]> git.ipfire.org Git - thirdparty/iw.git/blame - scan.c
s/WPA2/RSN/
[thirdparty/iw.git] / scan.c
CommitLineData
3563f4c5
JB
1#include <net/if.h>
2#include <errno.h>
3#include <string.h>
4#include <ctype.h>
764fe753 5#include <stdbool.h>
3563f4c5
JB
6
7#include <netlink/genl/genl.h>
8#include <netlink/genl/family.h>
9#include <netlink/genl/ctrl.h>
10#include <netlink/msg.h>
11#include <netlink/attr.h>
12
13#include "nl80211.h"
14#include "iw.h"
15
92a04ecd
MH
16#define WLAN_CAPABILITY_ESS (1<<0)
17#define WLAN_CAPABILITY_IBSS (1<<1)
18#define WLAN_CAPABILITY_CF_POLLABLE (1<<2)
19#define WLAN_CAPABILITY_CF_POLL_REQUEST (1<<3)
20#define WLAN_CAPABILITY_PRIVACY (1<<4)
21#define WLAN_CAPABILITY_SHORT_PREAMBLE (1<<5)
22#define WLAN_CAPABILITY_PBCC (1<<6)
23#define WLAN_CAPABILITY_CHANNEL_AGILITY (1<<7)
24#define WLAN_CAPABILITY_SPECTRUM_MGMT (1<<8)
25#define WLAN_CAPABILITY_QOS (1<<9)
26#define WLAN_CAPABILITY_SHORT_SLOT_TIME (1<<10)
27#define WLAN_CAPABILITY_APSD (1<<11)
28#define WLAN_CAPABILITY_DSSS_OFDM (1<<13)
29
857d966e
MH
30static unsigned char wifi_oui[3] = { 0x00, 0x50, 0xf2 };
31static unsigned char ieee80211_oui[3] = { 0x00, 0x0f, 0xac };
32
764fe753
JB
33struct scan_params {
34 bool unknown;
35};
36
7c37a24d
JB
37static int handle_scan(struct nl80211_state *state,
38 struct nl_cb *cb,
3563f4c5
JB
39 struct nl_msg *msg,
40 int argc, char **argv)
41{
42 struct nl_msg *ssids = NULL;
43 int err = -ENOBUFS;
44
45 ssids = nlmsg_alloc();
46 if (!ssids)
47 return -ENOMEM;
48 NLA_PUT(ssids, 1, 0, "");
49 nla_put_nested(msg, NL80211_ATTR_SCAN_SSIDS, ssids);
50
51 err = 0;
52 nla_put_failure:
53 nlmsg_free(ssids);
54 return err;
55}
56COMMAND(scan, trigger, NULL,
57 NL80211_CMD_TRIGGER_SCAN, 0, CIB_NETDEV, handle_scan);
58
59typedef void (*printfn)(unsigned char type, unsigned char len, unsigned char *data);
60
857d966e
MH
61static void tab_on_first(bool *first)
62{
63 if (!*first)
64 printf("\t");
65 else
66 *first = false;
67}
68
3563f4c5
JB
69static void print_ssid(unsigned char type, unsigned char len, unsigned char *data)
70{
71 int i;
72 printf("\tSSID: ");
73 for (i=0; i<len; i++) {
74 if (isprint(data[i]))
75 printf("%c", data[i]);
76 else
77 printf("\\x%.2x", data[i]);
78 }
79 printf("\n");
80}
81
82static void print_supprates(unsigned char type, unsigned char len, unsigned char *data)
83{
84 int i;
85
86 if (type == 1)
87 printf("\tSupported rates: ");
88 else
89 printf("\tExtended supported rates: ");
90
91 for (i=0; i<len; i++) {
92 int r = data[i] & 0x7f;
93 printf("%d.%d%s ", r/2, 5*(r&1), data[i] & 0x80 ? "*":"");
94 }
95 printf("\n");
96}
97
98static void print_ds(unsigned char type, unsigned char len, unsigned char *data)
99{
100 printf("\tDS Parameter set: channel %d\n", data[0]);
101}
102
103static void print_ign(unsigned char type, unsigned char len, unsigned char *data)
104{
105 /* ignore for now, not too useful */
106}
107
b7e8fa37
MH
108static void print_country(unsigned char type, unsigned char len, unsigned char *data)
109{
110 int i;
111
