4 * Fortress Technologies, Inc. All rights reserved.
5 * Charlie Lenahan (clenahan@fortresstech.com)
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that: (1) source code distributions
9 * retain the above copyright notice and this paragraph in its entirety, (2)
10 * distributions including binary code include the above copyright notice and
11 * this paragraph in its entirety in the documentation or other materials
12 * provided with the distribution, and (3) all advertising materials mentioning
13 * features or use of this software display the following acknowledgement:
14 * ``This product includes software developed by the University of California,
15 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
16 * the University nor the names of its contributors may be used to endorse
17 * or promote products derived from this software without specific prior
19 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
20 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
21 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
25 static const char rcsid[] _U_ =
26 "@(#) $Header: /tcpdump/master/tcpdump/print-802_11.c,v 1.31.2.15 2007/07/22 23:14:14 guy Exp $ (LBL)";
33 #include <tcpdump-stdinc.h>
39 #include "interface.h"
40 #include "addrtoname.h"
41 #include "ethertype.h"
47 #include "ieee802_11.h"
48 #include "ieee802_11_radio.h"
50 #define PRINT_SSID(p) \
51 switch (p.ssid_status) { \
56 fn_print(p.ssid.ssid, NULL); \
63 #define PRINT_RATE(_sep, _r, _suf) \
64 printf("%s%2.1f%s", _sep, (.5 * ((_r) & 0x7f)), _suf)
65 #define PRINT_RATES(p) \
66 switch (p.rates_status) { \
72 const char *sep = " ["; \
73 for (z = 0; z < p.rates.length ; z++) { \
74 PRINT_RATE(sep, p.rates.rate[z], \
75 (p.rates.rate[z] & 0x80 ? "*" : "")); \
78 if (p.rates.length != 0) \
86 #define PRINT_DS_CHANNEL(p) \
87 switch (p.ds_status) { \
91 printf(" CH: %u", p.ds.channel); \
97 CAPABILITY_PRIVACY(p.capability_info) ? ", PRIVACY" : "" );
99 static const int ieee80211_htrates[16] = {
100 13, /* IFM_IEEE80211_MCS0 */
101 26, /* IFM_IEEE80211_MCS1 */
102 39, /* IFM_IEEE80211_MCS2 */
103 52, /* IFM_IEEE80211_MCS3 */
104 78, /* IFM_IEEE80211_MCS4 */
105 104, /* IFM_IEEE80211_MCS5 */
106 117, /* IFM_IEEE80211_MCS6 */
107 130, /* IFM_IEEE80211_MCS7 */
108 26, /* IFM_IEEE80211_MCS8 */
109 52, /* IFM_IEEE80211_MCS9 */
110 78, /* IFM_IEEE80211_MCS10 */
111 104, /* IFM_IEEE80211_MCS11 */
112 156, /* IFM_IEEE80211_MCS12 */
113 208, /* IFM_IEEE80211_MCS13 */
114 234, /* IFM_IEEE80211_MCS14 */
115 260, /* IFM_IEEE80211_MCS15 */
117 #define PRINT_HT_RATE(_sep, _r, _suf) \
118 printf("%s%.1f%s", _sep, (.5 * ieee80211_htrates[(_r) & 0xf]), _suf)
120 static const char *auth_alg_text[]={"Open System","Shared Key","EAP"};
121 #define NUM_AUTH_ALGS (sizeof auth_alg_text / sizeof auth_alg_text[0])
123 static const char *status_text[] = {
125 "Unspecified failure", /* 1 */
134 "Cannot Support all requested capabilities in the Capability Information field", /* 10 */
135 "Reassociation denied due to inability to confirm that association exists", /* 11 */
136 "Association denied due to reason outside the scope of the standard", /* 12 */
137 "Responding station does not support the specified authentication algorithm ", /* 13 */
138 "Received an Authentication frame with authentication transaction " \
139 "sequence number out of expected sequence", /* 14 */
140 "Authentication rejected because of challenge failure", /* 15 */
141 "Authentication rejected due to timeout waiting for next frame in sequence", /* 16 */
142 "Association denied because AP is unable to handle additional associated stations", /* 17 */
143 "Association denied due to requesting station not supporting all of the " \
144 "data rates in BSSBasicRateSet parameter", /* 18 */
146 #define NUM_STATUSES (sizeof status_text / sizeof status_text[0])
148 static const char *reason_text[] = {
150 "Unspecified reason", /* 1 */
151 "Previous authentication no longer valid", /* 2 */
152 "Deauthenticated because sending station is leaving (or has left) IBSS or ESS", /* 3 */
153 "Disassociated due to inactivity", /* 4 */
154 "Disassociated because AP is unable to handle all currently associated stations", /* 5 */
155 "Class 2 frame received from nonauthenticated station", /* 6 */
156 "Class 3 frame received from nonassociated station", /* 7 */
157 "Disassociated because sending station is leaving (or has left) BSS", /* 8 */
158 "Station requesting (re)association is not authenticated with responding station", /* 9 */
160 #define NUM_REASONS (sizeof reason_text / sizeof reason_text[0])
163 wep_print(const u_char *p)
167 if (!TTEST2(*p, IEEE802_11_IV_LEN + IEEE802_11_KID_LEN))
169 iv = EXTRACT_LE_32BITS(p);
171 printf("Data IV:%3x Pad %x KeyID %x", IV_IV(iv), IV_PAD(iv),
178 parse_elements(struct mgmt_body_t *pbody, const u_char *p, int offset)
181 * We haven't seen any elements yet.
