions(+), 89 deletions(-)
  15. diff --git a/src/80211.c b/src/80211.c
  16. index c2aff59..19f1e92 100644
  17. --- a/src/80211.c
  18. +++ b/src/80211.c
  19. @@ -90,17 +90,19 @@ void read_ap_beacon()
  20. if(header.len >= MIN_BEACON_SIZE)
  21. {
  22. rt_header = (struct radio_tap_header *) radio_header(packet, header.len);
  23. - frame_header = (struct dot11_frame_header *) (packet + rt_header->len);
  24. -
  25. + size_t rt_header_len = __le16_to_cpu(rt_header->len);
  26. + frame_header = (struct dot11_frame_header *) (packet + rt_header_len);
  27. +
  28. if(is_target(frame_header))
  29. {
  30. - if(frame_header->fc.type == MANAGEMENT_FRAME && frame_header->fc.sub_type == SUBTYPE_BEACON)
  31. + if((frame_header->fc & __cpu_to_le16(IEEE80211_FCTL_FTYPE | IEEE80211_FCTL_STYPE)) ==
  32. + __cpu_to_le16(IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_BEACON))
  33. {
  34. - beacon = (struct beacon_management_frame *) (packet + rt_header->len + sizeof(struct dot11_frame_header));
  35. + beacon = (struct beacon_management_frame *) (packet + rt_header_len + sizeof(struct dot11_frame_header));
  36. set_ap_capability(beacon->capability);
  37. /* Obtain the SSID and channel number from the beacon packet */
  38. - tag_offset = rt_header->len + sizeof(struct dot11_frame_header) + sizeof(struct beacon_management_frame);
  39. + tag_offset = rt_header_len + sizeof(struct dot11_frame_header) + sizeof(struct beacon_management_frame);
  40. channel = parse_beacon_tags(packet, header.len);
  41. /* If no channel was manually specified, switch to the AP's current channel */
  42. @@ -135,29 +137,31 @@ int8_t signal_strength(const u_char *packet, size_t len)
  43. {
  44. header = (struct radio_tap_header *) packet;
  45. - if((header->flags & SSI_FLAG) == SSI_FLAG)
  46. + uint32_t flags = __le32_to_cpu(header->flags);
  47. +
  48. + if((flags & SSI_FLAG) == SSI_FLAG)
  49. {
  50. - if((header->flags & TSFT_FLAG) == TSFT_FLAG)
  51. + if((flags & TSFT_FLAG) == TSFT_FLAG)
  52. {
  53. offset += TSFT_SIZE;
  54. }
  55. - if((header->flags & FLAGS_FLAG) == FLAGS_FLAG)
  56. + if((flags & FLAGS_FLAG) == FLAGS_FLAG)
  57. {
  58. offset += FLAGS_SIZE;
  59. }
  60. - if((header->flags & RATE_FLAG) == RATE_FLAG)
  61. + if((flags & RATE_FLAG) == RATE_FLAG)
  62. {
  63. offset += RATE_SIZE;
  64. }
  65. - if((header->flags & CHANNEL_FLAG) == CHANNEL_FLAG)
  66. + if((flags & CHANNEL_FLAG) == CHANNEL_FLAG)
  67. {
  68. offset += CHANNEL_SIZE;
  69. }
  70. - if((header->flags & FHSS_FLAG) == FHSS_FLAG)
  71. + if((flags & FHSS_FLAG) == FHSS_FLAG)
  72. {
  73. offset += FHSS_FLAG;
  74. }
  75. @@ -196,11 +200,13 @@ int is_wps_locked()
  76. if(header.len >= MIN_BEACON_SIZE)
  77. {
  78. rt_header = (struct radio_tap_header *) radio_header(packet, header.len);
  79. - frame_header = (struct dot11_frame_header *) (packet + rt_header->len);
  80. + size_t rt_header_len = __le16_to_cpu(rt_header->len);
  81. + frame_header = (struct dot11_frame_header *) (packet + rt_header_len);