112 printf("\tCountry: %.*s", 2, data);
113 switch (data[2]) {
114 case 'I':
115 printf(" (indoor)");
116 break;
117 case 'O':
118 printf(" (outdoor)");
119 break;
120 }
121 printf(", data:");
122 for(i=0; i<len-3; i++)
123 printf(" %.02x", data[i + 3]);
124 printf("\n");
125}
126
fc4d1484
MH
127static void print_erp(unsigned char type, unsigned char len, unsigned char *data)
128{
129 if (data[0] == 0x00)
130 return;
131
132 printf("\tERP:");
133 if (data[0] & 0x01)
134 printf(" NonERP_Present");
135 if (data[0] & 0x02)
136 printf(" Use_Protection");
137 if (data[0] & 0x04)
138 printf(" Barker_Preamble_Mode");
139 printf("\n");
140}
141
857d966e
MH
142static void print_cipher(unsigned char *data)
143{
144 if (memcmp(data, wifi_oui, 3) == 0) {
145 switch (data[3]) {
146 case 0x00:
147 printf("Use group cipher suite");
148 break;
149 case 0x01:
150 printf("WEP-40");
151 break;
152 case 0x02:
153 printf("TKIP");
154 break;
155 case 0x04:
156 printf("CCMP");
157 break;
158 case 0x05:
159 printf("WEP-104");
160 break;
161 default:
162 printf("Reserved (%.02x)", data[3]);
163 break;
164 }
165 } else if (memcmp(data, ieee80211_oui, 3) == 0) {
166 switch (data[3]) {
167 case 0x00:
168 printf("Use group cipher suite");
169 break;
170 case 0x01:
171 printf("WEP-40");
172 break;
173 case 0x02:
174 printf("TKIP");
175 break;
176 case 0x04:
177 printf("CCMP");
178 break;
179 case 0x05:
180 printf("WEP-104");
181 break;
182 case 0x06:
183 printf("AES-128-CMAC");
184 break;
185 default:
186 printf("Reserved (%.02x)", data[3]);
187 break;
188 }
189 } else
190 printf("Other");
191}
192
193static void print_auth(unsigned char *data)
194{
195 if (memcmp(data, wifi_oui, 3) == 0) {
196 switch (data[3]) {
197 case 0x01:
198 printf("IEEE 802.1X");
199 break;
200 case 0x02:
201 printf("PSK");
202 break;
203 default:
204 printf("Reserved (%.02x)", data[3]);
205 break;
206 }
207 } else if (memcmp(data, ieee80211_oui, 3) == 0) {
208 switch (data[3]) {
209 case 0x01:
210 printf("IEEE 802.1X");
211 break;
212 case 0x02:
213 printf("PSK");
214 break;
215 default:
216 printf("Reserved (%.02x)", data[3]);
217 break;
218 }
219 } else
220 printf("Other");
221}
222
223static void print_wpa(const char *ie,
224 const char *defcipher, const char *defauth,
225 unsigned char len, unsigned char *data)
226{
227 bool first = true;
228 __u16 version, count, capa;
229 int i;
230
231 printf("\t%s:", ie);
232
233 if (len < 2) {
234 printf(" <too short> data:");
235 for(i = 0; i < len; i++)
236 printf(" %.02x", data[i]);
237 printf("\n");
238 return;
239 }
240
241 version = data[0] + (data[1] << 8);
242 tab_on_first(&first);
243 printf("\t * Version: %d\n", version);
244
245 data += 2;
246 len -= 2;
247
248 if (len < 4) {
249 tab_on_first(&first);
250 printf("\t * Group cipher: %s\n", defcipher);
251 printf("\t * Pairwise ciphers: %s\n", defcipher);
252 return;
253 }
254
255 tab_on_first(&first);
256 printf("\t * Group cipher: ");
257 print_cipher(data);
258 printf("\n");
259
260 data += 4;
261 len -= 4;
262
263 if (len < 2) {
