summaryrefslogtreecommitdiff
path: root/net-wireless/reaver/files/0001-wpscrack-big-endian-fixes.patch
blob: da76c2e3ddcaec3c624fbf175e71c527a0686230 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
From 4e7af9f022996cb0a03b30f6af265b757807dfa2 Mon Sep 17 00:00:00 2001
From: Paul Fertser <fercerpav@gmail.com>
Date: Wed, 27 Jun 2012 17:44:55 +0400
Subject: [PATCH 1/3] wpscrack: big-endian fixes

This should fix access to the radiotap, 802.11, LLC/SNAP and WFA
headers' fields. Run-time tested on an ar71xx BE system.

Signed-off-by: Paul Fertser <fercerpav@gmail.com>
---
 src/80211.c    |   65 +++++++++++++++++++------------
 src/builder.c  |   23 +++++------
 src/defs.h     |  116 +++++++++++++++++++++++++++++++++++++++-----------------
 src/exchange.c |   23 ++++++-----
 src/wpsmon.c   |   13 ++++--
 5 files changed, 151 insertions(+), 89 deletions(-)

diff --git a/src/80211.c b/src/80211.c
index c2aff59..19f1e92 100644
--- a/src/80211.c
+++ b/src/80211.c
@@ -90,17 +90,19 @@ void read_ap_beacon()
                 if(header.len >= MIN_BEACON_SIZE)
                 {
                         rt_header = (struct radio_tap_header *) radio_header(packet, header.len);
-                        frame_header = (struct dot11_frame_header *) (packet + rt_header->len);
-
+			size_t rt_header_len = __le16_to_cpu(rt_header->len);
+			frame_header = (struct dot11_frame_header *) (packet + rt_header_len);
+			
 			if(is_target(frame_header))
 			{
-                                if(frame_header->fc.type == MANAGEMENT_FRAME && frame_header->fc.sub_type == SUBTYPE_BEACON)
+                                if((frame_header->fc & __cpu_to_le16(IEEE80211_FCTL_FTYPE | IEEE80211_FCTL_STYPE)) ==
+				   __cpu_to_le16(IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_BEACON))
                                 {
-                                       	beacon = (struct beacon_management_frame *) (packet + rt_header->len + sizeof(struct dot11_frame_header));
+                                       	beacon = (struct beacon_management_frame *) (packet + rt_header_len + sizeof(struct dot11_frame_header));
                                        	set_ap_capability(beacon->capability);
 
 					/* Obtain the SSID and channel number from the beacon packet */
-					tag_offset = rt_header->len + sizeof(struct dot11_frame_header) + sizeof(struct beacon_management_frame);
+					tag_offset = rt_header_len + sizeof(struct dot11_frame_header) + sizeof(struct beacon_management_frame);
 					channel = parse_beacon_tags(packet, header.len);
 					
 					/* If no channel was manually specified, switch to the AP's current channel */
@@ -135,29 +137,31 @@ int8_t signal_strength(const u_char *packet, size_t len)
 	{
 		header = (struct radio_tap_header *) packet;
 
-		if((header->flags & SSI_FLAG) == SSI_FLAG)
+		uint32_t flags = __le32_to_cpu(header->flags);
+		
+		if((flags & SSI_FLAG) == SSI_FLAG)
 		{
-			if((header->flags & TSFT_FLAG) == TSFT_FLAG)
+			if((flags & TSFT_FLAG) == TSFT_FLAG)
 			{
 				offset += TSFT_SIZE;
 			}
 
-			if((header->flags & FLAGS_FLAG) == FLAGS_FLAG)
+			if((flags & FLAGS_FLAG) == FLAGS_FLAG)
 			{
 				offset += FLAGS_SIZE;
 			}
 	
-			if((header->flags & RATE_FLAG) == RATE_FLAG)
+			if((flags & RATE_FLAG) == RATE_FLAG)
 			{
 				offset += RATE_SIZE;
 			}
 