183 pbody->challenge_status = NOT_PRESENT;
184 pbody->ssid_status = NOT_PRESENT;
185 pbody->rates_status = NOT_PRESENT;
186 pbody->ds_status = NOT_PRESENT;
187 pbody->cf_status = NOT_PRESENT;
188 pbody->tim_status = NOT_PRESENT;
191 if (!TTEST2(*(p + offset), 1))
193 switch (*(p + offset)) {
195 /* Present, possibly truncated */
196 pbody->ssid_status = TRUNCATED;
197 if (!TTEST2(*(p + offset), 2))
199 memcpy(&pbody->ssid, p + offset, 2);
201 if (pbody->ssid.length != 0) {
202 if (pbody->ssid.length >
203 sizeof(pbody->ssid.ssid) - 1)
205 if (!TTEST2(*(p + offset), pbody->ssid.length))
207 memcpy(&pbody->ssid.ssid, p + offset,
209 offset += pbody->ssid.length;
211 pbody->ssid.ssid[pbody->ssid.length] = '\0';
212 /* Present and not truncated */
213 pbody->ssid_status = PRESENT;
216 /* Present, possibly truncated */
217 pbody->challenge_status = TRUNCATED;
218 if (!TTEST2(*(p + offset), 2))
220 memcpy(&pbody->challenge, p + offset, 2);
222 if (pbody->challenge.length != 0) {
223 if (pbody->challenge.length >
224 sizeof(pbody->challenge.text) - 1)
226 if (!TTEST2(*(p + offset), pbody->challenge.length))
228 memcpy(&pbody->challenge.text, p + offset,
229 pbody->challenge.length);
230 offset += pbody->challenge.length;
232 pbody->challenge.text[pbody->challenge.length] = '\0';
233 /* Present and not truncated */
234 pbody->challenge_status = PRESENT;
237 /* Present, possibly truncated */
238 pbody->rates_status = TRUNCATED;
239 if (!TTEST2(*(p + offset), 2))
241 memcpy(&(pbody->rates), p + offset, 2);
243 if (pbody->rates.length != 0) {
244 if (pbody->rates.length > sizeof pbody->rates.rate)
246 if (!TTEST2(*(p + offset), pbody->rates.length))
248 memcpy(&pbody->rates.rate, p + offset,
249 pbody->rates.length);
250 offset += pbody->rates.length;
252 /* Present and not truncated */
253 pbody->rates_status = PRESENT;
256 /* Present, possibly truncated */
257 pbody->ds_status = TRUNCATED;
258 if (!TTEST2(*(p + offset), 3))
260 memcpy(&pbody->ds, p + offset, 3);
262 /* Present and not truncated */
263 pbody->ds_status = PRESENT;
266 /* Present, possibly truncated */
267 pbody->cf_status = TRUNCATED;
268 if (!TTEST2(*(p + offset), 8))
270 memcpy(&pbody->cf, p + offset, 8);
272 /* Present and not truncated */
273 pbody->cf_status = PRESENT;
276 /* Present, possibly truncated */
277 pbody->tim_status = TRUNCATED;
278 if (!TTEST2(*(p + offset), 2))
280 memcpy(&pbody->tim, p + offset, 2);
282 if (!TTEST2(*(p + offset), 3))
284 memcpy(&pbody->tim.count, p + offset, 3);
287 if (pbody->tim.length <= 3)
289 if (pbody->tim.length - 3 > sizeof pbody->tim.bitmap)
291 if (!TTEST2(*(p + offset), pbody->tim.length - 3))
293 memcpy(pbody->tim.bitmap, p + (pbody->tim.length - 3),
294 (pbody->tim.length - 3));
295 offset += pbody->tim.length - 3;
296 /* Present and not truncated */
297 pbody->tim_status = PRESENT;
301 printf("(1) unhandled element_id (%d) ",
304 if (!TTEST2(*(p + offset), 2))
306 if (!TTEST2(*(p + offset + 2), *(p + offset + 1)))
308 offset += *(p + offset + 1) + 2;
314 /*********************************************************************************