264 tab_on_first(&first);
265 printf("\t * Pairwise ciphers: %s\n", defcipher);
266 return;
267 }
268
269 count = data[0] | (data[1] << 8);
270 tab_on_first(&first);
271 printf("\t * Pairwise ciphers:");
272 for (i=0; i<count; i++) {
273 printf(" ");
274 print_cipher(data + 2 + (i * 4));
275 }
276 printf("\n");
277
278 data += 2 + (count * 4);
279 len -= 2 + (count * 4);
280
281 if (len < 2) {
282 tab_on_first(&first);
283 printf("\t * Authentication suites: %s\n", defauth);
284 return;
285 }
286
287 count = data[0] | (data[1] << 8);
288 tab_on_first(&first);
289 printf("\t * Authentication suites:");
290 for (i=0; i<count; i++) {
291 printf(" ");
292 print_auth(data + 2 + (i * 4));
293 }
294 printf("\n");
295
296 data += 2 + (count * 4);
297 len -= 2 + (count * 4);
298
299 if (len < 2)
300 return;
301
302 capa = data[0] | (data[1] << 8);
303 tab_on_first(&first);
304 printf("\t * Capabilities: 0x%.4x\n", capa);
305}
306
307static void print_rsn(unsigned char type, unsigned char len, unsigned char *data)
308{
3c69048b 309 print_wpa("RSN", "CCMP", "IEEE 802.1X", len, data);
857d966e
MH
310}
311
9b880b00
MH
312static void print_capabilities(unsigned char type, unsigned char len, unsigned char *data)
313{
314 int i;
315
316 printf("\tExtended capabilties:");
317 for(i=0; i<len; i++)
318 printf(" %.02x", data[i]);
319 printf("\n");
320}
321
764fe753
JB
322static const printfn ieprinters[] = {
323 [0] = print_ssid,
324 [1] = print_supprates,
325 [3] = print_ds,
326 [5] = print_ign,
b7e8fa37 327 [7] = print_country,
fc4d1484 328 [42] = print_erp,
857d966e 329 [48] = print_rsn,
764fe753 330 [50] = print_supprates,
9b880b00 331 [127] = print_capabilities,
764fe753
JB
332};
333
857d966e 334static void print_wifi_wpa(unsigned char type, unsigned char len, unsigned char *data)
4673a894 335{
857d966e 336 print_wpa("WPA", "TKIP", "IEEE 802.1X", len, data);
4673a894
JB
337}
338
6ff0c93a
MH
339static void print_wifi_wmm(unsigned char type, unsigned char len, unsigned char *data)
340{
341 int i;
342
343 printf("\tWMM ");
344 switch (data[0]) {
345 case 0x00:
346 printf("information:");
347 break;
348 case 0x01:
349 printf("parameter:");
350 break;
351 default:
352 printf("type %d:", data[0]);
353 break;
354 }
355
356 for(i=0; i<len-1; i++)
357 printf(" %.02x", data[i + 1]);
358 printf("\n");
359}
360
4673a894
JB
361static void print_wifi_wps(unsigned char type, unsigned char len, unsigned char *data)
362{
363 bool first = true;
364 __u16 subtype, sublen;
365
366 printf("\tWPS:");
367
368 while (len >= 4) {
369 subtype = (data[0] << 8) + data[1];
370 sublen = (data[2] << 8) + data[3];
371 if (sublen > len)
372 break;
373
374 switch (subtype) {
375 case 0x104a:
376 tab_on_first(&first);
377 printf("\t * Version: %#.2x\n", data[4]);
378 break;
379 case 0x1011:
380 tab_on_first(&first);
381 printf("\t * Device name: %.*s\n", sublen, data + 4);
382 break;
383 case 0x1021:
384 tab_on_first(&first);
385 printf("\t * Manufacturer: %.*s\n", sublen, data + 4);
386 break;
387 case 0x1023:
388 tab_on_first(&first);
389 printf("\t * Model: %.*s\n", sublen, data + 4);
390 break;
7ee5a865
JB
391 case 0x1057: {
392 __u16 val = (data[4] << 8) | data[5];
393 tab_on_first(&first);
394 printf("\t * AP setup locked: 0x%.4x\n", val);
395 break;
396 }
4673a894
JB
397 case 0x1008: {
398 __u16 meth = (data[4] << 8) + data[5];
399 bool comma = false;
400 tab_on_first(&first);
401 printf("\t * Config methods:");
402#define T(bit, name) do { \
403 if (meth & (1<<bit)) { \
404 if (comma) \
405 printf(","); \
406 comma = true; \
407 printf(" " name); \
408 } } while (0)
409 T(0, "USB");
410 T(1, "Ethernet");
411 T(2, "Label");
412 T(3, "Display");
413 T(4, "Ext. NFC");
414 T(5, "Int. NFC");
415 T(6, "NFC Intf.");
416 T(7, "PBC");
417 T(8, "Keypad");
418 printf("\n");
419 break;
420#undef T
421 }
422 default:
423 break;
424 }
425
426 data += sublen + 4;
427 len -= sublen + 4;
428 }
429
430 if (len != 0) {
431 printf("\t\t * bogus tail data (%d):", len);
432 while (len) {
433 printf(" %.2x", *data);
434 data++;
435 len--;
436 }
437 printf("\n");
438 }
439}
440
441static const printfn wifiprinters[] = {
857d966e 442 [1] = print_wifi_wpa,
6ff0c93a 443 [2] = print_wifi_wmm,
4673a894
JB
444 [4] = print_wifi_wps,
445};
446
764fe753
JB
447static void print_vendor(unsigned char len, unsigned char *data,
448 struct scan_params *params)
3563f4c5
JB
449{
450 int i;
451
fbf80af5 452 if (len < 3) {
4673a894 453 printf("\tVendor specific: <too short> data:");
fbf80af5
JB
454 for(i = 0; i < len; i++)
455 printf(" %.02x", data[i]);
456 printf("\n");
457 return;
458 }
459
857d966e 460 if (len >= 4 && memcmp(data, wifi_oui, 3) == 0) {
4673a894
JB
461 if (data[3] < ARRAY_SIZE(wifiprinters) && wifiprinters[data[3]])
462 return wifiprinters[data[3]](data[3], len - 4, data + 4);
463 if (!params->unknown)
464 return;
857d966e 465 printf("\tWiFi OUI %#.2x, data:", data[3]);
4673a894
JB
466 for(i = 0; i < len - 4; i++)
467 printf(" %.02x", data[i + 4]);
468 printf("\n");
469 return;
470 }
471
764fe753
JB
472 if (!params->unknown)
473 return;
474
fbf80af5 475 printf("\tVendor specific: OUI %.2x:%.2x:%.2x, data:",
3563f4c5 476 data[0], data[1], data[2]);
fbf80af5
JB
477 for (i = 3; i < len; i++)
478 printf(" %.2x", data[i]);
3563f4c5
JB
479 printf("\n");
480}
481
764fe753 482static void print_ies(unsigned char *ie, int ielen, struct scan_params *params)
3563f4c5
JB
483{
484 while (ielen >= 2 && ielen >= ie[1]) {
97ebbaf5 485 if (ie[0] < ARRAY_SIZE(ieprinters) && ieprinters[ie[0]]) {
3563f4c5 486 ieprinters[ie[0]](ie[0], ie[1], ie + 2);
764fe753
JB
487 } else if (ie[0] == 221 /* vendor */) {
488 print_vendor(ie[1], ie + 2, params);
489 } else if (params->unknown) {
3563f4c5
JB
490 int i;
491
8086b700 492 printf("\tUnknown IE (%d):", ie[0]);
3563f4c5 493 for (i=0; i<ie[1]; i++)
8086b700 494 printf(" %.2x", ie[2+i]);
3563f4c5
JB
495 printf("\n");
496 }
497 ielen -= ie[1] + 2;
498 ie += ie[1] + 2;
499 }
500}
501
502static int print_bss_handler(struct nl_msg *msg, void *arg)
503{
504 struct nlattr *tb[NL80211_ATTR_MAX + 1];
