3 * Fortress Technologies, Inc. All rights reserved.
4 * Charlie Lenahan (clenahan@fortresstech.com)
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that: (1) source code distributions
8 * retain the above copyright notice and this paragraph in its entirety, (2)
9 * distributions including binary code include the above copyright notice and
10 * this paragraph in its entirety in the documentation or other materials
11 * provided with the distribution, and (3) all advertising materials mentioning
12 * features or use of this software display the following acknowledgement:
13 * ``This product includes software developed by the University of California,
14 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
15 * the University nor the names of its contributors may be used to endorse
16 * or promote products derived from this software without specific prior
18 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
19 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
20 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
23 /* \summary: IEEE 802.11 printer */
29 #include <netdissect-stdinc.h>
33 #include "netdissect.h"
34 #include "addrtoname.h"
41 /* Lengths of 802.11 header components. */
42 #define IEEE802_11_FC_LEN 2
43 #define IEEE802_11_DUR_LEN 2
44 #define IEEE802_11_DA_LEN 6
45 #define IEEE802_11_SA_LEN 6
46 #define IEEE802_11_BSSID_LEN 6
47 #define IEEE802_11_RA_LEN 6
48 #define IEEE802_11_TA_LEN 6
49 #define IEEE802_11_ADDR1_LEN 6
50 #define IEEE802_11_SEQ_LEN 2
51 #define IEEE802_11_CTL_LEN 2
52 #define IEEE802_11_CARRIED_FC_LEN 2
53 #define IEEE802_11_HT_CONTROL_LEN 4
54 #define IEEE802_11_IV_LEN 3
55 #define IEEE802_11_KID_LEN 1
57 /* Frame check sequence length. */
58 #define IEEE802_11_FCS_LEN 4
60 /* Lengths of beacon components. */
61 #define IEEE802_11_TSTAMP_LEN 8
62 #define IEEE802_11_BCNINT_LEN 2
63 #define IEEE802_11_CAPINFO_LEN 2
64 #define IEEE802_11_LISTENINT_LEN 2
66 #define IEEE802_11_AID_LEN 2
67 #define IEEE802_11_STATUS_LEN 2
68 #define IEEE802_11_REASON_LEN 2
70 /* Length of previous AP in reassocation frame */
71 #define IEEE802_11_AP_LEN 6
73 #define T_MGMT 0x0 /* management */
74 #define T_CTRL 0x1 /* control */
75 #define T_DATA 0x2 /* data */
76 #define T_RESV 0x3 /* reserved */
78 #define ST_ASSOC_REQUEST 0x0
79 #define ST_ASSOC_RESPONSE 0x1
80 #define ST_REASSOC_REQUEST 0x2
81 #define ST_REASSOC_RESPONSE 0x3
82 #define ST_PROBE_REQUEST 0x4
83 #define ST_PROBE_RESPONSE 0x5
88 #define ST_DISASSOC 0xA
95 static const struct tok st_str[] = {
96 { ST_ASSOC_REQUEST, "Assoc Request" },
97 { ST_ASSOC_RESPONSE, "Assoc Response" },
98 { ST_REASSOC_REQUEST, "ReAssoc Request" },
99 { ST_REASSOC_RESPONSE, "ReAssoc Response" },
100 { ST_PROBE_REQUEST, "Probe Request" },
101 { ST_PROBE_RESPONSE, "Probe Response" },
102 { ST_BEACON, "Beacon" },
104 { ST_DISASSOC, "Disassociation" },
105 { ST_AUTH, "Authentication" },
106 { ST_DEAUTH, "DeAuthentication" },
107 { ST_ACTION, "Action" },
111 #define CTRL_CONTROL_WRAPPER 0x7
114 #define CTRL_PS_POLL 0xA
118 #define CTRL_CF_END 0xE
119 #define CTRL_END_ACK 0xF
121 static const struct tok ctrl_str[] = {
122 { CTRL_CONTROL_WRAPPER, "Control Wrapper" },
125 { CTRL_PS_POLL, "Power Save-Poll" },
126 { CTRL_RTS, "Request-To-Send" },
127 { CTRL_CTS, "Clear-To-Send" },
128 { CTRL_ACK, "Acknowledgment" },
129 { CTRL_CF_END, "CF-End" },
130 { CTRL_END_ACK, "CF-End+CF-Ack" },
134 #define DATA_DATA 0x0
135 #define DATA_DATA_CF_ACK 0x1
136 #define DATA_DATA_CF_POLL 0x2
137 #define DATA_DATA_CF_ACK_POLL 0x3
138 #define DATA_NODATA 0x4
139 #define DATA_NODATA_CF_ACK 0x5
140 #define DATA_NODATA_CF_POLL 0x6
141 #define DATA_NODATA_CF_ACK_POLL 0x7
143 #define DATA_QOS_DATA 0x8
144 #define DATA_QOS_DATA_CF_ACK 0x9
145 #define DATA_QOS_DATA_CF_POLL 0xA
146 #define DATA_QOS_DATA_CF_ACK_POLL 0xB
147 #define DATA_QOS_NODATA 0xC
148 #define DATA_QOS_CF_POLL_NODATA 0xE
149 #define DATA_QOS_CF_ACK_POLL_NODATA 0xF
152 * The subtype field of a data frame is, in effect, composed of 4 flag
153 * bits - CF-Ack, CF-Poll, Null (means the frame doesn't actually have
154 * any data), and QoS.
156 #define DATA_FRAME_IS_CF_ACK(x) ((x) & 0x01)
157 #define DATA_FRAME_IS_CF_POLL(x) ((x) & 0x02)
158 #define DATA_FRAME_IS_NULL(x) ((x) & 0x04)
159 #define DATA_FRAME_IS_QOS(x) ((x) & 0x08)
162 * Bits in the frame control field.
164 #define FC_VERSION(fc) ((fc) & 0x3)
165 #define FC_TYPE(fc) (((fc) >> 2) & 0x3)
166 #define FC_SUBTYPE(fc) (((fc) >> 4) & 0xF)
167 #define FC_TO_DS(fc) ((fc) & 0x0100)
168 #define FC_FROM_DS(fc) ((fc) & 0x0200)
169 #define FC_MORE_FLAG(fc) ((fc) & 0x0400)
170 #define FC_RETRY(fc) ((fc) & 0x0800)
171 #define FC_POWER_MGMT(fc) ((fc) & 0x1000)
172 #define FC_MORE_DATA(fc) ((fc) & 0x2000)
173 #define FC_PROTECTED(fc) ((fc) & 0x4000)
174 #define FC_ORDER(fc) ((fc) & 0x8000)
176 struct mgmt_header_t {
179 uint8_t da[IEEE802_11_DA_LEN];
180 uint8_t sa[IEEE802_11_SA_LEN];
181 uint8_t bssid[IEEE802_11_BSSID_LEN];
185 #define MGMT_HDRLEN (IEEE802_11_FC_LEN+IEEE802_11_DUR_LEN+\
186 IEEE802_11_DA_LEN+IEEE802_11_SA_LEN+\
187 IEEE802_11_BSSID_LEN+IEEE802_11_SEQ_LEN)
189 #define CAPABILITY_ESS(cap) ((cap) & 0x0001)
190 #define CAPABILITY_IBSS(cap) ((cap) & 0x0002)
191 #define CAPABILITY_CFP(cap) ((cap) & 0x0004)
192 #define CAPABILITY_CFP_REQ(cap) ((cap) & 0x0008)
193 #define CAPABILITY_PRIVACY(cap) ((cap) & 0x0010)
198 u_char ssid[33]; /* 32 + 1 for null */
210 uint8_t text[254]; /* 1-253 + 1 for null */
233 uint16_t max_duration;
234 uint16_t dur_remaing;
242 uint8_t bitmap_control;
264 #define E_CHALLENGE 16
273 uint8_t timestamp[IEEE802_11_TSTAMP_LEN];
274 uint16_t beacon_interval;
275 uint16_t listen_interval;
276 uint16_t status_code;
278 u_char ap[IEEE802_11_AP_LEN];
279 uint16_t reason_code;
281 uint16_t auth_trans_seq_num;
282 int challenge_present;
283 struct challenge_t challenge;
284 uint16_t capability_info;
288 struct rates_t rates;
299 struct ctrl_control_wrapper_hdr_t {
302 uint8_t addr1[IEEE802_11_ADDR1_LEN];
303 uint16_t carried_fc[IEEE802_11_CARRIED_FC_LEN];
304 uint16_t ht_control[IEEE802_11_HT_CONTROL_LEN];
307 #define CTRL_CONTROL_WRAPPER_HDRLEN (IEEE802_11_FC_LEN+IEEE802_11_DUR_LEN+\
308 IEEE802_11_ADDR1_LEN+\
309 IEEE802_11_CARRIED_FC_LEN+\
310 IEEE802_11_HT_CONTROL_LEN)
312 struct ctrl_rts_hdr_t {
315 uint8_t ra[IEEE802_11_RA_LEN];
316 uint8_t ta[IEEE802_11_TA_LEN];
319 #define CTRL_RTS_HDRLEN (IEEE802_11_FC_LEN+IEEE802_11_DUR_LEN+\
320 IEEE802_11_RA_LEN+IEEE802_11_TA_LEN)
322 struct ctrl_cts_hdr_t {
325 uint8_t ra[IEEE802_11_RA_LEN];
328 #define CTRL_CTS_HDRLEN (IEEE802_11_FC_LEN+IEEE802_11_DUR_LEN+IEEE802_11_RA_LEN)
330 struct ctrl_ack_hdr_t {
333 uint8_t ra[IEEE802_11_RA_LEN];
336 #define CTRL_ACK_HDRLEN (IEEE802_11_FC_LEN+IEEE802_11_DUR_LEN+IEEE802_11_RA_LEN)
338 struct ctrl_ps_poll_hdr_t {
341 uint8_t bssid[IEEE802_11_BSSID_LEN];
342 uint8_t ta[IEEE802_11_TA_LEN];
345 #define CTRL_PS_POLL_HDRLEN (IEEE802_11_FC_LEN+IEEE802_11_AID_LEN+\
346 IEEE802_11_BSSID_LEN+IEEE802_11_TA_LEN)
348 struct ctrl_end_hdr_t {
351 uint8_t ra[IEEE802_11_RA_LEN];
352 uint8_t bssid[IEEE802_11_BSSID_LEN];
355 #define CTRL_END_HDRLEN (IEEE802_11_FC_LEN+IEEE802_11_DUR_LEN+\
356 IEEE802_11_RA_LEN+IEEE802_11_BSSID_LEN)
358 struct ctrl_end_ack_hdr_t {
361 uint8_t ra[IEEE802_11_RA_LEN];
362 uint8_t bssid[IEEE802_11_BSSID_LEN];
365 #define CTRL_END_ACK_HDRLEN (IEEE802_11_FC_LEN+IEEE802_11_DUR_LEN+\
366 IEEE802_11_RA_LEN+IEEE802_11_BSSID_LEN)
368 struct ctrl_ba_hdr_t {
371 uint8_t ra[IEEE802_11_RA_LEN];
374 #define CTRL_BA_HDRLEN (IEEE802_11_FC_LEN+IEEE802_11_DUR_LEN+IEEE802_11_RA_LEN)
376 struct ctrl_bar_hdr_t {
379 uint8_t ra[IEEE802_11_RA_LEN];
380 uint8_t ta[IEEE802_11_TA_LEN];
385 #define CTRL_BAR_HDRLEN (IEEE802_11_FC_LEN+IEEE802_11_DUR_LEN+\
386 IEEE802_11_RA_LEN+IEEE802_11_TA_LEN+\
387 IEEE802_11_CTL_LEN+IEEE802_11_SEQ_LEN)
398 #define IV_IV(iv) ((iv) & 0xFFFFFF)
399 #define IV_PAD(iv) (((iv) >> 24) & 0x3F)
400 #define IV_KEYID(iv) (((iv) >> 30) & 0x03)
402 #define PRINT_SSID(p) \
403 if (p.ssid_present) { \
404 ND_PRINT((ndo, " (")); \
405 fn_print(ndo, p.ssid.ssid, NULL); \
406 ND_PRINT((ndo, ")")); \
409 #define PRINT_RATE(_sep, _r, _suf) \
410 ND_PRINT((ndo, "%s%2.1f%s", _sep, (.5 * ((_r) & 0x7f)), _suf))
411 #define PRINT_RATES(p) \
412 if (p.rates_present) { \
414 const char *sep = " ["; \
415 for (z = 0; z < p.rates.length ; z++) { \
416 PRINT_RATE(sep, p.rates.rate[z], \
417 (p.rates.rate[z] & 0x80 ? "*" : "")); \
420 if (p.rates.length != 0) \
421 ND_PRINT((ndo, " Mbit]")); \
424 #define PRINT_DS_CHANNEL(p) \
426 ND_PRINT((ndo, " CH: %u", p.ds.channel)); \
427 ND_PRINT((ndo, "%s", \
428 CAPABILITY_PRIVACY(p.capability_info) ? ", PRIVACY" : ""));
430 #define MAX_MCS_INDEX 76
435 * the MCS index (0-76);
437 * 0 for 20 MHz, 1 for 40 MHz;
439 * 0 for a long guard interval, 1 for a short guard interval.
