3 * Fortress Technologies, Inc. All rights reserved.
4 * Charlie Lenahan (clenahan@fortresstech.com)
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that: (1) source code distributions
8 * retain the above copyright notice and this paragraph in its entirety, (2)
9 * distributions including binary code include the above copyright notice and
10 * this paragraph in its entirety in the documentation or other materials
11 * provided with the distribution, and (3) all advertising materials mentioning
12 * features or use of this software display the following acknowledgement:
13 * ``This product includes software developed by the University of California,
14 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
15 * the University nor the names of its contributors may be used to endorse
16 * or promote products derived from this software without specific prior
18 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
19 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
20 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
23 /* \summary: IEEE 802.11 printer */
29 #include "netdissect-stdinc.h"
33 #include "netdissect.h"
34 #include "addrtoname.h"
41 /* Lengths of 802.11 header components. */
42 #define IEEE802_11_FC_LEN 2
43 #define IEEE802_11_DUR_LEN 2
44 #define IEEE802_11_DA_LEN 6
45 #define IEEE802_11_SA_LEN 6
46 #define IEEE802_11_BSSID_LEN 6
47 #define IEEE802_11_RA_LEN 6
48 #define IEEE802_11_TA_LEN 6
49 #define IEEE802_11_ADDR1_LEN 6
50 #define IEEE802_11_SEQ_LEN 2
51 #define IEEE802_11_CTL_LEN 2
52 #define IEEE802_11_CARRIED_FC_LEN 2
53 #define IEEE802_11_HT_CONTROL_LEN 4
54 #define IEEE802_11_IV_LEN 3
55 #define IEEE802_11_KID_LEN 1
57 /* Frame check sequence length. */
58 #define IEEE802_11_FCS_LEN 4
60 /* Lengths of beacon components. */
61 #define IEEE802_11_TSTAMP_LEN 8
62 #define IEEE802_11_BCNINT_LEN 2
63 #define IEEE802_11_CAPINFO_LEN 2
64 #define IEEE802_11_LISTENINT_LEN 2
66 #define IEEE802_11_AID_LEN 2
67 #define IEEE802_11_STATUS_LEN 2
68 #define IEEE802_11_REASON_LEN 2
70 /* Length of previous AP in reassocation frame */
71 #define IEEE802_11_AP_LEN 6
73 #define T_MGMT 0x0 /* management */
74 #define T_CTRL 0x1 /* control */
75 #define T_DATA 0x2 /* data */
76 #define T_RESV 0x3 /* reserved */
78 #define ST_ASSOC_REQUEST 0x0
79 #define ST_ASSOC_RESPONSE 0x1
80 #define ST_REASSOC_REQUEST 0x2
81 #define ST_REASSOC_RESPONSE 0x3
82 #define ST_PROBE_REQUEST 0x4
83 #define ST_PROBE_RESPONSE 0x5
88 #define ST_DISASSOC 0xA
95 static const struct tok st_str[] = {
96 { ST_ASSOC_REQUEST, "Assoc Request" },
97 { ST_ASSOC_RESPONSE, "Assoc Response" },
98 { ST_REASSOC_REQUEST, "ReAssoc Request" },
99 { ST_REASSOC_RESPONSE, "ReAssoc Response" },
100 { ST_PROBE_REQUEST, "Probe Request" },
101 { ST_PROBE_RESPONSE, "Probe Response" },
102 { ST_BEACON, "Beacon" },
104 { ST_DISASSOC, "Disassociation" },
105 { ST_AUTH, "Authentication" },
106 { ST_DEAUTH, "DeAuthentication" },
107 { ST_ACTION, "Action" },
111 #define CTRL_CONTROL_WRAPPER 0x7
114 #define CTRL_PS_POLL 0xA
118 #define CTRL_CF_END 0xE
119 #define CTRL_END_ACK 0xF
121 static const struct tok ctrl_str[] = {
122 { CTRL_CONTROL_WRAPPER, "Control Wrapper" },
125 { CTRL_PS_POLL, "Power Save-Poll" },
126 { CTRL_RTS, "Request-To-Send" },
127 { CTRL_CTS, "Clear-To-Send" },
128 { CTRL_ACK, "Acknowledgment" },
129 { CTRL_CF_END, "CF-End" },
130 { CTRL_END_ACK, "CF-End+CF-Ack" },
134 #define DATA_DATA 0x0
135 #define DATA_DATA_CF_ACK 0x1
136 #define DATA_DATA_CF_POLL 0x2
137 #define DATA_DATA_CF_ACK_POLL 0x3
138 #define DATA_NODATA 0x4
139 #define DATA_NODATA_CF_ACK 0x5
140 #define DATA_NODATA_CF_POLL 0x6
141 #define DATA_NODATA_CF_ACK_POLL 0x7
143 #define DATA_QOS_DATA 0x8
144 #define DATA_QOS_DATA_CF_ACK 0x9
145 #define DATA_QOS_DATA_CF_POLL 0xA
146 #define DATA_QOS_DATA_CF_ACK_POLL 0xB
147 #define DATA_QOS_NODATA 0xC
148 #define DATA_QOS_CF_POLL_NODATA 0xE
149 #define DATA_QOS_CF_ACK_POLL_NODATA 0xF
152 * The subtype field of a data frame is, in effect, composed of 4 flag
153 * bits - CF-Ack, CF-Poll, Null (means the frame doesn't actually have
154 * any data), and QoS.
156 #define DATA_FRAME_IS_CF_ACK(x) ((x) & 0x01)
157 #define DATA_FRAME_IS_CF_POLL(x) ((x) & 0x02)
158 #define DATA_FRAME_IS_NULL(x) ((x) & 0x04)
159 #define DATA_FRAME_IS_QOS(x) ((x) & 0x08)
162 * Bits in the frame control field.
164 #define FC_VERSION(fc) ((fc) & 0x3)
165 #define FC_TYPE(fc) (((fc) >> 2) & 0x3)
166 #define FC_SUBTYPE(fc) (((fc) >> 4) & 0xF)
167 #define FC_TO_DS(fc) ((fc) & 0x0100)
168 #define FC_FROM_DS(fc) ((fc) & 0x0200)
169 #define FC_MORE_FLAG(fc) ((fc) & 0x0400)
170 #define FC_RETRY(fc) ((fc) & 0x0800)
171 #define FC_POWER_MGMT(fc) ((fc) & 0x1000)
172 #define FC_MORE_DATA(fc) ((fc) & 0x2000)
173 #define FC_PROTECTED(fc) ((fc) & 0x4000)
174 #define FC_ORDER(fc) ((fc) & 0x8000)
176 struct mgmt_header_t {
178 nd_uint16_t duration;
182 nd_uint16_t seq_ctrl;
185 #define MGMT_HDRLEN (IEEE802_11_FC_LEN+IEEE802_11_DUR_LEN+\
186 IEEE802_11_DA_LEN+IEEE802_11_SA_LEN+\
187 IEEE802_11_BSSID_LEN+IEEE802_11_SEQ_LEN)
189 #define CAPABILITY_ESS(cap) ((cap) & 0x0001)
190 #define CAPABILITY_IBSS(cap) ((cap) & 0x0002)
191 #define CAPABILITY_CFP(cap) ((cap) & 0x0004)
192 #define CAPABILITY_CFP_REQ(cap) ((cap) & 0x0008)
193 #define CAPABILITY_PRIVACY(cap) ((cap) & 0x0010)
198 u_char ssid[33]; /* 32 + 1 for null */
210 uint8_t text[254]; /* 1-253 + 1 for null */
233 uint16_t max_duration;
234 uint16_t dur_remaining;
242 uint8_t bitmap_control;
264 #define E_CHALLENGE 16
273 uint8_t timestamp[IEEE802_11_TSTAMP_LEN];
274 uint16_t beacon_interval;
275 uint16_t listen_interval;
276 uint16_t status_code;
278 u_char ap[IEEE802_11_AP_LEN];
279 uint16_t reason_code;
281 uint16_t auth_trans_seq_num;
282 int challenge_present;
283 struct challenge_t challenge;
284 uint16_t capability_info;
288 struct rates_t rates;
299 struct ctrl_control_wrapper_hdr_t {
301 nd_uint16_t duration;
303 nd_uint16_t carried_fc[IEEE802_11_CARRIED_FC_LEN];
304 nd_uint16_t ht_control[IEEE802_11_HT_CONTROL_LEN];
307 #define CTRL_CONTROL_WRAPPER_HDRLEN (IEEE802_11_FC_LEN+IEEE802_11_DUR_LEN+\
308 IEEE802_11_ADDR1_LEN+\
309 IEEE802_11_CARRIED_FC_LEN+\
310 IEEE802_11_HT_CONTROL_LEN)
312 struct ctrl_rts_hdr_t {
314 nd_uint16_t duration;
319 #define CTRL_RTS_HDRLEN (IEEE802_11_FC_LEN+IEEE802_11_DUR_LEN+\
320 IEEE802_11_RA_LEN+IEEE802_11_TA_LEN)
322 struct ctrl_cts_hdr_t {
324 nd_uint16_t duration;
328 #define CTRL_CTS_HDRLEN (IEEE802_11_FC_LEN+IEEE802_11_DUR_LEN+IEEE802_11_RA_LEN)
330 struct ctrl_ack_hdr_t {
332 nd_uint16_t duration;
336 #define CTRL_ACK_HDRLEN (IEEE802_11_FC_LEN+IEEE802_11_DUR_LEN+IEEE802_11_RA_LEN)
338 struct ctrl_ps_poll_hdr_t {
345 #define CTRL_PS_POLL_HDRLEN (IEEE802_11_FC_LEN+IEEE802_11_AID_LEN+\
346 IEEE802_11_BSSID_LEN+IEEE802_11_TA_LEN)
348 struct ctrl_end_hdr_t {
350 nd_uint16_t duration;
355 #define CTRL_END_HDRLEN (IEEE802_11_FC_LEN+IEEE802_11_DUR_LEN+\
356 IEEE802_11_RA_LEN+IEEE802_11_BSSID_LEN)
358 struct ctrl_end_ack_hdr_t {
360 nd_uint16_t duration;
365 #define CTRL_END_ACK_HDRLEN (IEEE802_11_FC_LEN+IEEE802_11_DUR_LEN+\
366 IEEE802_11_RA_LEN+IEEE802_11_BSSID_LEN)
368 struct ctrl_ba_hdr_t {
370 nd_uint16_t duration;
374 #define CTRL_BA_HDRLEN (IEEE802_11_FC_LEN+IEEE802_11_DUR_LEN+IEEE802_11_RA_LEN)
376 struct ctrl_bar_hdr_t {
385 #define CTRL_BAR_HDRLEN (IEEE802_11_FC_LEN+IEEE802_11_DUR_LEN+\
386 IEEE802_11_RA_LEN+IEEE802_11_TA_LEN+\
387 IEEE802_11_CTL_LEN+IEEE802_11_SEQ_LEN)
398 #define IV_IV(iv) ((iv) & 0xFFFFFF)
399 #define IV_PAD(iv) (((iv) >> 24) & 0x3F)
400 #define IV_KEYID(iv) (((iv) >> 30) & 0x03)
402 #define PRINT_SSID(p) \
403 if (p.ssid_present) { \
405 fn_print_str(ndo, p.ssid.ssid); \
409 #define PRINT_RATE(_sep, _r, _suf) \
410 ND_PRINT("%s%2.1f%s", _sep, (.5 * ((_r) & 0x7f)), _suf)
411 #define PRINT_RATES(p) \
412 if (p.rates_present) { \
414 const char *sep = " ["; \
415 for (z = 0; z < p.rates.length ; z++) { \
416 PRINT_RATE(sep, p.rates.rate[z], \
417 (p.rates.rate[z] & 0x80 ? "*" : "")); \
420 if (p.rates.length != 0) \
421 ND_PRINT(" Mbit]"); \
424 #define PRINT_DS_CHANNEL(p) \
426 ND_PRINT(" CH: %u", p.ds.channel); \
428 CAPABILITY_PRIVACY(p.capability_info) ? ", PRIVACY" : "");
430 #define MAX_MCS_INDEX 76
435 * the MCS index (0-76);
437 * 0 for 20 MHz, 1 for 40 MHz;
439 * 0 for a long guard interval, 1 for a short guard interval.