-			if((header->flags & CHANNEL_FLAG) == CHANNEL_FLAG)
+			if((flags & CHANNEL_FLAG) == CHANNEL_FLAG)
 			{
 				offset += CHANNEL_SIZE;
 			}
 
-			if((header->flags & FHSS_FLAG) == FHSS_FLAG)
+			if((flags & FHSS_FLAG) == FHSS_FLAG)
 			{
 				offset += FHSS_FLAG;
 			}
@@ -196,11 +200,13 @@ int is_wps_locked()
 		if(header.len >= MIN_BEACON_SIZE)
 		{
 			rt_header = (struct radio_tap_header *) radio_header(packet, header.len);
-			frame_header = (struct dot11_frame_header *) (packet + rt_header->len);
+			size_t rt_header_len = __le16_to_cpu(rt_header->len);
+			frame_header = (struct dot11_frame_header *) (packet + rt_header_len);
 
 			if(memcmp(frame_header->addr3, get_bssid(), MAC_ADDR_LEN) == 0)
 			{
-				if(frame_header->fc.type == MANAGEMENT_FRAME && frame_header->fc.sub_type == SUBTYPE_BEACON)
+                                if((frame_header->fc & __cpu_to_le16(IEEE80211_FCTL_FTYPE | IEEE80211_FCTL_STYPE)) ==
+				   __cpu_to_le16(IEEE80211_FTYPE_MGMT | IEEE80211_STYPE_BEACON))
 				{
 					if(parse_wps_parameters(packet, header.len, &wps))
 					{
@@ -411,24 +417,30 @@ int associate_recv_loop()
                 if(header.len >= MIN_AUTH_SIZE)
                 {
 			rt_header = (struct radio_tap_header *) radio_header(packet, header.len);
-                        dot11_frame = (struct dot11_frame_header *) (packet + rt_header->len);
+			size_t rt_header_len = __le16_to_cpu(rt_header->len);
+			dot11_frame = (struct dot11_frame_header *) (packet + rt_header_len);
 
                         if((memcmp(dot11_frame->addr3, get_bssid(), MAC_ADDR_LEN) == 0) &&
                            (memcmp(dot11_frame->addr1, get_mac(), MAC_ADDR_LEN) == 0))
                         {
-				if(dot11_frame->fc.type == MANAGEMENT_FRAME)
+                                if((dot11_frame->fc & __cpu_to_le16(IEEE80211_FCTL_FTYPE)) ==
+				   __cpu_to_le16(IEEE80211_FTYPE_MGMT))
 				{
-                                	auth_frame = (struct authentication_management_frame *) (packet + sizeof(struct dot11_frame_header) + rt_header->len);
-                                	assoc_frame = (struct association_response_management_frame *) (packet + sizeof(struct dot11_frame_header) + rt_header->len);
+                                	auth_frame = (struct authentication_management_frame *) (packet + sizeof(struct dot11_frame_header) + rt_header_len);
+                                	assoc_frame = (struct association_response_management_frame *) (packet + sizeof(struct dot11_frame_header) + rt_header_len);
 