  82. if(memcmp(frame_header->addr3, get_bssid(), MAC_ADDR_LEN) == 0)
  83. {
  84. - if(frame_header->fc.type == MANAGEMENT_FRAME && frame_header->fc.sub_type == SUBTYPE_BEACON)
  85. + if((frame_header->fc & __cpu_to_le16(IEEE80211_FCTL_FTYPE | IEEE80211_FCTL_STYPE)) ==
  86. + __cpu_to_le16(IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_BEACON))
  87. {
  88. if(parse_wps_parameters(packet, header.len, &wps))
  89. {
  90. @@ -411,24 +417,30 @@ int associate_recv_loop()
  91. if(header.len >= MIN_AUTH_SIZE)
  92. {
  93. rt_header = (struct radio_tap_header *) radio_header(packet, header.len);
  94. - dot11_frame = (struct dot11_frame_header *) (packet + rt_header->len);
  95. + size_t rt_header_len = __le16_to_cpu(rt_header->len);
  96. + dot11_frame = (struct dot11_frame_header *) (packet + rt_header_len);
  97. if((memcmp(dot11_frame->addr3, get_bssid(), MAC_ADDR_LEN) == 0) &&
  98. (memcmp(dot11_frame->addr1, get_mac(), MAC_ADDR_LEN) == 0))
  99. {
  100. - if(dot11_frame->fc.type == MANAGEMENT_FRAME)
  101. + if((dot11_frame->fc & __cpu_to_le16(IEEE80211_FCTL_FTYPE)) ==
  102. + __cpu_to_le16(IEEE80211_FTYPE_MGMT))
  103. {
  104. - auth_frame = (struct authentication_management_frame *) (packet + sizeof(struct dot11_frame_header) + rt_header->len);
  105. - assoc_frame = (struct association_response_management_frame *) (packet + sizeof(struct dot11_frame_header) + rt_header->len);
  106. + auth_frame = (struct authentication_management_frame *) (packet + sizeof(struct dot11_frame_header) + rt_header_len);
  107. + assoc_frame = (struct association_response_management_frame *) (packet + sizeof(struct dot11_frame_header) + rt_header_len);
  108. /* Did we get an authentication packet with a successful status? */
  109. - if((dot11_frame->fc.sub_type == SUBTYPE_AUTHENTICATION) && (auth_frame->status == AUTHENTICATION_SUCCESS))
  110. + if((dot11_frame->fc & __cpu_to_le16(IEEE80211_FCTL_STYPE)) ==
  111. + __cpu_to_le16(IEEE80211_STYPE_AUTH)
  112. + && (auth_frame->status == __cpu_to_le16(AUTHENTICATION_SUCCESS)))
  113. {
  114. ret_val = AUTH_OK;
  115. break;
  116. }
  117. /* Did we get an association packet with a successful status? */
  118. - else if((dot11_frame->fc.sub_type == SUBTYPE_ASSOCIATION) && (assoc_frame->status == ASSOCIATION_SUCCESS))
  119. + else if((dot11_frame->fc & __cpu_to_le16(IEEE80211_FCTL_STYPE)) ==
  120. + __cpu_to_le16(IEEE80211_STYPE_ASSOC_RESP)
  121. + && (assoc_frame->status == __cpu_to_le16(ASSOCIATION_SUCCESS)))
  122. {
  123. ret_val = ASSOCIATE_OK;
  124. break;
  125. @@ -455,13 +467,14 @@ enum encryption_type supported_encryption(const u_char *packet, size_t len)
  126. if(len > MIN_BEACON_SIZE)
  127. {
  128. rt_header = (struct radio_tap_header *) radio_header(packet, len);
  129. - beacon = (struct beacon_management_frame *) (packet + rt_header->len + sizeof(struct dot11_frame_header));
  130. - offset = tag_offset = rt_header->len + sizeof(struct dot11_frame_header) + sizeof(struct beacon_management_frame);
  131. + size_t rt_header_len = __le16_to_cpu(rt_header->len);