441 static const float ieee80211_float_htrates[MAX_MCS_INDEX+1][2][2] = {
443 { /* 20 Mhz */ { 6.5f, /* SGI */ 7.2f, },
444 /* 40 Mhz */ { 13.5f, /* SGI */ 15.0f, },
448 { /* 20 Mhz */ { 13.0f, /* SGI */ 14.4f, },
449 /* 40 Mhz */ { 27.0f, /* SGI */ 30.0f, },
453 { /* 20 Mhz */ { 19.5f, /* SGI */ 21.7f, },
454 /* 40 Mhz */ { 40.5f, /* SGI */ 45.0f, },
458 { /* 20 Mhz */ { 26.0f, /* SGI */ 28.9f, },
459 /* 40 Mhz */ { 54.0f, /* SGI */ 60.0f, },
463 { /* 20 Mhz */ { 39.0f, /* SGI */ 43.3f, },
464 /* 40 Mhz */ { 81.0f, /* SGI */ 90.0f, },
468 { /* 20 Mhz */ { 52.0f, /* SGI */ 57.8f, },
469 /* 40 Mhz */ { 108.0f, /* SGI */ 120.0f, },
473 { /* 20 Mhz */ { 58.5f, /* SGI */ 65.0f, },
474 /* 40 Mhz */ { 121.5f, /* SGI */ 135.0f, },
478 { /* 20 Mhz */ { 65.0f, /* SGI */ 72.2f, },
479 /* 40 Mhz */ { 135.0f, /* SGI */ 150.0f, },
483 { /* 20 Mhz */ { 13.0f, /* SGI */ 14.4f, },
484 /* 40 Mhz */ { 27.0f, /* SGI */ 30.0f, },
488 { /* 20 Mhz */ { 26.0f, /* SGI */ 28.9f, },
489 /* 40 Mhz */ { 54.0f, /* SGI */ 60.0f, },
493 { /* 20 Mhz */ { 39.0f, /* SGI */ 43.3f, },
494 /* 40 Mhz */ { 81.0f, /* SGI */ 90.0f, },
498 { /* 20 Mhz */ { 52.0f, /* SGI */ 57.8f, },
499 /* 40 Mhz */ { 108.0f, /* SGI */ 120.0f, },
503 { /* 20 Mhz */ { 78.0f, /* SGI */ 86.7f, },
504 /* 40 Mhz */ { 162.0f, /* SGI */ 180.0f, },
508 { /* 20 Mhz */ { 104.0f, /* SGI */ 115.6f, },
509 /* 40 Mhz */ { 216.0f, /* SGI */ 240.0f, },
513 { /* 20 Mhz */ { 117.0f, /* SGI */ 130.0f, },
514 /* 40 Mhz */ { 243.0f, /* SGI */ 270.0f, },
518 { /* 20 Mhz */ { 130.0f, /* SGI */ 144.4f, },
519 /* 40 Mhz */ { 270.0f, /* SGI */ 300.0f, },
523 { /* 20 Mhz */ { 19.5f, /* SGI */ 21.7f, },
524 /* 40 Mhz */ { 40.5f, /* SGI */ 45.0f, },
528 { /* 20 Mhz */ { 39.0f, /* SGI */ 43.3f, },
529 /* 40 Mhz */ { 81.0f, /* SGI */ 90.0f, },
533 { /* 20 Mhz */ { 58.5f, /* SGI */ 65.0f, },
534 /* 40 Mhz */ { 121.5f, /* SGI */ 135.0f, },
538 { /* 20 Mhz */ { 78.0f, /* SGI */ 86.7f, },
539 /* 40 Mhz */ { 162.0f, /* SGI */ 180.0f, },
543 { /* 20 Mhz */ { 117.0f, /* SGI */ 130.0f, },
544 /* 40 Mhz */ { 243.0f, /* SGI */ 270.0f, },
548 { /* 20 Mhz */ { 156.0f, /* SGI */ 173.3f, },
549 /* 40 Mhz */ { 324.0f, /* SGI */ 360.0f, },
553 { /* 20 Mhz */ { 175.5f, /* SGI */ 195.0f, },
554 /* 40 Mhz */ { 364.5f, /* SGI */ 405.0f, },
558 { /* 20 Mhz */ { 195.0f, /* SGI */ 216.7f, },
559 /* 40 Mhz */ { 405.0f, /* SGI */ 450.0f, },
563 { /* 20 Mhz */ { 26.0f, /* SGI */ 28.9f, },
564 /* 40 Mhz */ { 54.0f, /* SGI */ 60.0f, },
568 { /* 20 Mhz */ { 52.0f, /* SGI */ 57.8f, },
569 /* 40 Mhz */ { 108.0f, /* SGI */ 120.0f, },
573 { /* 20 Mhz */ { 78.0f, /* SGI */ 86.7f, },
574 /* 40 Mhz */ { 162.0f, /* SGI */ 180.0f, },
578 { /* 20 Mhz */ { 104.0f, /* SGI */ 115.6f, },
579 /* 40 Mhz */ { 216.0f, /* SGI */ 240.0f, },
583 { /* 20 Mhz */ { 156.0f, /* SGI */ 173.3f, },
584 /* 40 Mhz */ { 324.0f, /* SGI */ 360.0f, },
588 { /* 20 Mhz */ { 208.0f, /* SGI */ 231.1f, },
589 /* 40 Mhz */ { 432.0f, /* SGI */ 480.0f, },
593 { /* 20 Mhz */ { 234.0f, /* SGI */ 260.0f, },
594 /* 40 Mhz */ { 486.0f, /* SGI */ 540.0f, },
598 { /* 20 Mhz */ { 260.0f, /* SGI */ 288.9f, },
599 /* 40 Mhz */ { 540.0f, /* SGI */ 600.0f, },
603 { /* 20 Mhz */ { 0.0f, /* SGI */ 0.0f, }, /* not valid */
604 /* 40 Mhz */ { 6.0f, /* SGI */ 6.7f, },
608 { /* 20 Mhz */ { 39.0f, /* SGI */ 43.3f, },
609 /* 40 Mhz */ { 81.0f, /* SGI */ 90.0f, },
613 { /* 20 Mhz */ { 52.0f, /* SGI */ 57.8f, },
614 /* 40 Mhz */ { 108.0f, /* SGI */ 120.0f, },
618 { /* 20 Mhz */ { 65.0f, /* SGI */ 72.2f, },
619 /* 40 Mhz */ { 135.0f, /* SGI */ 150.0f, },
623 { /* 20 Mhz */ { 58.5f, /* SGI */ 65.0f, },
624 /* 40 Mhz */ { 121.5f, /* SGI */ 135.0f, },
628 { /* 20 Mhz */ { 78.0f, /* SGI */ 86.7f, },
629 /* 40 Mhz */ { 162.0f, /* SGI */ 180.0f, },
633 { /* 20 Mhz */ { 97.5f, /* SGI */ 108.3f, },
634 /* 40 Mhz */ { 202.5f, /* SGI */ 225.0f, },
638 { /* 20 Mhz */ { 52.0f, /* SGI */ 57.8f, },
639 /* 40 Mhz */ { 108.0f, /* SGI */ 120.0f, },
643 { /* 20 Mhz */ { 65.0f, /* SGI */ 72.2f, },
644 /* 40 Mhz */ { 135.0f, /* SGI */ 150.0f, },
648 { /* 20 Mhz */ { 65.0f, /* SGI */ 72.2f, },
649 /* 40 Mhz */ { 135.0f, /* SGI */ 150.0f, },
653 { /* 20 Mhz */ { 78.0f, /* SGI */ 86.7f, },
654 /* 40 Mhz */ { 162.0f, /* SGI */ 180.0f, },
658 { /* 20 Mhz */ { 91.0f, /* SGI */ 101.1f, },
659 /* 40 Mhz */ { 189.0f, /* SGI */ 210.0f, },
663 { /* 20 Mhz */ { 91.0f, /* SGI */ 101.1f, },
664 /* 40 Mhz */ { 189.0f, /* SGI */ 210.0f, },
668 { /* 20 Mhz */ { 104.0f, /* SGI */ 115.6f, },
669 /* 40 Mhz */ { 216.0f, /* SGI */ 240.0f, },
673 { /* 20 Mhz */ { 78.0f, /* SGI */ 86.7f, },
674 /* 40 Mhz */ { 162.0f, /* SGI */ 180.0f, },
678 { /* 20 Mhz */ { 97.5f, /* SGI */ 108.3f, },
679 /* 40 Mhz */ { 202.5f, /* SGI */ 225.0f, },
683 { /* 20 Mhz */ { 97.5f, /* SGI */ 108.3f, },
684 /* 40 Mhz */ { 202.5f, /* SGI */ 225.0f, },
688 { /* 20 Mhz */ { 117.0f, /* SGI */ 130.0f, },
689 /* 40 Mhz */ { 243.0f, /* SGI */ 270.0f, },
693 { /* 20 Mhz */ { 136.5f, /* SGI */ 151.7f, },
694 /* 40 Mhz */ { 283.5f, /* SGI */ 315.0f, },
698 { /* 20 Mhz */ { 136.5f, /* SGI */ 151.7f, },
699 /* 40 Mhz */ { 283.5f, /* SGI */ 315.0f, },
703 { /* 20 Mhz */ { 156.0f, /* SGI */ 173.3f, },
704 /* 40 Mhz */ { 324.0f, /* SGI */ 360.0f, },
708 { /* 20 Mhz */ { 65.0f, /* SGI */ 72.2f, },
709 /* 40 Mhz */ { 135.0f, /* SGI */ 150.0f, },
713 { /* 20 Mhz */ { 78.0f, /* SGI */ 86.7f, },
714 /* 40 Mhz */ { 162.0f, /* SGI */ 180.0f, },
718 { /* 20 Mhz */ { 91.0f, /* SGI */ 101.1f, },
719 /* 40 Mhz */ { 189.0f, /* SGI */ 210.0f, },
723 { /* 20 Mhz */ { 78.0f, /* SGI */ 86.7f, },
724 /* 40 Mhz */ { 162.0f, /* SGI */ 180.0f, },
728 { /* 20 Mhz */ { 91.0f, /* SGI */ 101.1f, },
729 /* 40 Mhz */ { 189.0f, /* SGI */ 210.0f, },
733 { /* 20 Mhz */ { 104.0f, /* SGI */ 115.6f, },
734 /* 40 Mhz */ { 216.0f, /* SGI */ 240.0f, },
738 { /* 20 Mhz */ { 117.0f, /* SGI */ 130.0f, },
739 /* 40 Mhz */ { 243.0f, /* SGI */ 270.0f, },
743 { /* 20 Mhz */ { 104.0f, /* SGI */ 115.6f, },
744 /* 40 Mhz */ { 216.0f, /* SGI */ 240.0f, },
748 { /* 20 Mhz */ { 117.0f, /* SGI */ 130.0f, },
749 /* 40 Mhz */ { 243.0f, /* SGI */ 270.0f, },
753 { /* 20 Mhz */ { 130.0f, /* SGI */ 144.4f, },
754 /* 40 Mhz */ { 270.0f, /* SGI */ 300.0f, },
758 { /* 20 Mhz */ { 130.0f, /* SGI */ 144.4f, },
759 /* 40 Mhz */ { 270.0f, /* SGI */ 300.0f, },
763 { /* 20 Mhz */ { 143.0f, /* SGI */ 158.9f, },
764 /* 40 Mhz */ { 297.0f, /* SGI */ 330.0f, },
768 { /* 20 Mhz */ { 97.5f, /* SGI */ 108.3f, },
769 /* 40 Mhz */ { 202.5f, /* SGI */ 225.0f, },
773 { /* 20 Mhz */ { 117.0f, /* SGI */ 130.0f, },
774 /* 40 Mhz */ { 243.0f, /* SGI */ 270.0f, },
778 { /* 20 Mhz */ { 136.5f, /* SGI */ 151.7f, },
779 /* 40 Mhz */ { 283.5f, /* SGI */ 315.0f, },
783 { /* 20 Mhz */ { 117.0f, /* SGI */ 130.0f, },
784 /* 40 Mhz */ { 243.0f, /* SGI */ 270.0f, },
788 { /* 20 Mhz */ { 136.5f, /* SGI */ 151.7f, },
789 /* 40 Mhz */ { 283.5f, /* SGI */ 315.0f, },
793 { /* 20 Mhz */ { 156.0f, /* SGI */ 173.3f, },
794 /* 40 Mhz */ { 324.0f, /* SGI */ 360.0f, },
798 { /* 20 Mhz */ { 175.5f, /* SGI */ 195.0f, },
799 /* 40 Mhz */ { 364.5f, /* SGI */ 405.0f, },
803 { /* 20 Mhz */ { 156.0f, /* SGI */ 173.3f, },
804 /* 40 Mhz */ { 324.0f, /* SGI */ 360.0f, },
808 { /* 20 Mhz */ { 175.5f, /* SGI */ 195.0f, },
809 /* 40 Mhz */ { 364.5f, /* SGI */ 405.0f, },
813 { /* 20 Mhz */ { 195.0f, /* SGI */ 216.7f, },
814 /* 40 Mhz */ { 405.0f, /* SGI */ 450.0f, },
818 { /* 20 Mhz */ { 195.0f, /* SGI */ 216.7f, },
819 /* 40 Mhz */ { 405.0f, /* SGI */ 450.0f, },
823 { /* 20 Mhz */ { 214.5f, /* SGI */ 238.3f, },
824 /* 40 Mhz */ { 445.5f, /* SGI */ 495.0f, },
828 static const char *auth_alg_text[]={"Open System","Shared Key","EAP"};
829 #define NUM_AUTH_ALGS (sizeof(auth_alg_text) / sizeof(auth_alg_text[0]))
831 static const char *status_text[] = {
832 "Successful", /* 0 */
833 "Unspecified failure", /* 1 */
834 "TDLS wakeup schedule rejected but alternative schedule "
836 "TDLS wakeup schedule rejected",/* 3 */
838 "Security disabled", /* 5 */
839 "Unacceptable lifetime", /* 6 */
840 "Not in same BSS", /* 7 */
843 "Cannot Support all requested capabilities in the Capability "
844 "Information field", /* 10 */
845 "Reassociation denied due to inability to confirm that association "
847 "Association denied due to reason outside the scope of this "
849 "Responding STA does not support the specified authentication "
850 "algorithm", /* 13 */
851 "Received an Authentication frame with authentication transaction "
852 "sequence number out of expected sequence", /* 14 */
853 "Authentication rejected because of challenge failure", /* 15 */
854 "Authentication rejected due to timeout waiting for next frame in "
856 "Association denied because AP is unable to handle "
857 "additional associated STAs", /* 17 */
858 "Association denied due to requesting STA not supporting "
859 "all of the data rates in the BSSBasicRateSet parameter, "
860 "the Basic HT-MCS Set field of the HT Operation "
861 "parameter, or the Basic VHT-MCS and NSS Set field in "
862 "the VHT Operation parameter", /* 18 */
863 "Association denied due to requesting STA not supporting "
864 "the short preamble option", /* 19 */
867 "Association request rejected because Spectrum Management "
868 "capability is required", /* 22 */
869 "Association request rejected because the information in the "
870 "Power Capability element is unacceptable", /* 23 */
871 "Association request rejected because the information in the "
872 "Supported Channels element is unacceptable", /* 24 */
873 "Association denied due to requesting STA not supporting "
874 "the Short Slot Time option", /* 25 */
876 "Association denied because the requested STA does not support HT "
878 "R0KH unreachable", /* 28 */
879 "Association denied because the requesting STA does not "
880 "support the phased coexistence operation (PCO) "
881 "transition time required by the AP", /* 29 */
882 "Association request rejected temporarily; try again "
884 "Robust management frame policy violation", /* 31 */
885 "Unspecified, QoS-related failure", /* 32 */
886 "Association denied because QoS AP or PCP has "
887 "insufficient bandwidth to handle another QoS "
889 "Association denied due to excessive frame loss rates and/or "
890 "poor conditions on current operating channel", /* 34 */
891 "Association (with QoS BSS) denied because the requesting STA "
892 "does not support the QoS facility", /* 35 */
894 "The request has been declined", /* 37 */
895 "The request has not been successful as one or more parameters "
896 "have invalid values", /* 38 */
897 "The allocation or TS has not been created because the request "
898 "cannot be honored; however, a suggested TSPEC/DMG TSPEC is "
899 "provided so that the initiating STA can attempt to set "
900 "another allocation or TS with the suggested changes to the "
901 "TSPEC/DMG TSPEC", /* 39 */
902 "Invalid element, i.e., an element defined in this standard "
903 "for which the content does not meet the specifications in "
905 "Invalid group cipher", /* 41 */
906 "Invalid pairwise cipher", /* 42 */
907 "Invalid AKMP", /* 43 */
908 "Unsupported RSNE version", /* 44 */
909 "Invalid RSNE capabilities", /* 45 */
910 "Cipher suite rejected because of security policy", /* 46 */
911 "The TS or allocation has not been created; however, the "
912 "HC or PCP might be capable of creating a TS or "
913 "allocation, in response to a request, after the time "
914 "indicated in the TS Delay element", /* 47 */
915 "Direct Link is not allowed in the BSS by policy", /* 48 */
916 "The Destination STA is not present within this BSS", /* 49 */
917 "The Destination STA is not a QoS STA", /* 50 */
919 "Association denied because the listen interval is "
920 "too large", /* 51 */
921 "Invalid FT Action frame count", /* 52 */
922 "Invalid pairwise master key identifier (PMKID)", /* 53 */
923 "Invalid MDE", /* 54 */
924 "Invalid FTE", /* 55 */
925 "Requested TCLAS processing is not supported by the AP "
927 "The AP or PCP has insufficient TCLAS processing "
928 "resources to satisfy the request", /* 57 */
929 "The TS has not been created because the request "
930 "cannot be honored; however, the HC or PCP suggests "
931 "that the STA transition to a different BSS to set up "
933 "GAS Advertisement Protocol not supported", /* 59 */
934 "No outstanding GAS request", /* 60 */
935 "GAS Response not received from the Advertisement "
937 "STA timed out waiting for GAS Query Response", /* 62 */
938 "LARGE GAS Response is larger than query response "
939 "length limit", /* 63 */
940 "Request refused because home network does not support "
942 "Advertisement Server in the network is not currently "
943 "reachable", /* 65 */
945 "Request refused due to permissions received via SSPN "