 					/* Did we get an authentication packet with a successful status? */
-					if((dot11_frame->fc.sub_type == SUBTYPE_AUTHENTICATION) && (auth_frame->status == AUTHENTICATION_SUCCESS))
+					if((dot11_frame->fc & __cpu_to_le16(IEEE80211_FCTL_STYPE)) ==
+					   __cpu_to_le16(IEEE80211_STYPE_AUTH)
+					   && (auth_frame->status == __cpu_to_le16(AUTHENTICATION_SUCCESS)))
                                		{
                                	        	ret_val = AUTH_OK;
                                	        	break;
                                		}
 					/* Did we get an association packet with a successful status? */
-                               		else if((dot11_frame->fc.sub_type == SUBTYPE_ASSOCIATION) && (assoc_frame->status == ASSOCIATION_SUCCESS))
+                               		else if((dot11_frame->fc & __cpu_to_le16(IEEE80211_FCTL_STYPE)) ==
+						__cpu_to_le16(IEEE80211_STYPE_ASSOC_RESP)
+						&& (assoc_frame->status == __cpu_to_le16(ASSOCIATION_SUCCESS)))
 					{
 						ret_val = ASSOCIATE_OK;
 						break;
@@ -455,13 +467,14 @@ enum encryption_type supported_encryption(const u_char *packet, size_t len)
 	if(len > MIN_BEACON_SIZE)
 	{
 		rt_header = (struct radio_tap_header *) radio_header(packet, len);
-		beacon = (struct beacon_management_frame *) (packet + rt_header->len + sizeof(struct dot11_frame_header));
-		offset = tag_offset = rt_header->len + sizeof(struct dot11_frame_header) + sizeof(struct beacon_management_frame);
+		size_t rt_header_len = __le16_to_cpu(rt_header->len);
+		beacon = (struct beacon_management_frame *) (packet + rt_header_len + sizeof(struct dot11_frame_header));
+		offset = tag_offset = rt_header_len + sizeof(struct dot11_frame_header) + sizeof(struct beacon_management_frame);
 		
 		tag_len = len - tag_offset;
 		tag_data = (const u_char *) (packet + tag_offset);
 
-		if((beacon->capability & CAPABILITY_WEP) == CAPABILITY_WEP)
+		if((__le16_to_cpu(beacon->capability) & CAPABILITY_WEP) == CAPABILITY_WEP)
 		{
 			enc = WEP;
 
@@ -509,7 +522,7 @@ int parse_beacon_tags(const u_char *packet, size_t len)
 	struct radio_tap_header *rt_header = NULL;
 
 	rt_header = (struct radio_tap_header *) radio_header(packet, len);
-	tag_offset = rt_header->len + sizeof(struct dot11_frame_header) + sizeof(struct beacon_management_frame);
+	tag_offset = __le16_to_cpu(rt_header->len) + sizeof(struct dot11_frame_header) + sizeof(struct beacon_management_frame);
 
 	if(tag_offset < len)
 	{
@@ -548,7 +561,7 @@ int parse_beacon_tags(const u_char *packet, size_t len)
 		{
 			if(ie_len  == 1)
 			{
-				memcpy((int *) &channel, channel_data, ie_len);
+				channel = *(uint8_t*)channel_data;
 			}
 			free(channel_data);
 		}
@@ -603,13 +616,13 @@ int check_fcs(const u_char *packet, size_t len)
 	if(len > 4)
 	{
 		/* Get the packet's reported FCS (last 4 bytes of the packet) */
-		memcpy((uint32_t *) &fcs, (packet + (len-4)), 4);
+		fcs = __le32_to_cpu(*(uint32_t*)(packet + (len-4)));
 
 		/* FCS is not calculated over the radio tap header */
 		if(has_rt_header())
 		{
 			rt_header = (struct radio_tap_header *) packet;
-			offset += rt_header->len;
+			offset += __le16_to_cpu(rt_header->len);
 		}
 
 		if(len > offset)
diff --git a/src/builder.c b/src/builder.c
index 37f2de7..6bf89e7 100644
--- a/src/builder.c
+++ b/src/builder.c
@@ -44,9 +44,8 @@ const void *build_radio_tap_header(size_t *len)
 		memset((void *) buf, 0, sizeof(struct radio_tap_header));
 		rt_header = (struct radio_tap_header *) buf;
 
-		rt_header->len = sizeof(struct radio_tap_header);
-	
-		*len = rt_header->len;
+		*len = sizeof(struct radio_tap_header);
+		rt_header->len = __cpu_to_le16(*len);
 	}
 	
 	return buf;
@@ -67,9 +66,9 @@ const void *build_dot11_frame_header(uint16_t fc, size_t *len)
 	
 		frag_seq += SEQ_MASK;
 