  132. + beacon = (struct beacon_management_frame *) (packet + rt_header_len + sizeof(struct dot11_frame_header));
  133. + offset = tag_offset = rt_header_len + sizeof(struct dot11_frame_header) + sizeof(struct beacon_management_frame);
  134. tag_len = len - tag_offset;
  135. tag_data = (const u_char *) (packet + tag_offset);
  136. - if((beacon->capability & CAPABILITY_WEP) == CAPABILITY_WEP)
  137. + if((__le16_to_cpu(beacon->capability) & CAPABILITY_WEP) == CAPABILITY_WEP)
  138. {
  139. enc = WEP;
  140. @@ -509,7 +522,7 @@ int parse_beacon_tags(const u_char *packet, size_t len)
  141. struct radio_tap_header *rt_header = NULL;
  142. rt_header = (struct radio_tap_header *) radio_header(packet, len);
  143. - tag_offset = rt_header->len + sizeof(struct dot11_frame_header) + sizeof(struct beacon_management_frame);
  144. + tag_offset = __le16_to_cpu(rt_header->len) + sizeof(struct dot11_frame_header) + sizeof(struct beacon_management_frame);
  145. if(tag_offset < len)
  146. {
  147. @@ -548,7 +561,7 @@ int parse_beacon_tags(const u_char *packet, size_t len)
  148. {
  149. if(ie_len == 1)
  150. {
  151. - memcpy((int *) &channel, channel_data, ie_len);
  152. + channel = *(uint8_t*)channel_data;
  153. }
  154. free(channel_data);
  155. }
  156. @@ -603,13 +616,13 @@ int check_fcs(const u_char *packet, size_t len)
  157. if(len > 4)
  158. {
  159. /* Get the packet's reported FCS (last 4 bytes of the packet) */
  160. - memcpy((uint32_t *) &fcs, (packet + (len-4)), 4);
  161. + fcs = __le32_to_cpu(*(uint32_t*)(packet + (len-4)));
  162. /* FCS is not calculated over the radio tap header */
  163. if(has_rt_header())
  164. {
  165. rt_header = (struct radio_tap_header *) packet;
  166. - offset += rt_header->len;
  167. + offset += __le16_to_cpu(rt_header->len);
  168. }
  169. if(len > offset)
  170. diff --git a/src/builder.c b/src/builder.c
  171. index 37f2de7..6bf89e7 100644
  172. --- a/src/builder.c
  173. +++ b/src/builder.c
  174. @@ -44,9 +44,8 @@ const void *build_radio_tap_header(size_t *len)
  175. memset((void *) buf, 0, sizeof(struct radio_tap_header));
  176. rt_header = (struct radio_tap_header *) buf;
  177. - rt_header->len = sizeof(struct radio_tap_header);
  178. -
  179. - *len = rt_header->len;
  180. + *len = sizeof(struct radio_tap_header);
  181. + rt_header->len = __cpu_to_le16(*len);
  182. }
  183. return buf;
  184. @@ -67,9 +66,9 @@ const void *build_dot11_frame_header(uint16_t fc, size_t *len)
  185. frag_seq += SEQ_MASK;
  186. - header->duration = DEFAULT_DURATION;
  187. - memcpy((void *) &header->fc, (void *) &fc, sizeof(struct frame_control));
  188. - header->frag_seq = frag_seq;
  189. + header->duration = __cpu_to_le16(DEFAULT_DURATION);
  190. + header->fc = __cpu_to_le16(fc);
  191. + header->frag_seq = __cpu_to_le16(frag_seq);
  192. memcpy((void *) header->addr1, get_bssid(), MAC_ADDR_LEN);
  193. memcpy((void *) header->addr2, get_mac(), MAC_ADDR_LEN);
  194. @@ -91,8 +90,8 @@ const void *build_authentication_management_frame(size_t *len)
  195. memset((void *) buf, 0, *len);
