/* This file is part of Kismet Kismet is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version. Kismet is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with Kismet; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA */ #include "config.h" #include #include "globalregistry.h" #include "gpsdclient.h" #include "dumpfile_netxml.h" Dumpfile_Netxml::Dumpfile_Netxml() { fprintf(stderr, "FATAL OOPS: Dumpfile_Netxml called with no globalreg\n"); exit(1); } Dumpfile_Netxml::Dumpfile_Netxml(GlobalRegistry *in_globalreg) : Dumpfile(in_globalreg) { globalreg = in_globalreg; xmlfile = NULL; type = "netxml"; if (globalreg->netracker == NULL) { fprintf(stderr, "FATAL OOPS: Netracker missing before Dumpfile_Netxml\n"); exit(1); } if (globalreg->kismet_config == NULL) { fprintf(stderr, "FATAL OOPS: Config file missing before Dumpfile_Netxml\n"); exit(1); } int ret = 0; if ((ret = ProcessRuntimeResume("netxml")) == -1) { if (globalreg->fatal_condition) return; // Find the file name if ((fname = ProcessConfigOpt("netxml")) == "" || globalreg->fatal_condition) { return; } } else if (ret == 1) { _MSG("Resuming netxml log file '" + fname + "'", MSGFLAG_INFO); } else { _MSG("Netxml log file not enabled in runstate", MSGFLAG_INFO); return; } if ((xmlfile = fopen(fname.c_str(), "w")) == NULL) { _MSG("Failed to open netxml log file '" + fname + "': " + strerror(errno), MSGFLAG_FATAL); globalreg->fatal_condition = 1; return; } globalreg->RegisterDumpFile(this); _MSG("Opened netxml log file '" + fname + "'", MSGFLAG_INFO); } Dumpfile_Netxml::~Dumpfile_Netxml() { // Close files if (xmlfile != NULL) { Flush(); fclose(xmlfile); _MSG("Closed netxml log file '" + fname + "'", MSGFLAG_INFO); } xmlfile = NULL; if (export_filter != NULL) delete export_filter; } int Dumpfile_Netxml::Flush() { if (xmlfile == NULL) return 0; rewind(xmlfile); // Write the XML headers fprintf(xmlfile, "\n" "\n\n"); fprintf(xmlfile, "\n\n", VERSION_MAJOR, VERSION_MINOR, VERSION_TINY, ctime(&(globalreg->start_time))); // Get the tracket network and client->ap maps const map tracknet = globalreg->netracker->FetchTrackedNets(); map::const_iterator x; map::const_iterator y; int netnum = 0; // Dump all the networks for (x = tracknet.begin(); x != tracknet.end(); ++x) { netnum++; if (export_filter->RunFilter(x->second->bssid, mac_addr(0), mac_addr(0))) continue; Netracker::tracked_network *net = x->second; if (net->type == network_remove) continue; string ntype; switch (net->type) { case network_ap: ntype = "infrastructure"; break; case network_adhoc: ntype = "ad-hoc"; break; case network_probe: ntype = "probe"; break; case network_data: ntype = "data"; break; case network_turbocell: ntype = "turbocell"; break; default: ntype = "unknown"; break; } fprintf(xmlfile, " \n", netnum, ntype.c_str(), ctime(&(net->first_time)), ctime(&(net->last_time))); for (map::iterator m = net->ssid_map.begin(); m != net->ssid_map.end(); ++m) { string adtype; if (m->second->type == ssid_beacon) adtype = "Beacon"; else if (m->second->type == ssid_proberesp) adtype = "Probe