505 struct genlmsghdr *gnlh = nlmsg_data(nlmsg_hdr(msg));
506 struct nlattr *bss[NL80211_BSS_MAX + 1];
507 char mac_addr[20], dev[20];
508 static struct nla_policy bss_policy[NL80211_BSS_MAX + 1] = {
509 [NL80211_BSS_TSF] = { .type = NLA_U64 },
510 [NL80211_BSS_FREQUENCY] = { .type = NLA_U32 },
511 [NL80211_BSS_BSSID] = { },
512 [NL80211_BSS_BEACON_INTERVAL] = { .type = NLA_U16 },
513 [NL80211_BSS_CAPABILITY] = { .type = NLA_U16 },
514 [NL80211_BSS_INFORMATION_ELEMENTS] = { },
f2e17e1f
JB
515 [NL80211_BSS_SIGNAL_MBM] = { .type = NLA_U32 },
516 [NL80211_BSS_SIGNAL_UNSPEC] = { .type = NLA_U8 },
3563f4c5
JB
517 };
518
519 nla_parse(tb, NL80211_ATTR_MAX, genlmsg_attrdata(gnlh, 0),
520 genlmsg_attrlen(gnlh, 0), NULL);
521
522 if (!tb[NL80211_ATTR_BSS]) {
523 fprintf(stderr, "bss info missing!");
524 return NL_SKIP;
525 }
526 if (nla_parse_nested(bss, NL80211_BSS_MAX,
527 tb[NL80211_ATTR_BSS],
528 bss_policy)) {
529 fprintf(stderr, "failed to parse nested attributes!");
530 return NL_SKIP;
531 }
532
533 if (!bss[NL80211_BSS_BSSID])
534 return NL_SKIP;
535
536 mac_addr_n2a(mac_addr, nla_data(bss[NL80211_BSS_BSSID]));
537 if_indextoname(nla_get_u32(tb[NL80211_ATTR_IFINDEX]), dev);
538 printf("BSS %s (on %s)\n", mac_addr, dev);
539
e7109a8a
JB
540 if (bss[NL80211_BSS_TSF]) {
541 unsigned long long tsf;
542 tsf = (unsigned long long)nla_get_u64(bss[NL80211_BSS_TSF]);
543 printf("\tTSF: %llu usec (%llud, %.2lld:%.2llu:%.2llu)\n",
544 tsf, tsf/1000/1000/60/60/24, (tsf/1000/1000/60/60) % 24,
545 (tsf/1000/1000/60) % 60, (tsf/1000/1000) % 60);
546 }
3563f4c5
JB
547 if (bss[NL80211_BSS_FREQUENCY])
548 printf("\tfreq: %d\n",
549 nla_get_u32(bss[NL80211_BSS_FREQUENCY]));
550 if (bss[NL80211_BSS_BEACON_INTERVAL])
551 printf("\tbeacon interval: %d\n",
552 nla_get_u16(bss[NL80211_BSS_BEACON_INTERVAL]));
92a04ecd
MH
553 if (bss[NL80211_BSS_CAPABILITY]) {
554 __u16 capa = nla_get_u16(bss[NL80211_BSS_CAPABILITY]);
555 printf("\tcapability:");
556 if (capa & WLAN_CAPABILITY_ESS)
557 printf(" ESS");
558 if (capa & WLAN_CAPABILITY_IBSS)
559 printf(" IBSS");
560 if (capa & WLAN_CAPABILITY_PRIVACY)
561 printf(" Privacy");
562 if (capa & WLAN_CAPABILITY_SHORT_PREAMBLE)
563 printf(" ShortPreamble");
564 if (capa & WLAN_CAPABILITY_PBCC)
565 printf(" PBCC");
566 if (capa & WLAN_CAPABILITY_CHANNEL_AGILITY)
567 printf(" ChannelAgility");
568 if (capa & WLAN_CAPABILITY_SPECTRUM_MGMT)
569 printf(" SpectrumMgmt");
570 if (capa & WLAN_CAPABILITY_QOS)
571 printf(" QoS");
572 if (capa & WLAN_CAPABILITY_SHORT_SLOT_TIME)
573 printf(" ShortSlotTime");
574 if (capa & WLAN_CAPABILITY_APSD)
575 printf(" APSD");
576 if (capa & WLAN_CAPABILITY_DSSS_OFDM)
577 printf(" DSSS-OFDM");
578 printf(" (0x%.4x)\n", capa);
579 }
f2e17e1f
JB
580 if (bss[NL80211_BSS_SIGNAL_MBM]) {
581 int s = nla_get_u32(bss[NL80211_BSS_SIGNAL_MBM]);
582 printf("\tsignal: %d.%.2d dBm\n", s/100, s%100);
583 }
584 if (bss[NL80211_BSS_SIGNAL_UNSPEC]) {
585 unsigned char s = nla_get_u8(bss[NL80211_BSS_SIGNAL_UNSPEC]);
586 printf("\tsignal: %d/100\n", s);
