OPENWRT WiFi probe Implementation----MT7620A+RT2860V2
[Abstract: What is the WiFi probe to see the probe, feel very small on the look, really is through the WiFi collection through the AP-limited foot Machine Mac location, what is the depth of the device, know the close to the device connector, some people think it is very effective, can be]
What is a WiFi probe
See the probe, feel very tall on the look, in fact, is through the WiFi collection through this AP range of the MAC address of the phone, there is no profound things, know about this thing discussed a lot, some people feel very useful, can do a lot of value-added applications, some people think that no use, But that does not prevent us from technically implementing it.
802.11 protocol
In the protocol, each AP is required to broadcast beacon frames to the surrounding STA and AP every certain time (dozens of milliseconds to a few seconds), which is to tell the surrounding STA and other APs: I am xxxx (BSSID), come and even me! I am xxxx (BSSID), come to even me! Instantly feel each AP has a dissolute heart, there are wood! There's Wood there!
Each STA (can be understood as a mobile phone, notebook) In addition to silently listen to the surrounding AP sent Beacon Frame, but also secretly send probe frame: I am xxxx (MAC address), I can even you? I am xxxx (MAC address) can I even you? Full of a stuffy little chick, so every time I go out silently turn off the phone's WiFi, now the wireless environment is too insecure, see connection http://network.pconline.com.cn/587/5878836.html
Implementation on the 7620A
The basic idea is that after the AP receives the probe frame, the MAC address is recorded and escalated to the application layer via the proc file system. Here's the code:
MAC Address Acquisition section:
In the function void Appeerprobereqaction (in Prtmp_adapter pad,in Mlme_queue_elem *elem), add
extern UCHAR Global_addrlocalnum;
extern UCHAR Global_addrlocal[addr_local_number][mac_addr_len];
Pframe_802_11 pframelxd = (pframe_802_11) elem->msg;
if (Global_addrlocalnum >addr_local_number | | Global_addrlocalnum = = Addr_local_number)
{
Global_addrlocalnum = 0;
}
Else
{
int index = 0;
BOOLEAN flag = 1;
for (index=0; index<global_addrlocalnum; index++)
{
if (Ndiscmpmemory (Global_addrlocal[index],pframelxd->hdr.addr2,mac_addr_len) ==0)
{
flag = 0;
break;
}
}
/ /COPY_MAC_ADDR (Global_addrlocal[global_addrlocalnum], PFRAMELXD->HDR.ADDR1);
//global_addrlocalnum++;
//copy_mac_addr (Global_addrlocal[global_addrlocalnum], PFRAMELXD->HDR.ADDR2) ;
//global_addrlocalnum++;
if (flag)
{
copy_mac_addr (Global_addrlocal[global_addrlocalnum], PFRAMELXD->HDR.ADDR2);
global_addrlocalnum++;
} /span>
Proc section:
The application layer writes "s" to the proc node, informing the driver that it needs to obtain the data of the STA, and the driver gives the captured maclist.
static struct Proc_dir_entry *entry_wl_beacon_mac;
UCHAR global_addrlocalnum = 0;
UCHAR Global_addrlocal[max_mcast_list_size][6];
static char *maclistbuffer;
static int maclist_proc_show (struct seq_file *m, void *v)
{
if (maclistbuffer[0] = = ' s ')
{
Maclistbuffer[0] = ' 0 ';
int index=0;
for (index=0;index<global_addrlocalnum;index++)
{
seq_printf (M, "%02x:%02x:%02x:%02x:%02x:%02xn", Global_addrlocal[index][0],global_addrlocal[index][1],global_ ADDRLOCAL[INDEX][2],GLOBAL_ADDRLOCAL[INDEX][3],GLOBAL_ADDRLOCAL[INDEX][4],GLOBAL_ADDRLOCAL[INDEX][5]);
}
global_addrlocalnum = 0;
}
Else
{
//seq_printf (M, "STA number is%d, proc!n", global_addrlocalnum);
//seq_printf (M, "AP number is%d, proc!n", GLOBAL_ADDRLOCALNUM1);
}
return 0;
}
static int Maclist_proc_open (struct inode *inode, struct file *file)
{
return Single_open (file,maclist_proc_show,inode->i_private);
}
Static ssize_t maclist_proc_write (struct file *file, const char *buffer, size_t len, loff_t *off)
{
int user_len = 0;
if (len > Max_maclist_length)
{
User_len = max_maclist_length;
}
Else
{
User_len = len;
}
if (Copy_from_user (maclistbuffer, buffer, User_len))
{
Return-efault;
}
return User_len;
}
OPENWRT WiFi probe Implementation----MT7620A+RT2860V2