946 "interface", /* 67 */
947 "Request refused because the AP or PCP does not "
948 "support unauthenticated access", /* 68 */
952 "Invalid contents of RSNE", /* 72 */
953 "U-APSD coexistence is not supported", /* 73 */
954 "Requested U-APSD coexistence mode is not supported", /* 74 */
955 "Requested Interval/Duration value cannot be "
956 "supported with U-APSD coexistence", /* 75 */
957 "Authentication is rejected because an Anti-Clogging "
958 "Token is required", /* 76 */
959 "Authentication is rejected because the offered "
960 "finite cyclic group is not supported", /* 77 */
961 "The TBTT adjustment request has not been successful "
962 "because the STA could not find an alternative TBTT", /* 78 */
963 "Transmission failure", /* 79 */
964 "Requested TCLAS Not Supported", /* 80 */
965 "TCLAS Resources Exhausted", /* 81 */
966 "Rejected with Suggested BSS transition", /* 82 */
967 "Reject with recommended schedule", /* 83 */
968 "Reject because no wakeup schedule specified", /* 84 */
969 "Success, the destination STA is in power save mode", /* 85 */
970 "FST pending, in process of admitting FST session", /* 86 */
971 "Performing FST now", /* 87 */
972 "FST pending, gap(s) in block ack window", /* 88 */
973 "Reject because of U-PID setting", /* 89 */
976 "(Re)Association refused for some external reason", /* 92 */
977 "(Re)Association refused because of memory limits "
978 "at the AP", /* 93 */
979 "(Re)Association refused because emergency services "
980 "are not supported at the AP", /* 94 */
981 "GAS query response not yet received", /* 95 */
982 "Reject since the request is for transition to a "
983 "frequency band subject to DSE procedures and "
984 "FST Initiator is a dependent STA", /* 96 */
985 "Requested TCLAS processing has been terminated by "
987 "The TS schedule conflicts with an existing "
988 "schedule; an alternative schedule is provided", /* 98 */
989 "The association has been denied; however, one or "
990 "more Multi-band elements are included that can "
991 "be used by the receiving STA to join the BSS", /* 99 */
992 "The request failed due to a reservation conflict", /* 100 */
993 "The request failed due to exceeded MAF limit", /* 101 */
994 "The request failed due to exceeded MCCA track "
996 "Association denied because the information in the"
997 "Spectrum Management field is unacceptable", /* 103 */
998 "Association denied because the requesting STA "
999 "does not support VHT features", /* 104 */
1000 "Enablement denied", /* 105 */
1001 "Enablement denied due to restriction from an "
1002 "authorized GDB", /* 106 */
1003 "Authorization deenabled", /* 107 */
1005 #define NUM_STATUSES (sizeof(status_text) / sizeof(status_text[0]))
1007 static const char *reason_text[] = {
1009 "Unspecified reason", /* 1 */
1010 "Previous authentication no longer valid", /* 2 */
1011 "Deauthenticated because sending STA is leaving (or has left) "
1012 "IBSS or ESS", /* 3 */
1013 "Disassociated due to inactivity", /* 4 */
1014 "Disassociated because AP is unable to handle all currently "
1015 " associated STAs", /* 5 */
1016 "Class 2 frame received from nonauthenticated STA", /* 6 */
1017 "Class 3 frame received from nonassociated STA", /* 7 */
1018 "Disassociated because sending STA is leaving "
1019 "(or has left) BSS", /* 8 */
1020 "STA requesting (re)association is not authenticated with "
1021 "responding STA", /* 9 */
1022 "Disassociated because the information in the Power Capability "
1023 "element is unacceptable", /* 10 */
1024 "Disassociated because the information in the Supported Channels "
1025 "element is unacceptable", /* 11 */
1026 "Disassociated due to BSS transition management", /* 12 */
1027 "Invalid element, i.e., an element defined in this standard for "
1028 "which the content does not meet the specifications "
1029 "in Clause 9", /* 13 */
1030 "Message integrity code (MIC) failure", /* 14 */
1031 "4-Way Handshake timeout", /* 15 */
1032 "Group key handshake timeout", /* 16 */
1033 "Information element in 4-Way Handshake different from (Re)Association"
1034 "Request/Probe Response/Beacon frame", /* 17 */
1035 "Invalid group cipher", /* 18 */
1036 "Invalid pairwise cipher", /* 19 */
1037 "Invalid AKMP", /* 20 */
1038 "Unsupported RSNE version", /* 21 */
1039 "Invalid RSNE capabilities", /* 22 */
1040 "IEEE 802.1X authentication failed", /* 23 */
1041 "Cipher suite rejected because of the security policy", /* 24 */
1042 "TDLS direct-link teardown due to TDLS peer STA "
1043 "unreachable via the TDLS direct link", /* 25 */
1044 "TDLS direct-link teardown for unspecified reason", /* 26 */
1045 "Disassociated because session terminated by SSP request",/* 27 */
1046 "Disassociated because of lack of SSP roaming agreement",/* 28 */
1047 "Requested service rejected because of SSP cipher suite or "
1048 "AKM requirement", /* 29 */
1049 "Requested service not authorized in this location", /* 30 */
1050 "TS deleted because QoS AP lacks sufficient bandwidth for this "
1051 "QoS STA due to a change in BSS service characteristics or "
1052 "operational mode (e.g. an HT BSS change from 40 MHz channel "
1053 "to 20 MHz channel)", /* 31 */
1054 "Disassociated for unspecified, QoS-related reason", /* 32 */
1055 "Disassociated because QoS AP lacks sufficient bandwidth for this "
1057 "Disassociated because of excessive number of frames that need to be "
1058 "acknowledged, but are not acknowledged due to AP transmissions "
1059 "and/or poor channel conditions", /* 34 */
1060 "Disassociated because STA is transmitting outside the limits "
1061 "of its TXOPs", /* 35 */
1062 "Requested from peer STA as the STA is leaving the BSS "
1063 "(or resetting)", /* 36 */
1064 "Requested from peer STA as it does not want to use the "
1065 "mechanism", /* 37 */
1066 "Requested from peer STA as the STA received frames using the "
1067 "mechanism for which a set up is required", /* 38 */
1068 "Requested from peer STA due to time out", /* 39 */
1069 "Reserved", /* 40 */
1070 "Reserved", /* 41 */
1071 "Reserved", /* 42 */
1072 "Reserved", /* 43 */
1073 "Reserved", /* 44 */
1074 "Peer STA does not support the requested cipher suite", /* 45 */
1075 "In a DLS Teardown frame: The teardown was initiated by the "
1076 "DLS peer. In a Disassociation frame: Disassociated because "
1077 "authorized access limit reached", /* 46 */
1078 "In a DLS Teardown frame: The teardown was initiated by the "
1079 "AP. In a Disassociation frame: Disassociated due to external "
1080 "service requirements", /* 47 */
1081 "Invalid FT Action frame count", /* 48 */
1082 "Invalid pairwise master key identifier (PMKID)", /* 49 */
1083 "Invalid MDE", /* 50 */
1084 "Invalid FTE", /* 51 */
1085 "Mesh peering canceled for unknown reasons", /* 52 */
1086 "The mesh STA has reached the supported maximum number of "
1087 "peer mesh STAs", /* 53 */
1088 "The received information violates the Mesh Configuration "
1089 "policy configured in the mesh STA profile", /* 54 */
1090 "The mesh STA has received a Mesh Peering Close frame "
1091 "requesting to close the mesh peering", /* 55 */
1092 "The mesh STA has resent dot11MeshMaxRetries Mesh "
1093 "Peering Open frames, without receiving a Mesh Peering "
1094 "Confirm frame", /* 56 */
1095 "The confirmTimer for the mesh peering instance times out", /* 57 */
1096 "The mesh STA fails to unwrap the GTK or the values in the "
1097 "wrapped contents do not match", /* 58 */
1098 "The mesh STA receives inconsistent information about the "
1099 "mesh parameters between mesh peering Management frames", /* 59 */
1100 "The mesh STA fails the authenticated mesh peering exchange "
1101 "because due to failure in selecting either the pairwise "
1102 "ciphersuite or group ciphersuite", /* 60 */
1103 "The mesh STA does not have proxy information for this "
1104 "external destination", /* 61 */
1105 "The mesh STA does not have forwarding information for this "
1106 "destination", /* 62 */
1107 "The mesh STA determines that the link to the next hop of an "
1108 "active path in its forwarding information is no longer "
1110 "The Deauthentication frame was sent because the MAC "
1111 "address of the STA already exists in the mesh BSS", /* 64 */
1112 "The mesh STA performs channel switch to meet regulatory "
1113 "requirements", /* 65 */
1114 "The mesh STA performs channel switching with unspecified "
1117 #define NUM_REASONS (sizeof(reason_text) / sizeof(reason_text[0]))
1120 wep_print(netdissect_options *ndo,
1125 ND_TCHECK_LEN(p, IEEE802_11_IV_LEN + IEEE802_11_KID_LEN);
1128 ND_PRINT(" IV:%3x Pad %x KeyID %x", IV_IV(iv), IV_PAD(iv),
1137 parse_elements(netdissect_options *ndo,
1138 struct mgmt_body_t *pbody, const u_char *p, int offset,
1143 struct challenge_t challenge;
1144 struct rates_t rates;
1150 * We haven't seen any elements yet.
1152 pbody->challenge_present = 0;
1153 pbody->ssid_present = 0;
1154 pbody->rates_present = 0;
1155 pbody->ds_present = 0;
1156 pbody->cf_present = 0;
1157 pbody->tim_present = 0;
1159 while (length != 0) {
1160 /* Make sure we at least have the element ID and length. */
1161 ND_TCHECK_2(p + offset);
1164 elementlen = GET_U_1(p + offset + 1);
1166 /* Make sure we have the entire element. */
1167 ND_TCHECK_LEN(p + offset + 2, elementlen);
1168 if (length < elementlen + 2)
1171 switch (GET_U_1(p + offset)) {
1173 memcpy(&ssid, p + offset, 2);
1176 if (ssid.length != 0) {
1177 if (ssid.length > sizeof(ssid.ssid) - 1)
1179 memcpy(&ssid.ssid, p + offset, ssid.length);
1180 offset += ssid.length;
1181 length -= ssid.length;
1183 ssid.ssid[ssid.length] = '\0';
1185 * Present and not truncated.
1187 * If we haven't already seen an SSID IE,
1188 * copy this one, otherwise ignore this one,
1189 * so we later report the first one we saw.
1191 if (!pbody->ssid_present) {
1193 pbody->ssid_present = 1;
1197 memcpy(&challenge, p + offset, 2);
1200 if (challenge.length != 0) {
1201 if (challenge.length >
1202 sizeof(challenge.text) - 1)
1204 memcpy(&challenge.text, p + offset,
1206 offset += challenge.length;
1207 length -= challenge.length;
1209 challenge.text[challenge.length] = '\0';
1211 * Present and not truncated.
1213 * If we haven't already seen a challenge IE,
1214 * copy this one, otherwise ignore this one,
1215 * so we later report the first one we saw.
1217 if (!pbody->challenge_present) {
1218 pbody->challenge = challenge;
1219 pbody->challenge_present = 1;
1223 memcpy(&rates, p + offset, 2);
1226 if (rates.length != 0) {
1227 if (rates.length > sizeof(rates.rate))
1229 memcpy(&rates.rate, p + offset, rates.length);
1230 offset += rates.length;
1231 length -= rates.length;
1234 * Present and not truncated.
1236 * If we haven't already seen a rates IE,
1237 * copy this one if it's not zero-length,
1238 * otherwise ignore this one, so we later
1239 * report the first one we saw.
1241 * We ignore zero-length rates IEs as some
1242 * devices seem to put a zero-length rates
1243 * IE, followed by an SSID IE, followed by
1244 * a non-zero-length rates IE into frames,
1245 * even though IEEE Std 802.11-2007 doesn't
1246 * seem to indicate that a zero-length rates
1249 if (!pbody->rates_present && rates.length != 0) {
1250 pbody->rates = rates;
1251 pbody->rates_present = 1;
1255 memcpy(&ds, p + offset, 2);
1258 if (ds.length != 1) {
1259 offset += ds.length;
1260 length -= ds.length;
1263 ds.channel = GET_U_1(p + offset);
1267 * Present and not truncated.
1269 * If we haven't already seen a DS IE,
1270 * copy this one, otherwise ignore this one,
1271 * so we later report the first one we saw.
1273 if (!pbody->ds_present) {
1275 pbody->ds_present = 1;
1279 memcpy(&cf, p + offset, 2);
1282 if (cf.length != 6) {
1283 offset += cf.length;
1284 length -= cf.length;
1287 cf.count = GET_U_1(p + offset);
1290 cf.period = GET_U_1(p + offset);
1293 cf.max_duration = GET_LE_U_2(p + offset);
1296 cf.dur_remaining = GET_LE_U_2(p + offset);
1300 * Present and not truncated.
1302 * If we haven't already seen a CF IE,
1303 * copy this one, otherwise ignore this one,
1304 * so we later report the first one we saw.
1306 if (!pbody->cf_present) {
1308 pbody->cf_present = 1;
1312 memcpy(&tim, p + offset, 2);
1315 if (tim.length <= 3U) {
1316 offset += tim.length;
1317 length -= tim.length;
1320 if (tim.length - 3U > sizeof(tim.bitmap))
1322 tim.count = GET_U_1(p + offset);
1325 tim.period = GET_U_1(p + offset);
1328 tim.bitmap_control = GET_U_1(p + offset);
1331 memcpy(tim.bitmap, p + offset, tim.length - 3);
1332 offset += tim.length - 3;
1333 length -= tim.length - 3;
1335 * Present and not truncated.
1337 * If we haven't already seen a TIM IE,
1338 * copy this one, otherwise ignore this one,
1339 * so we later report the first one we saw.
