From c9c49a409d928f4abb87203b9f89e9f69c15a88b Mon Sep 17 00:00:00 2001
From: "7u83@mail.ru" <7u83@mail.ru@noemail.net>
Date: Mon, 11 May 2015 19:58:17 +0000
Subject: [PATCH] Work on decrypting Cisco's add wlan msg element.

FossilOrigin-Name: d833703e09017e5c53c85d0c9c7a3376b890c5e07304c849d68f3e03c0569f23
---
 doc/capwap_cisco.txt                 |  4 +-
 src/capwap/Makefile                  |  1 +
 src/capwap/capwap_actions_wtp.c      |  5 ++
 src/capwap/capwap_cisco.h            |  2 +
 src/capwap/cipwap_actions.h          |  7 +++
 src/capwap/cipwap_actions_wtp.c      | 14 +++--
 src/capwap/cw_in_cisco_add_wlan.c    | 85 ++++++++++++++++++++++++++++
 src/capwap/cw_readelem_ecn_support.c | 36 ------------
 src/capwap/mbag.h                    |  3 +
 src/wtp/cfg.c                        |  1 -
 src/wtp/cfg.json                     | 33 +++++++++--
 src/wtp/wtp_main.c                   |  2 +-
 12 files changed, 145 insertions(+), 48 deletions(-)
 create mode 100644 src/capwap/cw_in_cisco_add_wlan.c
 delete mode 100644 src/capwap/cw_readelem_ecn_support.c

diff --git a/doc/capwap_cisco.txt b/doc/capwap_cisco.txt
index 6510c7e6..49729baa 100644
--- a/doc/capwap_cisco.txt
+++ b/doc/capwap_cisco.txt
@@ -177,8 +177,8 @@ AP = RAD = WTP
 
    Type: AP Type 
 
-      0 - ?
-      4 - ?
+      0 - ?  //  
+      4 - ?  // Legacy AP ?
 
 
  
diff --git a/src/capwap/Makefile b/src/capwap/Makefile
index d167a4b3..1167c5a1 100644
--- a/src/capwap/Makefile
+++ b/src/capwap/Makefile
@@ -152,6 +152,7 @@ CAPWAPOBJS= \
 	cw_check_missing_mand.o \
 	md5sum.o \
 	format.o \
+	cw_in_cisco_add_wlan.o
 
 
 
diff --git a/src/capwap/capwap_actions_wtp.c b/src/capwap/capwap_actions_wtp.c
index 4502aa23..d5a7ae50 100644
--- a/src/capwap/capwap_actions_wtp.c
+++ b/src/capwap/capwap_actions_wtp.c
@@ -132,6 +132,11 @@ cw_action_in_t capwap_actions_wtp_in[] = {
 	{0, 0, CW_STATE_CONFIGURE, CW_MSG_CONFIGURATION_STATUS_RESPONSE,
 	 CW_ACTION_IN_IDLE_TIMEOUT, 1}
 	,
+
+//	{0, 0, CW_STATE_CONFIGURE, CW_MSG_CONFIGURATION_STATUS_RESPONSE,
+//	 CW_ACTION_IN_DECRYPTION_ERROR_REPORT_PERIOD, 1}
+//	,
+
 	
 	{0, 0, CW_STATE_CONFIGURE, CW_MSG_CONFIGURATION_STATUS_RESPONSE,
 	 CW_ACTION_IN_VENDOR_SPECIFIC_PAYLOAD, 0}
diff --git a/src/capwap/capwap_cisco.h b/src/capwap/capwap_cisco.h
index 2a4bb83a..ead10b23 100644
--- a/src/capwap/capwap_cisco.h
+++ b/src/capwap/capwap_cisco.h
@@ -233,5 +233,7 @@ int cw_in_cisco_radio_cfg(struct conn *conn, struct cw_action_in *a, uint8_t * d
 		  struct sockaddr *from);
 
 
+int cw_in_cisco_add_wlan(struct conn *conn, struct cw_action_in *a, uint8_t * data, int len,
+		  struct sockaddr *from);
 