-		header->duration = DEFAULT_DURATION;
-		memcpy((void *) &header->fc, (void *) &fc, sizeof(struct frame_control));
-		header->frag_seq = frag_seq;
+		header->duration = __cpu_to_le16(DEFAULT_DURATION);
+		header->fc = __cpu_to_le16(fc);
+		header->frag_seq = __cpu_to_le16(frag_seq);
 
 		memcpy((void *) header->addr1, get_bssid(), MAC_ADDR_LEN);
 		memcpy((void *) header->addr2, get_mac(), MAC_ADDR_LEN);
@@ -91,8 +90,8 @@ const void *build_authentication_management_frame(size_t *len)
 		memset((void *) buf, 0, *len);
 		frame = (struct authentication_management_frame *) buf;
 
-		frame->algorithm = OPEN_SYSTEM;
-		frame->sequence = 1;
+		frame->algorithm = __cpu_to_le16(OPEN_SYSTEM);
+		frame->sequence = __cpu_to_le16(1);
 		frame->status = 0;
 	}
 	
@@ -111,8 +110,8 @@ const void *build_association_management_frame(size_t *len)
 		memset((void *) buf, 0, *len);
 		frame = (struct association_request_management_frame *) buf;
 
-		frame->capability = get_ap_capability();
-		frame->listen_interval = LISTEN_INTERVAL;
+		frame->capability = __cpu_to_le16(get_ap_capability());
+		frame->listen_interval = __cpu_to_le16(LISTEN_INTERVAL);
 	}
 
 	return buf;
@@ -133,7 +132,7 @@ const void *build_llc_header(size_t *len)
 		header->dsap = LLC_SNAP;
 		header->ssap = LLC_SNAP;
 		header->control_field = UNNUMBERED_FRAME;
-		header->type = DOT1X_AUTHENTICATION;
+		header->type = __cpu_to_be16(DOT1X_AUTHENTICATION);
 
 	}
 
@@ -279,7 +278,7 @@ const void *build_wfa_header(uint8_t op_code, size_t *len)
 		header = (struct wfa_expanded_header *) buf;
 	
 		memcpy(header->id, WFA_VENDOR_ID, sizeof(header->id));
-		header->type = SIMPLE_CONFIG;
+		header->type = __cpu_to_be32(SIMPLE_CONFIG);
 		header->opcode = op_code;
 	}
 	
diff --git a/src/defs.h b/src/defs.h
index b2f45ea..0c628e7 100644
--- a/src/defs.h
+++ b/src/defs.h
@@ -41,6 +41,7 @@
 #include <string.h>
 #include <time.h>
 #include <pcap.h>
+#include <asm/byteorder.h>
 
 #include "wps.h"
 
@@ -65,10 +66,10 @@
 #define MANAGEMENT_FRAME	0x00
 #define SUBTYPE_BEACON		0x08
 
-#define DOT1X_AUTHENTICATION	0x8E88
+#define DOT1X_AUTHENTICATION	0x888E
 #define DOT1X_EAP_PACKET	0x00
 
-#define SIMPLE_CONFIG		0x01000000
+#define SIMPLE_CONFIG		0x00000001
 
 #define P1_SIZE			10000
 #define P2_SIZE			1000
@@ -282,66 +283,111 @@ enum wfa_elements
 	WEP_TRANSMIT_KEY = 0x10064
 };
 