315 * Print Handle functions for the management frame types
316 *********************************************************************************/
319 handle_beacon(const u_char *p)
321 struct mgmt_body_t pbody;
324 memset(&pbody, 0, sizeof(pbody));
326 if (!TTEST2(*p, IEEE802_11_TSTAMP_LEN + IEEE802_11_BCNINT_LEN +
327 IEEE802_11_CAPINFO_LEN))
329 memcpy(&pbody.timestamp, p, IEEE802_11_TSTAMP_LEN);
330 offset += IEEE802_11_TSTAMP_LEN;
331 pbody.beacon_interval = EXTRACT_LE_16BITS(p+offset);
332 offset += IEEE802_11_BCNINT_LEN;
333 pbody.capability_info = EXTRACT_LE_16BITS(p+offset);
334 offset += IEEE802_11_CAPINFO_LEN;
336 parse_elements(&pbody, p, offset);
341 CAPABILITY_ESS(pbody.capability_info) ? "ESS" : "IBSS");
342 PRINT_DS_CHANNEL(pbody);
348 handle_assoc_request(const u_char *p)
350 struct mgmt_body_t pbody;
353 memset(&pbody, 0, sizeof(pbody));
355 if (!TTEST2(*p, IEEE802_11_CAPINFO_LEN + IEEE802_11_LISTENINT_LEN))
357 pbody.capability_info = EXTRACT_LE_16BITS(p);
358 offset += IEEE802_11_CAPINFO_LEN;
359 pbody.listen_interval = EXTRACT_LE_16BITS(p+offset);
360 offset += IEEE802_11_LISTENINT_LEN;
362 parse_elements(&pbody, p, offset);
370 handle_assoc_response(const u_char *p)
372 struct mgmt_body_t pbody;
375 memset(&pbody, 0, sizeof(pbody));
377 if (!TTEST2(*p, IEEE802_11_CAPINFO_LEN + IEEE802_11_STATUS_LEN +
380 pbody.capability_info = EXTRACT_LE_16BITS(p);
381 offset += IEEE802_11_CAPINFO_LEN;
382 pbody.status_code = EXTRACT_LE_16BITS(p+offset);
383 offset += IEEE802_11_STATUS_LEN;
384 pbody.aid = EXTRACT_LE_16BITS(p+offset);
385 offset += IEEE802_11_AID_LEN;
387 parse_elements(&pbody, p, offset);
389 printf(" AID(%x) :%s: %s", ((u_int16_t)(pbody.aid << 2 )) >> 2 ,
390 CAPABILITY_PRIVACY(pbody.capability_info) ? " PRIVACY " : "",
391 (pbody.status_code < NUM_STATUSES
392 ? status_text[pbody.status_code]
399 handle_reassoc_request(const u_char *p)
401 struct mgmt_body_t pbody;
404 memset(&pbody, 0, sizeof(pbody));
406 if (!TTEST2(*p, IEEE802_11_CAPINFO_LEN + IEEE802_11_LISTENINT_LEN +
409 pbody.capability_info = EXTRACT_LE_16BITS(p);
410 offset += IEEE802_11_CAPINFO_LEN;
411 pbody.listen_interval = EXTRACT_LE_16BITS(p+offset);
412 offset += IEEE802_11_LISTENINT_LEN;
413 memcpy(&pbody.ap, p+offset, IEEE802_11_AP_LEN);
414 offset += IEEE802_11_AP_LEN;
416 parse_elements(&pbody, p, offset);
419 printf(" AP : %s", etheraddr_string( pbody.ap ));
425 handle_reassoc_response(const u_char *p)
427 /* Same as a Association Reponse */
428 return handle_assoc_response(p);
432 handle_probe_request(const u_char *p)
434 struct mgmt_body_t pbody;
437 memset(&pbody, 0, sizeof(pbody));
439 parse_elements(&pbody, p, offset);
448 handle_probe_response(const u_char *p)
450 struct mgmt_body_t pbody;
453 memset(&pbody, 0, sizeof(pbody));
455 if (!TTEST2(*p, IEEE802_11_TSTAMP_LEN + IEEE802_11_BCNINT_LEN +
456 IEEE802_11_CAPINFO_LEN))
459 memcpy(&pbody.timestamp, p, IEEE802_11_TSTAMP_LEN);
460 offset += IEEE802_11_TSTAMP_LEN;
461 pbody.beacon_interval = EXTRACT_LE_16BITS(p+offset);