Response"; fprintf(xmlfile, " \n" " %s\n" " %f\n" " %d\n", ctime(&(m->second->first_time)), ctime(&(m->second->last_time)), adtype.c_str(), m->second->maxrate, m->second->packets); if (m->second->beaconrate != 0) fprintf(xmlfile, " %d\n", m->second->beaconrate); if (m->second->cryptset == 0) fprintf(xmlfile, " None\n"); if (m->second->cryptset & crypt_wep) fprintf(xmlfile, " WEP\n"); if (m->second->cryptset & crypt_layer3) fprintf(xmlfile, " Layer3\n"); if (m->second->cryptset & crypt_wep40) fprintf(xmlfile, " WEP40\n"); if (m->second->cryptset & crypt_wep104) fprintf(xmlfile, " WEP104\n"); if (m->second->cryptset & crypt_tkip) fprintf(xmlfile, " TKIP\n"); if (m->second->cryptset & crypt_wpa) fprintf(xmlfile, " WPA\n"); if (m->second->cryptset & crypt_psk) fprintf(xmlfile, " PSK\n"); if (m->second->cryptset & crypt_aes_ocb) fprintf(xmlfile, " AES-OCB\n"); if (m->second->cryptset & crypt_aes_ccm) fprintf(xmlfile, " AES-CCM\n"); if (m->second->cryptset & crypt_leap) fprintf(xmlfile, " LEAP\n"); if (m->second->cryptset & crypt_ttls) fprintf(xmlfile, " TTLS\n"); if (m->second->cryptset & crypt_tls) fprintf(xmlfile, " TLS\n"); if (m->second->cryptset & crypt_peap) fprintf(xmlfile, " PEAP\n"); if (m->second->cryptset & crypt_isakmp) fprintf(xmlfile, " ISAKMP\n"); if (m->second->cryptset & crypt_pptp) fprintf(xmlfile, " PPTP\n"); if (m->second->ssid_cloaked == 0) fprintf(xmlfile, " %s\n", SanitizeXML(m->second->ssid).c_str()); if (m->second->beacon_info.length() > 0) fprintf(xmlfile, " %s\n", SanitizeXML(m->second->beacon_info).c_str()); fprintf(xmlfile, " \n"); } fprintf(xmlfile, " %s\n", net->bssid.Mac2String().c_str()); fprintf(xmlfile, " %d\n", net->channel); for (map::const_iterator fmi = net->freq_mhz_map.begin(); fmi != net->freq_mhz_map.end(); ++fmi) { fprintf(xmlfile, " %u %u\n", fmi->first, fmi->second); } fprintf(xmlfile, " %ld\n", (long) net->snrdata.maxseenrate * 100); if (net->snrdata.carrierset & (1 << (int) carrier_80211b)) fprintf(xmlfile, " IEEE 802.11b\n"); if (net->snrdata.carrierset & (1 << (int) carrier_80211bplus)) fprintf(xmlfile, " IEEE 802.11b+\n"); if (net->snrdata.carrierset & (1 << (int) carrier_80211a)) fprintf(xmlfile, " IEEE 802.11a\n"); if (net->snrdata.carrierset & (1 << (int) carrier_80211g)) fprintf(xmlfile, " IEEE 802.11g\n"); if (net->snrdata.carrierset & (1 << (int) carrier_80211fhss)) fprintf(xmlfile, " IEEE 802.11 FHSS\n"); if (net->snrdata.carrierset & (1 << (int) carrier_80211dsss)) fprintf(xmlfile, " IEEE 802.11 DSSS\n"); if (net->snrdata.encodingset & (1 << (int) encoding_cck)) fprintf(xmlfile, " CCK\n"); if (net->snrdata.encodingset & (1 << (int) encoding_pbcc)) fprintf(xmlfile, " PBCC\n"); if (net->snrdata.encodingset & (1 << (int) encoding_ofdm)) fprintf(xmlfile, " OFDM\n"); fprintf(xmlfile, " \n"); fprintf(xmlfile, " %d\n", net->llc_packets); fprintf(xmlfile, " %d\n", net->data_packets); fprintf(xmlfile, " %d\n", net->crypt_packets); // TODO - DupeIV stuff? fprintf(xmlfile, " %d\n", net->llc_packets + net->data_packets); fprintf(xmlfile, " %d\n", net->fragments); fprintf(xmlfile, " %d\n", net->retries); fprintf(xmlfile, " \n"); fprintf(xmlfile, " %llu\n", (long