From ba8c2bed9d1c75438fc9d47f3cb5ff6044485309 Mon Sep 17 00:00:00 2001
From: Zhang Jun Hao <zhangjunhao@espressif.com>
Date: Fri, 3 Aug 2018 10:30:54 +0800
Subject: [PATCH 1/2] feat(examples): add sniffer example

---
 examples/wifi/sniffer/Makefile               |   8 +
 examples/wifi/sniffer/main/Kconfig.projbuild |  24 +++
 examples/wifi/sniffer/main/component.mk      |   4 +
 examples/wifi/sniffer/main/sniffer_main.c    | 178 +++++++++++++++++++
 4 files changed, 214 insertions(+)
 create mode 100644 examples/wifi/sniffer/Makefile
 create mode 100644 examples/wifi/sniffer/main/Kconfig.projbuild
 create mode 100644 examples/wifi/sniffer/main/component.mk
 create mode 100644 examples/wifi/sniffer/main/sniffer_main.c

diff --git a/examples/wifi/sniffer/Makefile b/examples/wifi/sniffer/Makefile
new file mode 100644
index 00000000..aae09e00
--- /dev/null
+++ b/examples/wifi/sniffer/Makefile
@@ -0,0 +1,8 @@
+#
+# This is a project Makefile. It is assumed the directory this Makefile resides in is a
+# project subdirectory.
+#
+
+PROJECT_NAME := sniffer
+
+include $(IDF_PATH)/make/project.mk
diff --git a/examples/wifi/sniffer/main/Kconfig.projbuild b/examples/wifi/sniffer/main/Kconfig.projbuild
new file mode 100644
index 00000000..714eb3ac
--- /dev/null
+++ b/examples/wifi/sniffer/main/Kconfig.projbuild
@@ -0,0 +1,24 @@
+menu "Example Configuration"
+
+config CHANNEL
+    int "Channel"
+    range 1 13
+    default 1
+
+config FILTER_MASK_MGMT
+    bool "Receive management packets"
+    default y
+
+config FILTER_MASK_CTRL
+    bool "Receive ctrl packets"
+    default n
+
+config FILTER_MASK_DATA
+    bool "Receive data packets"
+    default n
+
+config FILTER_MASK_MISC
+    bool "Receive misc packets"
+    default n
+
+endmenu
diff --git a/examples/wifi/sniffer/main/component.mk b/examples/wifi/sniffer/main/component.mk
new file mode 100644
index 00000000..3277c9f9
--- /dev/null
+++ b/examples/wifi/sniffer/main/component.mk
@@ -0,0 +1,4 @@
+#
+# "main" pseudo-component makefile.
+#
+# (Uses default behaviour of compiling all source files in directory, adding 'include' to include path.)
\ No newline at end of file
diff --git a/examples/wifi/sniffer/main/sniffer_main.c b/examples/wifi/sniffer/main/sniffer_main.c
new file mode 100644
index 00000000..8af69ccd
--- /dev/null
+++ b/examples/wifi/sniffer/main/sniffer_main.c
@@ -0,0 +1,178 @@
+/* sniffer example
+
+   This example code is in the Public Domain (or CC0 licensed, at your option.)
+
+   Unless required by applicable law or agreed to in writing, this
+   software is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR
+   CONDITIONS OF ANY KIND, either express or implied.
+*/
+
+#include <string.h>
+#include "esp_wifi.h"
+#include "esp_system.h"
+#include "esp_log.h"
+#include "esp_timer.h"
+#include "esp_event_loop.h"
+#include "nvs_flash.h"
+
+#include "freertos/FreeRTOS.h"
+#include "freertos/task.h"
+#include "freertos/event_groups.h"
+
+#include "esp_libc.h"
+
+#define TAG "sniffer"
+
+#define MAC_HEADER_LEN 24
+#define SNIFFER_DATA_LEN 112
+#define MAC_HDR_LEN_MAX 40
+
+static EventGroupHandle_t wifi_event_group;
+
+static const int START_BIT = BIT0;
+
+static char printbuf[100];
+
+static void sniffer_cb(void* buf, wifi_promiscuous_pkt_type_t type)
+{    
+    wifi_pkt_rx_ctrl_t* rx_ctrl = (wifi_pkt_rx_ctrl_t*)buf;
+    uint8_t* frame = (uint8_t*)(rx_ctrl + 1);
+    uint32_t len = rx_ctrl->sig_mode ? rx_ctrl->HT_length : rx_ctrl->legacy_length;
+    uint32_t i;
+
+    uint8_t total_num = 1, count = 0;
+    uint16_t seq_buf = 0;
+
+    if ((rx_ctrl->aggregation) && (type != WIFI_PKT_MISC)) {
+        total_num = rx_ctrl->ampdu_cnt;
+    }
+
+    for (count = 0; count < total_num; count++) {
