added full featured BPF high level syntax compiler - see changelog

ZerBea · Nov 28, 2023 · b5a0edd · b5a0edd
1 parent 38bdc81
commit b5a0edd
Show file tree

Hide file tree

Showing 4 changed files with 69 additions and 35 deletions.
diff --git a/Makefile b/Makefile
@@ -23,9 +23,10 @@ DEFS		= -DVERSION_TAG=\"$(VERSION_TAG)\" -DVERSION_YEAR=\"$(VERSION_YEAR)\"
 DEFS		+= -DSTATUSOUT
 # comment to disable GPS support
 DEFS		+= -DNMEAOUT
-#DEFS		+= -DWANTLIBPCAP
 LDFLAGS		+=
-#LDFLAGS		+= -lpcap
+# uncomment to enable BPF compiler
+#DEFS		+= -DWANTLIBPCAP
+#LDFLAGS	+= -lpcap
 
 INSTALL		?= install
 INSTFLAGS	=

diff --git a/changelog b/changelog
@@ -1,10 +1,15 @@
+28.11.2023
+==========
+hcxdumptool: added full featured BPF compiler
+             due to additional dependency this feature must be enabled in Makefile
+
 27.11.2023
 ==========
 hcxdumptool: accept Berklev Packet filter code in tcpdump raw format and in tcpdump c style format
 -bpf=<file>   : input Berkeley Packet Filter (BPF) code (maximum 4096 instructions)
                   in tcpdump raw format:
                    example: tcpdump high level compiler:
-                    $ tcpdump -y IEEE802_11_RADIO wlan addr3 11:22:33:44:55:66 -ddd > filter.bpf
+                    $ tcpdump -s 65535 -y IEEE802_11_RADIO wlan addr3 11:22:33:44:55:66 -ddd > filter.bpf
                     see man pcap-filter
                    eample: bpf_asm low level compiler
                     $ bpf_asm filter.asm | tr ',' '\n' > filter.bpf
@@ -14,7 +19,7 @@ hcxdumptool: accept Berklev Packet filter code in tcpdump raw format and in tcpd
                     see man bpfc
                   in tcpdump c style format:
                    example: tcpdump high level compiler:
-                    $ tcpdump -y IEEE802_11_RADIO wlan addr3 11:22:33:44:55:66 -dd > filter.bpf
+                    $ tcpdump -s 65535 -y IEEE802_11_RADIO wlan addr3 11:22:33:44:55:66 -dd > filter.bpf
                     see man pcap-filter
                    example: bpfc low level compiler:
                     $ bpfc -f C -i filter.asm > filter.bpf

diff --git a/hcxdumptool.c b/hcxdumptool.c
@@ -4361,9 +4361,11 @@ static pcap_t *hpcap = NULL;
 static struct bpf_program bpfp;
 struct bpf_insn *bpfins;
 
-hpcap = pcap_open_dead(DLT_IEEE802_11_RADIO, PCAPNG_SNAPLEN);
-if(hpcap == NULL) return false;
-
+if((hpcap = pcap_open_dead(DLT_IEEE802_11_RADIO, PCAPNG_SNAPLEN)) == NULL)
+	{
+	fprintf(stderr, "to 0pen libpcap\n");
+	return false;
+}	
 if(pcap_compile(hpcap, &bpfp, bpfs, 1, 0))
 	{
 	fprintf(stderr, "failed to compile BPF\n");
@@ -4596,6 +4598,11 @@ fprintf(stdout, "%s %s  (C) %s ZeroBeat\n"
 	"-L             : show INTERFACE list and terminate\n"
 	"-l             : show INTERFACE list (tabulator separated and greppable) and terminate\n"
 	"-I <INTERFACE> : show detailed information about INTERFACE and terminate\n"
+#ifdef WANTLIBPCAP
+	"--bpfc=<filter>: compile Berkeley Packet Filter (BPF) and exit\n"
+	"                  $ %s --bpfc=\"wlan addr3 112233445566\" > filter.bpf\n"
+	"                  see man pcap-filter\n"
+#endif
 	"--bpf=<file>   : input Berkeley Packet Filter (BPF) code (maximum %d instructions)\n"
 	"                  in tcpdump decimal numbers format:\n"
 	"                   example: tcpdump high level compiler:\n"
@@ -4617,7 +4624,11 @@ fprintf(stdout, "%s %s  (C) %s ZeroBeat\n"
 	"-h             : show this help\n"
 	"-v             : show version\n"
 	"\n",
+#ifdef WANTLIBPCAP
+	eigenname, VERSION_TAG, VERSION_YEAR, eigenname, eigenname, TIMEHOLD / 1000000000ULL, eigenname, BPF_MAXINSNS);
+#else
 	eigenname, VERSION_TAG, VERSION_YEAR, eigenname, eigenname, TIMEHOLD / 1000000000ULL, BPF_MAXINSNS);
+#endif
 fprintf(stdout, "less common options:\n--------------------\n"
 	"--disable_beacon          : do not transmit BEACON frames\n"
 	"--disable_deauthentication: do not transmit DEAUTHENTICATION/DISASSOCIATION frames\n"
@@ -4748,7 +4759,7 @@ static bool rooterrorflag = false;
 static char *rcascanflag = NULL;
 static char *bpfname = NULL;
 #ifdef WANTLIBPCAP
-static char *bpfs = NULL;
+static char *bpfstring = NULL;
 #endif
 static char *essidlistname = NULL;
 static char *userchannellistname = NULL;
@@ -4767,6 +4778,9 @@ static socklen_t lStatsLength = sizeof(lStats);
 static const struct option long_options[] =
 {
 	{"bpf",				required_argument,	NULL,	HCX_BPF},
+#ifdef WANTLIBPCAP
+	{"bpfc",			required_argument,	NULL,	HCX_BPFC},
+#endif
 	{"disable_deauthentication",	no_argument,		NULL,	HCX_DISABLE_DEAUTHENTICATION},
 	{"disable_proberequest",	no_argument,		NULL,	HCX_DISABLE_PROBEREQUEST},
 	{"disable_association",		no_argument,		NULL,	HCX_DISABLE_ASSOCIATION},
@@ -4820,6 +4834,11 @@ while((auswahl = getopt_long(argc, argv, short_options, long_options, &index)) !
 		bpfname = optarg;
 		break;
 