441 static const float ieee80211_float_htrates[MAX_MCS_INDEX+1][2][2] = {
443 { /* 20 Mhz */ { 6.5, /* SGI */ 7.2, },
444 /* 40 Mhz */ { 13.5, /* SGI */ 15.0, },
448 { /* 20 Mhz */ { 13.0, /* SGI */ 14.4, },
449 /* 40 Mhz */ { 27.0, /* SGI */ 30.0, },
453 { /* 20 Mhz */ { 19.5, /* SGI */ 21.7, },
454 /* 40 Mhz */ { 40.5, /* SGI */ 45.0, },
458 { /* 20 Mhz */ { 26.0, /* SGI */ 28.9, },
459 /* 40 Mhz */ { 54.0, /* SGI */ 60.0, },
463 { /* 20 Mhz */ { 39.0, /* SGI */ 43.3, },
464 /* 40 Mhz */ { 81.0, /* SGI */ 90.0, },
468 { /* 20 Mhz */ { 52.0, /* SGI */ 57.8, },
469 /* 40 Mhz */ { 108.0, /* SGI */ 120.0, },
473 { /* 20 Mhz */ { 58.5, /* SGI */ 65.0, },
474 /* 40 Mhz */ { 121.5, /* SGI */ 135.0, },
478 { /* 20 Mhz */ { 65.0, /* SGI */ 72.2, },
479 /* 40 Mhz */ { 135.0, /* SGI */ 150.0, },
483 { /* 20 Mhz */ { 13.0, /* SGI */ 14.4, },
484 /* 40 Mhz */ { 27.0, /* SGI */ 30.0, },
488 { /* 20 Mhz */ { 26.0, /* SGI */ 28.9, },
489 /* 40 Mhz */ { 54.0, /* SGI */ 60.0, },
493 { /* 20 Mhz */ { 39.0, /* SGI */ 43.3, },
494 /* 40 Mhz */ { 81.0, /* SGI */ 90.0, },
498 { /* 20 Mhz */ { 52.0, /* SGI */ 57.8, },
499 /* 40 Mhz */ { 108.0, /* SGI */ 120.0, },
503 { /* 20 Mhz */ { 78.0, /* SGI */ 86.7, },
504 /* 40 Mhz */ { 162.0, /* SGI */ 180.0, },
508 { /* 20 Mhz */ { 104.0, /* SGI */ 115.6, },
509 /* 40 Mhz */ { 216.0, /* SGI */ 240.0, },
513 { /* 20 Mhz */ { 117.0, /* SGI */ 130.0, },
514 /* 40 Mhz */ { 243.0, /* SGI */ 270.0, },
518 { /* 20 Mhz */ { 130.0, /* SGI */ 144.4, },
519 /* 40 Mhz */ { 270.0, /* SGI */ 300.0, },
523 { /* 20 Mhz */ { 19.5, /* SGI */ 21.7, },
524 /* 40 Mhz */ { 40.5, /* SGI */ 45.0, },
528 { /* 20 Mhz */ { 39.0, /* SGI */ 43.3, },
529 /* 40 Mhz */ { 81.0, /* SGI */ 90.0, },
533 { /* 20 Mhz */ { 58.5, /* SGI */ 65.0, },
534 /* 40 Mhz */ { 121.5, /* SGI */ 135.0, },
538 { /* 20 Mhz */ { 78.0, /* SGI */ 86.7, },
539 /* 40 Mhz */ { 162.0, /* SGI */ 180.0, },
543 { /* 20 Mhz */ { 117.0, /* SGI */ 130.0, },
544 /* 40 Mhz */ { 243.0, /* SGI */ 270.0, },
548 { /* 20 Mhz */ { 156.0, /* SGI */ 173.3, },
549 /* 40 Mhz */ { 324.0, /* SGI */ 360.0, },
553 { /* 20 Mhz */ { 175.5, /* SGI */ 195.0, },
554 /* 40 Mhz */ { 364.5, /* SGI */ 405.0, },
558 { /* 20 Mhz */ { 195.0, /* SGI */ 216.7, },
559 /* 40 Mhz */ { 405.0, /* SGI */ 450.0, },
563 { /* 20 Mhz */ { 26.0, /* SGI */ 28.9, },
564 /* 40 Mhz */ { 54.0, /* SGI */ 60.0, },
568 { /* 20 Mhz */ { 52.0, /* SGI */ 57.8, },
569 /* 40 Mhz */ { 108.0, /* SGI */ 120.0, },
573 { /* 20 Mhz */ { 78.0, /* SGI */ 86.7, },
574 /* 40 Mhz */ { 162.0, /* SGI */ 180.0, },
578 { /* 20 Mhz */ { 104.0, /* SGI */ 115.6, },
579 /* 40 Mhz */ { 216.0, /* SGI */ 240.0, },
583 { /* 20 Mhz */ { 156.0, /* SGI */ 173.3, },
584 /* 40 Mhz */ { 324.0, /* SGI */ 360.0, },
588 { /* 20 Mhz */ { 208.0, /* SGI */ 231.1, },
589 /* 40 Mhz */ { 432.0, /* SGI */ 480.0, },
593 { /* 20 Mhz */ { 234.0, /* SGI */ 260.0, },
594 /* 40 Mhz */ { 486.0, /* SGI */ 540.0, },
598 { /* 20 Mhz */ { 260.0, /* SGI */ 288.9, },
599 /* 40 Mhz */ { 540.0, /* SGI */ 600.0, },
603 { /* 20 Mhz */ { 0.0, /* SGI */ 0.0, }, /* not valid */
604 /* 40 Mhz */ { 6.0, /* SGI */ 6.7, },
608 { /* 20 Mhz */ { 39.0, /* SGI */ 43.3, },
609 /* 40 Mhz */ { 81.0, /* SGI */ 90.0, },
613 { /* 20 Mhz */ { 52.0, /* SGI */ 57.8, },
614 /* 40 Mhz */ { 108.0, /* SGI */ 120.0, },
618 { /* 20 Mhz */ { 65.0, /* SGI */ 72.2, },
619 /* 40 Mhz */ { 135.0, /* SGI */ 150.0, },
623 { /* 20 Mhz */ { 58.5, /* SGI */ 65.0, },
624 /* 40 Mhz */ { 121.5, /* SGI */ 135.0, },
628 { /* 20 Mhz */ { 78.0, /* SGI */ 86.7, },
629 /* 40 Mhz */ { 162.0, /* SGI */ 180.0, },
633 { /* 20 Mhz */ { 97.5, /* SGI */ 108.3, },
634 /* 40 Mhz */ { 202.5, /* SGI */ 225.0, },
638 { /* 20 Mhz */ { 52.0, /* SGI */ 57.8, },
639 /* 40 Mhz */ { 108.0, /* SGI */ 120.0, },
643 { /* 20 Mhz */ { 65.0, /* SGI */ 72.2, },
644 /* 40 Mhz */ { 135.0, /* SGI */ 150.0, },
648 { /* 20 Mhz */ { 65.0, /* SGI */ 72.2, },
649 /* 40 Mhz */ { 135.0, /* SGI */ 150.0, },
653 { /* 20 Mhz */ { 78.0, /* SGI */ 86.7, },
654 /* 40 Mhz */ { 162.0, /* SGI */ 180.0, },
658 { /* 20 Mhz */ { 91.0, /* SGI */ 101.1, },
659 /* 40 Mhz */ { 189.0, /* SGI */ 210.0, },
663 { /* 20 Mhz */ { 91.0, /* SGI */ 101.1, },
664 /* 40 Mhz */ { 189.0, /* SGI */ 210.0, },
668 { /* 20 Mhz */ { 104.0, /* SGI */ 115.6, },
669 /* 40 Mhz */ { 216.0, /* SGI */ 240.0, },
673 { /* 20 Mhz */ { 78.0, /* SGI */ 86.7, },
674 /* 40 Mhz */ { 162.0, /* SGI */ 180.0, },
678 { /* 20 Mhz */ { 97.5, /* SGI */ 108.3, },
679 /* 40 Mhz */ { 202.5, /* SGI */ 225.0, },
683 { /* 20 Mhz */ { 97.5, /* SGI */ 108.3, },
684 /* 40 Mhz */ { 202.5, /* SGI */ 225.0, },
688 { /* 20 Mhz */ { 117.0, /* SGI */ 130.0, },
689 /* 40 Mhz */ { 243.0, /* SGI */ 270.0, },
693 { /* 20 Mhz */ { 136.5, /* SGI */ 151.7, },
694 /* 40 Mhz */ { 283.5, /* SGI */ 315.0, },
698 { /* 20 Mhz */ { 136.5, /* SGI */ 151.7, },
699 /* 40 Mhz */ { 283.5, /* SGI */ 315.0, },
703 { /* 20 Mhz */ { 156.0, /* SGI */ 173.3, },
704 /* 40 Mhz */ { 324.0, /* SGI */ 360.0, },
708 { /* 20 Mhz */ { 65.0, /* SGI */ 72.2, },
709 /* 40 Mhz */ { 135.0, /* SGI */ 150.0, },
713 { /* 20 Mhz */ { 78.0, /* SGI */ 86.7, },
714 /* 40 Mhz */ { 162.0, /* SGI */ 180.0, },
718 { /* 20 Mhz */ { 91.0, /* SGI */ 101.1, },
719 /* 40 Mhz */ { 189.0, /* SGI */ 210.0, },
723 { /* 20 Mhz */ { 78.0, /* SGI */ 86.7, },
724 /* 40 Mhz */ { 162.0, /* SGI */ 180.0, },
728 { /* 20 Mhz */ { 91.0, /* SGI */ 101.1, },
729 /* 40 Mhz */ { 189.0, /* SGI */ 210.0, },
733 { /* 20 Mhz */ { 104.0, /* SGI */ 115.6, },
734 /* 40 Mhz */ { 216.0, /* SGI */ 240.0, },
738 { /* 20 Mhz */ { 117.0, /* SGI */ 130.0, },
739 /* 40 Mhz */ { 243.0, /* SGI */ 270.0, },
743 { /* 20 Mhz */ { 104.0, /* SGI */ 115.6, },
744 /* 40 Mhz */ { 216.0, /* SGI */ 240.0, },
748 { /* 20 Mhz */ { 117.0, /* SGI */ 130.0, },
749 /* 40 Mhz */ { 243.0, /* SGI */ 270.0, },
753 { /* 20 Mhz */ { 130.0, /* SGI */ 144.4, },
754 /* 40 Mhz */ { 270.0, /* SGI */ 300.0, },
758 { /* 20 Mhz */ { 130.0, /* SGI */ 144.4, },
759 /* 40 Mhz */ { 270.0, /* SGI */ 300.0, },
763 { /* 20 Mhz */ { 143.0, /* SGI */ 158.9, },
764 /* 40 Mhz */ { 297.0, /* SGI */ 330.0, },
768 { /* 20 Mhz */ { 97.5, /* SGI */ 108.3, },
769 /* 40 Mhz */ { 202.5, /* SGI */ 225.0, },
773 { /* 20 Mhz */ { 117.0, /* SGI */ 130.0, },
774 /* 40 Mhz */ { 243.0, /* SGI */ 270.0, },
778 { /* 20 Mhz */ { 136.5, /* SGI */ 151.7, },
779 /* 40 Mhz */ { 283.5, /* SGI */ 315.0, },
783 { /* 20 Mhz */ { 117.0, /* SGI */ 130.0, },
784 /* 40 Mhz */ { 243.0, /* SGI */ 270.0, },
788 { /* 20 Mhz */ { 136.5, /* SGI */ 151.7, },
789 /* 40 Mhz */ { 283.5, /* SGI */ 315.0, },
793 { /* 20 Mhz */ { 156.0, /* SGI */ 173.3, },
794 /* 40 Mhz */ { 324.0, /* SGI */ 360.0, },
798 { /* 20 Mhz */ { 175.5, /* SGI */ 195.0, },
799 /* 40 Mhz */ { 364.5, /* SGI */ 405.0, },
803 { /* 20 Mhz */ { 156.0, /* SGI */ 173.3, },
804 /* 40 Mhz */ { 324.0, /* SGI */ 360.0, },
808 { /* 20 Mhz */ { 175.5, /* SGI */ 195.0, },
809 /* 40 Mhz */ { 364.5, /* SGI */ 405.0, },
813 { /* 20 Mhz */ { 195.0, /* SGI */ 216.7, },
814 /* 40 Mhz */ { 405.0, /* SGI */ 450.0, },
818 { /* 20 Mhz */ { 195.0, /* SGI */ 216.7, },
819 /* 40 Mhz */ { 405.0, /* SGI */ 450.0, },
823 { /* 20 Mhz */ { 214.5, /* SGI */ 238.3, },
824 /* 40 Mhz */ { 445.5, /* SGI */ 495.0, },
828 static const char *auth_alg_text[]={"Open System","Shared Key","EAP"};
829 #define NUM_AUTH_ALGS (sizeof auth_alg_text / sizeof auth_alg_text[0])
831 static const char *status_text[] = {
832 "Successful", /* 0 */
833 "Unspecified failure", /* 1 */
842 "Cannot Support all requested capabilities in the Capability "
843 "Information field", /* 10 */
844 "Reassociation denied due to inability to confirm that association "
846 "Association denied due to reason outside the scope of the "
848 "Responding station does not support the specified authentication "
849 "algorithm ", /* 13 */
850 "Received an Authentication frame with authentication transaction "
851 "sequence number out of expected sequence", /* 14 */
852 "Authentication rejected because of challenge failure", /* 15 */
853 "Authentication rejected due to timeout waiting for next frame in "
855 "Association denied because AP is unable to handle additional"
856 "associated stations", /* 17 */
857 "Association denied due to requesting station not supporting all of "
858 "the data rates in BSSBasicRateSet parameter", /* 18 */
859 "Association denied due to requesting station not supporting "
860 "short preamble operation", /* 19 */
861 "Association denied due to requesting station not supporting "
862 "PBCC encoding", /* 20 */
863 "Association denied due to requesting station not supporting "
864 "channel agility", /* 21 */
865 "Association request rejected because Spectrum Management "
866 "capability is required", /* 22 */
867 "Association request rejected because the information in the "
868 "Power Capability element is unacceptable", /* 23 */
869 "Association request rejected because the information in the "
870 "Supported Channels element is unacceptable", /* 24 */
871 "Association denied due to requesting station not supporting "
872 "short slot operation", /* 25 */
873 "Association denied due to requesting station not supporting "
874 "DSSS-OFDM operation", /* 26 */
875 "Association denied because the requested STA does not support HT "
878 "Association denied because the requested STA does not support "
879 "the PCO transition time required by the AP", /* 29 */
882 "Unspecified, QoS-related failure", /* 32 */
883 "Association denied due to QAP having insufficient bandwidth "
884 "to handle another QSTA", /* 33 */
885 "Association denied due to excessive frame loss rates and/or "
886 "poor conditions on current operating channel", /* 34 */
887 "Association (with QBSS) denied due to requesting station not "
888 "supporting the QoS facility", /* 35 */
889 "Association denied due to requesting station not supporting "
890 "Block Ack", /* 36 */
891 "The request has been declined", /* 37 */
892 "The request has not been successful as one or more parameters "
893 "have invalid values", /* 38 */
894 "The TS has not been created because the request cannot be honored. "
895 "Try again with the suggested changes to the TSPEC", /* 39 */
896 "Invalid Information Element", /* 40 */
897 "Group Cipher is not valid", /* 41 */
898 "Pairwise Cipher is not valid", /* 42 */
899 "AKMP is not valid", /* 43 */
900 "Unsupported RSN IE version", /* 44 */
901 "Invalid RSN IE Capabilities", /* 45 */
902 "Cipher suite is rejected per security policy", /* 46 */
903 "The TS has not been created. However, the HC may be capable of "
904 "creating a TS, in response to a request, after the time indicated "
905 "in the TS Delay element", /* 47 */
906 "Direct Link is not allowed in the BSS by policy", /* 48 */
907 "Destination STA is not present within this QBSS.", /* 49 */
908 "The Destination STA is not a QSTA.", /* 50 */
911 #define NUM_STATUSES (sizeof status_text / sizeof status_text[0])
913 static const char *reason_text[] = {
915 "Unspecified reason", /* 1 */
916 "Previous authentication no longer valid", /* 2 */
917 "Deauthenticated because sending station is leaving (or has left) "
918 "IBSS or ESS", /* 3 */
919 "Disassociated due to inactivity", /* 4 */
920 "Disassociated because AP is unable to handle all currently "
921 " associated stations", /* 5 */
922 "Class 2 frame received from nonauthenticated station", /* 6 */
923 "Class 3 frame received from nonassociated station", /* 7 */
924 "Disassociated because sending station is leaving "
925 "(or has left) BSS", /* 8 */
926 "Station requesting (re)association is not authenticated with "
927 "responding station", /* 9 */
928 "Disassociated because the information in the Power Capability "
929 "element is unacceptable", /* 10 */
930 "Disassociated because the information in the SupportedChannels "
931 "element is unacceptable", /* 11 */
932 "Invalid Information Element", /* 12 */
934 "Michael MIC failure", /* 14 */
935 "4-Way Handshake timeout", /* 15 */
936 "Group key update timeout", /* 16 */
937 "Information element in 4-Way Handshake different from (Re)Association"
938 "Request/Probe Response/Beacon", /* 17 */
939 "Group Cipher is not valid", /* 18 */
940 "AKMP is not valid", /* 20 */
941 "Unsupported RSN IE version", /* 21 */
942 "Invalid RSN IE Capabilities", /* 22 */
943 "IEEE 802.1X Authentication failed", /* 23 */
944 "Cipher suite is rejected per security policy", /* 24 */
951 "TS deleted because QoS AP lacks sufficient bandwidth for this "
952 "QoS STA due to a change in BSS service characteristics or "
953 "operational mode (e.g. an HT BSS change from 40 MHz channel "
954 "to 20 MHz channel)", /* 31 */
955 "Disassociated for unspecified, QoS-related reason", /* 32 */
956 "Disassociated because QoS AP lacks sufficient bandwidth for this "
958 "Disassociated because of excessive number of frames that need to be "
959 "acknowledged, but are not acknowledged for AP transmissions "
960 "and/or poor channel conditions", /* 34 */
961 "Disassociated because STA is transmitting outside the limits "
962 "of its TXOPs", /* 35 */
963 "Requested from peer STA as the STA is leaving the BSS "
964 "(or resetting)", /* 36 */
965 "Requested from peer STA as it does not want to use the "
966 "mechanism", /* 37 */
967 "Requested from peer STA as the STA received frames using the "
968 "mechanism for which a set up is required", /* 38 */
969 "Requested from peer STA due to time out", /* 39 */
975 "Peer STA does not support the requested cipher suite", /* 45 */
976 "Association denied due to requesting STA not supporting HT "
979 #define NUM_REASONS (sizeof reason_text / sizeof reason_text[0])
982 wep_print(netdissect_options *ndo,
987 if (!ND_TTEST2(*p, IEEE802_11_IV_LEN + IEEE802_11_KID_LEN))
989 iv = EXTRACT_LE_32BITS(p);
991 ND_PRINT((ndo, " IV:%3x Pad %x KeyID %x", IV_IV(iv), IV_PAD(iv),
998 parse_elements(netdissect_options *ndo,
999 struct mgmt_body_t *pbody, const u_char *p, int offset,
1004 struct challenge_t challenge;
1005 struct rates_t rates;
1011 * We haven't seen any elements yet.