+#define IEEE80211_FCTL_VERS		0x0003
+#define IEEE80211_FCTL_FTYPE		0x000c
+#define IEEE80211_FCTL_STYPE		0x00f0
+#define IEEE80211_FCTL_TODS		0x0100
+#define IEEE80211_FCTL_FROMDS		0x0200
+#define IEEE80211_FCTL_MOREFRAGS	0x0400
+#define IEEE80211_FCTL_RETRY		0x0800
+#define IEEE80211_FCTL_PM		0x1000
+#define IEEE80211_FCTL_MOREDATA		0x2000
+#define IEEE80211_FCTL_PROTECTED	0x4000
+#define IEEE80211_FCTL_ORDER		0x8000
+
+#define IEEE80211_SCTL_FRAG		0x000F
+#define IEEE80211_SCTL_SEQ		0xFFF0
+
+#define IEEE80211_FTYPE_MGMT		0x0000
+#define IEEE80211_FTYPE_CTL		0x0004
+#define IEEE80211_FTYPE_DATA		0x0008
+
+/* management */
+#define IEEE80211_STYPE_ASSOC_REQ	0x0000
+#define IEEE80211_STYPE_ASSOC_RESP	0x0010
+#define IEEE80211_STYPE_REASSOC_REQ	0x0020
+#define IEEE80211_STYPE_REASSOC_RESP	0x0030
+#define IEEE80211_STYPE_PROBE_REQ	0x0040
+#define IEEE80211_STYPE_PROBE_RESP	0x0050
+#define IEEE80211_STYPE_BEACON		0x0080
+#define IEEE80211_STYPE_ATIM		0x0090
+#define IEEE80211_STYPE_DISASSOC	0x00A0
+#define IEEE80211_STYPE_AUTH		0x00B0
+#define IEEE80211_STYPE_DEAUTH		0x00C0
+#define IEEE80211_STYPE_ACTION		0x00D0
+
+/* control */
+#define IEEE80211_STYPE_BACK_REQ	0x0080
+#define IEEE80211_STYPE_BACK		0x0090
+#define IEEE80211_STYPE_PSPOLL		0x00A0
+#define IEEE80211_STYPE_RTS		0x00B0
+#define IEEE80211_STYPE_CTS		0x00C0
+#define IEEE80211_STYPE_ACK		0x00D0
+#define IEEE80211_STYPE_CFEND		0x00E0
+#define IEEE80211_STYPE_CFENDACK	0x00F0
+
+/* data */
+#define IEEE80211_STYPE_DATA			0x0000
+#define IEEE80211_STYPE_DATA_CFACK		0x0010
+#define IEEE80211_STYPE_DATA_CFPOLL		0x0020
+#define IEEE80211_STYPE_DATA_CFACKPOLL		0x0030
+#define IEEE80211_STYPE_NULLFUNC		0x0040
+#define IEEE80211_STYPE_CFACK			0x0050
+#define IEEE80211_STYPE_CFPOLL			0x0060
+#define IEEE80211_STYPE_CFACKPOLL		0x0070
+#define IEEE80211_STYPE_QOS_DATA		0x0080
+#define IEEE80211_STYPE_QOS_DATA_CFACK		0x0090
+#define IEEE80211_STYPE_QOS_DATA_CFPOLL		0x00A0
+#define IEEE80211_STYPE_QOS_DATA_CFACKPOLL	0x00B0
+#define IEEE80211_STYPE_QOS_NULLFUNC		0x00C0
+#define IEEE80211_STYPE_QOS_CFACK		0x00D0
+#define IEEE80211_STYPE_QOS_CFPOLL		0x00E0
+#define IEEE80211_STYPE_QOS_CFACKPOLL		0x00F0
+
 #pragma pack(1)
 struct radio_tap_header
 {
 	uint8_t revision;	
 	uint8_t pad;
-	uint16_t len;
-	uint32_t flags;
-};
-
-struct frame_control
-{
-        unsigned version : 2;
-        unsigned type : 2;
-        unsigned sub_type : 4;
-
-        unsigned to_ds : 1;
-        unsigned from_ds : 1;
-        unsigned more_frag : 1;
-        unsigned retry : 1;
-        unsigned pwr_mgt : 1;
-        unsigned more_data : 1;
-        unsigned protected_frame : 1;
-        unsigned order : 1;
+	__le16 len;
+	__le32 flags;
 };
 
 struct dot11_frame_header
 {
-	struct frame_control fc;
-        uint16_t duration;
+	__le16 fc;
+	__le16 duration;
 	unsigned char addr1[MAC_ADDR_LEN];
 	unsigned char addr2[MAC_ADDR_LEN];
 	unsigned char addr3[MAC_ADDR_LEN];
-	uint16_t frag_seq;
+	__le16 frag_seq;
 };
 