+#ifdef WANTLIBPCAP
+		case HCX_BPFC:
+		bpfstring = optarg;
+		break;
+#endif
 		case HCX_PCAPNGNAME:
 		pcapngoutname = optarg;
 		break;
@@ -5092,7 +5111,13 @@ while((auswahl = getopt_long(argc, argv, short_options, long_options, &index)) !
 
 setbuf(stdout, NULL);
 hcxpid = getpid();
-
+#ifdef WANTLIBPCAP
+if(bpfstring != NULL)
+	{
+	if(compile_bpf(bpfstring) == true) exit(EXIT_SUCCESS);
+	else exit(EXIT_SUCCESS);
+	}
+#endif
 if(interfacelistshortflag == false)
 	{
 	fprintf(stdout, "\nRequesting physical interface capabilities. This may take some time.\n"

diff --git a/include/hcxdumptool.h b/include/hcxdumptool.h
@@ -1,31 +1,34 @@
 /*===========================================================================*/
 #define HCX_BPF				1
-#define HCX_DISABLE_DEAUTHENTICATION	2
-#define HCX_DISABLE_PROBEREQUEST	3
-#define HCX_DISABLE_ASSOCIATION		4
-#define HCX_DISABLE_REASSOCIATION	5
-#define HCX_BEACONTX_MAX		6
-#define HCX_PROBERESPONSETX_MAX		7
-#define HCX_GPIO_BUTTON			8
-#define HCX_GPIO_STATUSLED		9
-#define HCX_TOT				10
-#define HCX_ERROR_MAX			11
-#define HCX_WATCHDOG_MAX		12
-#define HCX_ATTEMPT_CLIENT_MAX		13
-#define HCX_ATTEMPT_AP_MAX		14
-#define HCX_ON_SIGTERM			15
-#define HCX_ON_TOT			16
-#define HCX_ON_GPIOBUTTON		17
-#define HCX_ON_WATCHDOG			18
-#define HCX_EXIT_ON_EAPOL		19
-#define HCX_ON_ERROR			20
-#define HCX_ESSIDLIST			21
-#define HCX_NMEA0183			22
-#define HCX_GPSD			23
-#define HCX_NMEA0183_OUT		24
-#define HCX_NMEA0183_PCAPNG		25
-#define HCX_RCASCAN			26
-#define HCX_RD_SORT			27
+#ifdef WANTLIBPCAP
+#define HCX_BPFC			2
+#endif
+#define HCX_DISABLE_DEAUTHENTICATION	3
+#define HCX_DISABLE_PROBEREQUEST	4
+#define HCX_DISABLE_ASSOCIATION		5
+#define HCX_DISABLE_REASSOCIATION	6
+#define HCX_BEACONTX_MAX		7
+#define HCX_PROBERESPONSETX_MAX		8
+#define HCX_GPIO_BUTTON			9
+#define HCX_GPIO_STATUSLED		10
+#define HCX_TOT				11
+#define HCX_ERROR_MAX			12
+#define HCX_WATCHDOG_MAX		13
+#define HCX_ATTEMPT_CLIENT_MAX		14
+#define HCX_ATTEMPT_AP_MAX		15
+#define HCX_ON_SIGTERM			16
+#define HCX_ON_TOT			17
+#define HCX_ON_GPIOBUTTON		18
+#define HCX_ON_WATCHDOG			19
+#define HCX_EXIT_ON_EAPOL		20
+#define HCX_ON_ERROR			21
+#define HCX_ESSIDLIST			22
+#define HCX_NMEA0183			23
+#define HCX_GPSD			24
+#define HCX_NMEA0183_OUT		25
+#define HCX_NMEA0183_PCAPNG		26
+#define HCX_RCASCAN			27
+#define HCX_RD_SORT			28
 #define HCX_IFNAME			'i'
 #define HCX_PCAPNGNAME			'w'
 #define HCX_INTERFACE_INFO		'I'