587 }
3563f4c5
JB
588 if (bss[NL80211_BSS_INFORMATION_ELEMENTS])
589 print_ies(nla_data(bss[NL80211_BSS_INFORMATION_ELEMENTS]),
764fe753
JB
590 nla_len(bss[NL80211_BSS_INFORMATION_ELEMENTS]),
591 arg);
3563f4c5
JB
592
593 return NL_SKIP;
594}
595
764fe753 596static struct scan_params scan_params;
3563f4c5 597
7c37a24d
JB
598static int handle_scan_dump(struct nl80211_state *state,
599 struct nl_cb *cb,
3563f4c5
JB
600 struct nl_msg *msg,
601 int argc, char **argv)
602{
764fe753
JB
603 if (argc > 1)
604 return 1;
605
606 scan_params.unknown = false;
607 if (argc == 1 && !strcmp(argv[0], "-u"))
608 scan_params.unknown = true;
609
610 nl_cb_set(cb, NL_CB_VALID, NL_CB_CUSTOM, print_bss_handler,
611 &scan_params);
3563f4c5
JB
612 return 0;
613}
764fe753 614COMMAND(scan, dump, "[-u]",
3563f4c5 615 NL80211_CMD_GET_SCAN, NLM_F_DUMP, CIB_NETDEV, handle_scan_dump);
a5fe4ef2
JB
616
617static int handle_scan_combined(struct nl80211_state *state,
618 struct nl_cb *cb,
619 struct nl_msg *msg,
620 int argc, char **argv)
621{
622 static char *trig_argv[] = {
623 NULL,
624 "scan",
625 "trigger",
626 };
627 static char *dump_argv[] = {
628 NULL,
629 "scan",
630 "dump",
92649eab 631 NULL,
a5fe4ef2
JB
632 };
633 static const __u32 cmds[] = {
634 NL80211_CMD_NEW_SCAN_RESULTS,
635 NL80211_CMD_SCAN_ABORTED,
636 };
92649eab 637 int dump_argc, err;
a5fe4ef2
JB
638
639 trig_argv[0] = argv[0];
640 err = handle_cmd(state, II_NETDEV, ARRAY_SIZE(trig_argv), trig_argv);
641 if (err)
642 return err;
643
61725dbe
JB
644 /*
645 * WARNING: DO NOT COPY THIS CODE INTO YOUR APPLICATION
646 *
647 * This code has a bug, which requires creating a separate
648 * nl80211 socket to fix:
649 * It is possible for a NL80211_CMD_NEW_SCAN_RESULTS or
650 * NL80211_CMD_SCAN_ABORTED message to be sent by the kernel
651 * before (!) we listen to it, because we only start listening
652 * after we send our scan request.
653 *
654 * Doing it the other way around has a race condition as well,
655 * if you first open the events socket you may get a notification
656 * for a previous scan.
657 *
658 * The only proper way to fix this would be to listen to events
659 * before sending the command, and for the kernel to send the
660 * scan request along with the event, so that you can match up
661 * whether the scan you requested was finished or aborted (this
662 * may result in processing a scan that another application
663 * requested, but that doesn't seem to be a problem).
664 *
665 * Alas, the kernel doesn't do that (yet).
666 */
667
a5fe4ef2
JB
668 if (listen_events(state, ARRAY_SIZE(cmds), cmds) ==
669 NL80211_CMD_SCAN_ABORTED) {
670 printf("scan aborted!\n");
671 return 0;
672 }
673
92649eab
MH
674 if (argc == 3 && !strcmp(argv[2], "-u")) {
675 dump_argc = 4;
676 dump_argv[3] = "-u";
677 } else
678 dump_argc = 3;
679
a5fe4ef2 680 dump_argv[0] = argv[0];
92649eab 681 return handle_cmd(state, II_NETDEV, dump_argc, dump_argv);
a5fe4ef2 682}
92649eab 683TOPLEVEL(scan, "[-u]", 0, 0, CIB_NETDEV, handle_scan_combined);