Add script to convert wpa_supplicant debug output to pcap

For debugging I needed to look at the frames in a wpa_supplicant debug
log. Looking at the hexdump is a bit tedious, so I wrote a quick script
to convert the nl80211 debugging output to a PCAP file that can be
opened in wireshark.

I've polished the initial raw script a bit to add error messages and to
also record the timestamps to the pcap file.

Hopefully it's useful to somebody else as well.

Signed-off-by: Johannes Berg <johannes.berg@intel.com>
This commit is contained in:
Johannes Berg 2012-04-05 19:47:45 +03:00 committed by Jouni Malinen
parent 71dd3b78f9
commit f05b6b18bb

View File

@ -0,0 +1,54 @@
#!/usr/bin/env python
#
# Copyright (c) 2012, Intel Corporation
#
# Author: Johannes Berg <johannes@sipsolutions.net>
#
# This software may be distributed under the terms of the BSD license.
# See README for more details.
import sys, struct, re
def write_pcap_header(pcap_file):
pcap_file.write(
struct.pack('<IHHIIII',
0xa1b2c3d4, 2, 4, 0, 0, 65535,
105 # raw 802.11 format
))
def pcap_addpacket(pcap_file, ts, data):
# ts in seconds, float
pcap_file.write(struct.pack('<IIII',
int(ts), int(1000000 * ts) % 1000000,
len(data), len(data)))
pcap_file.write(data)
if __name__ == "__main__":
try:
input = sys.argv[1]
pcap = sys.argv[2]
except IndexError:
print "Usage: %s <log file> <pcap file>" % sys.argv[0]
sys.exit(2)
input_file = open(input, 'r')
pcap_file = open(pcap, 'w')
frame_re = re.compile(r'(([0-9]+.[0-9]{6}):\s*)?nl80211: MLME event frame - hexdump\(len=[0-9]*\):((\s*[0-9a-fA-F]{2})*)')
write_pcap_header(pcap_file)
for line in input_file:
m = frame_re.match(line)
if m is None:
continue
if m.group(2):
ts = float(m.group(2))
else:
ts = 0
hexdata = m.group(3)
hexdata = hexdata.split()
data = ''.join([chr(int(x, 16)) for x in hexdata])
pcap_addpacket(pcap_file, ts, data)
input_file.close()
pcap_file.close()