1013 pbody->challenge_present = 0;
1014 pbody->ssid_present = 0;
1015 pbody->rates_present = 0;
1016 pbody->ds_present = 0;
1017 pbody->cf_present = 0;
1018 pbody->tim_present = 0;
1020 while (length != 0) {
1021 /* Make sure we at least have the element ID and length. */
1022 if (!ND_TTEST2(*(p + offset), 2))
1026 elementlen = *(p + offset + 1);
1028 /* Make sure we have the entire element. */
1029 if (!ND_TTEST2(*(p + offset + 2), elementlen))
1031 if (length < elementlen + 2)
1034 switch (*(p + offset)) {
1036 memcpy(&ssid, p + offset, 2);
1039 if (ssid.length != 0) {
1040 if (ssid.length > sizeof(ssid.ssid) - 1)
1042 if (!ND_TTEST2(*(p + offset), ssid.length))
1044 if (length < ssid.length)
1046 memcpy(&ssid.ssid, p + offset, ssid.length);
1047 offset += ssid.length;
1048 length -= ssid.length;
1050 ssid.ssid[ssid.length] = '\0';
1052 * Present and not truncated.
1054 * If we haven't already seen an SSID IE,
1055 * copy this one, otherwise ignore this one,
1056 * so we later report the first one we saw.
1058 if (!pbody->ssid_present) {
1060 pbody->ssid_present = 1;
1064 memcpy(&challenge, p + offset, 2);
1067 if (challenge.length != 0) {
1068 if (challenge.length >
1069 sizeof(challenge.text) - 1)
1071 if (!ND_TTEST2(*(p + offset), challenge.length))
1073 if (length < challenge.length)
1075 memcpy(&challenge.text, p + offset,
1077 offset += challenge.length;
1078 length -= challenge.length;
1080 challenge.text[challenge.length] = '\0';
1082 * Present and not truncated.
1084 * If we haven't already seen a challenge IE,
1085 * copy this one, otherwise ignore this one,
1086 * so we later report the first one we saw.
1088 if (!pbody->challenge_present) {
1089 pbody->challenge = challenge;
1090 pbody->challenge_present = 1;
1094 memcpy(&rates, p + offset, 2);
1097 if (rates.length != 0) {
1098 if (rates.length > sizeof rates.rate)
1100 if (!ND_TTEST2(*(p + offset), rates.length))
1102 if (length < rates.length)
1104 memcpy(&rates.rate, p + offset, rates.length);
1105 offset += rates.length;
1106 length -= rates.length;
1109 * Present and not truncated.
1111 * If we haven't already seen a rates IE,
1112 * copy this one if it's not zero-length,
1113 * otherwise ignore this one, so we later
1114 * report the first one we saw.
1116 * We ignore zero-length rates IEs as some
1117 * devices seem to put a zero-length rates
1118 * IE, followed by an SSID IE, followed by
1119 * a non-zero-length rates IE into frames,
1120 * even though IEEE Std 802.11-2007 doesn't
1121 * seem to indicate that a zero-length rates
1124 if (!pbody->rates_present && rates.length != 0) {
1125 pbody->rates = rates;
1126 pbody->rates_present = 1;
1130 memcpy(&ds, p + offset, 2);
1133 if (ds.length != 1) {
1134 offset += ds.length;
1135 length -= ds.length;
1138 ds.channel = *(p + offset);
1142 * Present and not truncated.
1144 * If we haven't already seen a DS IE,
1145 * copy this one, otherwise ignore this one,
1146 * so we later report the first one we saw.
1148 if (!pbody->ds_present) {
1150 pbody->ds_present = 1;
1154 memcpy(&cf, p + offset, 2);
1157 if (cf.length != 6) {
1158 offset += cf.length;
1159 length -= cf.length;
1162 memcpy(&cf.count, p + offset, 6);
1166 * Present and not truncated.
1168 * If we haven't already seen a CF IE,
1169 * copy this one, otherwise ignore this one,
1170 * so we later report the first one we saw.
1172 if (!pbody->cf_present) {
1174 pbody->cf_present = 1;
1178 memcpy(&tim, p + offset, 2);
1181 if (tim.length <= 3) {
1182 offset += tim.length;
1183 length -= tim.length;
1186 if (tim.length - 3 > (int)sizeof tim.bitmap)
1188 memcpy(&tim.count, p + offset, 3);
1192 memcpy(tim.bitmap, p + (tim.length - 3),
1194 offset += tim.length - 3;
1195 length -= tim.length - 3;
1197 * Present and not truncated.
1199 * If we haven't already seen a TIM IE,
1200 * copy this one, otherwise ignore this one,
1201 * so we later report the first one we saw.
1203 if (!pbody->tim_present) {
1205 pbody->tim_present = 1;
1210 ND_PRINT((ndo, "(1) unhandled element_id (%d) ",
1213 offset += 2 + elementlen;
1214 length -= 2 + elementlen;
1219 /* No problems found. */
1223 /*********************************************************************************
1224 * Print Handle functions for the management frame types
1225 *********************************************************************************/
1228 handle_beacon(netdissect_options *ndo,
1229 const u_char *p, u_int length)
1231 struct mgmt_body_t pbody;
1235 memset(&pbody, 0, sizeof(pbody));
1237 if (!ND_TTEST2(*p, IEEE802_11_TSTAMP_LEN + IEEE802_11_BCNINT_LEN +
1238 IEEE802_11_CAPINFO_LEN))
1240 if (length < IEEE802_11_TSTAMP_LEN + IEEE802_11_BCNINT_LEN +
1241 IEEE802_11_CAPINFO_LEN)
1243 memcpy(&pbody.timestamp, p, IEEE802_11_TSTAMP_LEN);
1244 offset += IEEE802_11_TSTAMP_LEN;
1245 length -= IEEE802_11_TSTAMP_LEN;
1246 pbody.beacon_interval = EXTRACT_LE_16BITS(p+offset);
1247 offset += IEEE802_11_BCNINT_LEN;
1248 length -= IEEE802_11_BCNINT_LEN;
1249 pbody.capability_info = EXTRACT_LE_16BITS(p+offset);
1250 offset += IEEE802_11_CAPINFO_LEN;
1251 length -= IEEE802_11_CAPINFO_LEN;
1253 ret = parse_elements(ndo, &pbody, p, offset, length);
1257 ND_PRINT((ndo, " %s",
1258 CAPABILITY_ESS(pbody.capability_info) ? "ESS" : "IBSS"));
1259 PRINT_DS_CHANNEL(pbody);
1265 handle_assoc_request(netdissect_options *ndo,
1266 const u_char *p, u_int length)
1268 struct mgmt_body_t pbody;
1272 memset(&pbody, 0, sizeof(pbody));
1274 if (!ND_TTEST2(*p, IEEE802_11_CAPINFO_LEN + IEEE802_11_LISTENINT_LEN))
1276 if (length < IEEE802_11_CAPINFO_LEN + IEEE802_11_LISTENINT_LEN)
1278 pbody.capability_info = EXTRACT_LE_16BITS(p);
1279 offset += IEEE802_11_CAPINFO_LEN;
1280 length -= IEEE802_11_CAPINFO_LEN;
1281 pbody.listen_interval = EXTRACT_LE_16BITS(p+offset);
1282 offset += IEEE802_11_LISTENINT_LEN;
1283 length -= IEEE802_11_LISTENINT_LEN;
1285 ret = parse_elements(ndo, &pbody, p, offset, length);
1293 handle_assoc_response(netdissect_options *ndo,
1294 const u_char *p, u_int length)
1296 struct mgmt_body_t pbody;
1300 memset(&pbody, 0, sizeof(pbody));
1302 if (!ND_TTEST2(*p, IEEE802_11_CAPINFO_LEN + IEEE802_11_STATUS_LEN +
1303 IEEE802_11_AID_LEN))
1305 if (length < IEEE802_11_CAPINFO_LEN + IEEE802_11_STATUS_LEN +
1308 pbody.capability_info = EXTRACT_LE_16BITS(p);
1309 offset += IEEE802_11_CAPINFO_LEN;
1310 length -= IEEE802_11_CAPINFO_LEN;
1311 pbody.status_code = EXTRACT_LE_16BITS(p+offset);
1312 offset += IEEE802_11_STATUS_LEN;
1313 length -= IEEE802_11_STATUS_LEN;
1314 pbody.aid = EXTRACT_LE_16BITS(p+offset);
1315 offset += IEEE802_11_AID_LEN;
1316 length -= IEEE802_11_AID_LEN;
1318 ret = parse_elements(ndo, &pbody, p, offset, length);
1320 ND_PRINT((ndo, " AID(%x) :%s: %s", ((uint16_t)(pbody.aid << 2 )) >> 2 ,
1321 CAPABILITY_PRIVACY(pbody.capability_info) ? " PRIVACY " : "",
1322 (pbody.status_code < NUM_STATUSES
1323 ? status_text[pbody.status_code]
1330 handle_reassoc_request(netdissect_options *ndo,
1331 const u_char *p, u_int length)
1333 struct mgmt_body_t pbody;
1337 memset(&pbody, 0, sizeof(pbody));
1339 if (!ND_TTEST2(*p, IEEE802_11_CAPINFO_LEN + IEEE802_11_LISTENINT_LEN +
1342 if (length < IEEE802_11_CAPINFO_LEN + IEEE802_11_LISTENINT_LEN +
1345 pbody.capability_info = EXTRACT_LE_16BITS(p);
1346 offset += IEEE802_11_CAPINFO_LEN;
1347 length -= IEEE802_11_CAPINFO_LEN;
1348 pbody.listen_interval = EXTRACT_LE_16BITS(p+offset);
1349 offset += IEEE802_11_LISTENINT_LEN;
1350 length -= IEEE802_11_LISTENINT_LEN;
1351 memcpy(&pbody.ap, p+offset, IEEE802_11_AP_LEN);
1352 offset += IEEE802_11_AP_LEN;
1353 length -= IEEE802_11_AP_LEN;
1355 ret = parse_elements(ndo, &pbody, p, offset, length);
1358 ND_PRINT((ndo, " AP : %s", etheraddr_string(ndo, pbody.ap )));
1364 handle_reassoc_response(netdissect_options *ndo,
1365 const u_char *p, u_int length)
1367 /* Same as a Association Reponse */
1368 return handle_assoc_response(ndo, p, length);
1372 handle_probe_request(netdissect_options *ndo,
1373 const u_char *p, u_int length)
1375 struct mgmt_body_t pbody;
1379 memset(&pbody, 0, sizeof(pbody));
1381 ret = parse_elements(ndo, &pbody, p, offset, length);
1390 handle_probe_response(netdissect_options *ndo,
1391 const u_char *p, u_int length)
1393 struct mgmt_body_t pbody;
1397 memset(&pbody, 0, sizeof(pbody));
1399 if (!ND_TTEST2(*p, IEEE802_11_TSTAMP_LEN + IEEE802_11_BCNINT_LEN +
1400 IEEE802_11_CAPINFO_LEN))
1402 if (length < IEEE802_11_TSTAMP_LEN + IEEE802_11_BCNINT_LEN +
1403 IEEE802_11_CAPINFO_LEN)
1405 memcpy(&pbody.timestamp, p, IEEE802_11_TSTAMP_LEN);
1406 offset += IEEE802_11_TSTAMP_LEN;
1407 length -= IEEE802_11_TSTAMP_LEN;
1408 pbody.beacon_interval = EXTRACT_LE_16BITS(p+offset);
1409 offset += IEEE802_11_BCNINT_LEN;
1410 length -= IEEE802_11_BCNINT_LEN;
1411 pbody.capability_info = EXTRACT_LE_16BITS(p+offset);
1412 offset += IEEE802_11_CAPINFO_LEN;
1413 length -= IEEE802_11_CAPINFO_LEN;
1415 ret = parse_elements(ndo, &pbody, p, offset, length);
1419 PRINT_DS_CHANNEL(pbody);