+        if (total_num > 1) {
+            len = *((uint16_t*)(frame + MAC_HDR_LEN_MAX + 2 * count));
+            if (seq_buf == 0) {
+                seq_buf = *((uint16_t *)(frame+22)) >> 4;
+            }
+            printf("seq_num:%d, total_num:%d\r\n", seq_buf, total_num);
+        }
+
+        switch (type) {
+            case WIFI_PKT_MGMT:
+                ESP_LOGI(TAG, "Rx mgmt pkt len:%d", len);
+                break;
+
+            case WIFI_PKT_CTRL:
+                ESP_LOGI(TAG, "Rx ctrl pkt len:%d", len);
+                break;
+
+            case WIFI_PKT_DATA:
+                ESP_LOGI(TAG, "Rx data pkt len:%d", len);
+                break;
+
+            case WIFI_PKT_MISC:
+                ESP_LOGI(TAG, "Rx misc pkt len:%d", len);
+                len = len > MAC_HEADER_LEN ? MAC_HEADER_LEN : len;
+                break;
+
+            default :
+                len = 0;
+                ESP_LOGE(TAG, "Rx unknown pkt len:%d", len);
+                return;
+        }
+
+        ++seq_buf;
+        if (total_num > 1) {
+            *(uint16_t *)(frame + 22) = (seq_buf << 4) | (*(uint16_t *)(frame + 22) & 0xf);
+        }
+    }
+    ESP_LOGI(TAG, "Rx ctrl header:");
+
+    for (i = 0; i < 12; i++) {
+        sprintf(printbuf + i * 3, "%02x ", *((uint8_t*)buf + i));
+    }
+
+    ESP_LOGI(TAG, "  - %s", printbuf);
+
+    ESP_LOGI(TAG, "Data:");
+
+    len = len > SNIFFER_DATA_LEN ? SNIFFER_DATA_LEN : len;
+
+    for (i = 0; i < len; i++) {
+        sprintf(printbuf + (i % 16) * 3, "%02x ", *((uint8_t*)frame + i));
+
+        if ((i + 1) % 16 == 0) {
+            ESP_LOGI(TAG, "  - %s", printbuf);
+        }
+    }
+
+    if ((i % 16) != 0) {
+        printbuf[((i) % 16) * 3 - 1] = 0;
+        ESP_LOGI(TAG, "  - %s", printbuf);
+    }
+}
+
+static void sniffer_task(void* pvParameters)
+{
+    wifi_promiscuous_filter_t sniffer_filter = {0};
+
+#if CONFIG_FILTER_MASK_MGMT
+    sniffer_filter.filter_mask |= WIFI_PROMIS_FILTER_MASK_MGMT;
+#endif
+
+#if CONFIG_FILTER_MASK_CTRL
+    sniffer_filter.filter_mask |= WIFI_PROMIS_FILTER_MASK_CTRL;
+#endif
+
+#if CONFIG_FILTER_MASK_DATA
+    sniffer_filter.filter_mask |= WIFI_PROMIS_FILTER_MASK_DATA;
+#endif
+
+#if CONFIG_FILTER_MASK_MISC
+    sniffer_filter.filter_mask |= WIFI_PROMIS_FILTER_MASK_MISC;
+#endif
+
+    if (sniffer_filter.filter_mask == 0) {
+        ESP_LOGI(TAG, "Please add one filter at least!");
+        vTaskDelete(NULL);
+    }
+
+    xEventGroupWaitBits(wifi_event_group, START_BIT,
+                        false, true, portMAX_DELAY);
+    ESP_ERROR_CHECK(esp_wifi_set_channel(CONFIG_CHANNEL, 0));
+    ESP_ERROR_CHECK(esp_wifi_set_promiscuous_rx_cb(sniffer_cb));
+    ESP_ERROR_CHECK(esp_wifi_set_promiscuous_filter(&sniffer_filter));
+    ESP_ERROR_CHECK(esp_wifi_set_promiscuous(true));
+    vTaskDelete(NULL);
+}
+
+static esp_err_t event_handler(void* ctx, system_event_t* event)
+{
+    switch (event->event_id) {
+        case SYSTEM_EVENT_STA_START:
+            xEventGroupSetBits(wifi_event_group, START_BIT);
+            break;
+
+        default:
+            break;
+    }
+
+    return ESP_OK;
+}
+
+static void initialise_wifi(void)
+{
+    tcpip_adapter_init();
+    wifi_event_group = xEventGroupCreate();
+    ESP_ERROR_CHECK(esp_event_loop_init(event_handler, NULL));
+    wifi_init_config_t cfg = WIFI_INIT_CONFIG_DEFAULT();
+    ESP_ERROR_CHECK(esp_wifi_init(&cfg));
+    ESP_ERROR_CHECK(esp_wifi_set_mode(WIFI_MODE_STA));
+    ESP_ERROR_CHECK(esp_wifi_start());
+}
+
+void app_main()
+{
+    ESP_ERROR_CHECK(nvs_flash_init());
+    initialise_wifi();
+    xTaskCreate(&sniffer_task, "sniffer_task", 2048, NULL, 10, NULL);
+}
\ No newline at end of file