1341 if (!pbody->tim_present) {
1343 pbody->tim_present = 1;
1348 ND_PRINT("(1) unhandled element_id (%u) ",
1349 GET_U_1(p + offset));
1351 offset += 2 + elementlen;
1352 length -= 2 + elementlen;
1357 /* No problems found. */
1363 /*********************************************************************************
1364 * Print Handle functions for the management frame types
1365 *********************************************************************************/
1368 handle_beacon(netdissect_options *ndo,
1369 const u_char *p, u_int length)
1371 struct mgmt_body_t pbody;
1375 memset(&pbody, 0, sizeof(pbody));
1377 ND_TCHECK_LEN(p, IEEE802_11_TSTAMP_LEN + IEEE802_11_BCNINT_LEN +
1378 IEEE802_11_CAPINFO_LEN);
1379 if (length < IEEE802_11_TSTAMP_LEN + IEEE802_11_BCNINT_LEN +
1380 IEEE802_11_CAPINFO_LEN)
1382 memcpy(&pbody.timestamp, p, IEEE802_11_TSTAMP_LEN);
1383 offset += IEEE802_11_TSTAMP_LEN;
1384 length -= IEEE802_11_TSTAMP_LEN;
1385 pbody.beacon_interval = GET_LE_U_2(p + offset);
1386 offset += IEEE802_11_BCNINT_LEN;
1387 length -= IEEE802_11_BCNINT_LEN;
1388 pbody.capability_info = GET_LE_U_2(p + offset);
1389 offset += IEEE802_11_CAPINFO_LEN;
1390 length -= IEEE802_11_CAPINFO_LEN;
1392 ret = parse_elements(ndo, &pbody, p, offset, length);
1397 CAPABILITY_ESS(pbody.capability_info) ? "ESS" : "IBSS");
1398 PRINT_DS_CHANNEL(pbody);
1406 handle_assoc_request(netdissect_options *ndo,
1407 const u_char *p, u_int length)
1409 struct mgmt_body_t pbody;
1413 memset(&pbody, 0, sizeof(pbody));
1415 ND_TCHECK_LEN(p, IEEE802_11_CAPINFO_LEN + IEEE802_11_LISTENINT_LEN);
1416 if (length < IEEE802_11_CAPINFO_LEN + IEEE802_11_LISTENINT_LEN)
1418 pbody.capability_info = GET_LE_U_2(p);
1419 offset += IEEE802_11_CAPINFO_LEN;
1420 length -= IEEE802_11_CAPINFO_LEN;
1421 pbody.listen_interval = GET_LE_U_2(p + offset);
1422 offset += IEEE802_11_LISTENINT_LEN;
1423 length -= IEEE802_11_LISTENINT_LEN;
1425 ret = parse_elements(ndo, &pbody, p, offset, length);
1435 handle_assoc_response(netdissect_options *ndo,
1436 const u_char *p, u_int length)
1438 struct mgmt_body_t pbody;
1442 memset(&pbody, 0, sizeof(pbody));
1444 ND_TCHECK_LEN(p, IEEE802_11_CAPINFO_LEN + IEEE802_11_STATUS_LEN +
1445 IEEE802_11_AID_LEN);
1446 if (length < IEEE802_11_CAPINFO_LEN + IEEE802_11_STATUS_LEN +
1449 pbody.capability_info = GET_LE_U_2(p);
1450 offset += IEEE802_11_CAPINFO_LEN;
1451 length -= IEEE802_11_CAPINFO_LEN;
1452 pbody.status_code = GET_LE_U_2(p + offset);
1453 offset += IEEE802_11_STATUS_LEN;
1454 length -= IEEE802_11_STATUS_LEN;
1455 pbody.aid = GET_LE_U_2(p + offset);
1456 offset += IEEE802_11_AID_LEN;
1457 length -= IEEE802_11_AID_LEN;
1459 ret = parse_elements(ndo, &pbody, p, offset, length);
1461 ND_PRINT(" AID(%x) :%s: %s", ((uint16_t)(pbody.aid << 2 )) >> 2 ,
1462 CAPABILITY_PRIVACY(pbody.capability_info) ? " PRIVACY " : "",
1463 (pbody.status_code < NUM_STATUSES
1464 ? status_text[pbody.status_code]
1473 handle_reassoc_request(netdissect_options *ndo,
1474 const u_char *p, u_int length)
1476 struct mgmt_body_t pbody;
1480 memset(&pbody, 0, sizeof(pbody));
1482 ND_TCHECK_LEN(p, IEEE802_11_CAPINFO_LEN + IEEE802_11_LISTENINT_LEN +
1484 if (length < IEEE802_11_CAPINFO_LEN + IEEE802_11_LISTENINT_LEN +
1487 pbody.capability_info = GET_LE_U_2(p);
1488 offset += IEEE802_11_CAPINFO_LEN;
1489 length -= IEEE802_11_CAPINFO_LEN;
1490 pbody.listen_interval = GET_LE_U_2(p + offset);
1491 offset += IEEE802_11_LISTENINT_LEN;
1492 length -= IEEE802_11_LISTENINT_LEN;
1493 memcpy(&pbody.ap, p+offset, IEEE802_11_AP_LEN);
1494 offset += IEEE802_11_AP_LEN;
1495 length -= IEEE802_11_AP_LEN;
1497 ret = parse_elements(ndo, &pbody, p, offset, length);
1500 ND_PRINT(" AP : %s", etheraddr_string(ndo, pbody.ap ));
1508 handle_reassoc_response(netdissect_options *ndo,
1509 const u_char *p, u_int length)
1511 /* Same as a Association Response */
1512 return handle_assoc_response(ndo, p, length);
1516 handle_probe_request(netdissect_options *ndo,
1517 const u_char *p, u_int length)
1519 struct mgmt_body_t pbody;
1523 memset(&pbody, 0, sizeof(pbody));
1525 ret = parse_elements(ndo, &pbody, p, offset, length);
1534 handle_probe_response(netdissect_options *ndo,
1535 const u_char *p, u_int length)
1537 struct mgmt_body_t pbody;
1541 memset(&pbody, 0, sizeof(pbody));
1543 ND_TCHECK_LEN(p, IEEE802_11_TSTAMP_LEN + IEEE802_11_BCNINT_LEN +
1544 IEEE802_11_CAPINFO_LEN);
1545 if (length < IEEE802_11_TSTAMP_LEN + IEEE802_11_BCNINT_LEN +
1546 IEEE802_11_CAPINFO_LEN)
1548 memcpy(&pbody.timestamp, p, IEEE802_11_TSTAMP_LEN);
1549 offset += IEEE802_11_TSTAMP_LEN;
1550 length -= IEEE802_11_TSTAMP_LEN;
1551 pbody.beacon_interval = GET_LE_U_2(p + offset);
1552 offset += IEEE802_11_BCNINT_LEN;
1553 length -= IEEE802_11_BCNINT_LEN;
1554 pbody.capability_info = GET_LE_U_2(p + offset);
1555 offset += IEEE802_11_CAPINFO_LEN;
1556 length -= IEEE802_11_CAPINFO_LEN;
1558 ret = parse_elements(ndo, &pbody, p, offset, length);
1562 PRINT_DS_CHANNEL(pbody);
1572 /* the frame body for ATIM is null. */
1577 handle_disassoc(netdissect_options *ndo,
1578 const u_char *p, u_int length)
1580 struct mgmt_body_t pbody;
1582 memset(&pbody, 0, sizeof(pbody));
1584 ND_TCHECK_LEN(p, IEEE802_11_REASON_LEN);
1585 if (length < IEEE802_11_REASON_LEN)
1587 pbody.reason_code = GET_LE_U_2(p);
1590 (pbody.reason_code < NUM_REASONS)
1591 ? reason_text[pbody.reason_code]
1600 handle_auth(netdissect_options *ndo,
1601 const u_char *p, u_int length)
1603 struct mgmt_body_t pbody;
1607 memset(&pbody, 0, sizeof(pbody));
1612 pbody.auth_alg = GET_LE_U_2(p);
1615 pbody.auth_trans_seq_num = GET_LE_U_2(p + offset);
1618 pbody.status_code = GET_LE_U_2(p + offset);
1622 ret = parse_elements(ndo, &pbody, p, offset, length);
1624 if ((pbody.auth_alg == 1) &&
1625 ((pbody.auth_trans_seq_num == 2) ||
1626 (pbody.auth_trans_seq_num == 3))) {
1627 ND_PRINT(" (%s)-%x [Challenge Text] %s",
1628 (pbody.auth_alg < NUM_AUTH_ALGS)
1629 ? auth_alg_text[pbody.auth_alg]
1631 pbody.auth_trans_seq_num,
1632 ((pbody.auth_trans_seq_num % 2)
1633 ? ((pbody.status_code < NUM_STATUSES)
1634 ? status_text[pbody.status_code]
1638 ND_PRINT(" (%s)-%x: %s",
1639 (pbody.auth_alg < NUM_AUTH_ALGS)
1640 ? auth_alg_text[pbody.auth_alg]
1642 pbody.auth_trans_seq_num,
1643 (pbody.auth_trans_seq_num % 2)
1644 ? ((pbody.status_code < NUM_STATUSES)
1645 ? status_text[pbody.status_code]
1655 handle_deauth(netdissect_options *ndo,
1656 const uint8_t *src, const u_char *p, u_int length)
1658 struct mgmt_body_t pbody;
1659 const char *reason = NULL;
1661 memset(&pbody, 0, sizeof(pbody));
1663 ND_TCHECK_LEN(p, IEEE802_11_REASON_LEN);
1664 if (length < IEEE802_11_REASON_LEN)
1666 pbody.reason_code = GET_LE_U_2(p);
1668 reason = (pbody.reason_code < NUM_REASONS)
1669 ? reason_text[pbody.reason_code]
1672 if (ndo->ndo_eflag) {
1673 ND_PRINT(": %s", reason);
1675 ND_PRINT(" (%s): %s", GET_ETHERADDR_STRING(src), reason);
1682 #define PRINT_HT_ACTION(v) (\
1683 (v) == 0 ? ND_PRINT("TxChWidth"): \
1684 (v) == 1 ? ND_PRINT("MIMOPwrSave"): \
1685 ND_PRINT("Act#%u", (v)))
1686 #define PRINT_BA_ACTION(v) (\
1687 (v) == 0 ? ND_PRINT("ADDBA Request"): \
1688 (v) == 1 ? ND_PRINT("ADDBA Response"): \
1689 (v) == 2 ? ND_PRINT("DELBA"): \
1690 ND_PRINT("Act#%u", (v)))
1691 #define PRINT_MESHLINK_ACTION(v) (\
1692 (v) == 0 ? ND_PRINT("Request"): \
1693 (v) == 1 ? ND_PRINT("Report"): \
1694 ND_PRINT("Act#%u", (v)))
1695 #define PRINT_MESHPEERING_ACTION(v) (\
1696 (v) == 0 ? ND_PRINT("Open"): \
1697 (v) == 1 ? ND_PRINT("Confirm"): \
1698 (v) == 2 ? ND_PRINT("Close"): \
1699 ND_PRINT("Act#%u", (v)))
1700 #define PRINT_MESHPATH_ACTION(v) (\
1701 (v) == 0 ? ND_PRINT("Request"): \
1702 (v) == 1 ? ND_PRINT("Report"): \
1703 (v) == 2 ? ND_PRINT("Error"): \
1704 (v) == 3 ? ND_PRINT("RootAnnouncement"): \
1705 ND_PRINT("Act#%u", (v)))
1707 #define PRINT_MESH_ACTION(v) (\
1708 (v) == 0 ? ND_PRINT("MeshLink"): \
1709 (v) == 1 ? ND_PRINT("HWMP"): \
1710 (v) == 2 ? ND_PRINT("Gate Announcement"): \
1711 (v) == 3 ? ND_PRINT("Congestion Control"): \
1712 (v) == 4 ? ND_PRINT("MCCA Setup Request"): \
1713 (v) == 5 ? ND_PRINT("MCCA Setup Reply"): \
1714 (v) == 6 ? ND_PRINT("MCCA Advertisement Request"): \
1715 (v) == 7 ? ND_PRINT("MCCA Advertisement"): \
1716 (v) == 8 ? ND_PRINT("MCCA Teardown"): \
1717 (v) == 9 ? ND_PRINT("TBTT Adjustment Request"): \
1718 (v) == 10 ? ND_PRINT("TBTT Adjustment Response"): \
1719 ND_PRINT("Act#%u", (v)))
1720 #define PRINT_MULTIHOP_ACTION(v) (\
1721 (v) == 0 ? ND_PRINT("Proxy Update"): \
1722 (v) == 1 ? ND_PRINT("Proxy Update Confirmation"): \
1723 ND_PRINT("Act#%u", (v)))
1724 #define PRINT_SELFPROT_ACTION(v) (\
1725 (v) == 1 ? ND_PRINT("Peering Open"): \
1726 (v) == 2 ? ND_PRINT("Peering Confirm"): \
1727 (v) == 3 ? ND_PRINT("Peering Close"): \
1728 (v) == 4 ? ND_PRINT("Group Key Inform"): \
1729 (v) == 5 ? ND_PRINT("Group Key Acknowledge"): \
1730 ND_PRINT("Act#%u", (v)))
1733 handle_action(netdissect_options *ndo,
1734 const uint8_t *src, const u_char *p, u_int length)
1739 if (ndo->ndo_eflag) {
1742 ND_PRINT(" (%s): ", GET_ETHERADDR_STRING(src));
1744 switch (GET_U_1(p)) {
1745 case 0: ND_PRINT("Spectrum Management Act#%u", GET_U_1(p + 1)); break;
1746 case 1: ND_PRINT("QoS Act#%u", GET_U_1(p + 1)); break;
1747 case 2: ND_PRINT("DLS Act#%u", GET_U_1(p + 1)); break;
1748 case 3: ND_PRINT("BA "); PRINT_BA_ACTION(GET_U_1(p + 1)); break;
1749 case 7: ND_PRINT("HT "); PRINT_HT_ACTION(GET_U_1(p + 1)); break;
1750 case 13: ND_PRINT("MeshAction "); PRINT_MESH_ACTION(GET_U_1(p + 1)); break;
1752 ND_PRINT("MultiohopAction ");
1753 PRINT_MULTIHOP_ACTION(GET_U_1(p + 1)); break;
1755 ND_PRINT("SelfprotectAction ");
1756 PRINT_SELFPROT_ACTION(GET_U_1(p + 1)); break;
1757 case 127: ND_PRINT("Vendor Act#%u", GET_U_1(p + 1)); break;
1759 ND_PRINT("Reserved(%u) Act#%u", GET_U_1(p), GET_U_1(p + 1));
1768 /*********************************************************************************
1770 *********************************************************************************/
1774 mgmt_body_print(netdissect_options *ndo,
1775 uint16_t fc, const uint8_t *src, const u_char *p, u_int length)
1777 ND_PRINT("%s", tok2str(st_str, "Unhandled Management subtype(%x)", FC_SUBTYPE(fc)));
1779 /* There may be a problem w/ AP not having this bit set */
1780 if (FC_PROTECTED(fc))
1781 return wep_print(ndo, p);
1782 switch (FC_SUBTYPE(fc)) {
1783 case ST_ASSOC_REQUEST:
1784 return handle_assoc_request(ndo, p, length);
1785 case ST_ASSOC_RESPONSE:
1786 return handle_assoc_response(ndo, p, length);
1787 case ST_REASSOC_REQUEST:
1788 return handle_reassoc_request(ndo, p, length);
1789 case ST_REASSOC_RESPONSE:
1790 return handle_reassoc_response(ndo, p, length);
1791 case ST_PROBE_REQUEST:
1792 return handle_probe_request(ndo, p, length);
1793 case ST_PROBE_RESPONSE:
1794 return handle_probe_response(ndo, p, length);
1796 return handle_beacon(ndo, p, length);
1798 return handle_atim();
1800 return handle_disassoc(ndo, p, length);
1802 return handle_auth(ndo, p, length);
1804 return handle_deauth(ndo, src, p, length);
1806 return handle_action(ndo, src, p, length);
1813 /*********************************************************************************
1814 * Handles printing all the control frame types
1815 *********************************************************************************/
1818 ctrl_body_print(netdissect_options *ndo,
1819 uint16_t fc, const u_char *p)
1821 ND_PRINT("%s", tok2str(ctrl_str, "Unknown Ctrl Subtype", FC_SUBTYPE(fc)));
1822 switch (FC_SUBTYPE(fc)) {
1823 case CTRL_CONTROL_WRAPPER:
1824 /* XXX - requires special handling */
1827 ND_TCHECK_LEN(p, CTRL_BAR_HDRLEN);
1828 if (!ndo->ndo_eflag)
1829 ND_PRINT(" RA:%s TA:%s CTL(%x) SEQ(%u) ",
1830 GET_ETHERADDR_STRING(((const struct ctrl_bar_hdr_t *)p)->ra),
1831 GET_ETHERADDR_STRING(((const struct ctrl_bar_hdr_t *)p)->ta),
1832 GET_LE_U_2(((const struct ctrl_bar_hdr_t *)p)->ctl),
1833 GET_LE_U_2(((const struct ctrl_bar_hdr_t *)p)->seq));
1836 ND_TCHECK_LEN(p, CTRL_BA_HDRLEN);
1837 if (!ndo->ndo_eflag)
1839 GET_ETHERADDR_STRING(((const struct ctrl_ba_hdr_t *)p)->ra));
1842 ND_TCHECK_LEN(p, CTRL_PS_POLL_HDRLEN);
1843 ND_PRINT(" AID(%x)",
1844 GET_LE_U_2(((const struct ctrl_ps_poll_hdr_t *)p)->aid));
1847 ND_TCHECK_LEN(p, CTRL_RTS_HDRLEN);
1848 if (!ndo->ndo_eflag)
1850 GET_ETHERADDR_STRING(((const struct ctrl_rts_hdr_t *)p)->ta));
1853 ND_TCHECK_LEN(p, CTRL_CTS_HDRLEN);
1854 if (!ndo->ndo_eflag)
1856 GET_ETHERADDR_STRING(((const struct ctrl_cts_hdr_t *)p)->ra));
1859 ND_TCHECK_LEN(p, CTRL_ACK_HDRLEN);
1860 if (!ndo->ndo_eflag)
1862 GET_ETHERADDR_STRING(((const struct ctrl_ack_hdr_t *)p)->ra));
1865 ND_TCHECK_LEN(p, CTRL_END_HDRLEN);
1866 if (!ndo->ndo_eflag)
1868 GET_ETHERADDR_STRING(((const struct ctrl_end_hdr_t *)p)->ra));
1871 ND_TCHECK_LEN(p, CTRL_END_ACK_HDRLEN);
1872 if (!ndo->ndo_eflag)
1874 GET_ETHERADDR_STRING(((const struct ctrl_end_ack_hdr_t *)p)->ra));
1883 * Data Frame - Address field contents
1885 * To Ds | From DS | Addr 1 | Addr 2 | Addr 3 | Addr 4
1886 * 0 | 0 | DA | SA | BSSID | n/a
1887 * 0 | 1 | DA | BSSID | SA | n/a
1888 * 1 | 0 | BSSID | SA | DA | n/a
1889 * 1 | 1 | RA | TA | DA | SA
1893 * Function to get source and destination MAC addresses for a data frame.