1427 /* the frame body for ATIM is null. */
1432 handle_disassoc(netdissect_options *ndo,
1433 const u_char *p, u_int length)
1435 struct mgmt_body_t pbody;
1437 memset(&pbody, 0, sizeof(pbody));
1439 if (!ND_TTEST2(*p, IEEE802_11_REASON_LEN))
1441 if (length < IEEE802_11_REASON_LEN)
1443 pbody.reason_code = EXTRACT_LE_16BITS(p);
1445 ND_PRINT((ndo, ": %s",
1446 (pbody.reason_code < NUM_REASONS)
1447 ? reason_text[pbody.reason_code]
1454 handle_auth(netdissect_options *ndo,
1455 const u_char *p, u_int length)
1457 struct mgmt_body_t pbody;
1461 memset(&pbody, 0, sizeof(pbody));
1463 if (!ND_TTEST2(*p, 6))
1467 pbody.auth_alg = EXTRACT_LE_16BITS(p);
1470 pbody.auth_trans_seq_num = EXTRACT_LE_16BITS(p + offset);
1473 pbody.status_code = EXTRACT_LE_16BITS(p + offset);
1477 ret = parse_elements(ndo, &pbody, p, offset, length);
1479 if ((pbody.auth_alg == 1) &&
1480 ((pbody.auth_trans_seq_num == 2) ||
1481 (pbody.auth_trans_seq_num == 3))) {
1482 ND_PRINT((ndo, " (%s)-%x [Challenge Text] %s",
1483 (pbody.auth_alg < NUM_AUTH_ALGS)
1484 ? auth_alg_text[pbody.auth_alg]
1486 pbody.auth_trans_seq_num,
1487 ((pbody.auth_trans_seq_num % 2)
1488 ? ((pbody.status_code < NUM_STATUSES)
1489 ? status_text[pbody.status_code]
1493 ND_PRINT((ndo, " (%s)-%x: %s",
1494 (pbody.auth_alg < NUM_AUTH_ALGS)
1495 ? auth_alg_text[pbody.auth_alg]
1497 pbody.auth_trans_seq_num,
1498 (pbody.auth_trans_seq_num % 2)
1499 ? ((pbody.status_code < NUM_STATUSES)
1500 ? status_text[pbody.status_code]
1508 handle_deauth(netdissect_options *ndo,
1509 const uint8_t *src, const u_char *p, u_int length)
1511 struct mgmt_body_t pbody;
1512 const char *reason = NULL;
1514 memset(&pbody, 0, sizeof(pbody));
1516 if (!ND_TTEST2(*p, IEEE802_11_REASON_LEN))
1518 if (length < IEEE802_11_REASON_LEN)
1520 pbody.reason_code = EXTRACT_LE_16BITS(p);
1522 reason = (pbody.reason_code < NUM_REASONS)
1523 ? reason_text[pbody.reason_code]
1526 if (ndo->ndo_eflag) {
1527 ND_PRINT((ndo, ": %s", reason));
1529 ND_PRINT((ndo, " (%s): %s", etheraddr_string(ndo, src), reason));
1534 #define PRINT_HT_ACTION(v) (\
1535 (v) == 0 ? ND_PRINT((ndo, "TxChWidth")) : \
1536 (v) == 1 ? ND_PRINT((ndo, "MIMOPwrSave")) : \
1537 ND_PRINT((ndo, "Act#%d", (v))) \
1539 #define PRINT_BA_ACTION(v) (\
1540 (v) == 0 ? ND_PRINT((ndo, "ADDBA Request")) : \
1541 (v) == 1 ? ND_PRINT((ndo, "ADDBA Response")) : \
1542 (v) == 2 ? ND_PRINT((ndo, "DELBA")) : \
1543 ND_PRINT((ndo, "Act#%d", (v))) \
1545 #define PRINT_MESHLINK_ACTION(v) (\
1546 (v) == 0 ? ND_PRINT((ndo, "Request")) : \
1547 (v) == 1 ? ND_PRINT((ndo, "Report")) : \
1548 ND_PRINT((ndo, "Act#%d", (v))) \
1550 #define PRINT_MESHPEERING_ACTION(v) (\
1551 (v) == 0 ? ND_PRINT((ndo, "Open")) : \
1552 (v) == 1 ? ND_PRINT((ndo, "Confirm")) : \
1553 (v) == 2 ? ND_PRINT((ndo, "Close")) : \
1554 ND_PRINT((ndo, "Act#%d", (v))) \
1556 #define PRINT_MESHPATH_ACTION(v) (\
1557 (v) == 0 ? ND_PRINT((ndo, "Request")) : \
1558 (v) == 1 ? ND_PRINT((ndo, "Report")) : \
1559 (v) == 2 ? ND_PRINT((ndo, "Error")) : \
1560 (v) == 3 ? ND_PRINT((ndo, "RootAnnouncement")) : \
1561 ND_PRINT((ndo, "Act#%d", (v))) \
1564 #define PRINT_MESH_ACTION(v) (\
1565 (v) == 0 ? ND_PRINT((ndo, "MeshLink")) : \
1566 (v) == 1 ? ND_PRINT((ndo, "HWMP")) : \
1567 (v) == 2 ? ND_PRINT((ndo, "Gate Announcement")) : \
1568 (v) == 3 ? ND_PRINT((ndo, "Congestion Control")) : \
1569 (v) == 4 ? ND_PRINT((ndo, "MCCA Setup Request")) : \
1570 (v) == 5 ? ND_PRINT((ndo, "MCCA Setup Reply")) : \
1571 (v) == 6 ? ND_PRINT((ndo, "MCCA Advertisement Request")) : \
1572 (v) == 7 ? ND_PRINT((ndo, "MCCA Advertisement")) : \
1573 (v) == 8 ? ND_PRINT((ndo, "MCCA Teardown")) : \
1574 (v) == 9 ? ND_PRINT((ndo, "TBTT Adjustment Request")) : \
1575 (v) == 10 ? ND_PRINT((ndo, "TBTT Adjustment Response")) : \
1576 ND_PRINT((ndo, "Act#%d", (v))) \
1578 #define PRINT_MULTIHOP_ACTION(v) (\
1579 (v) == 0 ? ND_PRINT((ndo, "Proxy Update")) : \
1580 (v) == 1 ? ND_PRINT((ndo, "Proxy Update Confirmation")) : \
1581 ND_PRINT((ndo, "Act#%d", (v))) \
1583 #define PRINT_SELFPROT_ACTION(v) (\
1584 (v) == 1 ? ND_PRINT((ndo, "Peering Open")) : \
1585 (v) == 2 ? ND_PRINT((ndo, "Peering Confirm")) : \
1586 (v) == 3 ? ND_PRINT((ndo, "Peering Close")) : \
1587 (v) == 4 ? ND_PRINT((ndo, "Group Key Inform")) : \
1588 (v) == 5 ? ND_PRINT((ndo, "Group Key Acknowledge")) : \
1589 ND_PRINT((ndo, "Act#%d", (v))) \
1593 handle_action(netdissect_options *ndo,
1594 const uint8_t *src, const u_char *p, u_int length)
1596 if (!ND_TTEST2(*p, 2))
1600 if (ndo->ndo_eflag) {
1601 ND_PRINT((ndo, ": "));
1603 ND_PRINT((ndo, " (%s): ", etheraddr_string(ndo, src)));
1606 case 0: ND_PRINT((ndo, "Spectrum Management Act#%d", p[1])); break;
1607 case 1: ND_PRINT((ndo, "QoS Act#%d", p[1])); break;
1608 case 2: ND_PRINT((ndo, "DLS Act#%d", p[1])); break;
1609 case 3: ND_PRINT((ndo, "BA ")); PRINT_BA_ACTION(p[1]); break;
1610 case 7: ND_PRINT((ndo, "HT ")); PRINT_HT_ACTION(p[1]); break;
1611 case 13: ND_PRINT((ndo, "MeshAction ")); PRINT_MESH_ACTION(p[1]); break;
1613 ND_PRINT((ndo, "MultiohopAction "));
1614 PRINT_MULTIHOP_ACTION(p[1]); break;
1616 ND_PRINT((ndo, "SelfprotectAction "));
1617 PRINT_SELFPROT_ACTION(p[1]); break;
1618 case 127: ND_PRINT((ndo, "Vendor Act#%d", p[1])); break;
1620 ND_PRINT((ndo, "Reserved(%d) Act#%d", p[0], p[1]));
1627 /*********************************************************************************
1629 *********************************************************************************/
1633 mgmt_body_print(netdissect_options *ndo,
1634 uint16_t fc, const uint8_t *src, const u_char *p, u_int length)
1636 ND_PRINT((ndo, "%s", tok2str(st_str, "Unhandled Management subtype(%x)", FC_SUBTYPE(fc))));
1638 /* There may be a problem w/ AP not having this bit set */
1639 if (FC_PROTECTED(fc))
1640 return wep_print(ndo, p);
1641 switch (FC_SUBTYPE(fc)) {
1642 case ST_ASSOC_REQUEST:
1643 return handle_assoc_request(ndo, p, length);
1644 case ST_ASSOC_RESPONSE:
1645 return handle_assoc_response(ndo, p, length);
1646 case ST_REASSOC_REQUEST:
1647 return handle_reassoc_request(ndo, p, length);
1648 case ST_REASSOC_RESPONSE:
1649 return handle_reassoc_response(ndo, p, length);
1650 case ST_PROBE_REQUEST:
1651 return handle_probe_request(ndo, p, length);
1652 case ST_PROBE_RESPONSE:
1653 return handle_probe_response(ndo, p, length);
1655 return handle_beacon(ndo, p, length);
1657 return handle_atim();
1659 return handle_disassoc(ndo, p, length);
1661 return handle_auth(ndo, p, length);
1663 return handle_deauth(ndo, src, p, length);
1665 return handle_action(ndo, src, p, length);
1672 /*********************************************************************************
1673 * Handles printing all the control frame types
1674 *********************************************************************************/
1677 ctrl_body_print(netdissect_options *ndo,
1678 uint16_t fc, const u_char *p)
1680 ND_PRINT((ndo, "%s", tok2str(ctrl_str, "Unknown Ctrl Subtype", FC_SUBTYPE(fc))));
1681 switch (FC_SUBTYPE(fc)) {
1682 case CTRL_CONTROL_WRAPPER:
1683 /* XXX - requires special handling */
1686 if (!ND_TTEST2(*p, CTRL_BAR_HDRLEN))
1688 if (!ndo->ndo_eflag)
1689 ND_PRINT((ndo, " RA:%s TA:%s CTL(%x) SEQ(%u) ",
1690 etheraddr_string(ndo, ((const struct ctrl_bar_hdr_t *)p)->ra),
1691 etheraddr_string(ndo, ((const struct ctrl_bar_hdr_t *)p)->ta),
1692 EXTRACT_LE_16BITS(&(((const struct ctrl_bar_hdr_t *)p)->ctl)),
1693 EXTRACT_LE_16BITS(&(((const struct ctrl_bar_hdr_t *)p)->seq))));
1696 if (!ND_TTEST2(*p, CTRL_BA_HDRLEN))
1698 if (!ndo->ndo_eflag)
1699 ND_PRINT((ndo, " RA:%s ",
1700 etheraddr_string(ndo, ((const struct ctrl_ba_hdr_t *)p)->ra)));
1703 if (!ND_TTEST2(*p, CTRL_PS_POLL_HDRLEN))
1705 ND_PRINT((ndo, " AID(%x)",
1706 EXTRACT_LE_16BITS(&(((const struct ctrl_ps_poll_hdr_t *)p)->aid))));
1709 if (!ND_TTEST2(*p, CTRL_RTS_HDRLEN))
1711 if (!ndo->ndo_eflag)
1712 ND_PRINT((ndo, " TA:%s ",
1713 etheraddr_string(ndo, ((const struct ctrl_rts_hdr_t *)p)->ta)));
1716 if (!ND_TTEST2(*p, CTRL_CTS_HDRLEN))
1718 if (!ndo->ndo_eflag)
1719 ND_PRINT((ndo, " RA:%s ",
1720 etheraddr_string(ndo, ((const struct ctrl_cts_hdr_t *)p)->ra)));
1723 if (!ND_TTEST2(*p, CTRL_ACK_HDRLEN))
1725 if (!ndo->ndo_eflag)
1726 ND_PRINT((ndo, " RA:%s ",
1727 etheraddr_string(ndo, ((const struct ctrl_ack_hdr_t *)p)->ra)));
1730 if (!ND_TTEST2(*p, CTRL_END_HDRLEN))
1732 if (!ndo->ndo_eflag)
1733 ND_PRINT((ndo, " RA:%s ",
1734 etheraddr_string(ndo, ((const struct ctrl_end_hdr_t *)p)->ra)));
1737 if (!ND_TTEST2(*p, CTRL_END_ACK_HDRLEN))
1739 if (!ndo->ndo_eflag)
1740 ND_PRINT((ndo, " RA:%s ",
1741 etheraddr_string(ndo, ((const struct ctrl_end_ack_hdr_t *)p)->ra)));
1748 * Data Frame - Address field contents
1750 * To Ds | From DS | Addr 1 | Addr 2 | Addr 3 | Addr 4
1751 * 0 | 0 | DA | SA | BSSID | n/a
1752 * 0 | 1 | DA | BSSID | SA | n/a
1753 * 1 | 0 | BSSID | SA | DA | n/a
1754 * 1 | 1 | RA | TA | DA | SA
1758 * Function to get source and destination MAC addresses for a data frame.