 #endif
diff --git a/src/capwap/cipwap_actions.h b/src/capwap/cipwap_actions.h
index a7e515b2..d30fb9c6 100644
--- a/src/capwap/cipwap_actions.h
+++ b/src/capwap/cipwap_actions.h
@@ -33,4 +33,11 @@
 	0,						/* ID to use store */		\
 	0, 1114						/* min/max length */
 
+#define CW_ACTION_IN_CISCO_ADD_WLAN\
+	CW_CISCO_ADD_WLAN,				/* Element ID*/			\
+	cw_in_cisco_add_wlan, 0,			/* start/end callback */	\
+	NULL, 						/* Type of element */		\
+	0,						/* ID to use store */		\
+	0, 1114						/* min/max length */
+
 
diff --git a/src/capwap/cipwap_actions_wtp.c b/src/capwap/cipwap_actions_wtp.c
index 847de574..aba33d4d 100644
--- a/src/capwap/cipwap_actions_wtp.c
+++ b/src/capwap/cipwap_actions_wtp.c
@@ -45,19 +45,25 @@ cw_action_in_t cipwap_actions_wtp_in[] = {
 	cw_in_ac_name_with_priority, 0, MBAG_BSTR16,CW_ITEM_AC_NAME_WITH_PRIORITY,0,512}
 	,
 
-	/* AP Mode an Type */
-	{CW_VENDOR_ID_CISCO, 0, CW_STATE_RUN, CW_MSG_CONFIGURATION_UPDATE_REQUEST,
+	/* AP Mode an Type IN */
+/*	{CW_VENDOR_ID_CISCO, 0, CW_STATE_RUN, CW_MSG_CONFIGURATION_UPDATE_REQUEST,
 	 CW_ACTION_IN_CISCO_AP_MODE_AND_TYPE,
 	 1}
 	,
-
+*/
 	/* Radio Administrative State */
-	/* Oveload CAPWAP action to handle a radio ID of 255 */
+	/* Overload CAPWAP action to handle a radio ID of 255 */
 	{0, 0, CW_STATE_RUN, CW_MSG_CONFIGURATION_UPDATE_REQUEST,
 	 CW_ACTION_IN_CISCO_RADIO_ADMINISTRATIVE_STATE_WTP, 0}
 	,
 
 
+	/* Add WLAN */
+	{CW_VENDOR_ID_CISCO, 0, CW_STATE_RUN, CW_MSG_CONFIGURATION_UPDATE_REQUEST,
+	 CW_ACTION_IN_CISCO_ADD_WLAN, 0}
+	,
+
+
 