1896 get_data_src_dst_mac(uint16_t fc, const u_char *p, const uint8_t **srcp,
1897 const uint8_t **dstp)
1899 #define ADDR1 (p + 4)
1900 #define ADDR2 (p + 10)
1901 #define ADDR3 (p + 16)
1902 #define ADDR4 (p + 24)
1904 if (!FC_TO_DS(fc)) {
1905 if (!FC_FROM_DS(fc)) {
1906 /* not To DS and not From DS */
1910 /* not To DS and From DS */
1915 if (!FC_FROM_DS(fc)) {
1916 /* To DS and not From DS */
1920 /* To DS and From DS */
1933 get_mgmt_src_dst_mac(const u_char *p, const uint8_t **srcp, const uint8_t **dstp)
1935 const struct mgmt_header_t *hp = (const struct mgmt_header_t *) p;
1944 * Print Header funcs
1948 data_header_print(netdissect_options *ndo, uint16_t fc, const u_char *p)
1950 u_int subtype = FC_SUBTYPE(fc);
1952 if (DATA_FRAME_IS_CF_ACK(subtype) || DATA_FRAME_IS_CF_POLL(subtype) ||
1953 DATA_FRAME_IS_QOS(subtype)) {
1955 if (DATA_FRAME_IS_CF_ACK(subtype)) {
1956 if (DATA_FRAME_IS_CF_POLL(subtype))
1957 ND_PRINT("Ack/Poll");
1961 if (DATA_FRAME_IS_CF_POLL(subtype))
1964 if (DATA_FRAME_IS_QOS(subtype))
1969 #define ADDR1 (p + 4)
1970 #define ADDR2 (p + 10)
1971 #define ADDR3 (p + 16)
1972 #define ADDR4 (p + 24)
1974 if (!FC_TO_DS(fc) && !FC_FROM_DS(fc)) {
1975 ND_PRINT("DA:%s SA:%s BSSID:%s ",
1976 GET_ETHERADDR_STRING(ADDR1), GET_ETHERADDR_STRING(ADDR2),
1977 GET_ETHERADDR_STRING(ADDR3));
1978 } else if (!FC_TO_DS(fc) && FC_FROM_DS(fc)) {
1979 ND_PRINT("DA:%s BSSID:%s SA:%s ",
1980 GET_ETHERADDR_STRING(ADDR1), GET_ETHERADDR_STRING(ADDR2),
1981 GET_ETHERADDR_STRING(ADDR3));
1982 } else if (FC_TO_DS(fc) && !FC_FROM_DS(fc)) {
1983 ND_PRINT("BSSID:%s SA:%s DA:%s ",
1984 GET_ETHERADDR_STRING(ADDR1), GET_ETHERADDR_STRING(ADDR2),
1985 GET_ETHERADDR_STRING(ADDR3));
1986 } else if (FC_TO_DS(fc) && FC_FROM_DS(fc)) {
1987 ND_PRINT("RA:%s TA:%s DA:%s SA:%s ",
1988 GET_ETHERADDR_STRING(ADDR1), GET_ETHERADDR_STRING(ADDR2),
1989 GET_ETHERADDR_STRING(ADDR3), GET_ETHERADDR_STRING(ADDR4));
1999 mgmt_header_print(netdissect_options *ndo, const u_char *p)
2001 const struct mgmt_header_t *hp = (const struct mgmt_header_t *) p;
2003 ND_PRINT("BSSID:%s DA:%s SA:%s ",
2004 GET_ETHERADDR_STRING((hp)->bssid), GET_ETHERADDR_STRING((hp)->da),
2005 GET_ETHERADDR_STRING((hp)->sa));
2009 ctrl_header_print(netdissect_options *ndo, uint16_t fc, const u_char *p)
2011 switch (FC_SUBTYPE(fc)) {
2013 ND_PRINT(" RA:%s TA:%s CTL(%x) SEQ(%u) ",
2014 GET_ETHERADDR_STRING(((const struct ctrl_bar_hdr_t *)p)->ra),
2015 GET_ETHERADDR_STRING(((const struct ctrl_bar_hdr_t *)p)->ta),
2016 GET_LE_U_2(((const struct ctrl_bar_hdr_t *)p)->ctl),
2017 GET_LE_U_2(((const struct ctrl_bar_hdr_t *)p)->seq));
2021 GET_ETHERADDR_STRING(((const struct ctrl_ba_hdr_t *)p)->ra));
2024 ND_PRINT("BSSID:%s TA:%s ",
2025 GET_ETHERADDR_STRING(((const struct ctrl_ps_poll_hdr_t *)p)->bssid),
2026 GET_ETHERADDR_STRING(((const struct ctrl_ps_poll_hdr_t *)p)->ta));
2029 ND_PRINT("RA:%s TA:%s ",
2030 GET_ETHERADDR_STRING(((const struct ctrl_rts_hdr_t *)p)->ra),
2031 GET_ETHERADDR_STRING(((const struct ctrl_rts_hdr_t *)p)->ta));
2035 GET_ETHERADDR_STRING(((const struct ctrl_cts_hdr_t *)p)->ra));
2039 GET_ETHERADDR_STRING(((const struct ctrl_ack_hdr_t *)p)->ra));
2042 ND_PRINT("RA:%s BSSID:%s ",
2043 GET_ETHERADDR_STRING(((const struct ctrl_end_hdr_t *)p)->ra),
2044 GET_ETHERADDR_STRING(((const struct ctrl_end_hdr_t *)p)->bssid));
2047 ND_PRINT("RA:%s BSSID:%s ",
2048 GET_ETHERADDR_STRING(((const struct ctrl_end_ack_hdr_t *)p)->ra),
2049 GET_ETHERADDR_STRING(((const struct ctrl_end_ack_hdr_t *)p)->bssid));
2052 /* We shouldn't get here - we should already have quit */
2058 extract_header_length(netdissect_options *ndo,
2063 switch (FC_TYPE(fc)) {
2067 switch (FC_SUBTYPE(fc)) {
2068 case CTRL_CONTROL_WRAPPER:
2069 return CTRL_CONTROL_WRAPPER_HDRLEN;
2071 return CTRL_BAR_HDRLEN;
2073 return CTRL_BA_HDRLEN;
2075 return CTRL_PS_POLL_HDRLEN;
2077 return CTRL_RTS_HDRLEN;
2079 return CTRL_CTS_HDRLEN;
2081 return CTRL_ACK_HDRLEN;
2083 return CTRL_END_HDRLEN;
2085 return CTRL_END_ACK_HDRLEN;
2087 ND_PRINT("unknown 802.11 ctrl frame subtype (%u)", FC_SUBTYPE(fc));
2091 len = (FC_TO_DS(fc) && FC_FROM_DS(fc)) ? 30 : 24;
2092 if (DATA_FRAME_IS_QOS(FC_SUBTYPE(fc)))
2096 ND_PRINT("unknown 802.11 frame type (%u)", FC_TYPE(fc));
2102 extract_mesh_header_length(netdissect_options *ndo, const u_char *p)
2104 return (GET_U_1(p) &~ 3) ? 0 : 6*(1 + (GET_U_1(p) & 3));
2108 * Print the 802.11 MAC header.
2111 ieee_802_11_hdr_print(netdissect_options *ndo,
2112 uint16_t fc, const u_char *p, u_int hdrlen,
2115 if (ndo->ndo_vflag) {
2116 if (FC_MORE_DATA(fc))
2117 ND_PRINT("More Data ");
2118 if (FC_MORE_FLAG(fc))
2119 ND_PRINT("More Fragments ");
2120 if (FC_POWER_MGMT(fc))
2121 ND_PRINT("Pwr Mgmt ");
2125 ND_PRINT("Strictly Ordered ");
2126 if (FC_PROTECTED(fc))
2127 ND_PRINT("Protected ");
2128 if (FC_TYPE(fc) != T_CTRL || FC_SUBTYPE(fc) != CTRL_PS_POLL)
2130 GET_LE_U_2(((const struct mgmt_header_t *)p)->duration));
2132 if (meshdrlen != 0) {
2133 const struct meshcntl_t *mc =
2134 (const struct meshcntl_t *)(p + hdrlen - meshdrlen);
2135 u_int ae = GET_U_1(mc->flags) & 3;
2137 ND_PRINT("MeshData (AE %u TTL %u seq %u", ae,
2138 GET_U_1(mc->ttl), GET_LE_U_4(mc->seq));
2140 ND_PRINT(" A4:%s", GET_ETHERADDR_STRING(mc->addr4));
2142 ND_PRINT(" A5:%s", GET_ETHERADDR_STRING(mc->addr5));
2144 ND_PRINT(" A6:%s", GET_ETHERADDR_STRING(mc->addr6));
2148 switch (FC_TYPE(fc)) {
2150 mgmt_header_print(ndo, p);
2153 ctrl_header_print(ndo, fc, p);
2156 data_header_print(ndo, fc, p);
2164 ieee802_11_print(netdissect_options *ndo,
2165 const u_char *p, u_int length, u_int orig_caplen, int pad,
2169 u_int caplen, hdrlen, meshdrlen;
2170 struct lladdr_info src, dst;
2173 ndo->ndo_protocol = "802.11";
2174 caplen = orig_caplen;
2175 /* Remove FCS, if present */
2176 if (length < fcslen) {
2177 nd_print_trunc(ndo);
2181 if (caplen > length) {
2182 /* Amount of FCS in actual packet data, if any */
2183 fcslen = caplen - length;
2185 ndo->ndo_snapend -= fcslen;
2188 if (caplen < IEEE802_11_FC_LEN) {
2189 nd_print_trunc(ndo);
2194 hdrlen = extract_header_length(ndo, fc);
2196 /* Unknown frame type or control frame subtype; quit. */
2200 hdrlen = roundup2(hdrlen, 4);
2201 if (ndo->ndo_Hflag && FC_TYPE(fc) == T_DATA &&
2202 DATA_FRAME_IS_QOS(FC_SUBTYPE(fc))) {
2203 if(!ND_TTEST_1(p + hdrlen)) {
2204 nd_print_trunc(ndo);
2207 meshdrlen = extract_mesh_header_length(ndo, p + hdrlen);
2208 hdrlen += meshdrlen;
2212 if (caplen < hdrlen) {
2213 nd_print_trunc(ndo);
2218 ieee_802_11_hdr_print(ndo, fc, p, hdrlen, meshdrlen);
2221 * Go past the 802.11 header.