1761 get_data_src_dst_mac(uint16_t fc, const u_char *p, const uint8_t **srcp,
1762 const uint8_t **dstp)
1764 #define ADDR1 (p + 4)
1765 #define ADDR2 (p + 10)
1766 #define ADDR3 (p + 16)
1767 #define ADDR4 (p + 24)
1769 if (!FC_TO_DS(fc)) {
1770 if (!FC_FROM_DS(fc)) {
1771 /* not To DS and not From DS */
1775 /* not To DS and From DS */
1780 if (!FC_FROM_DS(fc)) {
1781 /* From DS and not To DS */
1785 /* To DS and From DS */
1798 get_mgmt_src_dst_mac(const u_char *p, const uint8_t **srcp, const uint8_t **dstp)
1800 const struct mgmt_header_t *hp = (const struct mgmt_header_t *) p;
1809 * Print Header funcs
1813 data_header_print(netdissect_options *ndo, uint16_t fc, const u_char *p)
1815 u_int subtype = FC_SUBTYPE(fc);
1817 if (DATA_FRAME_IS_CF_ACK(subtype) || DATA_FRAME_IS_CF_POLL(subtype) ||
1818 DATA_FRAME_IS_QOS(subtype)) {
1819 ND_PRINT((ndo, "CF "));
1820 if (DATA_FRAME_IS_CF_ACK(subtype)) {
1821 if (DATA_FRAME_IS_CF_POLL(subtype))
1822 ND_PRINT((ndo, "Ack/Poll"));
1824 ND_PRINT((ndo, "Ack"));
1826 if (DATA_FRAME_IS_CF_POLL(subtype))
1827 ND_PRINT((ndo, "Poll"));
1829 if (DATA_FRAME_IS_QOS(subtype))
1830 ND_PRINT((ndo, "+QoS"));
1831 ND_PRINT((ndo, " "));
1834 #define ADDR1 (p + 4)
1835 #define ADDR2 (p + 10)
1836 #define ADDR3 (p + 16)
1837 #define ADDR4 (p + 24)
1839 if (!FC_TO_DS(fc) && !FC_FROM_DS(fc)) {
1840 ND_PRINT((ndo, "DA:%s SA:%s BSSID:%s ",
1841 etheraddr_string(ndo, ADDR1), etheraddr_string(ndo, ADDR2),
1842 etheraddr_string(ndo, ADDR3)));
1843 } else if (!FC_TO_DS(fc) && FC_FROM_DS(fc)) {
1844 ND_PRINT((ndo, "DA:%s BSSID:%s SA:%s ",
1845 etheraddr_string(ndo, ADDR1), etheraddr_string(ndo, ADDR2),
1846 etheraddr_string(ndo, ADDR3)));
1847 } else if (FC_TO_DS(fc) && !FC_FROM_DS(fc)) {
1848 ND_PRINT((ndo, "BSSID:%s SA:%s DA:%s ",
1849 etheraddr_string(ndo, ADDR1), etheraddr_string(ndo, ADDR2),
1850 etheraddr_string(ndo, ADDR3)));
1851 } else if (FC_TO_DS(fc) && FC_FROM_DS(fc)) {
1852 ND_PRINT((ndo, "RA:%s TA:%s DA:%s SA:%s ",
1853 etheraddr_string(ndo, ADDR1), etheraddr_string(ndo, ADDR2),
1854 etheraddr_string(ndo, ADDR3), etheraddr_string(ndo, ADDR4)));
1864 mgmt_header_print(netdissect_options *ndo, const u_char *p)
1866 const struct mgmt_header_t *hp = (const struct mgmt_header_t *) p;
1868 ND_PRINT((ndo, "BSSID:%s DA:%s SA:%s ",
1869 etheraddr_string(ndo, (hp)->bssid), etheraddr_string(ndo, (hp)->da),
1870 etheraddr_string(ndo, (hp)->sa)));
1874 ctrl_header_print(netdissect_options *ndo, uint16_t fc, const u_char *p)
1876 switch (FC_SUBTYPE(fc)) {
1878 ND_PRINT((ndo, " RA:%s TA:%s CTL(%x) SEQ(%u) ",
1879 etheraddr_string(ndo, ((const struct ctrl_bar_hdr_t *)p)->ra),
1880 etheraddr_string(ndo, ((const struct ctrl_bar_hdr_t *)p)->ta),
1881 EXTRACT_LE_16BITS(&(((const struct ctrl_bar_hdr_t *)p)->ctl)),
1882 EXTRACT_LE_16BITS(&(((const struct ctrl_bar_hdr_t *)p)->seq))));
1885 ND_PRINT((ndo, "RA:%s ",
1886 etheraddr_string(ndo, ((const struct ctrl_ba_hdr_t *)p)->ra)));
1889 ND_PRINT((ndo, "BSSID:%s TA:%s ",
1890 etheraddr_string(ndo, ((const struct ctrl_ps_poll_hdr_t *)p)->bssid),
1891 etheraddr_string(ndo, ((const struct ctrl_ps_poll_hdr_t *)p)->ta)));
1894 ND_PRINT((ndo, "RA:%s TA:%s ",
1895 etheraddr_string(ndo, ((const struct ctrl_rts_hdr_t *)p)->ra),
1896 etheraddr_string(ndo, ((const struct ctrl_rts_hdr_t *)p)->ta)));
1899 ND_PRINT((ndo, "RA:%s ",
1900 etheraddr_string(ndo, ((const struct ctrl_cts_hdr_t *)p)->ra)));
1903 ND_PRINT((ndo, "RA:%s ",
1904 etheraddr_string(ndo, ((const struct ctrl_ack_hdr_t *)p)->ra)));
1907 ND_PRINT((ndo, "RA:%s BSSID:%s ",
1908 etheraddr_string(ndo, ((const struct ctrl_end_hdr_t *)p)->ra),
1909 etheraddr_string(ndo, ((const struct ctrl_end_hdr_t *)p)->bssid)));
1912 ND_PRINT((ndo, "RA:%s BSSID:%s ",
1913 etheraddr_string(ndo, ((const struct ctrl_end_ack_hdr_t *)p)->ra),
1914 etheraddr_string(ndo, ((const struct ctrl_end_ack_hdr_t *)p)->bssid)));
1917 /* We shouldn't get here - we should already have quit */
1923 extract_header_length(netdissect_options *ndo,
1928 switch (FC_TYPE(fc)) {
1932 switch (FC_SUBTYPE(fc)) {
1933 case CTRL_CONTROL_WRAPPER:
1934 return CTRL_CONTROL_WRAPPER_HDRLEN;
1936 return CTRL_BAR_HDRLEN;
1938 return CTRL_BA_HDRLEN;
1940 return CTRL_PS_POLL_HDRLEN;
1942 return CTRL_RTS_HDRLEN;
1944 return CTRL_CTS_HDRLEN;
1946 return CTRL_ACK_HDRLEN;
1948 return CTRL_END_HDRLEN;
1950 return CTRL_END_ACK_HDRLEN;
1952 ND_PRINT((ndo, "unknown 802.11 ctrl frame subtype (%d)", FC_SUBTYPE(fc)));
1956 len = (FC_TO_DS(fc) && FC_FROM_DS(fc)) ? 30 : 24;
1957 if (DATA_FRAME_IS_QOS(FC_SUBTYPE(fc)))
1961 ND_PRINT((ndo, "unknown 802.11 frame type (%d)", FC_TYPE(fc)));
1967 extract_mesh_header_length(const u_char *p)
1969 return (p[0] &~ 3) ? 0 : 6*(1 + (p[0] & 3));
1973 * Print the 802.11 MAC header.
1976 ieee_802_11_hdr_print(netdissect_options *ndo,
1977 uint16_t fc, const u_char *p, u_int hdrlen,
1980 if (ndo->ndo_vflag) {
1981 if (FC_MORE_DATA(fc))
1982 ND_PRINT((ndo, "More Data "));
1983 if (FC_MORE_FLAG(fc))
1984 ND_PRINT((ndo, "More Fragments "));
1985 if (FC_POWER_MGMT(fc))
1986 ND_PRINT((ndo, "Pwr Mgmt "));
1988 ND_PRINT((ndo, "Retry "));
1990 ND_PRINT((ndo, "Strictly Ordered "));
1991 if (FC_PROTECTED(fc))
1992 ND_PRINT((ndo, "Protected "));
1993 if (FC_TYPE(fc) != T_CTRL || FC_SUBTYPE(fc) != CTRL_PS_POLL)
1994 ND_PRINT((ndo, "%dus ",
1996 &((const struct mgmt_header_t *)p)->duration)));
1998 if (meshdrlen != 0) {
1999 const struct meshcntl_t *mc =
2000 (const struct meshcntl_t *)&p[hdrlen - meshdrlen];
2001 int ae = mc->flags & 3;
2003 ND_PRINT((ndo, "MeshData (AE %d TTL %u seq %u", ae, mc->ttl,
2004 EXTRACT_LE_32BITS(mc->seq)));
2006 ND_PRINT((ndo, " A4:%s", etheraddr_string(ndo, mc->addr4)));
2008 ND_PRINT((ndo, " A5:%s", etheraddr_string(ndo, mc->addr5)));
2010 ND_PRINT((ndo, " A6:%s", etheraddr_string(ndo, mc->addr6)));
2011 ND_PRINT((ndo, ") "));
2014 switch (FC_TYPE(fc)) {
2016 mgmt_header_print(ndo, p);
2019 ctrl_header_print(ndo, fc, p);
2022 data_header_print(ndo, fc, p);
2030 #define roundup2(x, y) (((x)+((y)-1))&(~((y)-1))) /* if y is powers of two */
2033 static const char tstr[] = "[|802.11]";
2036 ieee802_11_print(netdissect_options *ndo,
2037 const u_char *p, u_int length, u_int orig_caplen, int pad,
2041 u_int caplen, hdrlen, meshdrlen;
2042 struct lladdr_info src, dst;
2045 caplen = orig_caplen;
2046 /* Remove FCS, if present */
2047 if (length < fcslen) {
2048 ND_PRINT((ndo, "%s", tstr));
2052 if (caplen > length) {
2053 /* Amount of FCS in actual packet data, if any */
2054 fcslen = caplen - length;
2056 ndo->ndo_snapend -= fcslen;
2059 if (caplen < IEEE802_11_FC_LEN) {
2060 ND_PRINT((ndo, "%s", tstr));
2064 fc = EXTRACT_LE_16BITS(p);
2065 hdrlen = extract_header_length(ndo, fc);
2067 /* Unknown frame type or control frame subtype; quit. */
2071 hdrlen = roundup2(hdrlen, 4);
2072 if (ndo->ndo_Hflag && FC_TYPE(fc) == T_DATA &&
2073 DATA_FRAME_IS_QOS(FC_SUBTYPE(fc))) {
2074 meshdrlen = extract_mesh_header_length(p+hdrlen);
2075 hdrlen += meshdrlen;
2079 if (caplen < hdrlen) {
2080 ND_PRINT((ndo, "%s", tstr));
2085 ieee_802_11_hdr_print(ndo, fc, p, hdrlen, meshdrlen);
2088 * Go past the 802.11 header.
2094 src.addr_string = etheraddr_string;
2095 dst.addr_string = etheraddr_string;
2096 switch (FC_TYPE(fc)) {
2098 get_mgmt_src_dst_mac(p - hdrlen, &src.addr, &dst.addr);
2099 if (!mgmt_body_print(ndo, fc, src.addr, p, length)) {
2100 ND_PRINT((ndo, "%s", tstr));
2105 if (!ctrl_body_print(ndo, fc, p - hdrlen)) {
2106 ND_PRINT((ndo, "%s", tstr));
2111 if (DATA_FRAME_IS_NULL(FC_SUBTYPE(fc)))
2112 return hdrlen; /* no-data frame */
2113 /* There may be a problem w/ AP not having this bit set */
2114 if (FC_PROTECTED(fc)) {
2115 ND_PRINT((ndo, "Data"));
2116 if (!wep_print(ndo, p)) {
2117 ND_PRINT((ndo, "%s", tstr));
2121 get_data_src_dst_mac(fc, p - hdrlen, &src.addr, &dst.addr);
2122 llc_hdrlen = llc_print(ndo, p, length, caplen, &src, &dst);
2123 if (llc_hdrlen < 0) {
2125 * Some kinds of LLC packet we cannot
2126 * handle intelligently
2128 if (!ndo->ndo_suppress_default_print)
2129 ND_DEFAULTPRINT(p, caplen);
2130 llc_hdrlen = -llc_hdrlen;
2132 hdrlen += llc_hdrlen;
2136 /* We shouldn't get here - we should already have quit */
2144 * This is the top level routine of the printer. 'p' points
2145 * to the 802.11 header of the packet, 'h->ts' is the timestamp,
2146 * 'h->len' is the length of the packet off the wire, and 'h->caplen'
2147 * is the number of bytes actually captured.
2150 ieee802_11_if_print(netdissect_options *ndo,
2151 const struct pcap_pkthdr *h, const u_char *p)
2153 return ieee802_11_print(ndo, p, h->len, h->caplen, 0, 0);
2157 /* $FreeBSD: projects/clang400-import/contrib/tcpdump/print-802_11.c 276788 2015-01-07 19:55:18Z delphij $ */
2158 /* NetBSD: ieee802_11_radio.h,v 1.2 2006/02/26 03:04:03 dyoung Exp */
2161 * Copyright (c) 2003, 2004 David Young. All rights reserved.