From 32d75a06997875d363372230fc9ba75ab5331e69 Mon Sep 17 00:00:00 2001
From: Chen Wen <chenwen@espressif.com>
Date: Fri, 8 Mar 2019 11:11:53 +0800
Subject: [PATCH 2/2] feat(examples): add processing AMPDU pkt

---
 examples/wifi/sniffer/main/sniffer_main.c | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/examples/wifi/sniffer/main/sniffer_main.c b/examples/wifi/sniffer/main/sniffer_main.c
index 8af69ccd..79cec1d9 100644
--- a/examples/wifi/sniffer/main/sniffer_main.c
+++ b/examples/wifi/sniffer/main/sniffer_main.c
@@ -34,7 +34,7 @@ static const int START_BIT = BIT0;
 static char printbuf[100];
 
 static void sniffer_cb(void* buf, wifi_promiscuous_pkt_type_t type)
-{    
+{
     wifi_pkt_rx_ctrl_t* rx_ctrl = (wifi_pkt_rx_ctrl_t*)buf;
     uint8_t* frame = (uint8_t*)(rx_ctrl + 1);
     uint32_t len = rx_ctrl->sig_mode ? rx_ctrl->HT_length : rx_ctrl->legacy_length;
@@ -50,10 +50,12 @@ static void sniffer_cb(void* buf, wifi_promiscuous_pkt_type_t type)
     for (count = 0; count < total_num; count++) {
         if (total_num > 1) {
             len = *((uint16_t*)(frame + MAC_HDR_LEN_MAX + 2 * count));
+
             if (seq_buf == 0) {
-                seq_buf = *((uint16_t *)(frame+22)) >> 4;
+                seq_buf = *((uint16_t*)(frame + 22)) >> 4;
             }
-            printf("seq_num:%d, total_num:%d\r\n", seq_buf, total_num);
+
+            ESP_LOGI(TAG, "seq_num:%d, total_num:%d\r\n", seq_buf, total_num);
         }
 
         switch (type) {
@@ -81,10 +83,12 @@ static void sniffer_cb(void* buf, wifi_promiscuous_pkt_type_t type)
         }
 
         ++seq_buf;
+
         if (total_num > 1) {
-            *(uint16_t *)(frame + 22) = (seq_buf << 4) | (*(uint16_t *)(frame + 22) & 0xf);
+            *(uint16_t*)(frame + 22) = (seq_buf << 4) | (*(uint16_t*)(frame + 22) & 0xf);
         }
     }
+
     ESP_LOGI(TAG, "Rx ctrl header:");
 
     for (i = 0; i < 12; i++) {