ESP8266 RTOS SDK Sniffer 自定义失败记录
记录这段时间试图使用 RTOS 的 SDK 完成和使用 NONOS SDK 一致的sniffer功能的失败记录和可能的原因
代码的编译和运行并没有什么问题. ESP8266 RTOS SDK V3.4 中对于 Wifi 混杂模式的数据接口:
- 用于注册混杂模式包回调的处理函数
/**
* @brief Register the RX callback function in the promiscuous mode.
*
* Each time a packet is received, the registered callback function will be called.
*
* @param cb callback
*
* @return
* - ESP_OK: succeed
* - ESP_ERR_WIFI_NOT_INIT: WiFi is not initialized by esp_wifi_init
*/
esp_err_t esp_wifi_set_promiscuous_rx_cb(wifi_promiscuous_cb_t cb);
- 混杂模式包处理回调类型的定义, 其输入的数据通过buf进行输入
/**
* @brief The RX callback function in the promiscuous mode.
* Each time a packet is received, the callback function will be called.
*
* @param buf Data received. Type of data in buffer (wifi_promiscuous_pkt_t or wifi_pkt_rx_ctrl_t) indicated by 'type' parameter.
* @param type promiscuous packet type.
*
*/
typedef void (* wifi_promiscuous_cb_t)(void *buf, wifi_promiscuous_pkt_type_t type);
- buf 的类型定义, 在有payload的情况下, 其类型为
wifi_promiscuous_pkt_t, 由于其限制payload的最大长度为112字节, 所以获取的数据包并不是完整的数据包
/** @brief Payload passed to 'buf' parameter of promiscuous mode RX callback.
*/
typedef struct {
wifi_pkt_rx_ctrl_t rx_ctrl; /**< metadata header */
uint8_t payload[0]; /**< Data or management frame payload. Length of payload is
min(112, (pkt->rx_ctrl.sig_mode ? pkt->rx_ctrl.HT_length : pkt->rx_ctrl.legacy_length))
Type of content determined by packet type argument of callback. */
} wifi_promiscuous_pkt_t;
- 其
wifi_pkt_rx_ctrl_t的定义, 可以通过其字段以及字段的位数看出, 该包头并不是含有MAC地址的包头. 由于其包含aggregation字段, 其更有可能是一个MSDU或者MPDU或者PHY标头
/** @brief Received packet radio metadata header, this is the common header at the beginning of all promiscuous mode RX callback buffers */
typedef struct {
signed rssi: 8; /**< signal intensity of packet */
unsigned rate: 4; /**< data rate */
unsigned is_group: 1; /**< usually not used */
unsigned : 1; /**< reserve */
unsigned sig_mode: 2; /**< 0:is not 11n packet; 1:is 11n packet */
unsigned legacy_length: 12; /**< Length of 11bg mode packet */
unsigned damatch0: 1; /**< usually not used */
unsigned damatch1: 1; /**< usually not used */
unsigned bssidmatch0: 1; /**< usually not used */
unsigned bssidmatch1: 1; /**< usually not used */
unsigned mcs: 7; /**< if is 11n packet, shows the modulation(range from 0 to 76) */
unsigned cwb: 1; /**< if is 11n packet, shows if is HT40 packet or not */
unsigned HT_length: 16; /**< Length of 11n mode packet */
unsigned smoothing: 1; /**< reserve */
unsigned not_sounding: 1; /**< reserve */
unsigned : 1; /**< reserve */
unsigned aggregation: 1; /**< Aggregation */
unsigned stbc: 2; /**< STBC */
unsigned fec_coding: 1; /**< Flag is set for 11n packets which are LDPC */
unsigned sgi: 1; /**< SGI */
unsigned rxend_state: 8; /**< usually not used */
unsigned ampdu_cnt: 8; /**< ampdu cnt */
unsigned channel: 4; /**< which channel this packet in */
unsigned : 4; /**< reserve */
signed noise_floor: 8; /**< usually not used */
} wifi_pkt_rx_ctrl_t;
由于个人缺乏对于 802.11 协议物理实现以及更深层的理解, 所以在发现 payload 的数据不符合 MAC 包结构之后, 选择放弃该项目.
该项目中的 MAC 地址数据以及其他数据可能已经通过对 payload 限制读取长度进行了丢弃.
所以个人认为, 严格按照 ESP8266 RTOS SDK 提供的接口获取 AP/Sta mac 地址以及 IP 地址的尝试是不会成功的.
更新:
经过确认, 依照以下代码可以通过802.11 MAMT 包获取AP和Station的mac地址
Github ESP-EOS/ESP32-WiFi-Sniffer