2163 * Redistribution and use in source and binary forms, with or without
2164 * modification, are permitted provided that the following conditions
2166 * 1. Redistributions of source code must retain the above copyright
2167 * notice, this list of conditions and the following disclaimer.
2168 * 2. Redistributions in binary form must reproduce the above copyright
2169 * notice, this list of conditions and the following disclaimer in the
2170 * documentation and/or other materials provided with the distribution.
2171 * 3. The name of David Young may not be used to endorse or promote
2172 * products derived from this software without specific prior
2173 * written permission.
2175 * THIS SOFTWARE IS PROVIDED BY DAVID YOUNG ``AS IS'' AND ANY
2176 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
2177 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
2178 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL DAVID
2179 * YOUNG BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
2180 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
2181 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
2182 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
2183 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
2184 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
2185 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
2189 /* A generic radio capture format is desirable. It must be
2190 * rigidly defined (e.g., units for fields should be given),
2191 * and easily extensible.
2193 * The following is an extensible radio capture format. It is
2194 * based on a bitmap indicating which fields are present.
2196 * I am trying to describe precisely what the application programmer
2197 * should expect in the following, and for that reason I tell the
2198 * units and origin of each measurement (where it applies), or else I
2199 * use sufficiently weaselly language ("is a monotonically nondecreasing
2200 * function of...") that I cannot set false expectations for lawyerly
2205 * The radio capture header precedes the 802.11 header.
2207 * Note well: all radiotap fields are little-endian.
2209 struct ieee80211_radiotap_header {
2210 uint8_t it_version; /* Version 0. Only increases
2211 * for drastic changes,
2212 * introduction of compatible
2213 * new fields does not count.
2216 uint16_t it_len; /* length of the whole
2217 * header in bytes, including
2218 * it_version, it_pad,
2219 * it_len, and data fields.
2221 uint32_t it_present; /* A bitmap telling which
2222 * fields are present. Set bit 31
2223 * (0x80000000) to extend the
2224 * bitmap by another 32 bits.
2225 * Additional extensions are made
2226 * by setting bit 31.
2230 /* Name Data type Units
2231 * ---- --------- -----
2233 * IEEE80211_RADIOTAP_TSFT uint64_t microseconds
2235 * Value in microseconds of the MAC's 64-bit 802.11 Time
2236 * Synchronization Function timer when the first bit of the
2237 * MPDU arrived at the MAC. For received frames, only.
2239 * IEEE80211_RADIOTAP_CHANNEL 2 x uint16_t MHz, bitmap
2241 * Tx/Rx frequency in MHz, followed by flags (see below).
2242 * Note that IEEE80211_RADIOTAP_XCHANNEL must be used to
2243 * represent an HT channel as there is not enough room in
2246 * IEEE80211_RADIOTAP_FHSS uint16_t see below
2248 * For frequency-hopping radios, the hop set (first byte)
2249 * and pattern (second byte).
2251 * IEEE80211_RADIOTAP_RATE uint8_t 500kb/s or index
2253 * Tx/Rx data rate. If bit 0x80 is set then it represents an
2254 * an MCS index and not an IEEE rate.
2256 * IEEE80211_RADIOTAP_DBM_ANTSIGNAL int8_t decibels from
2257 * one milliwatt (dBm)
2259 * RF signal power at the antenna, decibel difference from
2262 * IEEE80211_RADIOTAP_DBM_ANTNOISE int8_t decibels from
2263 * one milliwatt (dBm)
2265 * RF noise power at the antenna, decibel difference from one
2268 * IEEE80211_RADIOTAP_DB_ANTSIGNAL uint8_t decibel (dB)
2270 * RF signal power at the antenna, decibel difference from an
2271 * arbitrary, fixed reference.
2273 * IEEE80211_RADIOTAP_DB_ANTNOISE uint8_t decibel (dB)
2275 * RF noise power at the antenna, decibel difference from an
2276 * arbitrary, fixed reference point.
2278 * IEEE80211_RADIOTAP_LOCK_QUALITY uint16_t unitless
2280 * Quality of Barker code lock. Unitless. Monotonically
2281 * nondecreasing with "better" lock strength. Called "Signal
2282 * Quality" in datasheets. (Is there a standard way to measure
2285 * IEEE80211_RADIOTAP_TX_ATTENUATION uint16_t unitless
2287 * Transmit power expressed as unitless distance from max
2288 * power set at factory calibration. 0 is max power.
2289 * Monotonically nondecreasing with lower power levels.
2291 * IEEE80211_RADIOTAP_DB_TX_ATTENUATION uint16_t decibels (dB)
2293 * Transmit power expressed as decibel distance from max power
2294 * set at factory calibration. 0 is max power. Monotonically
2295 * nondecreasing with lower power levels.
2297 * IEEE80211_RADIOTAP_DBM_TX_POWER int8_t decibels from
2298 * one milliwatt (dBm)
2300 * Transmit power expressed as dBm (decibels from a 1 milliwatt
2301 * reference). This is the absolute power level measured at
2304 * IEEE80211_RADIOTAP_FLAGS uint8_t bitmap
2306 * Properties of transmitted and received frames. See flags
2309 * IEEE80211_RADIOTAP_ANTENNA uint8_t antenna index
2311 * Unitless indication of the Rx/Tx antenna for this packet.
2312 * The first antenna is antenna 0.
2314 * IEEE80211_RADIOTAP_RX_FLAGS uint16_t bitmap
2316 * Properties of received frames. See flags defined below.
2318 * IEEE80211_RADIOTAP_XCHANNEL uint32_t bitmap
2320 * uint8_t channel number
2323 * Extended channel specification: flags (see below) followed by
2324 * frequency in MHz, the corresponding IEEE channel number, and
2325 * finally the maximum regulatory transmit power cap in .5 dBm
2326 * units. This property supersedes IEEE80211_RADIOTAP_CHANNEL
2327 * and only one of the two should be present.
2329 * IEEE80211_RADIOTAP_MCS uint8_t known
2333 * Bitset indicating which fields have known values, followed
2334 * by bitset of flag values, followed by the MCS rate index as
2338 * IEEE80211_RADIOTAP_AMPDU_STATUS u32, u16, u8, u8 unitless
2340 * Contains the AMPDU information for the subframe.
2342 * IEEE80211_RADIOTAP_VHT u16, u8, u8, u8[4], u8, u8, u16
2344 * Contains VHT information about this frame.
2346 * IEEE80211_RADIOTAP_VENDOR_NAMESPACE
2351 * The Vendor Namespace Field contains three sub-fields. The first
2352 * sub-field is 3 bytes long. It contains the vendor's IEEE 802
2353 * Organizationally Unique Identifier (OUI). The fourth byte is a
2354 * vendor-specific "namespace selector."
2357 enum ieee80211_radiotap_type {
2358 IEEE80211_RADIOTAP_TSFT = 0,
2359 IEEE80211_RADIOTAP_FLAGS = 1,
2360 IEEE80211_RADIOTAP_RATE = 2,
2361 IEEE80211_RADIOTAP_CHANNEL = 3,
2362 IEEE80211_RADIOTAP_FHSS = 4,
2363 IEEE80211_RADIOTAP_DBM_ANTSIGNAL = 5,
2364 IEEE80211_RADIOTAP_DBM_ANTNOISE = 6,
2365 IEEE80211_RADIOTAP_LOCK_QUALITY = 7,
2366 IEEE80211_RADIOTAP_TX_ATTENUATION = 8,
2367 IEEE80211_RADIOTAP_DB_TX_ATTENUATION = 9,
2368 IEEE80211_RADIOTAP_DBM_TX_POWER = 10,
2369 IEEE80211_RADIOTAP_ANTENNA = 11,
2370 IEEE80211_RADIOTAP_DB_ANTSIGNAL = 12,
2371 IEEE80211_RADIOTAP_DB_ANTNOISE = 13,
2372 IEEE80211_RADIOTAP_RX_FLAGS = 14,
2373 /* NB: gap for netbsd definitions */
2374 IEEE80211_RADIOTAP_XCHANNEL = 18,
2375 IEEE80211_RADIOTAP_MCS = 19,
2376 IEEE80211_RADIOTAP_AMPDU_STATUS = 20,
2377 IEEE80211_RADIOTAP_VHT = 21,
2378 IEEE80211_RADIOTAP_NAMESPACE = 29,
2379 IEEE80211_RADIOTAP_VENDOR_NAMESPACE = 30,
2380 IEEE80211_RADIOTAP_EXT = 31
2383 /* channel attributes */
2384 #define IEEE80211_CHAN_TURBO 0x00010 /* Turbo channel */
2385 #define IEEE80211_CHAN_CCK 0x00020 /* CCK channel */
2386 #define IEEE80211_CHAN_OFDM 0x00040 /* OFDM channel */
2387 #define IEEE80211_CHAN_2GHZ 0x00080 /* 2 GHz spectrum channel. */
2388 #define IEEE80211_CHAN_5GHZ 0x00100 /* 5 GHz spectrum channel */
2389 #define IEEE80211_CHAN_PASSIVE 0x00200 /* Only passive scan allowed */
2390 #define IEEE80211_CHAN_DYN 0x00400 /* Dynamic CCK-OFDM channel */
2391 #define IEEE80211_CHAN_GFSK 0x00800 /* GFSK channel (FHSS PHY) */
2392 #define IEEE80211_CHAN_GSM 0x01000 /* 900 MHz spectrum channel */
2393 #define IEEE80211_CHAN_STURBO 0x02000 /* 11a static turbo channel only */
2394 #define IEEE80211_CHAN_HALF 0x04000 /* Half rate channel */
2395 #define IEEE80211_CHAN_QUARTER 0x08000 /* Quarter rate channel */
2396 #define IEEE80211_CHAN_HT20 0x10000 /* HT 20 channel */
2397 #define IEEE80211_CHAN_HT40U 0x20000 /* HT 40 channel w/ ext above */
2398 #define IEEE80211_CHAN_HT40D 0x40000 /* HT 40 channel w/ ext below */
2400 /* Useful combinations of channel characteristics, borrowed from Ethereal */
2401 #define IEEE80211_CHAN_A \
2402 (IEEE80211_CHAN_5GHZ | IEEE80211_CHAN_OFDM)
2403 #define IEEE80211_CHAN_B \
2404 (IEEE80211_CHAN_2GHZ | IEEE80211_CHAN_CCK)
2405 #define IEEE80211_CHAN_G \
2406 (IEEE80211_CHAN_2GHZ | IEEE80211_CHAN_DYN)
2407 #define IEEE80211_CHAN_TA \
2408 (IEEE80211_CHAN_5GHZ | IEEE80211_CHAN_OFDM | IEEE80211_CHAN_TURBO)
2409 #define IEEE80211_CHAN_TG \
2410 (IEEE80211_CHAN_2GHZ | IEEE80211_CHAN_DYN | IEEE80211_CHAN_TURBO)
2413 /* For IEEE80211_RADIOTAP_FLAGS */
2414 #define IEEE80211_RADIOTAP_F_CFP 0x01 /* sent/received
2417 #define IEEE80211_RADIOTAP_F_SHORTPRE 0x02 /* sent/received
2421 #define IEEE80211_RADIOTAP_F_WEP 0x04 /* sent/received
2422 * with WEP encryption
2424 #define IEEE80211_RADIOTAP_F_FRAG 0x08 /* sent/received
2425 * with fragmentation
2427 #define IEEE80211_RADIOTAP_F_FCS 0x10 /* frame includes FCS */
2428 #define IEEE80211_RADIOTAP_F_DATAPAD 0x20 /* frame has padding between
2429 * 802.11 header and payload
2430 * (to 32-bit boundary)
2432 #define IEEE80211_RADIOTAP_F_BADFCS 0x40 /* does not pass FCS check */
2434 /* For IEEE80211_RADIOTAP_RX_FLAGS */
2435 #define IEEE80211_RADIOTAP_F_RX_BADFCS 0x0001 /* frame failed crc check */
2436 #define IEEE80211_RADIOTAP_F_RX_PLCP_CRC 0x0002 /* frame failed PLCP CRC check */
2438 /* For IEEE80211_RADIOTAP_MCS known */
2439 #define IEEE80211_RADIOTAP_MCS_BANDWIDTH_KNOWN 0x01
2440 #define IEEE80211_RADIOTAP_MCS_MCS_INDEX_KNOWN 0x02 /* MCS index field */
2441 #define IEEE80211_RADIOTAP_MCS_GUARD_INTERVAL_KNOWN 0x04