 	{CW_VENDOR_ID_CISCO, 0, CW_STATE_JOIN, CW_MSG_JOIN_REQUEST, CW_CISCO_AP_GROUP_NAME, 
 	cw_in_generic, 0, MBAG_BSTR16,CW_ITEM_WTP_GROUP_NAME,1,512}
diff --git a/src/capwap/cw_in_cisco_add_wlan.c b/src/capwap/cw_in_cisco_add_wlan.c
new file mode 100644
index 00000000..0b905321
--- /dev/null
+++ b/src/capwap/cw_in_cisco_add_wlan.c
@@ -0,0 +1,85 @@
+
+#include "action.h"
+#include "dbg.h"
+#include "log.h"
+#include "mbag.h"
+#include "capwap.h"
+
+
+
+int cw_cisco_get_wlan_legacy(mbag_t wlan, uint8_t *data, int len)
+{
+	mbag_set_word(wlan,"enc_capab", cw_get_word(data+1));
+
+	int wlan_id=cw_get_word(data+3);
+	mbag_set_word(wlan,"wlan_id",wlan_id);
+
+	mbag_set_dword(wlan,"enc_policy",cw_get_dword(data+5));
+	mbag_set_bstr16n(wlan,"key",data+9,32);
+
+	mbag_set_byte(wlan,"key_index",cw_get_byte(data+41));
+	mbag_set_byte(wlan,"key_shared",cw_get_byte(data+42));
+	
+	mbag_set_byte(wlan,"wpa_len",cw_get_byte(data+43));
+	mbag_set_bstr16n(wlan,"wpa_data",data+44,32);
+
+	mbag_set_byte(wlan,"rsn_len",cw_get_byte(data+76));
+	mbag_set_bstr16n(wlan,"rsn_data",data+77,64);
+
+	mbag_set_bstr16n(wlan,"reserved",data+141,49);
+
+	mbag_set_byte(wlan,"wme_len",cw_get_byte(data+190));	
+	mbag_set_bstr16n(wlan,"wme_data",data+191,32);	
+
+	mbag_set_byte(wlan,"dot11e_len",cw_get_byte(data+223));	
+	mbag_set_bstr16n(wlan,"dot11e_data",data+224,32);	
+
+	mbag_set_byte(wlan,"qos",cw_get_byte(data+256));	
+
+//	mbag_set_byte(wlan,"ssid_broadcast",cw_get_byte(data+257));
+	mbag_set_byte(wlan,"ssid_broadcast",cw_get_byte(data+435));
+	mbag_set_byte(wlan,"aironet_ie",cw_get_byte(data+436));
+
+	mbag_set_bstr16n(wlan,"reserved2",data+258,40);
+
+
+	mbag_set_byte(wlan,"dtim_period",cw_get_byte(data+554));
+	mbag_set_bstr16n(wlan,"wlan_name",data+558,32);
+	mbag_set_byte(wlan,"allow_aaa_override",cw_get_byte(data+591));
+	mbag_set_byte(wlan,"max_clients",cw_get_byte(data+593));
+
+	
+	mbag_set_bstr16n(wlan,"ssid",data+622,len-622);
+
+	return 0;
+}
+
+
+
+int cw_in_cisco_add_wlan(struct conn *conn, struct cw_action_in *a, uint8_t * data, int len,
+		  struct sockaddr *from)
+{
+
+	int rid = cw_get_byte(data);
+	mbag_t wlan = mbag_i_get_mbag(conn->radios,rid,NULL);
+	if ( !wlan ) {
+		printf("No Radio git\n");
+
+
+	}
+
+	mbag_set_byte(wlan,"radio_id",rid);
+
+
+	cw_cisco_get_wlan_legacy(wlan,data,len);
+
+	printf("Add WLAN %d\n",rid);
+
+
+
+	return 0;
+
+
+}
+
+
diff --git a/src/capwap/cw_readelem_ecn_support.c b/src/capwap/cw_readelem_ecn_support.c
deleted file mode 100644
index 95d9bbe2..00000000
--- a/src/capwap/cw_readelem_ecn_support.c
+++ /dev/null
@@ -1,36 +0,0 @@
-/*
-    This file is part of libcapwap.
-
-    libcapwap is free software: you can redistribute it and/or modify
-    it under the terms of the GNU General Public License as published by
-    the Free Software Foundation, either version 3 of the License, or
-    (at your option) any later version.
-
-    libcapwap is distributed in the hope that it will be useful,
-    but WITHOUT ANY WARRANTY; without even the implied warranty of
-    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-    GNU General Public License for more details.
-
-    You should have received a copy of the GNU General Public License
-    along with Foobar.  If not, see <http://www.gnu.org/licenses/>.
-
-*/
-
-#include "capwap.h"
-
-#include "cw_log.h"
-
-int cw_readelem_ecn_support(uint8_t *ecn_support, int type, uint8_t * msgelem, int len)
-{
-	if (type != CWMSGELEM_ECN_SUPPORT)
-		return 0;
-
-	if (len!=1){
-		cw_dbg(DBG_CW_RFC,"Discarding ECN_SUPPORT msgelem, wrong size, type=%d,len=%d",type,len);
-		return 0;
-	}
-	*ecn_support=*msgelem;
-	return 1;
-}
-
-
diff --git a/src/capwap/mbag.h b/src/capwap/mbag.h
index 984fe51f..c7c69d8f 100644
--- a/src/capwap/mbag.h
+++ b/src/capwap/mbag.h
@@ -351,6 +351,9 @@ static inline mbag_item_t * mbag_set_bstrn(mbag_t s, const char *id, uint8_t * d
 	return i;
 }
 
