wlantest: Detect and report plaintext payload in protected frames

Signed-off-by: Jouni Malinen <j@w1.fi>

diff --git a/wlantest/readpcap.c b/wlantest/readpcap.c
index 6c3853b058f59b80cb013a4f7392e62f419c0a4a..1e7e66260c304ea7ee4b56896f9017254c067ec8 100644 (file)
--- a/wlantest/readpcap.c
+++ b/wlantest/readpcap.c
@@ -92,6 +92,7 @@ int read_cap_file(struct wlantest *wt, const char *fname)
                }
 
                /* Packet was read without problems */
+               wt->frame_num++;
                wpa_printf(MSG_EXCESSIVE, "pcap hdr: ts=%d.%06d "
                           "len=%u/%u",
                           (int) hdr->ts.tv_sec, (int) hdr->ts.tv_usec,

diff --git a/wlantest/rx_data.c b/wlantest/rx_data.c
index f0f0df95c107d20b67977814aecd8370454db41f..d86a5886c3bc5db5d91916336cc201c65575e9b6 100644 (file)
--- a/wlantest/rx_data.c
+++ b/wlantest/rx_data.c
@@ -191,6 +191,23 @@ static u8 * try_all_ptk(struct wlantest *wt, int pairwise_cipher,
 }
 
 
+static void check_plaintext_prot(struct wlantest *wt,
+                                const struct ieee80211_hdr *hdr,
+                                const u8 *data, size_t len)
+{
+       if (len < 8 + 3 || data[8] != 0xaa || data[9] != 0xaa ||
+           data[10] != 0x03)
+               return;
+
+       add_note(wt, MSG_DEBUG,
+                "Plaintext payload in protected frame");
+       wpa_printf(MSG_INFO, "Plaintext payload in protected frame #%u: A2="
+                  MACSTR " seq=%u",
+                  wt->frame_num, MAC2STR(hdr->addr2),
+                  WLAN_GET_SEQ_SEQ(le_to_host16(hdr->seq_ctrl)));
+}
+
+
 static void rx_data_bss_prot_group(struct wlantest *wt,
                                   const struct ieee80211_hdr *hdr,
                                   size_t hdrlen,
@@ -241,6 +258,7 @@ static void rx_data_bss_prot_group(struct wlantest *wt,
                }
        }
 
+       check_plaintext_prot(wt, hdr, data, len);
        keyid = data[3] >> 6;
        if (bss->gtk_len[keyid] == 0 && bss->group_cipher != WPA_CIPHER_WEP40)
        {
@@ -401,6 +419,7 @@ static void rx_data_bss_prot(struct wlantest *wt,
                        tdls = found;
                }
        }
+       check_plaintext_prot(wt, hdr, data, len);
        if ((sta == NULL ||
             (!sta->ptk_set && sta->pairwise_cipher != WPA_CIPHER_WEP40)) &&
            tk == NULL) {

diff --git a/wlantest/wlantest.h b/wlantest/wlantest.h
index 2cf51966a2f8778d34412bd6ac7e65e79c43405a..e2395d0334d0ca086d6f469116e412a655e59d84 100644 (file)
--- a/wlantest/wlantest.h
+++ b/wlantest/wlantest.h
@@ -195,6 +195,7 @@ struct wlantest {
        unsigned int rx_ctrl;
        unsigned int rx_data;
        unsigned int fcs_error;
+       unsigned int frame_num;
 
        void *write_pcap; /* pcap_t* */
        void *write_pcap_dumper; /* pcpa_dumper_t */