2442 #define IEEE80211_RADIOTAP_MCS_HT_FORMAT_KNOWN 0x08
2443 #define IEEE80211_RADIOTAP_MCS_FEC_TYPE_KNOWN 0x10
2444 #define IEEE80211_RADIOTAP_MCS_STBC_KNOWN 0x20
2445 #define IEEE80211_RADIOTAP_MCS_NESS_KNOWN 0x40
2446 #define IEEE80211_RADIOTAP_MCS_NESS_BIT_1 0x80
2448 /* For IEEE80211_RADIOTAP_MCS flags */
2449 #define IEEE80211_RADIOTAP_MCS_BANDWIDTH_MASK 0x03
2450 #define IEEE80211_RADIOTAP_MCS_BANDWIDTH_20 0
2451 #define IEEE80211_RADIOTAP_MCS_BANDWIDTH_40 1
2452 #define IEEE80211_RADIOTAP_MCS_BANDWIDTH_20L 2
2453 #define IEEE80211_RADIOTAP_MCS_BANDWIDTH_20U 3
2454 #define IEEE80211_RADIOTAP_MCS_SHORT_GI 0x04 /* short guard interval */
2455 #define IEEE80211_RADIOTAP_MCS_HT_GREENFIELD 0x08
2456 #define IEEE80211_RADIOTAP_MCS_FEC_LDPC 0x10
2457 #define IEEE80211_RADIOTAP_MCS_STBC_MASK 0x60
2458 #define IEEE80211_RADIOTAP_MCS_STBC_1 1
2459 #define IEEE80211_RADIOTAP_MCS_STBC_2 2
2460 #define IEEE80211_RADIOTAP_MCS_STBC_3 3
2461 #define IEEE80211_RADIOTAP_MCS_STBC_SHIFT 5
2462 #define IEEE80211_RADIOTAP_MCS_NESS_BIT_0 0x80
2464 /* For IEEE80211_RADIOTAP_AMPDU_STATUS */
2465 #define IEEE80211_RADIOTAP_AMPDU_REPORT_ZEROLEN 0x0001
2466 #define IEEE80211_RADIOTAP_AMPDU_IS_ZEROLEN 0x0002
2467 #define IEEE80211_RADIOTAP_AMPDU_LAST_KNOWN 0x0004
2468 #define IEEE80211_RADIOTAP_AMPDU_IS_LAST 0x0008
2469 #define IEEE80211_RADIOTAP_AMPDU_DELIM_CRC_ERR 0x0010
2470 #define IEEE80211_RADIOTAP_AMPDU_DELIM_CRC_KNOWN 0x0020
2472 /* For IEEE80211_RADIOTAP_VHT known */
2473 #define IEEE80211_RADIOTAP_VHT_STBC_KNOWN 0x0001
2474 #define IEEE80211_RADIOTAP_VHT_TXOP_PS_NA_KNOWN 0x0002
2475 #define IEEE80211_RADIOTAP_VHT_GUARD_INTERVAL_KNOWN 0x0004
2476 #define IEEE80211_RADIOTAP_VHT_SGI_NSYM_DIS_KNOWN 0x0008
2477 #define IEEE80211_RADIOTAP_VHT_LDPC_EXTRA_OFDM_SYM_KNOWN 0x0010
2478 #define IEEE80211_RADIOTAP_VHT_BEAMFORMED_KNOWN 0x0020
2479 #define IEEE80211_RADIOTAP_VHT_BANDWIDTH_KNOWN 0x0040
2480 #define IEEE80211_RADIOTAP_VHT_GROUP_ID_KNOWN 0x0080
2481 #define IEEE80211_RADIOTAP_VHT_PARTIAL_AID_KNOWN 0x0100
2483 /* For IEEE80211_RADIOTAP_VHT flags */
2484 #define IEEE80211_RADIOTAP_VHT_STBC 0x01
2485 #define IEEE80211_RADIOTAP_VHT_TXOP_PS_NA 0x02
2486 #define IEEE80211_RADIOTAP_VHT_SHORT_GI 0x04
2487 #define IEEE80211_RADIOTAP_VHT_SGI_NSYM_M10_9 0x08
2488 #define IEEE80211_RADIOTAP_VHT_LDPC_EXTRA_OFDM_SYM 0x10
2489 #define IEEE80211_RADIOTAP_VHT_BEAMFORMED 0x20
2491 #define IEEE80211_RADIOTAP_VHT_BANDWIDTH_MASK 0x1f
2493 #define IEEE80211_RADIOTAP_VHT_NSS_MASK 0x0f
2494 #define IEEE80211_RADIOTAP_VHT_MCS_MASK 0xf0
2495 #define IEEE80211_RADIOTAP_VHT_MCS_SHIFT 4
2497 #define IEEE80211_RADIOTAP_CODING_LDPC_USERn 0x01
2499 #define IEEE80211_CHAN_FHSS \
2500 (IEEE80211_CHAN_2GHZ | IEEE80211_CHAN_GFSK)
2501 #define IEEE80211_CHAN_A \
2502 (IEEE80211_CHAN_5GHZ | IEEE80211_CHAN_OFDM)
2503 #define IEEE80211_CHAN_B \
2504 (IEEE80211_CHAN_2GHZ | IEEE80211_CHAN_CCK)
2505 #define IEEE80211_CHAN_PUREG \
2506 (IEEE80211_CHAN_2GHZ | IEEE80211_CHAN_OFDM)
2507 #define IEEE80211_CHAN_G \
2508 (IEEE80211_CHAN_2GHZ | IEEE80211_CHAN_DYN)
2510 #define IS_CHAN_FHSS(flags) \
2511 ((flags & IEEE80211_CHAN_FHSS) == IEEE80211_CHAN_FHSS)
2512 #define IS_CHAN_A(flags) \
2513 ((flags & IEEE80211_CHAN_A) == IEEE80211_CHAN_A)
2514 #define IS_CHAN_B(flags) \
2515 ((flags & IEEE80211_CHAN_B) == IEEE80211_CHAN_B)
2516 #define IS_CHAN_PUREG(flags) \
2517 ((flags & IEEE80211_CHAN_PUREG) == IEEE80211_CHAN_PUREG)
2518 #define IS_CHAN_G(flags) \
2519 ((flags & IEEE80211_CHAN_G) == IEEE80211_CHAN_G)
2520 #define IS_CHAN_ANYG(flags) \
2521 (IS_CHAN_PUREG(flags) || IS_CHAN_G(flags))
2524 print_chaninfo(netdissect_options *ndo,
2525 uint16_t freq, int flags, int presentflags)
2527 ND_PRINT((ndo, "%u MHz", freq));
2528 if (presentflags & (1 << IEEE80211_RADIOTAP_MCS)) {
2530 * We have the MCS field, so this is 11n, regardless
2531 * of what the channel flags say.
2533 ND_PRINT((ndo, " 11n"));
2535 if (IS_CHAN_FHSS(flags))
2536 ND_PRINT((ndo, " FHSS"));
2537 if (IS_CHAN_A(flags)) {
2538 if (flags & IEEE80211_CHAN_HALF)
2539 ND_PRINT((ndo, " 11a/10Mhz"));
2540 else if (flags & IEEE80211_CHAN_QUARTER)
2541 ND_PRINT((ndo, " 11a/5Mhz"));
2543 ND_PRINT((ndo, " 11a"));
2545 if (IS_CHAN_ANYG(flags)) {
2546 if (flags & IEEE80211_CHAN_HALF)
2547 ND_PRINT((ndo, " 11g/10Mhz"));
2548 else if (flags & IEEE80211_CHAN_QUARTER)
2549 ND_PRINT((ndo, " 11g/5Mhz"));
2551 ND_PRINT((ndo, " 11g"));
2552 } else if (IS_CHAN_B(flags))
2553 ND_PRINT((ndo, " 11b"));
2554 if (flags & IEEE80211_CHAN_TURBO)
2555 ND_PRINT((ndo, " Turbo"));
2558 * These apply to 11n.
2560 if (flags & IEEE80211_CHAN_HT20)
2561 ND_PRINT((ndo, " ht/20"));
2562 else if (flags & IEEE80211_CHAN_HT40D)
2563 ND_PRINT((ndo, " ht/40-"));
2564 else if (flags & IEEE80211_CHAN_HT40U)
2565 ND_PRINT((ndo, " ht/40+"));
2566 ND_PRINT((ndo, " "));
2570 print_radiotap_field(netdissect_options *ndo,
2571 struct cpack_state *s, uint32_t bit, uint8_t *flagsp,
2572 uint32_t presentflags)
2579 case IEEE80211_RADIOTAP_TSFT: {
2582 rc = cpack_uint64(s, &tsft);
2585 ND_PRINT((ndo, "%" PRIu64 "us tsft ", tsft));
2589 case IEEE80211_RADIOTAP_FLAGS: {
2592 rc = cpack_uint8(s, &flagsval);
2596 if (flagsval & IEEE80211_RADIOTAP_F_CFP)
2597 ND_PRINT((ndo, "cfp "));
2598 if (flagsval & IEEE80211_RADIOTAP_F_SHORTPRE)
2599 ND_PRINT((ndo, "short preamble "));
2600 if (flagsval & IEEE80211_RADIOTAP_F_WEP)
2601 ND_PRINT((ndo, "wep "));
2602 if (flagsval & IEEE80211_RADIOTAP_F_FRAG)
2603 ND_PRINT((ndo, "fragmented "));
2604 if (flagsval & IEEE80211_RADIOTAP_F_BADFCS)
2605 ND_PRINT((ndo, "bad-fcs "));
2609 case IEEE80211_RADIOTAP_RATE: {
2612 rc = cpack_uint8(s, &rate);
2616 * XXX On FreeBSD rate & 0x80 means we have an MCS. On
2617 * Linux and AirPcap it does not. (What about
2618 * Mac OS X, NetBSD, OpenBSD, and DragonFly BSD?)
2620 * This is an issue either for proprietary extensions
2621 * to 11a or 11g, which do exist, or for 11n
2622 * implementations that stuff a rate value into
2623 * this field, which also appear to exist.
2625 * We currently handle that by assuming that
2626 * if the 0x80 bit is set *and* the remaining
2627 * bits have a value between 0 and 15 it's
2628 * an MCS value, otherwise it's a rate. If
2629 * there are cases where systems that use
2630 * "0x80 + MCS index" for MCS indices > 15,
2631 * or stuff a rate value here between 64 and
2632 * 71.5 Mb/s in here, we'll need a preference
2633 * setting. Such rates do exist, e.g. 11n
2634 * MCS 7 at 20 MHz with a long guard interval.
2636 if (rate >= 0x80 && rate <= 0x8f) {
2638 * XXX - we don't know the channel width
2639 * or guard interval length, so we can't
2640 * convert this to a data rate.
2642 * If you want us to show a data rate,
2643 * use the MCS field, not the Rate field;
2644 * the MCS field includes not only the
2645 * MCS index, it also includes bandwidth
2646 * and guard interval information.
2648 * XXX - can we get the channel width
2649 * from XChannel and the guard interval
2650 * information from Flags, at least on
2653 ND_PRINT((ndo, "MCS %u ", rate & 0x7f));
2655 ND_PRINT((ndo, "%2.1f Mb/s ", .5 * rate));
2659 case IEEE80211_RADIOTAP_CHANNEL: {
2663 rc = cpack_uint16(s, &frequency);
2666 rc = cpack_uint16(s, &flags);
2670 * If CHANNEL and XCHANNEL are both present, skip
2673 if (presentflags & (1 << IEEE80211_RADIOTAP_XCHANNEL))
2675 print_chaninfo(ndo, frequency, flags, presentflags);
2679 case IEEE80211_RADIOTAP_FHSS: {
2683 rc = cpack_uint8(s, &hopset);
2686 rc = cpack_uint8(s, &hoppat);
2689 ND_PRINT((ndo, "fhset %d fhpat %d ", hopset, hoppat));
2693 case IEEE80211_RADIOTAP_DBM_ANTSIGNAL: {
2694 int8_t dbm_antsignal;
2696 rc = cpack_int8(s, &dbm_antsignal);
2699 ND_PRINT((ndo, "%ddBm signal ", dbm_antsignal));
2703 case IEEE80211_RADIOTAP_DBM_ANTNOISE: {
2704 int8_t dbm_antnoise;
2706 rc = cpack_int8(s, &dbm_antnoise);
2709 ND_PRINT((ndo, "%ddBm noise ", dbm_antnoise));
2713 case IEEE80211_RADIOTAP_LOCK_QUALITY: {
2714 uint16_t lock_quality;
2716 rc = cpack_uint16(s, &lock_quality);
2719 ND_PRINT((ndo, "%u sq ", lock_quality));
2723 case IEEE80211_RADIOTAP_TX_ATTENUATION: {
2724 uint16_t tx_attenuation;
2726 rc = cpack_uint16(s, &tx_attenuation);
2729 ND_PRINT((ndo, "%d tx power ", -(int)tx_attenuation));
2733 case IEEE80211_RADIOTAP_DB_TX_ATTENUATION: {
2734 uint8_t db_tx_attenuation;
2736 rc = cpack_uint8(s, &db_tx_attenuation);
2739 ND_PRINT((ndo, "%ddB tx attenuation ", -(int)db_tx_attenuation));
2743 case IEEE80211_RADIOTAP_DBM_TX_POWER: {
2744 int8_t dbm_tx_power;
2746 rc = cpack_int8(s, &dbm_tx_power);
2749 ND_PRINT((ndo, "%ddBm tx power ", dbm_tx_power));
2753 case IEEE80211_RADIOTAP_ANTENNA: {
2756 rc = cpack_uint8(s, &antenna);
2759 ND_PRINT((ndo, "antenna %u ", antenna));
2763 case IEEE80211_RADIOTAP_DB_ANTSIGNAL: {
2764 uint8_t db_antsignal;
2766 rc = cpack_uint8(s, &db_antsignal);
2769 ND_PRINT((ndo, "%ddB signal ", db_antsignal));
2773 case IEEE80211_RADIOTAP_DB_ANTNOISE: {
2774 uint8_t db_antnoise;
2776 rc = cpack_uint8(s, &db_antnoise);
2779 ND_PRINT((ndo, "%ddB noise ", db_antnoise));
2783 case IEEE80211_RADIOTAP_RX_FLAGS: {
2786 rc = cpack_uint16(s, &rx_flags);
2789 /* Do nothing for now */
2793 case IEEE80211_RADIOTAP_XCHANNEL: {
2799 rc = cpack_uint32(s, &flags);
2802 rc = cpack_uint16(s, &frequency);
2805 rc = cpack_uint8(s, &channel);
2808 rc = cpack_uint8(s, &maxpower);
2811 print_chaninfo(ndo, frequency, flags, presentflags);
2815 case IEEE80211_RADIOTAP_MCS: {
2819 static const char *ht_bandwidth[4] = {
2827 rc = cpack_uint8(s, &known);
2830 rc = cpack_uint8(s, &flags);
2833 rc = cpack_uint8(s, &mcs_index);
2836 if (known & IEEE80211_RADIOTAP_MCS_MCS_INDEX_KNOWN) {
2838 * We know the MCS index.
2840 if (mcs_index <= MAX_MCS_INDEX) {
2842 * And it's in-range.
2844 if (known & (IEEE80211_RADIOTAP_MCS_BANDWIDTH_KNOWN|IEEE80211_RADIOTAP_MCS_GUARD_INTERVAL_KNOWN)) {
2846 * And we know both the bandwidth and
2847 * the guard interval, so we can look
2851 ieee80211_float_htrates \
2853 [((flags & IEEE80211_RADIOTAP_MCS_BANDWIDTH_MASK) == IEEE80211_RADIOTAP_MCS_BANDWIDTH_40 ? 1 : 0)] \
2854 [((flags & IEEE80211_RADIOTAP_MCS_SHORT_GI) ? 1 : 0)];
2857 * We don't know both the bandwidth
2858 * and the guard interval, so we can
2859 * only report the MCS index.
2865 * The MCS value is out of range.