long unsigned int) net->datasize); if (net->snrdata.last_signal_rssi != 0 || net->snrdata.last_signal_dbm != 0) { fprintf(xmlfile, " \n"); fprintf(xmlfile, " %d\n", net->snrdata.last_signal_dbm); fprintf(xmlfile, " %d\n", net->snrdata.last_noise_dbm); fprintf(xmlfile, " %d\n", net->snrdata.last_signal_rssi); fprintf(xmlfile, " %d\n", net->snrdata.last_noise_rssi); fprintf(xmlfile, " %d\n", net->snrdata.min_signal_dbm); fprintf(xmlfile, " %d\n", net->snrdata.min_noise_dbm); fprintf(xmlfile, " %d\n", net->snrdata.min_signal_rssi); fprintf(xmlfile, " %d\n", net->snrdata.min_noise_rssi); fprintf(xmlfile, " %d\n", net->snrdata.max_signal_dbm); fprintf(xmlfile, " %d\n", net->snrdata.max_noise_dbm); fprintf(xmlfile, " %d\n", net->snrdata.max_signal_rssi); fprintf(xmlfile, " %d\n", net->snrdata.max_noise_rssi); fprintf(xmlfile, " \n"); } if (net->gpsdata.gps_valid) { fprintf(xmlfile, " \n"); fprintf(xmlfile, " %f\n", net->gpsdata.min_lat); fprintf(xmlfile, " %f\n", net->gpsdata.min_lon); fprintf(xmlfile, " %f\n", net->gpsdata.min_alt); fprintf(xmlfile, " %f\n", net->gpsdata.min_spd); fprintf(xmlfile, " %f\n", net->gpsdata.max_lat); fprintf(xmlfile, " %f\n", net->gpsdata.max_lon); fprintf(xmlfile, " %f\n", net->gpsdata.max_alt); fprintf(xmlfile, " %f\n", net->gpsdata.max_spd); fprintf(xmlfile, " %f\n", net->snrdata.peak_lat); fprintf(xmlfile, " %f\n", net->snrdata.peak_lon); fprintf(xmlfile, " %f\n", net->snrdata.peak_alt); fprintf(xmlfile, " %Lf\n", net->gpsdata.aggregate_lat); fprintf(xmlfile, " %Lf\n", net->gpsdata.aggregate_lon); fprintf(xmlfile, " %Lf\n", net->gpsdata.aggregate_alt); fprintf(xmlfile, " %llu\n", (long long unsigned int) net->gpsdata.aggregate_points); fprintf(xmlfile, " \n"); } if (net->guess_ipdata.ip_type > ipdata_factoryguess && net->guess_ipdata.ip_type < ipdata_group) { string iptype; switch (net->guess_ipdata.ip_type) { case ipdata_udptcp: iptype = "UDP/TCP"; break; case ipdata_arp: iptype = "ARP"; break; case ipdata_dhcp: iptype = "DHCP"; break; default: iptype = "Unknown"; break; } fprintf(xmlfile, " \n", iptype.c_str()); fprintf(xmlfile, " %s\n", inet_ntoa(net->guess_ipdata.ip_addr_block)); fprintf(xmlfile, " %s\n", inet_ntoa(net->guess_ipdata.ip_netmask)); fprintf(xmlfile, " %s\n", inet_ntoa(net->guess_ipdata.ip_gateway)); fprintf(xmlfile, " \n"); } fprintf(xmlfile, " %llu\n", (long long unsigned int) net->bss_timestamp); fprintf(xmlfile, " %llu\n", (long long unsigned int) net->datasize); fprintf(xmlfile, " %s\n", SanitizeXML(net->cdp_dev_id).c_str()); fprintf(xmlfile, " %s\n", SanitizeXML(net->cdp_port_id).c_str()); int clinum = 0; // Get the client range pairs and print them out for (y = net->client_map.begin(); y != net->client_map.end(); ++y) { Netracker::tracked_client *cli = y->second; clinum++; if (cli->type == client_remove) continue; string ctype; switch (cli->type) { case client_fromds: ctype = "fromds"; break; case client_tods: ctype = "tods"; break; case client_interds: ctype = "interds"; break; case client_established: ctype = "established"; break; case client_adhoc: ctype = "ad-hoc"; break; default: ctype = "unknown"; break; } fprintf(xmlfile, " \n", clinum, ctype.c_str(), ctime(&(cli->first_time)), ctime(&(cli->last_time))); fprintf(xmlfile, " %s\n", cli->mac.Mac2String().c_str()); for (map::iterator m = cli->ssid_map.begin(); m != cli->ssid_map.end(); ++m) { string adtype; if (m->second->type == ssid_beacon) adtype = "Beacon"; else if (m->second->type == ssid_proberesp) adtype = "Probe Response"; else if (m->second->type == ssid_probereq) adtype = "Probe Request"; fprintf(xmlfile, " \n" " %s\n" " %f\n" " %d\n", ctime(&(m->second->first_time)), ctime(&(m->second->last_time)), adtype.c_str(), m->second->maxrate, m->second->packets); if (m->second->beaconrate != 0) fprintf(xmlfile, " %d\n", m->second->beaconrate); if (m->second->cryptset == 0) fprintf(xmlfile, " None\n"); if (m->second->cryptset & crypt_wep) fprintf(xmlfile, " WEP\n"); if (m->second->cryptset & crypt_layer3) fprintf(xmlfile, " Layer3\n"); if (m->second->cryptset & crypt_wep40) fprintf(xmlfile, " WEP40\n"); if (m->second->cryptset & crypt_wep104) fprintf(xmlfile, " WEP104\n"); if (m->second->cryptset & crypt_tkip) fprintf(xmlfile, " TKIP\n"); if (m->second->cryptset & crypt_wpa) fprintf(xmlfile, " WPA\n"); if (m->second->cryptset & crypt_psk) fprintf(xmlfile, " PSK\n"); if (m->second->cryptset & crypt_aes_ocb) fprintf(xmlfile, " AES-OCB\n"); if (m->second->cryptset & crypt_aes_ccm) fprintf(xmlfile, " AES-CCM\n"); if (m->second->cryptset & crypt_leap) fprintf(xmlfile, " LEAP\n"); if (m->second->cryptset & crypt_ttls) fprintf(xmlfile, " TTLS\n"); if (m->second->cryptset & crypt_tls) fprintf(xmlfile, " TLS\n"); if (m->second->cryptset & crypt_peap) fprintf(xmlfile, " PEAP\n"); if (m->second->cryptset & crypt_isakmp) fprintf(xmlfile, " ISAKMP\n"); if (m->second->cryptset & crypt_pptp) fprintf(xmlfile, " PPTP\n"); if (m->second->ssid_cloaked == 0) fprintf(xmlfile, " %s\n", SanitizeXML(m->second->ssid).c_str()); if (m->second->beacon_info.length() > 0) fprintf(xmlfile, " %s\n", SanitizeXML(m->second->beacon_info).c_str()); fprintf(xmlfile, " \n"); } fprintf(xmlfile, " %d\n", cli->channel); for (map::const_iterator fmi = cli->freq_mhz_map.begin(); fmi != cli->freq_mhz_map.end(); ++fmi) { fprintf(xmlfile, " %u %u\n", fmi->first, fmi->second); } fprintf(xmlfile, " %ld\n", (long) cli->snrdata.maxseenrate * 100); if (cli->snrdata.carrierset & (1 << (int) carrier_80211b)) fprintf(xmlfile, " IEEE 802.11b" "\n"); if (cli->snrdata.carrierset & (1 << (int) carrier_80211bplus)) fprintf(xmlfile, " IEEE 802.11b+" "\n"); if (cli->snrdata.carrierset & (1 << (int) carrier_80211a)) fprintf(xmlfile, " IEEE 802.11a" "\n"); if (cli->snrdata.carrierset & (1 << (int) carrier_80211g)) fprintf(xmlfile, " IEEE 802.11g" "\n"); if (cli->snrdata.carrierset & (1 << (int) carrier_80211fhss)) fprintf(xmlfile, " IEEE 802.11 FHSS" "\n"); if (cli->snrdata.carrierset & (1 << (int) carrier_80211dsss)) fprintf(xmlfile, " IEEE 802.11 DSSS" "\n"); if (cli->snrdata.encodingset & (1 << (int) encoding_cck)) fprintf(xmlfile, " CCK\n"); if (cli->snrdata.encodingset & (1 << (int) encoding_pbcc)) fprintf(xmlfile, " PBCC\n"); if (cli->snrdata.encodingset & (1 << (int) encoding_ofdm)) fprintf(xmlfile, " OFDM\n"); fprintf(xmlfile, " \n"); fprintf(xmlfile, " %d\n", cli->llc_packets); fprintf(xmlfile, " %d\n", cli->data_packets); fprintf(xmlfile, " %d\n", cli->crypt_packets); // TODO - DupeIV stuff? fprintf(xmlfile, " %d\n", cli->llc_packets + cli->data_packets); fprintf(xmlfile, " %d\n", cli->fragments); fprintf(xmlfile, " %d\n", cli->retries); fprintf(xmlfile, " \n"); fprintf(xmlfile, " %ld\n", (long int) cli->datasize); if (cli->snrdata.last_signal_rssi != 0 || cli->snrdata.last_signal_dbm != 0) { fprintf(xmlfile, " \n"); fprintf(xmlfile, " %d\n", cli->snrdata.last_signal_dbm); fprintf(xmlfile, " %d\n", cli->snrdata.last_noise_dbm); fprintf(xmlfile, " %d\n", cli->snrdata.last_signal_rssi); fprintf(xmlfile, " %d\n", cli->snrdata.last_noise_rssi); fprintf(xmlfile, " %d\n", cli->snrdata.min_signal_dbm); fprintf(xmlfile, " %d\n", cli->snrdata.min_noise_dbm); fprintf(xmlfile, " %d\n", cli->snrdata.min_signal_rssi); fprintf(xmlfile, " %d\n", cli->snrdata.min_noise_rssi); fprintf(xmlfile, " %d\n", cli->snrdata.max_signal_dbm); fprintf(xmlfile, " %d\n", cli->snrdata.max_noise_dbm); fprintf(xmlfile, " %d\n", cli->snrdata.max_signal_rssi); fprintf(xmlfile, " %d\n", cli->snrdata.max_noise_rssi); fprintf(xmlfile, " \n"); } if (cli->gpsdata.gps_valid) { fprintf(xmlfile, " \n"); fprintf(xmlfile, " %f\n", cli->gpsdata.min_lat); fprintf(xmlfile, " %f\n", cli->gpsdata.min_lon); fprintf(xmlfile, " %f\n", cli->gpsdata.min_alt); fprintf(xmlfile, " %f\n", cli->gpsdata.min_spd); fprintf(xmlfile, " %f\n", cli->gpsdata.max_lat); fprintf(xmlfile, " %f\n", cli->gpsdata.max_lon); fprintf(xmlfile, " %f\n", cli->gpsdata.max_alt); fprintf(xmlfile, " %f\n", cli->gpsdata.max_spd); fprintf(xmlfile, " %f\n", cli->snrdata.peak_lat); fprintf(xmlfile, " %f\n", cli->snrdata.peak_lon); fprintf(xmlfile, " %f\n", cli->snrdata.peak_alt); fprintf(xmlfile, " %Lf\n", cli->gpsdata.aggregate_lat); fprintf(xmlfile, " %Lf\n", cli->gpsdata.aggregate_lon); fprintf(xmlfile, " %Lf\n", cli->gpsdata.aggregate_alt); fprintf(xmlfile, " %ld\n", cli->gpsdata.aggregate_points); fprintf(xmlfile, " \n"); } if (cli->guess_ipdata.ip_type > ipdata_factoryguess && cli->guess_ipdata.ip_type < ipdata_group) { string iptype; switch (cli->guess_ipdata.ip_type) { case ipdata_udptcp: iptype = "UDP/TCP"; break; case ipdata_arp: iptype = "ARP"; break; case ipdata_dhcp: iptype = "DHCP"; break; default: iptype = "Unknown"; break; } fprintf(xmlfile, "

\n", iptype.c_str()); fprintf(xmlfile, " %s\n", inet_ntoa(cli->guess_ipdata.ip_addr_block)); fprintf(xmlfile, " %s\n", inet_ntoa(cli->guess_ipdata.ip_netmask)); fprintf(xmlfile, " %s\n", inet_ntoa(cli->guess_ipdata.ip_gateway)); fprintf(xmlfile, " \n"); } fprintf(xmlfile, " %s\n", SanitizeXML(cli->cdp_dev_id).c_str()); fprintf(xmlfile, " %s\n", SanitizeXML(cli->cdp_port_id).c_str()); fprintf(xmlfile, " \n"); } fprintf(xmlfile, " \n"); } fprintf(xmlfile, "\n"); fflush(xmlfile); return 1; }