+
+
+
 static inline struct mavl *mbag_get_mavl(mbag_t s, const char *id)
 {
 	struct mbag_item *i = mbag_get(s, id);
diff --git a/src/wtp/cfg.c b/src/wtp/cfg.c
index 81ecd46c..e5082c15 100644
--- a/src/wtp/cfg.c
+++ b/src/wtp/cfg.c
@@ -382,7 +382,6 @@ int cfg_to_json()
 //printf("DST: %s\n",dst);
 //exit(0);
 
-
 	cw_save_file("cfg.json", dst, n);
 	return 1;
 }
diff --git a/src/wtp/cfg.json b/src/wtp/cfg.json
index f9e970a6..7ec28f82 100644
--- a/src/wtp/cfg.json
+++ b/src/wtp/cfg.json
@@ -4,8 +4,8 @@
 		"Master AC":"1"
 	},
 	"capwap_timers":"2590",
-	"cisco_ap_mode_and_type":"512",
-	"cisco_board_data_options":".x01010101",
+	"cisco_ap_mode_and_type":"4",
+	"cisco_board_data_options":".x00010404",
 	"idle_timeout":"300",
 	"location_data":"Germany",
 	"wtp_board_data":{
@@ -18,12 +18,37 @@
 	"wtp_hardware_version":"4232704,.x01000000",
 	"wtp_mac_type":"1",
 	"wtp_name":"Kaffe-Point",
-	"wtp_software_version":"4232704,.x08007300",
+	"wtp_software_version":"4232704,.x07007300",
 	"radios":{
 		"0":{
 			"admin_state":"1",
+			"aironet_ie":"0",
+			"allow_aaa_override":"1",
 			"bssid":".x123456789abc",
-			"radio_type":"1"
+			"dot11e_data":".x0042435e0062322f000000000000000000000000000000000000000000000000",
+			"dot11e_len":"0",
+			"dtim_period":"241",
+			"enc_capab":"1073",
+			"enc_policy":"5",
+			"key":".x210127bab42d5c063ae05a292ea01709d00a6347407e52d5f14d5a6ab82dae3a",
+			"key_index":"1",
+			"key_shared":"0",
+			"max_clients":"17",
+			"qos":"0",
+			"radio_id":"0",
+			"radio_type":"1",
+			"reserved":".x000000000000000000000000000000000cdd0a00c0b9010000000801010000000000000000000000000000000000000000",
+			"reserved2":".x00000000000000000000000000000000000000000000000000000000000000000000000000000000",
+			"rsn_data":".x0000000000000000000000000000001630140100000fac020100000fac040100000fac0229000000000000000000000000000000000000000000000000000000",
+			"rsn_len":"0",
+			"ssid":"Hotler",
+			"ssid_broadcast":"1",
+			"wlan_id":"1",
+			"wlan_name":".x53757065726e6574776f726b3230313521212100000000000000000000000000",
+			"wme_data":".x0000000000000000000000000000001add180050f2020101800003a4000027a4",
+			"wme_len":"0",
+			"wpa_data":".xdd1c0050f20101000050f20202000050f2020050f20401000050f20200000000",
+			"wpa_len":"30"
 		},
 		"1":{
 			"admin_state":"1",
diff --git a/src/wtp/wtp_main.c b/src/wtp/wtp_main.c
index 2d4c5181..aa5f6bda 100644
--- a/src/wtp/wtp_main.c
+++ b/src/wtp/wtp_main.c
@@ -188,7 +188,7 @@ conn->incomming=conn->config;
 
 	//image_update();
 
-
+	return 0;
 }