2227 src.addr_string = etheraddr_string;
2228 dst.addr_string = etheraddr_string;
2229 switch (FC_TYPE(fc)) {
2231 get_mgmt_src_dst_mac(p - hdrlen, &src.addr, &dst.addr);
2232 if (!mgmt_body_print(ndo, fc, src.addr, p, length)) {
2233 nd_print_trunc(ndo);
2238 if (!ctrl_body_print(ndo, fc, p - hdrlen)) {
2239 nd_print_trunc(ndo);
2244 if (DATA_FRAME_IS_NULL(FC_SUBTYPE(fc)))
2245 return hdrlen; /* no-data frame */
2246 /* There may be a problem w/ AP not having this bit set */
2247 if (FC_PROTECTED(fc)) {
2249 if (!wep_print(ndo, p)) {
2250 nd_print_trunc(ndo);
2254 get_data_src_dst_mac(fc, p - hdrlen, &src.addr, &dst.addr);
2255 llc_hdrlen = llc_print(ndo, p, length, caplen, &src, &dst);
2256 if (llc_hdrlen < 0) {
2258 * Some kinds of LLC packet we cannot
2259 * handle intelligently
2261 if (!ndo->ndo_suppress_default_print)
2262 ND_DEFAULTPRINT(p, caplen);
2263 llc_hdrlen = -llc_hdrlen;
2265 hdrlen += llc_hdrlen;
2269 /* We shouldn't get here - we should already have quit */
2277 * This is the top level routine of the printer. 'p' points
2278 * to the 802.11 header of the packet, 'h->ts' is the timestamp,
2279 * 'h->len' is the length of the packet off the wire, and 'h->caplen'
2280 * is the number of bytes actually captured.
2283 ieee802_11_if_print(netdissect_options *ndo,
2284 const struct pcap_pkthdr *h, const u_char *p)
2286 ndo->ndo_protocol = "802.11";
2287 ndo->ndo_ll_hdr_len += ieee802_11_print(ndo, p, h->len, h->caplen, 0, 0);
2291 /* $FreeBSD: projects/clang400-import/contrib/tcpdump/print-802_11.c 276788 2015-01-07 19:55:18Z delphij $ */
2292 /* NetBSD: ieee802_11_radio.h,v 1.2 2006/02/26 03:04:03 dyoung Exp */
2295 * Copyright (c) 2003, 2004 David Young. All rights reserved.
2297 * Redistribution and use in source and binary forms, with or without
2298 * modification, are permitted provided that the following conditions
2300 * 1. Redistributions of source code must retain the above copyright
2301 * notice, this list of conditions and the following disclaimer.
2302 * 2. Redistributions in binary form must reproduce the above copyright
2303 * notice, this list of conditions and the following disclaimer in the
2304 * documentation and/or other materials provided with the distribution.
2305 * 3. The name of David Young may not be used to endorse or promote
2306 * products derived from this software without specific prior
2307 * written permission.
2309 * THIS SOFTWARE IS PROVIDED BY DAVID YOUNG ``AS IS'' AND ANY
2310 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
2311 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
2312 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL DAVID
2313 * YOUNG BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
2314 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
2315 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
2316 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
2317 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
2318 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
2319 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
2323 /* A generic radio capture format is desirable. It must be
2324 * rigidly defined (e.g., units for fields should be given),
2325 * and easily extensible.
2327 * The following is an extensible radio capture format. It is
2328 * based on a bitmap indicating which fields are present.
2330 * I am trying to describe precisely what the application programmer
2331 * should expect in the following, and for that reason I tell the
2332 * units and origin of each measurement (where it applies), or else I
2333 * use sufficiently weaselly language ("is a monotonically nondecreasing
2334 * function of...") that I cannot set false expectations for lawyerly
2339 * The radio capture header precedes the 802.11 header.
2341 * Note well: all radiotap fields are little-endian.
2343 struct ieee80211_radiotap_header {
2344 nd_uint8_t it_version; /* Version 0. Only increases
2345 * for drastic changes,
2346 * introduction of compatible
2347 * new fields does not count.
2350 nd_uint16_t it_len; /* length of the whole
2351 * header in bytes, including
2352 * it_version, it_pad,
2353 * it_len, and data fields.
2355 nd_uint32_t it_present; /* A bitmap telling which
2356 * fields are present. Set bit 31
2357 * (0x80000000) to extend the
2358 * bitmap by another 32 bits.
2359 * Additional extensions are made
2360 * by setting bit 31.
2364 /* Name Data type Units
2365 * ---- --------- -----
2367 * IEEE80211_RADIOTAP_TSFT uint64_t microseconds
2369 * Value in microseconds of the MAC's 64-bit 802.11 Time
2370 * Synchronization Function timer when the first bit of the
2371 * MPDU arrived at the MAC. For received frames, only.
2373 * IEEE80211_RADIOTAP_CHANNEL 2 x uint16_t MHz, bitmap
2375 * Tx/Rx frequency in MHz, followed by flags (see below).
2376 * Note that IEEE80211_RADIOTAP_XCHANNEL must be used to
2377 * represent an HT channel as there is not enough room in
2380 * IEEE80211_RADIOTAP_FHSS uint16_t see below
2382 * For frequency-hopping radios, the hop set (first byte)
2383 * and pattern (second byte).
2385 * IEEE80211_RADIOTAP_RATE uint8_t 500kb/s or index
2387 * Tx/Rx data rate. If bit 0x80 is set then it represents an
2388 * an MCS index and not an IEEE rate.
2390 * IEEE80211_RADIOTAP_DBM_ANTSIGNAL int8_t decibels from
2391 * one milliwatt (dBm)
2393 * RF signal power at the antenna, decibel difference from
2396 * IEEE80211_RADIOTAP_DBM_ANTNOISE int8_t decibels from
2397 * one milliwatt (dBm)
2399 * RF noise power at the antenna, decibel difference from one
2402 * IEEE80211_RADIOTAP_DB_ANTSIGNAL uint8_t decibel (dB)
2404 * RF signal power at the antenna, decibel difference from an
2405 * arbitrary, fixed reference.
2407 * IEEE80211_RADIOTAP_DB_ANTNOISE uint8_t decibel (dB)
2409 * RF noise power at the antenna, decibel difference from an
2410 * arbitrary, fixed reference point.
2412 * IEEE80211_RADIOTAP_LOCK_QUALITY uint16_t unitless
2414 * Quality of Barker code lock. Unitless. Monotonically
2415 * nondecreasing with "better" lock strength. Called "Signal
2416 * Quality" in datasheets. (Is there a standard way to measure
2419 * IEEE80211_RADIOTAP_TX_ATTENUATION uint16_t unitless
2421 * Transmit power expressed as unitless distance from max
2422 * power set at factory calibration. 0 is max power.
2423 * Monotonically nondecreasing with lower power levels.
2425 * IEEE80211_RADIOTAP_DB_TX_ATTENUATION uint16_t decibels (dB)
2427 * Transmit power expressed as decibel distance from max power
2428 * set at factory calibration. 0 is max power. Monotonically
2429 * nondecreasing with lower power levels.
2431 * IEEE80211_RADIOTAP_DBM_TX_POWER int8_t decibels from
2432 * one milliwatt (dBm)
2434 * Transmit power expressed as dBm (decibels from a 1 milliwatt
2435 * reference). This is the absolute power level measured at
2438 * IEEE80211_RADIOTAP_FLAGS uint8_t bitmap
2440 * Properties of transmitted and received frames. See flags
2443 * IEEE80211_RADIOTAP_ANTENNA uint8_t antenna index
2445 * Unitless indication of the Rx/Tx antenna for this packet.
2446 * The first antenna is antenna 0.
2448 * IEEE80211_RADIOTAP_RX_FLAGS uint16_t bitmap
2450 * Properties of received frames. See flags defined below.
2452 * IEEE80211_RADIOTAP_XCHANNEL uint32_t bitmap
2454 * uint8_t channel number
2457 * Extended channel specification: flags (see below) followed by
2458 * frequency in MHz, the corresponding IEEE channel number, and
2459 * finally the maximum regulatory transmit power cap in .5 dBm
2460 * units. This property supersedes IEEE80211_RADIOTAP_CHANNEL
2461 * and only one of the two should be present.
2463 * IEEE80211_RADIOTAP_MCS uint8_t known
2467 * Bitset indicating which fields have known values, followed
2468 * by bitset of flag values, followed by the MCS rate index as
2472 * IEEE80211_RADIOTAP_AMPDU_STATUS u32, u16, u8, u8 unitless
2474 * Contains the AMPDU information for the subframe.
2476 * IEEE80211_RADIOTAP_VHT u16, u8, u8, u8[4], u8, u8, u16
2478 * Contains VHT information about this frame.
2480 * IEEE80211_RADIOTAP_VENDOR_NAMESPACE
2485 * The Vendor Namespace Field contains three sub-fields. The first
2486 * sub-field is 3 bytes long. It contains the vendor's IEEE 802
2487 * Organizationally Unique Identifier (OUI). The fourth byte is a
2488 * vendor-specific "namespace selector."
2491 enum ieee80211_radiotap_type {
2492 IEEE80211_RADIOTAP_TSFT = 0,
2493 IEEE80211_RADIOTAP_FLAGS = 1,
2494 IEEE80211_RADIOTAP_RATE = 2,
2495 IEEE80211_RADIOTAP_CHANNEL = 3,
2496 IEEE80211_RADIOTAP_FHSS = 4,
2497 IEEE80211_RADIOTAP_DBM_ANTSIGNAL = 5,
2498 IEEE80211_RADIOTAP_DBM_ANTNOISE = 6,
2499 IEEE80211_RADIOTAP_LOCK_QUALITY = 7,
2500 IEEE80211_RADIOTAP_TX_ATTENUATION = 8,
2501 IEEE80211_RADIOTAP_DB_TX_ATTENUATION = 9,
2502 IEEE80211_RADIOTAP_DBM_TX_POWER = 10,
2503 IEEE80211_RADIOTAP_ANTENNA = 11,
2504 IEEE80211_RADIOTAP_DB_ANTSIGNAL = 12,
2505 IEEE80211_RADIOTAP_DB_ANTNOISE = 13,
2506 IEEE80211_RADIOTAP_RX_FLAGS = 14,
2507 /* NB: gap for netbsd definitions */
2508 IEEE80211_RADIOTAP_XCHANNEL = 18,
2509 IEEE80211_RADIOTAP_MCS = 19,
2510 IEEE80211_RADIOTAP_AMPDU_STATUS = 20,
2511 IEEE80211_RADIOTAP_VHT = 21,
2512 IEEE80211_RADIOTAP_NAMESPACE = 29,
2513 IEEE80211_RADIOTAP_VENDOR_NAMESPACE = 30,
2514 IEEE80211_RADIOTAP_EXT = 31
2517 /* channel attributes */
2518 #define IEEE80211_CHAN_TURBO 0x00010 /* Turbo channel */
2519 #define IEEE80211_CHAN_CCK 0x00020 /* CCK channel */
2520 #define IEEE80211_CHAN_OFDM 0x00040 /* OFDM channel */
2521 #define IEEE80211_CHAN_2GHZ 0x00080 /* 2 GHz spectrum channel. */
2522 #define IEEE80211_CHAN_5GHZ 0x00100 /* 5 GHz spectrum channel */
2523 #define IEEE80211_CHAN_PASSIVE 0x00200 /* Only passive scan allowed */
2524 #define IEEE80211_CHAN_DYN 0x00400 /* Dynamic CCK-OFDM channel */
2525 #define IEEE80211_CHAN_GFSK 0x00800 /* GFSK channel (FHSS PHY) */
2526 #define IEEE80211_CHAN_GSM 0x01000 /* 900 MHz spectrum channel */
2527 #define IEEE80211_CHAN_STURBO 0x02000 /* 11a static turbo channel only */
2528 #define IEEE80211_CHAN_HALF 0x04000 /* Half rate channel */
2529 #define IEEE80211_CHAN_QUARTER 0x08000 /* Quarter rate channel */
2530 #define IEEE80211_CHAN_HT20 0x10000 /* HT 20 channel */
2531 #define IEEE80211_CHAN_HT40U 0x20000 /* HT 40 channel w/ ext above */
2532 #define IEEE80211_CHAN_HT40D 0x40000 /* HT 40 channel w/ ext below */
2534 /* Useful combinations of channel characteristics, borrowed from Ethereal */
2535 #define IEEE80211_CHAN_A \
2536 (IEEE80211_CHAN_5GHZ | IEEE80211_CHAN_OFDM)
2537 #define IEEE80211_CHAN_B \
2538 (IEEE80211_CHAN_2GHZ | IEEE80211_CHAN_CCK)
2539 #define IEEE80211_CHAN_G \
2540 (IEEE80211_CHAN_2GHZ | IEEE80211_CHAN_DYN)
2541 #define IEEE80211_CHAN_TA \
2542 (IEEE80211_CHAN_5GHZ | IEEE80211_CHAN_OFDM | IEEE80211_CHAN_TURBO)
2543 #define IEEE80211_CHAN_TG \
2544 (IEEE80211_CHAN_2GHZ | IEEE80211_CHAN_DYN | IEEE80211_CHAN_TURBO)
2547 /* For IEEE80211_RADIOTAP_FLAGS */
2548 #define IEEE80211_RADIOTAP_F_CFP 0x01 /* sent/received
