search

WLAN-Pi / wlanpi-profiler

Wi-Fi client capabilities analyzer tool built for the WLAN Pi
BSD 3-Clause "New" or "Revised" License
23 stars 8 forks source link

BPF filters, libpcap0.8, and bullseye #93

Closed joshschmelzle closed 2 years ago

joshschmelzle commented 2 years ago

There is an issue applying BPF filters when using the libpcap0.8 version found on bullseye.

2021-12-09 00:25:54,837 [ERROR] fakeap.py: we had a problem creating BPF filters on L2socket/wlan0mon
Traceback (most recent call last):
  File "/opt/wlanpi-profiler/lib/python3.9/site-packages/profiler/fakeap.py", line 385, in __init__
    sniff(
  File "/opt/wlanpi-profiler/lib/python3.9/site-packages/scapy/sendrecv.py", line 1263, in sniff
    sniffer._run(*args, **kwargs)
  File "/opt/wlanpi-profiler/lib/python3.9/site-packages/scapy/sendrecv.py", line 1127, in _run
    sniff_sockets[L2socket(type=ETH_P_ALL, iface=iface,
  File "/opt/wlanpi-profiler/lib/python3.9/site-packages/scapy/arch/linux.py", line 497, in __init__
    attach_filter(self.ins, filter, self.iface)
  File "/opt/wlanpi-profiler/lib/python3.9/site-packages/scapy/arch/linux.py", line 166, in attach_filter
    bp = compile_filter(bpf_filter, iface)
  File "/opt/wlanpi-profiler/lib/python3.9/site-packages/scapy/arch/common.py", line 156, in compile_filter
    raise Scapy_Exception(
scapy.error.Scapy_Exception: Failed to compile filter expression type mgt subtype probe-req or type mgt subtype auth or type mgt subtype assoc-req or type mgt subtype reassoc-req (-1)
2021-12-09 00:25:54,840 [INFO] fakeap.py: try running with --no_bpf_filters

I've implemented a manual workaround to remove BPF filters using the --no_bpf_filters option. We can apply it like this:

sudo profiler -i wlan0mon --debug --noprep --no_bpf_filters

But how do we fix the dependency problem on libpcap?

If we're on bullseye, we can update libpcap0.8 from the bullseye-backports repo like this:

# Add Backports to sources.list (or add a new file with the ".list" extension to /etc/apt/sources.list.d/).
sudo apt edit-sources
deb http://deb.debian.org/debian bullseye-backports main

## Intall GPG keys
sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 648ACFD622F3D138

## Update apt
sudo apt update

## Installing backports on the command line
sudo apt -t bullseye-backports install  libpcap0.8

This should resolve the problem.