  196. frame = (struct authentication_management_frame *) buf;
  197. - frame->algorithm = OPEN_SYSTEM;
  198. - frame->sequence = 1;
  199. + frame->algorithm = __cpu_to_le16(OPEN_SYSTEM);
  200. + frame->sequence = __cpu_to_le16(1);
  201. frame->status = 0;
  202. }
  203. @@ -111,8 +110,8 @@ const void *build_association_management_frame(size_t *len)
  204. memset((void *) buf, 0, *len);
  205. frame = (struct association_request_management_frame *) buf;
  206. - frame->capability = get_ap_capability();
  207. - frame->listen_interval = LISTEN_INTERVAL;
  208. + frame->capability = __cpu_to_le16(get_ap_capability());
  209. + frame->listen_interval = __cpu_to_le16(LISTEN_INTERVAL);
  210. }
  211. return buf;
  212. @@ -133,7 +132,7 @@ const void *build_llc_header(size_t *len)
  213. header->dsap = LLC_SNAP;
  214. header->ssap = LLC_SNAP;
  215. header->control_field = UNNUMBERED_FRAME;
  216. - header->type = DOT1X_AUTHENTICATION;
  217. + header->type = __cpu_to_be16(DOT1X_AUTHENTICATION);
  218. }
  219. @@ -279,7 +278,7 @@ const void *build_wfa_header(uint8_t op_code, size_t *len)
  220. header = (struct wfa_expanded_header *) buf;
  221. memcpy(header->id, WFA_VENDOR_ID, sizeof(header->id));
  222. - header->type = SIMPLE_CONFIG;
  223. + header->type = __cpu_to_be32(SIMPLE_CONFIG);
  224. header->opcode = op_code;
  225. }
  226. diff --git a/src/defs.h b/src/defs.h
  227. index b2f45ea..0c628e7 100644
  228. --- a/src/defs.h
  229. +++ b/src/defs.h
  230. @@ -41,6 +41,7 @@
  231. #include <string.h>
  232. #include <time.h>
  233. #include <pcap.h>
  234. +#include <asm/byteorder.h>
  235. #include "wps.h"
  236. @@ -65,10 +66,10 @@
  237. #define MANAGEMENT_FRAME 0x00
  238. #define SUBTYPE_BEACON 0x08
  239. -#define DOT1X_AUTHENTICATION 0x8E88
  240. +#define DOT1X_AUTHENTICATION 0x888E
  241. #define DOT1X_EAP_PACKET 0x00
  242. -#define SIMPLE_CONFIG 0x01000000
  243. +#define SIMPLE_CONFIG 0x00000001
  244. #define P1_SIZE 10000
  245. #define P2_SIZE 1000
  246. @@ -282,66 +283,111 @@ enum wfa_elements
  247. WEP_TRANSMIT_KEY = 0x10064
  248. };
  249. +#define IEEE80211_FCTL_VERS 0x0003
  250. +#define IEEE80211_FCTL_FTYPE 0x000c
  251. +#define IEEE80211_FCTL_STYPE 0x00f0
  252. +#define IEEE80211_FCTL_TODS 0x0100
  253. +#define IEEE80211_FCTL_FROMDS 0x0200
  254. +#define IEEE80211_FCTL_MOREFRAGS 0x0400
  255. +#define IEEE80211_FCTL_RETRY 0x0800
  256. +#define IEEE80211_FCTL_PM 0x1000
  257. +#define IEEE80211_FCTL_MOREDATA 0x2000
  258. +#define IEEE80211_FCTL_PROTECTED 0x4000
  259. +#define IEEE80211_FCTL_ORDER 0x8000
  260. +
  261. +#define IEEE80211_SCTL_FRAG 0x000F
  262. +#define IEEE80211_SCTL_SEQ 0xFFF0
  263. +
  264. +#define IEEE80211_FTYPE_MGMT 0x0000
  265. +#define IEEE80211_FTYPE_CTL 0x0004
  266. +#define IEEE80211_FTYPE_DATA 0x0008
  267. +
  268. +/* management */
  269. +#define IEEE80211_STYPE_ASSOC_REQ 0x0000
  270. +#define IEEE80211_STYPE_ASSOC_RESP 0x0010
  271. +#define IEEE80211_STYPE_REASSOC_REQ 0x0020
  272. +#define IEEE80211_STYPE_REASSOC_RESP 0x0030