2551 #define IEEE80211_RADIOTAP_F_SHORTPRE 0x02 /* sent/received
2555 #define IEEE80211_RADIOTAP_F_WEP 0x04 /* sent/received
2556 * with WEP encryption
2558 #define IEEE80211_RADIOTAP_F_FRAG 0x08 /* sent/received
2559 * with fragmentation
2561 #define IEEE80211_RADIOTAP_F_FCS 0x10 /* frame includes FCS */
2562 #define IEEE80211_RADIOTAP_F_DATAPAD 0x20 /* frame has padding between
2563 * 802.11 header and payload
2564 * (to 32-bit boundary)
2566 #define IEEE80211_RADIOTAP_F_BADFCS 0x40 /* does not pass FCS check */
2568 /* For IEEE80211_RADIOTAP_RX_FLAGS */
2569 #define IEEE80211_RADIOTAP_F_RX_BADFCS 0x0001 /* frame failed crc check */
2570 #define IEEE80211_RADIOTAP_F_RX_PLCP_CRC 0x0002 /* frame failed PLCP CRC check */
2572 /* For IEEE80211_RADIOTAP_MCS known */
2573 #define IEEE80211_RADIOTAP_MCS_BANDWIDTH_KNOWN 0x01
2574 #define IEEE80211_RADIOTAP_MCS_MCS_INDEX_KNOWN 0x02 /* MCS index field */
2575 #define IEEE80211_RADIOTAP_MCS_GUARD_INTERVAL_KNOWN 0x04
2576 #define IEEE80211_RADIOTAP_MCS_HT_FORMAT_KNOWN 0x08
2577 #define IEEE80211_RADIOTAP_MCS_FEC_TYPE_KNOWN 0x10
2578 #define IEEE80211_RADIOTAP_MCS_STBC_KNOWN 0x20
2579 #define IEEE80211_RADIOTAP_MCS_NESS_KNOWN 0x40
2580 #define IEEE80211_RADIOTAP_MCS_NESS_BIT_1 0x80
2582 /* For IEEE80211_RADIOTAP_MCS flags */
2583 #define IEEE80211_RADIOTAP_MCS_BANDWIDTH_MASK 0x03
2584 #define IEEE80211_RADIOTAP_MCS_BANDWIDTH_20 0
2585 #define IEEE80211_RADIOTAP_MCS_BANDWIDTH_40 1
2586 #define IEEE80211_RADIOTAP_MCS_BANDWIDTH_20L 2
2587 #define IEEE80211_RADIOTAP_MCS_BANDWIDTH_20U 3
2588 #define IEEE80211_RADIOTAP_MCS_SHORT_GI 0x04 /* short guard interval */
2589 #define IEEE80211_RADIOTAP_MCS_HT_GREENFIELD 0x08
2590 #define IEEE80211_RADIOTAP_MCS_FEC_LDPC 0x10
2591 #define IEEE80211_RADIOTAP_MCS_STBC_MASK 0x60
2592 #define IEEE80211_RADIOTAP_MCS_STBC_1 1
2593 #define IEEE80211_RADIOTAP_MCS_STBC_2 2
2594 #define IEEE80211_RADIOTAP_MCS_STBC_3 3
2595 #define IEEE80211_RADIOTAP_MCS_STBC_SHIFT 5
2596 #define IEEE80211_RADIOTAP_MCS_NESS_BIT_0 0x80
2598 /* For IEEE80211_RADIOTAP_AMPDU_STATUS */
2599 #define IEEE80211_RADIOTAP_AMPDU_REPORT_ZEROLEN 0x0001
2600 #define IEEE80211_RADIOTAP_AMPDU_IS_ZEROLEN 0x0002
2601 #define IEEE80211_RADIOTAP_AMPDU_LAST_KNOWN 0x0004
2602 #define IEEE80211_RADIOTAP_AMPDU_IS_LAST 0x0008
2603 #define IEEE80211_RADIOTAP_AMPDU_DELIM_CRC_ERR 0x0010
2604 #define IEEE80211_RADIOTAP_AMPDU_DELIM_CRC_KNOWN 0x0020
2606 /* For IEEE80211_RADIOTAP_VHT known */
2607 #define IEEE80211_RADIOTAP_VHT_STBC_KNOWN 0x0001
2608 #define IEEE80211_RADIOTAP_VHT_TXOP_PS_NA_KNOWN 0x0002
2609 #define IEEE80211_RADIOTAP_VHT_GUARD_INTERVAL_KNOWN 0x0004
2610 #define IEEE80211_RADIOTAP_VHT_SGI_NSYM_DIS_KNOWN 0x0008
2611 #define IEEE80211_RADIOTAP_VHT_LDPC_EXTRA_OFDM_SYM_KNOWN 0x0010
2612 #define IEEE80211_RADIOTAP_VHT_BEAMFORMED_KNOWN 0x0020
2613 #define IEEE80211_RADIOTAP_VHT_BANDWIDTH_KNOWN 0x0040
2614 #define IEEE80211_RADIOTAP_VHT_GROUP_ID_KNOWN 0x0080
2615 #define IEEE80211_RADIOTAP_VHT_PARTIAL_AID_KNOWN 0x0100
2617 /* For IEEE80211_RADIOTAP_VHT flags */
2618 #define IEEE80211_RADIOTAP_VHT_STBC 0x01
2619 #define IEEE80211_RADIOTAP_VHT_TXOP_PS_NA 0x02
2620 #define IEEE80211_RADIOTAP_VHT_SHORT_GI 0x04
2621 #define IEEE80211_RADIOTAP_VHT_SGI_NSYM_M10_9 0x08
2622 #define IEEE80211_RADIOTAP_VHT_LDPC_EXTRA_OFDM_SYM 0x10
2623 #define IEEE80211_RADIOTAP_VHT_BEAMFORMED 0x20
2625 #define IEEE80211_RADIOTAP_VHT_BANDWIDTH_MASK 0x1f
2627 #define IEEE80211_RADIOTAP_VHT_NSS_MASK 0x0f
2628 #define IEEE80211_RADIOTAP_VHT_MCS_MASK 0xf0
2629 #define IEEE80211_RADIOTAP_VHT_MCS_SHIFT 4
2631 #define IEEE80211_RADIOTAP_CODING_LDPC_USERn 0x01
2633 #define IEEE80211_CHAN_FHSS \
2634 (IEEE80211_CHAN_2GHZ | IEEE80211_CHAN_GFSK)
2635 #define IEEE80211_CHAN_A \
2636 (IEEE80211_CHAN_5GHZ | IEEE80211_CHAN_OFDM)
2637 #define IEEE80211_CHAN_B \
2638 (IEEE80211_CHAN_2GHZ | IEEE80211_CHAN_CCK)
2639 #define IEEE80211_CHAN_PUREG \
2640 (IEEE80211_CHAN_2GHZ | IEEE80211_CHAN_OFDM)
2641 #define IEEE80211_CHAN_G \
2642 (IEEE80211_CHAN_2GHZ | IEEE80211_CHAN_DYN)
2644 #define IS_CHAN_FHSS(flags) \
2645 ((flags & IEEE80211_CHAN_FHSS) == IEEE80211_CHAN_FHSS)
2646 #define IS_CHAN_A(flags) \
2647 ((flags & IEEE80211_CHAN_A) == IEEE80211_CHAN_A)
2648 #define IS_CHAN_B(flags) \
2649 ((flags & IEEE80211_CHAN_B) == IEEE80211_CHAN_B)
2650 #define IS_CHAN_PUREG(flags) \
2651 ((flags & IEEE80211_CHAN_PUREG) == IEEE80211_CHAN_PUREG)
2652 #define IS_CHAN_G(flags) \
2653 ((flags & IEEE80211_CHAN_G) == IEEE80211_CHAN_G)
2654 #define IS_CHAN_ANYG(flags) \
2655 (IS_CHAN_PUREG(flags) || IS_CHAN_G(flags))
2658 print_chaninfo(netdissect_options *ndo,
2659 uint16_t freq, uint32_t flags, uint32_t presentflags)
2661 ND_PRINT("%u MHz", freq);
2662 if (presentflags & (1 << IEEE80211_RADIOTAP_MCS)) {
2664 * We have the MCS field, so this is 11n, regardless
2665 * of what the channel flags say.
2669 if (IS_CHAN_FHSS(flags))
2671 if (IS_CHAN_A(flags)) {
2672 if (flags & IEEE80211_CHAN_HALF)
2673 ND_PRINT(" 11a/10Mhz");
2674 else if (flags & IEEE80211_CHAN_QUARTER)
2675 ND_PRINT(" 11a/5Mhz");
2679 if (IS_CHAN_ANYG(flags)) {
2680 if (flags & IEEE80211_CHAN_HALF)
2681 ND_PRINT(" 11g/10Mhz");
2682 else if (flags & IEEE80211_CHAN_QUARTER)
2683 ND_PRINT(" 11g/5Mhz");
2686 } else if (IS_CHAN_B(flags))
2688 if (flags & IEEE80211_CHAN_TURBO)
2692 * These apply to 11n.
2694 if (flags & IEEE80211_CHAN_HT20)
2696 else if (flags & IEEE80211_CHAN_HT40D)
2697 ND_PRINT(" ht/40-");
2698 else if (flags & IEEE80211_CHAN_HT40U)
2699 ND_PRINT(" ht/40+");
2704 print_radiotap_field(netdissect_options *ndo,
2705 struct cpack_state *s, uint32_t bit, uint8_t *flagsp,
2706 uint32_t presentflags)
2713 case IEEE80211_RADIOTAP_TSFT: {
2716 rc = nd_cpack_uint64(ndo, s, &tsft);
2719 ND_PRINT("%" PRIu64 "us tsft ", tsft);
2723 case IEEE80211_RADIOTAP_FLAGS: {
2726 rc = nd_cpack_uint8(ndo, s, &flagsval);
2730 if (flagsval & IEEE80211_RADIOTAP_F_CFP)
2732 if (flagsval & IEEE80211_RADIOTAP_F_SHORTPRE)
2733 ND_PRINT("short preamble ");
2734 if (flagsval & IEEE80211_RADIOTAP_F_WEP)
2736 if (flagsval & IEEE80211_RADIOTAP_F_FRAG)
2737 ND_PRINT("fragmented ");
2738 if (flagsval & IEEE80211_RADIOTAP_F_BADFCS)
2739 ND_PRINT("bad-fcs ");
2743 case IEEE80211_RADIOTAP_RATE: {
2746 rc = nd_cpack_uint8(ndo, s, &rate);
2750 * XXX On FreeBSD rate & 0x80 means we have an MCS. On
2751 * Linux and AirPcap it does not. (What about
2752 * macOS, NetBSD, OpenBSD, and DragonFly BSD?)
2754 * This is an issue either for proprietary extensions
2755 * to 11a or 11g, which do exist, or for 11n
2756 * implementations that stuff a rate value into
2757 * this field, which also appear to exist.
2759 * We currently handle that by assuming that
2760 * if the 0x80 bit is set *and* the remaining
2761 * bits have a value between 0 and 15 it's
2762 * an MCS value, otherwise it's a rate. If
2763 * there are cases where systems that use
2764 * "0x80 + MCS index" for MCS indices > 15,
2765 * or stuff a rate value here between 64 and
2766 * 71.5 Mb/s in here, we'll need a preference
2767 * setting. Such rates do exist, e.g. 11n
2768 * MCS 7 at 20 MHz with a long guard interval.
2770 if (rate >= 0x80 && rate <= 0x8f) {
2772 * XXX - we don't know the channel width
2773 * or guard interval length, so we can't
2774 * convert this to a data rate.
2776 * If you want us to show a data rate,
2777 * use the MCS field, not the Rate field;
2778 * the MCS field includes not only the
2779 * MCS index, it also includes bandwidth
2780 * and guard interval information.
2782 * XXX - can we get the channel width
2783 * from XChannel and the guard interval
2784 * information from Flags, at least on
2787 ND_PRINT("MCS %u ", rate & 0x7f);
2789 ND_PRINT("%2.1f Mb/s ", .5 * rate);
2793 case IEEE80211_RADIOTAP_CHANNEL: {
2797 rc = nd_cpack_uint16(ndo, s, &frequency);
2800 rc = nd_cpack_uint16(ndo, s, &flags);
2804 * If CHANNEL and XCHANNEL are both present, skip
2807 if (presentflags & (1 << IEEE80211_RADIOTAP_XCHANNEL))
2809 print_chaninfo(ndo, frequency, flags, presentflags);
2813 case IEEE80211_RADIOTAP_FHSS: {
2817 rc = nd_cpack_uint8(ndo, s, &hopset);
2820 rc = nd_cpack_uint8(ndo, s, &hoppat);
2823 ND_PRINT("fhset %u fhpat %u ", hopset, hoppat);
2827 case IEEE80211_RADIOTAP_DBM_ANTSIGNAL: {
2828 int8_t dbm_antsignal;
2830 rc = nd_cpack_int8(ndo, s, &dbm_antsignal);
2833 ND_PRINT("%ddBm signal ", dbm_antsignal);
2837 case IEEE80211_RADIOTAP_DBM_ANTNOISE: {
2838 int8_t dbm_antnoise;
2840 rc = nd_cpack_int8(ndo, s, &dbm_antnoise);
2843 ND_PRINT("%ddBm noise ", dbm_antnoise);
2847 case IEEE80211_RADIOTAP_LOCK_QUALITY: {
2848 uint16_t lock_quality;
2850 rc = nd_cpack_uint16(ndo, s, &lock_quality);
2853 ND_PRINT("%u sq ", lock_quality);
2857 case IEEE80211_RADIOTAP_TX_ATTENUATION: {
2858 int16_t tx_attenuation;
2860 rc = nd_cpack_int16(ndo, s, &tx_attenuation);
2863 ND_PRINT("%d tx power ", -tx_attenuation);
2867 case IEEE80211_RADIOTAP_DB_TX_ATTENUATION: {
2868 int8_t db_tx_attenuation;
2870 rc = nd_cpack_int8(ndo, s, &db_tx_attenuation);
2873 ND_PRINT("%ddB tx attenuation ", -db_tx_attenuation);
2877 case IEEE80211_RADIOTAP_DBM_TX_POWER: {
2878 int8_t dbm_tx_power;
2880 rc = nd_cpack_int8(ndo, s, &dbm_tx_power);
2883 ND_PRINT("%ddBm tx power ", dbm_tx_power);
2887 case IEEE80211_RADIOTAP_ANTENNA: {
2890 rc = nd_cpack_uint8(ndo, s, &antenna);
2893 ND_PRINT("antenna %u ", antenna);
2897 case IEEE80211_RADIOTAP_DB_ANTSIGNAL: {
2898 uint8_t db_antsignal;
2900 rc = nd_cpack_uint8(ndo, s, &db_antsignal);
2903 ND_PRINT("%udB signal ", db_antsignal);
2907 case IEEE80211_RADIOTAP_DB_ANTNOISE: {
2908 uint8_t db_antnoise;
2910 rc = nd_cpack_uint8(ndo, s, &db_antnoise);
2913 ND_PRINT("%udB noise ", db_antnoise);
2917 case IEEE80211_RADIOTAP_RX_FLAGS: {
2920 rc = nd_cpack_uint16(ndo, s, &rx_flags);
2923 /* Do nothing for now */
2927 case IEEE80211_RADIOTAP_XCHANNEL: {
2933 rc = nd_cpack_uint32(ndo, s, &flags);
2936 rc = nd_cpack_uint16(ndo, s, &frequency);
2939 rc = nd_cpack_uint8(ndo, s, &channel);
2942 rc = nd_cpack_uint8(ndo, s, &maxpower);
2945 print_chaninfo(ndo, frequency, flags, presentflags);
2949 case IEEE80211_RADIOTAP_MCS: {
2953 static const char *ht_bandwidth[4] = {
2961 rc = nd_cpack_uint8(ndo, s, &known);
2964 rc = nd_cpack_uint8(ndo, s, &flags);
2967 rc = nd_cpack_uint8(ndo, s, &mcs_index);
2970 if (known & IEEE80211_RADIOTAP_MCS_MCS_INDEX_KNOWN) {
2972 * We know the MCS index.
2974 if (mcs_index <= MAX_MCS_INDEX) {
2976 * And it's in-range.
2978 if (known & (IEEE80211_RADIOTAP_MCS_BANDWIDTH_KNOWN|IEEE80211_RADIOTAP_MCS_GUARD_INTERVAL_KNOWN)) {
2980 * And we know both the bandwidth and
2981 * the guard interval, so we can look
2985 ieee80211_float_htrates
2987 [((flags & IEEE80211_RADIOTAP_MCS_BANDWIDTH_MASK) == IEEE80211_RADIOTAP_MCS_BANDWIDTH_40 ? 1 : 0)]
2988 [((flags & IEEE80211_RADIOTAP_MCS_SHORT_GI) ? 1 : 0)];
2991 * We don't know both the bandwidth
2992 * and the guard interval, so we can
2993 * only report the MCS index.