 struct authentication_management_frame
 {
-	uint16_t algorithm;
-	uint16_t sequence;
-	uint16_t status;
+	__le16 algorithm;
+	__le16 sequence;
+	__le16 status;
 };
 
 struct association_request_management_frame
 {
-	uint16_t capability;
-	uint16_t listen_interval;
+	__le16 capability;
+	__le16 listen_interval;
 };
 
 struct association_response_management_frame
 {
-	uint16_t capability;
-	uint16_t status;
-	uint16_t id;
+	__le16 capability;
+	__le16 status;
+	__le16 id;
 };
 
 struct beacon_management_frame
 {
 	unsigned char timestamp[TIMESTAMP_LEN];
-	uint16_t beacon_interval;
-	uint16_t capability;
+	__le16 beacon_interval;
+	__le16 capability;
 };
 
 struct llc_header
@@ -350,7 +396,7 @@ struct llc_header
 	uint8_t ssap;
 	uint8_t control_field;
 	unsigned char org_code[3];
-	uint16_t type;
+	__be16 type;
 };
 
 struct dot1X_header
@@ -371,7 +417,7 @@ struct eap_header
 struct wfa_expanded_header
 {
 	unsigned char id[3];
-	uint32_t type;
+	__be32 type;
 	uint8_t opcode;
 	uint8_t flags;
 };
diff --git a/src/exchange.c b/src/exchange.c
index 23c87e9..4f9a82b 100644
--- a/src/exchange.c
+++ b/src/exchange.c
@@ -306,26 +306,27 @@ enum wps_type process_packet(const u_char *packet, struct pcap_pkthdr *header)
 
 	/* Cast the radio tap and 802.11 frame headers and parse out the Frame Control field */
 	rt_header = (struct radio_tap_header *) packet;
-	frame_header = (struct dot11_frame_header *) (packet+rt_header->len);
+	size_t rt_header_len = __le16_to_cpu(rt_header->len);
+	frame_header = (struct dot11_frame_header *) (packet+rt_header_len);
 
 	/* Does the BSSID/source address match our target BSSID? */
 	if(memcmp(frame_header->addr3, get_bssid(), MAC_ADDR_LEN) == 0)
 	{
 		/* Is this a data packet sent to our MAC address? */
-		if(frame_header->fc.type == DATA_FRAME && 
-			frame_header->fc.sub_type == SUBTYPE_DATA && 
-			(memcmp(frame_header->addr1, get_mac(), MAC_ADDR_LEN) == 0)) 
+		if (((frame_header->fc & __cpu_to_le16(IEEE80211_FCTL_FTYPE | IEEE80211_FCTL_STYPE)) ==
+		     __cpu_to_le16(IEEE80211_FTYPE_DATA | IEEE80211_STYPE_DATA)) &&
+		    (memcmp(frame_header->addr1, get_mac(), MAC_ADDR_LEN) == 0)) 
 		{
 			llc = (struct llc_header *) (packet +
-							rt_header->len +
+							rt_header_len +
 							sizeof(struct dot11_frame_header)
 			);
 