  273. +#define IEEE80211_STYPE_PROBE_REQ 0x0040
  274. +#define IEEE80211_STYPE_PROBE_RESP 0x0050
  275. +#define IEEE80211_STYPE_BEACON 0x0080
  276. +#define IEEE80211_STYPE_ATIM 0x0090
  277. +#define IEEE80211_STYPE_DISASSOC 0x00A0
  278. +#define IEEE80211_STYPE_AUTH 0x00B0
  279. +#define IEEE80211_STYPE_DEAUTH 0x00C0
  280. +#define IEEE80211_STYPE_ACTION 0x00D0
  281. +
  282. +/* control */
  283. +#define IEEE80211_STYPE_BACK_REQ 0x0080
  284. +#define IEEE80211_STYPE_BACK 0x0090
  285. +#define IEEE80211_STYPE_PSPOLL 0x00A0
  286. +#define IEEE80211_STYPE_RTS 0x00B0
  287. +#define IEEE80211_STYPE_CTS 0x00C0
  288. +#define IEEE80211_STYPE_ACK 0x00D0
  289. +#define IEEE80211_STYPE_CFEND 0x00E0
  290. +#define IEEE80211_STYPE_CFENDACK 0x00F0
  291. +
  292. +/* data */
  293. +#define IEEE80211_STYPE_DATA 0x0000
  294. +#define IEEE80211_STYPE_DATA_CFACK 0x0010
  295. +#define IEEE80211_STYPE_DATA_CFPOLL 0x0020
  296. +#define IEEE80211_STYPE_DATA_CFACKPOLL 0x0030
  297. +#define IEEE80211_STYPE_NULLFUNC 0x0040
  298. +#define IEEE80211_STYPE_CFACK 0x0050
  299. +#define IEEE80211_STYPE_CFPOLL 0x0060
  300. +#define IEEE80211_STYPE_CFACKPOLL 0x0070
  301. +#define IEEE80211_STYPE_QOS_DATA 0x0080
  302. +#define IEEE80211_STYPE_QOS_DATA_CFACK 0x0090
  303. +#define IEEE80211_STYPE_QOS_DATA_CFPOLL 0x00A0
  304. +#define IEEE80211_STYPE_QOS_DATA_CFACKPOLL 0x00B0
  305. +#define IEEE80211_STYPE_QOS_NULLFUNC 0x00C0
  306. +#define IEEE80211_STYPE_QOS_CFACK 0x00D0
  307. +#define IEEE80211_STYPE_QOS_CFPOLL 0x00E0
  308. +#define IEEE80211_STYPE_QOS_CFACKPOLL 0x00F0
  309. +
  310. #pragma pack(1)
  311. struct radio_tap_header
  312. {
  313. uint8_t revision;
  314. uint8_t pad;
  315. - uint16_t len;
  316. - uint32_t flags;
  317. -};
  318. -
  319. -struct frame_control
  320. -{
  321. - unsigned version : 2;
  322. - unsigned type : 2;
  323. - unsigned sub_type : 4;
  324. -
  325. - unsigned to_ds : 1;
  326. - unsigned from_ds : 1;
  327. - unsigned more_frag : 1;
  328. - unsigned retry : 1;
  329. - unsigned pwr_mgt : 1;
  330. - unsigned more_data : 1;
  331. - unsigned protected_frame : 1;
  332. - unsigned order : 1;
  333. + __le16 len;
  334. + __le32 flags;
  335. };
  336. struct dot11_frame_header
  337. {
  338. - struct frame_control fc;
  339. - uint16_t duration;
  340. + __le16 fc;
  341. + __le16 duration;
  342. unsigned char addr1[MAC_ADDR_LEN];
  343. unsigned char addr2[MAC_ADDR_LEN];
  344. unsigned char addr3[MAC_ADDR_LEN];
  345. - uint16_t frag_seq;
  346. + __le16 frag_seq;
  347. };
  348. struct authentication_management_frame
  349. {
  350. - uint16_t algorithm;
  351. - uint16_t sequence;
  352. - uint16_t status;
  353. + __le16 algorithm;
  354. + __le16 sequence;
  355. + __le16 status;
  356. };
  357. struct association_request_management_frame
  358. {
  359. - uint16_t capability;
  360. - uint16_t listen_interval;
  361. + __le16 capability;
  362. + __le16 listen_interval;
  363. };
  364. struct association_response_management_frame
  365. {