2869 if (htrate != 0.0) {
2874 ND_PRINT((ndo, "%.1f Mb/s MCS %u ", htrate, mcs_index));
2877 * We at least have the MCS index.
2880 ND_PRINT((ndo, "MCS %u ", mcs_index));
2883 if (known & IEEE80211_RADIOTAP_MCS_BANDWIDTH_KNOWN) {
2884 ND_PRINT((ndo, "%s ",
2885 ht_bandwidth[flags & IEEE80211_RADIOTAP_MCS_BANDWIDTH_MASK]));
2887 if (known & IEEE80211_RADIOTAP_MCS_GUARD_INTERVAL_KNOWN) {
2888 ND_PRINT((ndo, "%s GI ",
2889 (flags & IEEE80211_RADIOTAP_MCS_SHORT_GI) ?
2892 if (known & IEEE80211_RADIOTAP_MCS_HT_FORMAT_KNOWN) {
2893 ND_PRINT((ndo, "%s ",
2894 (flags & IEEE80211_RADIOTAP_MCS_HT_GREENFIELD) ?
2895 "greenfield" : "mixed"));
2897 if (known & IEEE80211_RADIOTAP_MCS_FEC_TYPE_KNOWN) {
2898 ND_PRINT((ndo, "%s FEC ",
2899 (flags & IEEE80211_RADIOTAP_MCS_FEC_LDPC) ?
2902 if (known & IEEE80211_RADIOTAP_MCS_STBC_KNOWN) {
2903 ND_PRINT((ndo, "RX-STBC%u ",
2904 (flags & IEEE80211_RADIOTAP_MCS_STBC_MASK) >> IEEE80211_RADIOTAP_MCS_STBC_SHIFT));
2909 case IEEE80211_RADIOTAP_AMPDU_STATUS: {
2910 uint32_t reference_num;
2915 rc = cpack_uint32(s, &reference_num);
2918 rc = cpack_uint16(s, &flags);
2921 rc = cpack_uint8(s, &delim_crc);
2924 rc = cpack_uint8(s, &reserved);
2927 /* Do nothing for now */
2931 case IEEE80211_RADIOTAP_VHT: {
2938 uint16_t partial_aid;
2939 static const char *vht_bandwidth[32] = {
2974 rc = cpack_uint16(s, &known);
2977 rc = cpack_uint8(s, &flags);
2980 rc = cpack_uint8(s, &bandwidth);
2983 for (i = 0; i < 4; i++) {
2984 rc = cpack_uint8(s, &mcs_nss[i]);
2988 rc = cpack_uint8(s, &coding);
2991 rc = cpack_uint8(s, &group_id);
2994 rc = cpack_uint16(s, &partial_aid);
2997 for (i = 0; i < 4; i++) {
2999 nss = mcs_nss[i] & IEEE80211_RADIOTAP_VHT_NSS_MASK;
3000 mcs = (mcs_nss[i] & IEEE80211_RADIOTAP_VHT_MCS_MASK) >> IEEE80211_RADIOTAP_VHT_MCS_SHIFT;
3005 ND_PRINT((ndo, "User %u MCS %u ", i, mcs));
3006 ND_PRINT((ndo, "%s FEC ",
3007 (coding & (IEEE80211_RADIOTAP_CODING_LDPC_USERn << i)) ?
3010 if (known & IEEE80211_RADIOTAP_VHT_BANDWIDTH_KNOWN) {
3011 ND_PRINT((ndo, "%s ",
3012 vht_bandwidth[bandwidth & IEEE80211_RADIOTAP_VHT_BANDWIDTH_MASK]));
3014 if (known & IEEE80211_RADIOTAP_VHT_GUARD_INTERVAL_KNOWN) {
3015 ND_PRINT((ndo, "%s GI ",
3016 (flags & IEEE80211_RADIOTAP_VHT_SHORT_GI) ?
3023 /* this bit indicates a field whose
3024 * size we do not know, so we cannot
3025 * proceed. Just print the bit number.
3027 ND_PRINT((ndo, "[bit %u] ", bit));
3034 ND_PRINT((ndo, "%s", tstr));
3040 print_in_radiotap_namespace(netdissect_options *ndo,
3041 struct cpack_state *s, uint8_t *flags,
3042 uint32_t presentflags, int bit0)
3044 #define BITNO_32(x) (((x) >> 16) ? 16 + BITNO_16((x) >> 16) : BITNO_16((x)))
3045 #define BITNO_16(x) (((x) >> 8) ? 8 + BITNO_8((x) >> 8) : BITNO_8((x)))
3046 #define BITNO_8(x) (((x) >> 4) ? 4 + BITNO_4((x) >> 4) : BITNO_4((x)))
3047 #define BITNO_4(x) (((x) >> 2) ? 2 + BITNO_2((x) >> 2) : BITNO_2((x)))
3048 #define BITNO_2(x) (((x) & 2) ? 1 : 0)
3049 uint32_t present, next_present;
3051 enum ieee80211_radiotap_type bit;
3054 for (present = presentflags; present; present = next_present) {
3056 * Clear the least significant bit that is set.
3058 next_present = present & (present - 1);
3061 * Get the bit number, within this presence word,
3062 * of the remaining least significant bit that
3065 bitno = BITNO_32(present ^ next_present);
3068 * Stop if this is one of the "same meaning
3069 * in all presence flags" bits.
3071 if (bitno >= IEEE80211_RADIOTAP_NAMESPACE)
3075 * Get the radiotap bit number of that bit.
3077 bit = (enum ieee80211_radiotap_type)(bit0 + bitno);
3079 rc = print_radiotap_field(ndo, s, bit, flags, presentflags);
3088 ieee802_11_radio_print(netdissect_options *ndo,
3089 const u_char *p, u_int length, u_int caplen)
3091 #define BIT(n) (1U << n)
3092 #define IS_EXTENDED(__p) \
3093 (EXTRACT_LE_32BITS(__p) & BIT(IEEE80211_RADIOTAP_EXT)) != 0
3095 struct cpack_state cpacker;
3096 const struct ieee80211_radiotap_header *hdr;
3097 uint32_t presentflags;
3098 const uint32_t *presentp, *last_presentp;
3099 int vendor_namespace;
3100 uint8_t vendor_oui[3];
3101 uint8_t vendor_subnamespace;
3102 uint16_t skip_length;
3109 if (caplen < sizeof(*hdr)) {
3110 ND_PRINT((ndo, "%s", tstr));
3114 hdr = (const struct ieee80211_radiotap_header *)p;
3116 len = EXTRACT_LE_16BITS(&hdr->it_len);
3119 * If we don't have the entire radiotap header, just give up.
3122 ND_PRINT((ndo, "%s", tstr));
3125 cpack_init(&cpacker, (const uint8_t *)hdr, len); /* align against header start */
3126 cpack_advance(&cpacker, sizeof(*hdr)); /* includes the 1st bitmap */
3127 for (last_presentp = &hdr->it_present;
3128 (const u_char*)(last_presentp + 1) <= p + len &&
3129 IS_EXTENDED(last_presentp);
3131 cpack_advance(&cpacker, sizeof(hdr->it_present)); /* more bitmaps */
3133 /* are there more bitmap extensions than bytes in header? */
3134 if ((const u_char*)(last_presentp + 1) > p + len) {
3135 ND_PRINT((ndo, "%s", tstr));
3140 * Start out at the beginning of the default radiotap namespace.
3143 vendor_namespace = 0;
3144 memset(vendor_oui, 0, 3);
3145 vendor_subnamespace = 0;
3147 /* Assume no flags */
3149 /* Assume no Atheros padding between 802.11 header and body */
3151 /* Assume no FCS at end of frame */
3153 for (presentp = &hdr->it_present; presentp <= last_presentp;
3155 presentflags = EXTRACT_LE_32BITS(presentp);
3158 * If this is a vendor namespace, we don't handle it.
3160 if (vendor_namespace) {
3162 * Skip past the stuff we don't understand.
3163 * If we add support for any vendor namespaces,
3164 * it'd be added here; use vendor_oui and
3165 * vendor_subnamespace to interpret the fields.
3167 if (cpack_advance(&cpacker, skip_length) != 0) {
3169 * Ran out of space in the packet.
3175 * We've skipped it all; nothing more to
3180 if (print_in_radiotap_namespace(ndo, &cpacker,
3181 &flags, presentflags, bit0) != 0) {
3183 * Fatal error - can't process anything
3184 * more in the radiotap header.
3191 * Handle the namespace switch bits; we've already handled
3192 * the extension bit in all but the last word above.
3194 switch (presentflags &
3195 (BIT(IEEE80211_RADIOTAP_NAMESPACE)|BIT(IEEE80211_RADIOTAP_VENDOR_NAMESPACE))) {
3199 * We're not changing namespaces.
3200 * advance to the next 32 bits in the current
3206 case BIT(IEEE80211_RADIOTAP_NAMESPACE):
3208 * We're switching to the radiotap namespace.
3209 * Reset the presence-bitmap index to 0, and
3210 * reset the namespace to the default radiotap
3214 vendor_namespace = 0;
3215 memset(vendor_oui, 0, 3);
3216 vendor_subnamespace = 0;
3220 case BIT(IEEE80211_RADIOTAP_VENDOR_NAMESPACE):
3222 * We're switching to a vendor namespace.
3223 * Reset the presence-bitmap index to 0,
3224 * note that we're in a vendor namespace,
3225 * and fetch the fields of the Vendor Namespace
3229 vendor_namespace = 1;
3230 if ((cpack_align_and_reserve(&cpacker, 2)) == NULL) {
3231 ND_PRINT((ndo, "%s", tstr));
3234 if (cpack_uint8(&cpacker, &vendor_oui[0]) != 0) {
3235 ND_PRINT((ndo, "%s", tstr));
3238 if (cpack_uint8(&cpacker, &vendor_oui[1]) != 0) {
3239 ND_PRINT((ndo, "%s", tstr));
3242 if (cpack_uint8(&cpacker, &vendor_oui[2]) != 0) {
3243 ND_PRINT((ndo, "%s", tstr));
3246 if (cpack_uint8(&cpacker, &vendor_subnamespace) != 0) {
3247 ND_PRINT((ndo, "%s", tstr));
3250 if (cpack_uint16(&cpacker, &skip_length) != 0) {
3251 ND_PRINT((ndo, "%s", tstr));
3258 * Illegal combination. The behavior in this
3259 * case is undefined by the radiotap spec; we
3260 * just ignore both bits.
3266 if (flags & IEEE80211_RADIOTAP_F_DATAPAD)
3267 pad = 1; /* Atheros padding */
3268 if (flags & IEEE80211_RADIOTAP_F_FCS)
3269 fcslen = 4; /* FCS at end of packet */
3270 return len + ieee802_11_print(ndo, p + len, length - len, caplen - len, pad,
3281 ieee802_11_avs_radio_print(netdissect_options *ndo,
3282 const u_char *p, u_int length, u_int caplen)
3284 uint32_t caphdr_len;
3287 ND_PRINT((ndo, "%s", tstr));
3291 caphdr_len = EXTRACT_32BITS(p + 4);
3292 if (caphdr_len < 8) {
3294 * Yow! The capture header length is claimed not
3295 * to be large enough to include even the version
3296 * cookie or capture header length!
3298 ND_PRINT((ndo, "%s", tstr));
3302 if (caplen < caphdr_len) {
3303 ND_PRINT((ndo, "%s", tstr));
3307 return caphdr_len + ieee802_11_print(ndo, p + caphdr_len,
3308 length - caphdr_len, caplen - caphdr_len, 0, 0);
3311 #define PRISM_HDR_LEN 144
3313 #define WLANCAP_MAGIC_COOKIE_BASE 0x80211000
3314 #define WLANCAP_MAGIC_COOKIE_V1 0x80211001
3315 #define WLANCAP_MAGIC_COOKIE_V2 0x80211002
3318 * For DLT_PRISM_HEADER; like DLT_IEEE802_11, but with an extra header,
3319 * containing information such as radio information, which we
3322 * If, however, the packet begins with WLANCAP_MAGIC_COOKIE_V1 or
3323 * WLANCAP_MAGIC_COOKIE_V2, it's really DLT_IEEE802_11_RADIO_AVS
3324 * (currently, on Linux, there's no ARPHRD_ type for
3325 * DLT_IEEE802_11_RADIO_AVS, as there is a ARPHRD_IEEE80211_PRISM
3326 * for DLT_PRISM_HEADER, so ARPHRD_IEEE80211_PRISM is used for
3327 * the AVS header, and the first 4 bytes of the header are used to
3328 * indicate whether it's a Prism header or an AVS header).
3331 prism_if_print(netdissect_options *ndo,
3332 const struct pcap_pkthdr *h, const u_char *p)
3334 u_int caplen = h->caplen;
3335 u_int length = h->len;
3339 ND_PRINT((ndo, "%s", tstr));
3343 msgcode = EXTRACT_32BITS(p);
3344 if (msgcode == WLANCAP_MAGIC_COOKIE_V1 ||
3345 msgcode == WLANCAP_MAGIC_COOKIE_V2)
3346 return ieee802_11_avs_radio_print(ndo, p, length, caplen);
3348 if (caplen < PRISM_HDR_LEN) {
3349 ND_PRINT((ndo, "%s", tstr));
3353 return PRISM_HDR_LEN + ieee802_11_print(ndo, p + PRISM_HDR_LEN,
3354 length - PRISM_HDR_LEN, caplen - PRISM_HDR_LEN, 0, 0);
3358 * For DLT_IEEE802_11_RADIO; like DLT_IEEE802_11, but with an extra
3359 * header, containing information such as radio information.
3362 ieee802_11_radio_if_print(netdissect_options *ndo,
3363 const struct pcap_pkthdr *h, const u_char *p)
3365 return ieee802_11_radio_print(ndo, p, h->len, h->caplen);
3369 * For DLT_IEEE802_11_RADIO_AVS; like DLT_IEEE802_11, but with an
3370 * extra header, containing information such as radio information,
3371 * which we currently ignore.
3374 ieee802_11_radio_avs_if_print(netdissect_options *ndo,
3375 const struct pcap_pkthdr *h, const u_char *p)
3377 return ieee802_11_avs_radio_print(ndo, p, h->len, h->caplen);
projects / FreeBSD / FreeBSD.git / blob