 			/* All packets in our exchanges will be 802.1x */
-			if(llc->type == DOT1X_AUTHENTICATION)
+			if(llc->type == __cpu_to_be16(DOT1X_AUTHENTICATION))
 			{
 				dot1x = (struct dot1X_header *) (packet +
-								rt_header->len +
+								rt_header_len +
 								sizeof(struct dot11_frame_header) +
 								sizeof(struct llc_header)
 				);
@@ -334,7 +335,7 @@ enum wps_type process_packet(const u_char *packet, struct pcap_pkthdr *header)
 				if(dot1x->type == DOT1X_EAP_PACKET && (header->len >= EAP_PACKET_SIZE))
 				{
 					eap = (struct eap_header *) (packet +
-									rt_header->len +
+									rt_header_len +
 									sizeof(struct dot11_frame_header) +
 									sizeof(struct llc_header) +
 									sizeof(struct dot1X_header)
@@ -366,7 +367,7 @@ enum wps_type process_packet(const u_char *packet, struct pcap_pkthdr *header)
 						else if((eap->type == EAP_EXPANDED) && (header->len > WFA_PACKET_SIZE))
 						{
 							wfa = (struct wfa_expanded_header *) (packet +
-											rt_header->len +
+											rt_header_len +
 											sizeof(struct dot11_frame_header) +
 											sizeof(struct llc_header) +
 											sizeof(struct dot1X_header) +
@@ -374,14 +375,14 @@ enum wps_type process_packet(const u_char *packet, struct pcap_pkthdr *header)
 							);
 						
 							/* Verify that this is a WPS message */
-							if(wfa->type == SIMPLE_CONFIG)
+							if(wfa->type == __cpu_to_be32(SIMPLE_CONFIG))
 							{
 								wps_msg_len = 	(size_t) ntohs(eap->len) - 
 										sizeof(struct eap_header) - 
 										sizeof(struct wfa_expanded_header);
 
 								wps_msg = (const void *) (packet +
-											rt_header->len +
+											rt_header_len +
                                                                        	                sizeof(struct dot11_frame_header) +
                                                                                	        sizeof(struct llc_header) +
                                                                                        	sizeof(struct dot1X_header) +
diff --git a/src/wpsmon.c b/src/wpsmon.c
index d976924..22a394f 100644
--- a/src/wpsmon.c
+++ b/src/wpsmon.c
@@ -295,7 +295,8 @@ void parse_wps_settings(const u_char *packet, struct pcap_pkthdr *header, char *
         }
 
 	rt_header = (struct radio_tap_header *) radio_header(packet, header->len);
-	frame_header = (struct dot11_frame_header *) (packet + rt_header->len);
+	size_t rt_header_len = __le16_to_cpu(rt_header->len);
+	frame_header = (struct dot11_frame_header *) (packet + rt_header_len);
 
 	/* If a specific BSSID was specified, only parse packets from that BSSID */
 	if(!is_target(frame_header))
@@ -323,15 +324,17 @@ void parse_wps_settings(const u_char *packet, struct pcap_pkthdr *header, char *
 				channel_changed = 1;
 			}
 
-			if(frame_header->fc.sub_type == PROBE_RESPONSE ||
-                                   frame_header->fc.sub_type == SUBTYPE_BEACON)
+			unsigned fsub_type = frame_header->fc & __cpu_to_le16(IEEE80211_FCTL_STYPE);
+
+			if(fsub_type == __cpu_to_le16(IEEE80211_STYPE_PROBE_RESP) ||
+			   fsub_type == __cpu_to_le16(IEEE80211_STYPE_BEACON))
 			{
 				wps_parsed = parse_wps_parameters(packet, header->len, wps);
 			}
 	
 			if(!is_done(bssid) && (get_channel() == channel || source == PCAP_FILE))
 			{
-				if(frame_header->fc.sub_type == SUBTYPE_BEACON && 
+				if(fsub_type == __cpu_to_le16(IEEE80211_STYPE_BEACON) && 
 				   mode == SCAN && 
 				   !passive && 
 				   should_probe(bssid))
@@ -369,7 +372,7 @@ void parse_wps_settings(const u_char *packet, struct pcap_pkthdr *header, char *
 				 * If there was no WPS information, then the AP does not support WPS and we should ignore it from here on.
 				 * If this was a probe response, then we've gotten all WPS info we can get from this AP and should ignore it from here on.
 				 */
-				if(!wps_parsed || frame_header->fc.sub_type == PROBE_RESPONSE)
+				if(!wps_parsed || fsub_type == __cpu_to_le16(IEEE80211_STYPE_PROBE_RESP))
 				{
 					mark_ap_complete(bssid);
 				}
-- 
1.7.7