  366. - uint16_t capability;
  367. - uint16_t status;
  368. - uint16_t id;
  369. + __le16 capability;
  370. + __le16 status;
  371. + __le16 id;
  372. };
  373. struct beacon_management_frame
  374. {
  375. unsigned char timestamp[TIMESTAMP_LEN];
  376. - uint16_t beacon_interval;
  377. - uint16_t capability;
  378. + __le16 beacon_interval;
  379. + __le16 capability;
  380. };
  381. struct llc_header
  382. @@ -350,7 +396,7 @@ struct llc_header
  383. uint8_t ssap;
  384. uint8_t control_field;
  385. unsigned char org_code[3];
  386. - uint16_t type;
  387. + __be16 type;
  388. };
  389. struct dot1X_header
  390. @@ -371,7 +417,7 @@ struct eap_header
  391. struct wfa_expanded_header
  392. {
  393. unsigned char id[3];
  394. - uint32_t type;
  395. + __be32 type;
  396. uint8_t opcode;
  397. uint8_t flags;
  398. };
  399. diff --git a/src/exchange.c b/src/exchange.c
  400. index 23c87e9..4f9a82b 100644
  401. --- a/src/exchange.c
  402. +++ b/src/exchange.c
  403. @@ -306,26 +306,27 @@ enum wps_type process_packet(const u_char *packet, struct pcap_pkthdr *header)
  404. /* Cast the radio tap and 802.11 frame headers and parse out the Frame Control field */
  405. rt_header = (struct radio_tap_header *) packet;
  406. - frame_header = (struct dot11_frame_header *) (packet+rt_header->len);
  407. + size_t rt_header_len = __le16_to_cpu(rt_header->len);
  408. + frame_header = (struct dot11_frame_header *) (packet+rt_header_len);
  409. /* Does the BSSID/source address match our target BSSID? */
  410. if(memcmp(frame_header->addr3, get_bssid(), MAC_ADDR_LEN) == 0)
  411. {
  412. /* Is this a data packet sent to our MAC address? */
  413. - if(frame_header->fc.type == DATA_FRAME &&
  414. - frame_header->fc.sub_type == SUBTYPE_DATA &&
  415. - (memcmp(frame_header->addr1, get_mac(), MAC_ADDR_LEN) == 0))
  416. + if (((frame_header->fc & __cpu_to_le16(IEEE80211_FCTL_FTYPE | IEEE80211_FCTL_STYPE)) ==
  417. + __cpu_to_le16(IEEE80211_FTYPE_DATA | IEEE80211_STYPE_DATA)) &&
  418. + (memcmp(frame_header->addr1, get_mac(), MAC_ADDR_LEN) == 0))
  419. {
  420. llc = (struct llc_header *) (packet +
  421. - rt_header->len +
  422. + rt_header_len +
  423. sizeof(struct dot11_frame_header)
  424. );
  425. /* All packets in our exchanges will be 802.1x */
  426. - if(llc->type == DOT1X_AUTHENTICATION)
  427. + if(llc->type == __cpu_to_be16(DOT1X_AUTHENTICATION))
  428. {
  429. dot1x = (struct dot1X_header *) (packet +
  430. - rt_header->len +
  431. + rt_header_len +
  432. sizeof(struct dot11_frame_header) +
  433. sizeof(struct llc_header)
  434. );
  435. @@ -334,7 +335,7 @@ enum wps_type process_packet(const u_char *packet, struct pcap_pkthdr *header)
  436. if(dot1x->type == DOT1X_EAP_PACKET && (header->len >= EAP_PACKET_SIZE))
  437. {
  438. eap = (struct eap_header *) (packet +
  439. - rt_header->len +
  440. + rt_header_len +
  441. sizeof(struct dot11_frame_header) +
  442. sizeof(struct llc_header) +
  443. sizeof(struct dot1X_header)
  444. @@ -366,7 +367,7 @@ enum wps_type process_packet(const u_char *packet, struct pcap_pkthdr *header)