2999 * The MCS value is out of range.
3003 if (htrate != 0.0) {
3008 ND_PRINT("%.1f Mb/s MCS %u ", htrate, mcs_index);
3011 * We at least have the MCS index.
3014 ND_PRINT("MCS %u ", mcs_index);
3017 if (known & IEEE80211_RADIOTAP_MCS_BANDWIDTH_KNOWN) {
3019 ht_bandwidth[flags & IEEE80211_RADIOTAP_MCS_BANDWIDTH_MASK]);
3021 if (known & IEEE80211_RADIOTAP_MCS_GUARD_INTERVAL_KNOWN) {
3023 (flags & IEEE80211_RADIOTAP_MCS_SHORT_GI) ?
3026 if (known & IEEE80211_RADIOTAP_MCS_HT_FORMAT_KNOWN) {
3028 (flags & IEEE80211_RADIOTAP_MCS_HT_GREENFIELD) ?
3029 "greenfield" : "mixed");
3031 if (known & IEEE80211_RADIOTAP_MCS_FEC_TYPE_KNOWN) {
3033 (flags & IEEE80211_RADIOTAP_MCS_FEC_LDPC) ?
3036 if (known & IEEE80211_RADIOTAP_MCS_STBC_KNOWN) {
3037 ND_PRINT("RX-STBC%u ",
3038 (flags & IEEE80211_RADIOTAP_MCS_STBC_MASK) >> IEEE80211_RADIOTAP_MCS_STBC_SHIFT);
3043 case IEEE80211_RADIOTAP_AMPDU_STATUS: {
3044 uint32_t reference_num;
3049 rc = nd_cpack_uint32(ndo, s, &reference_num);
3052 rc = nd_cpack_uint16(ndo, s, &flags);
3055 rc = nd_cpack_uint8(ndo, s, &delim_crc);
3058 rc = nd_cpack_uint8(ndo, s, &reserved);
3061 /* Do nothing for now */
3065 case IEEE80211_RADIOTAP_VHT: {
3072 uint16_t partial_aid;
3073 static const char *vht_bandwidth[32] = {
3108 rc = nd_cpack_uint16(ndo, s, &known);
3111 rc = nd_cpack_uint8(ndo, s, &flags);
3114 rc = nd_cpack_uint8(ndo, s, &bandwidth);
3117 for (i = 0; i < 4; i++) {
3118 rc = nd_cpack_uint8(ndo, s, &mcs_nss[i]);
3122 rc = nd_cpack_uint8(ndo, s, &coding);
3125 rc = nd_cpack_uint8(ndo, s, &group_id);
3128 rc = nd_cpack_uint16(ndo, s, &partial_aid);
3131 for (i = 0; i < 4; i++) {
3133 nss = mcs_nss[i] & IEEE80211_RADIOTAP_VHT_NSS_MASK;
3134 mcs = (mcs_nss[i] & IEEE80211_RADIOTAP_VHT_MCS_MASK) >> IEEE80211_RADIOTAP_VHT_MCS_SHIFT;
3139 ND_PRINT("User %u MCS %u ", i, mcs);
3141 (coding & (IEEE80211_RADIOTAP_CODING_LDPC_USERn << i)) ?
3144 if (known & IEEE80211_RADIOTAP_VHT_BANDWIDTH_KNOWN) {
3146 vht_bandwidth[bandwidth & IEEE80211_RADIOTAP_VHT_BANDWIDTH_MASK]);
3148 if (known & IEEE80211_RADIOTAP_VHT_GUARD_INTERVAL_KNOWN) {
3150 (flags & IEEE80211_RADIOTAP_VHT_SHORT_GI) ?
3157 /* this bit indicates a field whose
3158 * size we do not know, so we cannot
3159 * proceed. Just print the bit number.
3161 ND_PRINT("[bit %u] ", bit);
3168 nd_print_trunc(ndo);
3174 print_in_radiotap_namespace(netdissect_options *ndo,
3175 struct cpack_state *s, uint8_t *flags,
3176 uint32_t presentflags, int bit0)
3178 #define BITNO_32(x) (((x) >> 16) ? 16 + BITNO_16((x) >> 16) : BITNO_16((x)))
3179 #define BITNO_16(x) (((x) >> 8) ? 8 + BITNO_8((x) >> 8) : BITNO_8((x)))
3180 #define BITNO_8(x) (((x) >> 4) ? 4 + BITNO_4((x) >> 4) : BITNO_4((x)))
3181 #define BITNO_4(x) (((x) >> 2) ? 2 + BITNO_2((x) >> 2) : BITNO_2((x)))
3182 #define BITNO_2(x) (((x) & 2) ? 1 : 0)
3183 uint32_t present, next_present;
3185 enum ieee80211_radiotap_type bit;
3188 for (present = presentflags; present; present = next_present) {
3190 * Clear the least significant bit that is set.
3192 next_present = present & (present - 1);
3195 * Get the bit number, within this presence word,
3196 * of the remaining least significant bit that
3199 bitno = BITNO_32(present ^ next_present);
3202 * Stop if this is one of the "same meaning
3203 * in all presence flags" bits.
3205 if (bitno >= IEEE80211_RADIOTAP_NAMESPACE)
3209 * Get the radiotap bit number of that bit.
3211 bit = (enum ieee80211_radiotap_type)(bit0 + bitno);
3213 rc = print_radiotap_field(ndo, s, bit, flags, presentflags);
3222 ieee802_11_radio_print(netdissect_options *ndo,
3223 const u_char *p, u_int length, u_int caplen)
3225 #define BIT(n) (1U << n)
3226 #define IS_EXTENDED(__p) \
3227 (GET_LE_U_4(__p) & BIT(IEEE80211_RADIOTAP_EXT)) != 0
3229 struct cpack_state cpacker;
3230 const struct ieee80211_radiotap_header *hdr;
3231 uint32_t presentflags;
3232 const nd_uint32_t *presentp, *last_presentp;
3233 int vendor_namespace;
3234 uint8_t vendor_oui[3];
3235 uint8_t vendor_subnamespace;
3236 uint16_t skip_length;
3243 ndo->ndo_protocol = "802.11_radio";
3244 if (caplen < sizeof(*hdr)) {
3245 nd_print_trunc(ndo);
3249 hdr = (const struct ieee80211_radiotap_header *)p;
3251 len = GET_LE_U_2(hdr->it_len);
3252 if (len < sizeof(*hdr)) {
3254 * The length is the length of the entire header, so
3255 * it must be as large as the fixed-length part of
3258 nd_print_trunc(ndo);
3263 * If we don't have the entire radiotap header, just give up.
3266 nd_print_trunc(ndo);
3269 nd_cpack_init(&cpacker, (const uint8_t *)hdr, len); /* align against header start */
3270 nd_cpack_advance(&cpacker, sizeof(*hdr)); /* includes the 1st bitmap */
3271 for (last_presentp = &hdr->it_present;
3272 (const u_char*)(last_presentp + 1) <= p + len &&
3273 IS_EXTENDED(last_presentp);
3275 nd_cpack_advance(&cpacker, sizeof(hdr->it_present)); /* more bitmaps */
3277 /* are there more bitmap extensions than bytes in header? */
3278 if ((const u_char*)(last_presentp + 1) > p + len) {
3279 nd_print_trunc(ndo);
3284 * Start out at the beginning of the default radiotap namespace.
3287 vendor_namespace = 0;
3288 memset(vendor_oui, 0, 3);
3289 vendor_subnamespace = 0;
3291 /* Assume no flags */
3293 /* Assume no Atheros padding between 802.11 header and body */
3295 /* Assume no FCS at end of frame */
3297 for (presentp = &hdr->it_present; presentp <= last_presentp;
3299 presentflags = GET_LE_U_4(presentp);
3302 * If this is a vendor namespace, we don't handle it.
3304 if (vendor_namespace) {
3306 * Skip past the stuff we don't understand.
3307 * If we add support for any vendor namespaces,
3308 * it'd be added here; use vendor_oui and
3309 * vendor_subnamespace to interpret the fields.
3311 if (nd_cpack_advance(&cpacker, skip_length) != 0) {
3313 * Ran out of space in the packet.
3319 * We've skipped it all; nothing more to
3324 if (print_in_radiotap_namespace(ndo, &cpacker,
3325 &flags, presentflags, bit0) != 0) {
3327 * Fatal error - can't process anything
3328 * more in the radiotap header.
3335 * Handle the namespace switch bits; we've already handled
3336 * the extension bit in all but the last word above.
3338 switch (presentflags &
3339 (BIT(IEEE80211_RADIOTAP_NAMESPACE)|BIT(IEEE80211_RADIOTAP_VENDOR_NAMESPACE))) {
3343 * We're not changing namespaces.
3344 * advance to the next 32 bits in the current
3350 case BIT(IEEE80211_RADIOTAP_NAMESPACE):
3352 * We're switching to the radiotap namespace.
3353 * Reset the presence-bitmap index to 0, and
3354 * reset the namespace to the default radiotap
3358 vendor_namespace = 0;
3359 memset(vendor_oui, 0, 3);
3360 vendor_subnamespace = 0;
3364 case BIT(IEEE80211_RADIOTAP_VENDOR_NAMESPACE):
3366 * We're switching to a vendor namespace.
3367 * Reset the presence-bitmap index to 0,
3368 * note that we're in a vendor namespace,
3369 * and fetch the fields of the Vendor Namespace
3373 vendor_namespace = 1;
3374 if ((nd_cpack_align_and_reserve(&cpacker, 2)) == NULL) {
3375 nd_print_trunc(ndo);
3378 if (nd_cpack_uint8(ndo, &cpacker, &vendor_oui[0]) != 0) {
3379 nd_print_trunc(ndo);
3382 if (nd_cpack_uint8(ndo, &cpacker, &vendor_oui[1]) != 0) {
3383 nd_print_trunc(ndo);
3386 if (nd_cpack_uint8(ndo, &cpacker, &vendor_oui[2]) != 0) {
3387 nd_print_trunc(ndo);
3390 if (nd_cpack_uint8(ndo, &cpacker, &vendor_subnamespace) != 0) {
3391 nd_print_trunc(ndo);
3394 if (nd_cpack_uint16(ndo, &cpacker, &skip_length) != 0) {
3395 nd_print_trunc(ndo);
3402 * Illegal combination. The behavior in this
3403 * case is undefined by the radiotap spec; we
3404 * just ignore both bits.
3410 if (flags & IEEE80211_RADIOTAP_F_DATAPAD)
3411 pad = 1; /* Atheros padding */
3412 if (flags & IEEE80211_RADIOTAP_F_FCS)
3413 fcslen = 4; /* FCS at end of packet */
3414 return len + ieee802_11_print(ndo, p + len, length - len, caplen - len, pad,
3425 ieee802_11_radio_avs_print(netdissect_options *ndo,
3426 const u_char *p, u_int length, u_int caplen)
3428 uint32_t caphdr_len;
3430 ndo->ndo_protocol = "802.11_radio_avs";
3432 nd_print_trunc(ndo);
3436 caphdr_len = GET_BE_U_4(p + 4);
3437 if (caphdr_len < 8) {
3439 * Yow! The capture header length is claimed not
3440 * to be large enough to include even the version
3441 * cookie or capture header length!
3443 nd_print_trunc(ndo);
3447 if (caplen < caphdr_len) {
3448 nd_print_trunc(ndo);
3452 return caphdr_len + ieee802_11_print(ndo, p + caphdr_len,
3453 length - caphdr_len, caplen - caphdr_len, 0, 0);
3456 #define PRISM_HDR_LEN 144
3458 #define WLANCAP_MAGIC_COOKIE_BASE 0x80211000
3459 #define WLANCAP_MAGIC_COOKIE_V1 0x80211001
3460 #define WLANCAP_MAGIC_COOKIE_V2 0x80211002
3463 * For DLT_PRISM_HEADER; like DLT_IEEE802_11, but with an extra header,
3464 * containing information such as radio information, which we
3467 * If, however, the packet begins with WLANCAP_MAGIC_COOKIE_V1 or
3468 * WLANCAP_MAGIC_COOKIE_V2, it's really DLT_IEEE802_11_RADIO_AVS
3469 * (currently, on Linux, there's no ARPHRD_ type for
3470 * DLT_IEEE802_11_RADIO_AVS, as there is a ARPHRD_IEEE80211_PRISM
3471 * for DLT_PRISM_HEADER, so ARPHRD_IEEE80211_PRISM is used for
3472 * the AVS header, and the first 4 bytes of the header are used to
3473 * indicate whether it's a Prism header or an AVS header).
3476 prism_if_print(netdissect_options *ndo,
3477 const struct pcap_pkthdr *h, const u_char *p)
3479 u_int caplen = h->caplen;
3480 u_int length = h->len;
3483 ndo->ndo_protocol = "prism";
3485 nd_print_trunc(ndo);
3486 ndo->ndo_ll_hdr_len += caplen;
3490 msgcode = GET_BE_U_4(p);
3491 if (msgcode == WLANCAP_MAGIC_COOKIE_V1 ||
3492 msgcode == WLANCAP_MAGIC_COOKIE_V2) {
3493 ndo->ndo_ll_hdr_len += ieee802_11_radio_avs_print(ndo, p, length, caplen);
3497 if (caplen < PRISM_HDR_LEN) {
3498 nd_print_trunc(ndo);
3499 ndo->ndo_ll_hdr_len += caplen;
3504 length -= PRISM_HDR_LEN;
3505 caplen -= PRISM_HDR_LEN;
3506 ndo->ndo_ll_hdr_len += PRISM_HDR_LEN;
3507 ndo->ndo_ll_hdr_len += ieee802_11_print(ndo, p, length, caplen, 0, 0);
3511 * For DLT_IEEE802_11_RADIO; like DLT_IEEE802_11, but with an extra
3512 * header, containing information such as radio information.
3515 ieee802_11_radio_if_print(netdissect_options *ndo,
3516 const struct pcap_pkthdr *h, const u_char *p)
3518 ndo->ndo_protocol = "802.11_radio";
3519 ndo->ndo_ll_hdr_len += ieee802_11_radio_print(ndo, p, h->len, h->caplen);
3523 * For DLT_IEEE802_11_RADIO_AVS; like DLT_IEEE802_11, but with an
3524 * extra header, containing information such as radio information,
3525 * which we currently ignore.
3528 ieee802_11_radio_avs_if_print(netdissect_options *ndo,
3529 const struct pcap_pkthdr *h, const u_char *p)
3531 ndo->ndo_protocol = "802.11_radio_avs";
3532 ndo->ndo_ll_hdr_len += ieee802_11_radio_avs_print(ndo, p, h->len, h->caplen);