  445. else if((eap->type == EAP_EXPANDED) && (header->len > WFA_PACKET_SIZE))
  446. {
  447. wfa = (struct wfa_expanded_header *) (packet +
  448. - rt_header->len +
  449. + rt_header_len +
  450. sizeof(struct dot11_frame_header) +
  451. sizeof(struct llc_header) +
  452. sizeof(struct dot1X_header) +
  453. @@ -374,14 +375,14 @@ enum wps_type process_packet(const u_char *packet, struct pcap_pkthdr *header)
  454. );
  455. /* Verify that this is a WPS message */
  456. - if(wfa->type == SIMPLE_CONFIG)
  457. + if(wfa->type == __cpu_to_be32(SIMPLE_CONFIG))
  458. {
  459. wps_msg_len = (size_t) ntohs(eap->len) -
  460. sizeof(struct eap_header) -
  461. sizeof(struct wfa_expanded_header);
  462. wps_msg = (const void *) (packet +
  463. - rt_header->len +
  464. + rt_header_len +
  465. sizeof(struct dot11_frame_header) +
  466. sizeof(struct llc_header) +
  467. sizeof(struct dot1X_header) +
  468. diff --git a/src/wpsmon.c b/src/wpsmon.c
  469. index d976924..22a394f 100644
  470. --- a/src/wpsmon.c
  471. +++ b/src/wpsmon.c
  472. @@ -295,7 +295,8 @@ void parse_wps_settings(const u_char *packet, struct pcap_pkthdr *header, char *
  473. }
  474. rt_header = (struct radio_tap_header *) radio_header(packet, header->len);
  475. - frame_header = (struct dot11_frame_header *) (packet + rt_header->len);
  476. + size_t rt_header_len = __le16_to_cpu(rt_header->len);
  477. + frame_header = (struct dot11_frame_header *) (packet + rt_header_len);
  478. /* If a specific BSSID was specified, only parse packets from that BSSID */
  479. if(!is_target(frame_header))
  480. @@ -323,15 +324,17 @@ void parse_wps_settings(const u_char *packet, struct pcap_pkthdr *header, char *
  481. channel_changed = 1;
  482. }
  483. - if(frame_header->fc.sub_type == PROBE_RESPONSE ||
  484. - frame_header->fc.sub_type == SUBTYPE_BEACON)
  485. + unsigned fsub_type = frame_header->fc & __cpu_to_le16(IEEE80211_FCTL_STYPE);
  486. +
  487. + if(fsub_type == __cpu_to_le16(IEEE80211_STYPE_PROBE_RESP) ||
  488. + fsub_type == __cpu_to_le16(IEEE80211_STYPE_BEACON))
  489. {
  490. wps_parsed = parse_wps_parameters(packet, header->len, wps);
  491. }
  492. if(!is_done(bssid) && (get_channel() == channel || source == PCAP_FILE))
  493. {
  494. - if(frame_header->fc.sub_type == SUBTYPE_BEACON &&
  495. + if(fsub_type == __cpu_to_le16(IEEE80211_STYPE_BEACON) &&
  496. mode == SCAN &&
  497. !passive &&
  498. should_probe(bssid))
  499. @@ -369,7 +372,7 @@ void parse_wps_settings(const u_char *packet, struct pcap_pkthdr *header, char *
  500. * If there was no WPS information, then the AP does not support WPS and we should ignore it from here on.
  501. * If this was a probe response, then we've gotten all WPS info we can get from this AP and should ignore it from here on.
  502. */
  503. - if(!wps_parsed || frame_header->fc.sub_type == PROBE_RESPONSE)
  504. + if(!wps_parsed || fsub_type == __cpu_to_le16(IEEE80211_STYPE_PROBE_RESP))
  505. {
  506. mark_ap_complete(bssid);
  507. }
  508. --
  509. 1.7.7