462 offset += IEEE802_11_BCNINT_LEN;
463 pbody.capability_info = EXTRACT_LE_16BITS(p+offset);
464 offset += IEEE802_11_CAPINFO_LEN;
466 parse_elements(&pbody, p, offset);
470 PRINT_DS_CHANNEL(pbody);
478 /* the frame body for ATIM is null. */
483 handle_disassoc(const u_char *p)
485 struct mgmt_body_t pbody;
487 memset(&pbody, 0, sizeof(pbody));
489 if (!TTEST2(*p, IEEE802_11_REASON_LEN))
491 pbody.reason_code = EXTRACT_LE_16BITS(p);
494 (pbody.reason_code < NUM_REASONS)
495 ? reason_text[pbody.reason_code]
502 handle_auth(const u_char *p)
504 struct mgmt_body_t pbody;
507 memset(&pbody, 0, sizeof(pbody));
511 pbody.auth_alg = EXTRACT_LE_16BITS(p);
513 pbody.auth_trans_seq_num = EXTRACT_LE_16BITS(p + offset);
515 pbody.status_code = EXTRACT_LE_16BITS(p + offset);
518 parse_elements(&pbody, p, offset);
520 if ((pbody.auth_alg == 1) &&
521 ((pbody.auth_trans_seq_num == 2) ||
522 (pbody.auth_trans_seq_num == 3))) {
523 printf(" (%s)-%x [Challenge Text] %s",
524 (pbody.auth_alg < NUM_AUTH_ALGS)
525 ? auth_alg_text[pbody.auth_alg]
527 pbody.auth_trans_seq_num,
528 ((pbody.auth_trans_seq_num % 2)
529 ? ((pbody.status_code < NUM_STATUSES)
530 ? status_text[pbody.status_code]
534 printf(" (%s)-%x: %s",
535 (pbody.auth_alg < NUM_AUTH_ALGS)
536 ? auth_alg_text[pbody.auth_alg]
538 pbody.auth_trans_seq_num,
539 (pbody.auth_trans_seq_num % 2)
540 ? ((pbody.status_code < NUM_STATUSES)
541 ? status_text[pbody.status_code]
549 handle_deauth(const struct mgmt_header_t *pmh, const u_char *p)
551 struct mgmt_body_t pbody;
553 const char *reason = NULL;
555 memset(&pbody, 0, sizeof(pbody));
557 if (!TTEST2(*p, IEEE802_11_REASON_LEN))
559 pbody.reason_code = EXTRACT_LE_16BITS(p);
560 offset += IEEE802_11_REASON_LEN;
562 reason = (pbody.reason_code < NUM_REASONS)
563 ? reason_text[pbody.reason_code]
567 printf(": %s", reason);
569 printf(" (%s): %s", etheraddr_string(pmh->sa), reason);
575 /*********************************************************************************
577 *********************************************************************************/
581 mgmt_body_print(u_int16_t fc, const struct mgmt_header_t *pmh,
584 switch (FC_SUBTYPE(fc)) {
585 case ST_ASSOC_REQUEST:
586 printf("Assoc Request");
587 return handle_assoc_request(p);
588 case ST_ASSOC_RESPONSE:
589 printf("Assoc Response");
590 return handle_assoc_response(p);
591 case ST_REASSOC_REQUEST:
592 printf("ReAssoc Request");
593 return handle_reassoc_request(p);
594 case ST_REASSOC_RESPONSE:
595 printf("ReAssoc Response");
596 return handle_reassoc_response(p);
597 case ST_PROBE_REQUEST:
598 printf("Probe Request");
599 return handle_probe_request(p);
600 case ST_PROBE_RESPONSE:
601 printf("Probe Response");
602 return handle_probe_response(p);
605 return handle_beacon(p);
608 return handle_atim();
610 printf("Disassociation");
611 return handle_disassoc(p);
613 printf("Authentication");
616 if ((p[0] == 0 ) && (p[1] == 0) && (p[2] == 0)) {
617 printf("Authentication (Shared-Key)-3 ");
620 return handle_auth(p);
622 printf("DeAuthentication");
623 return handle_deauth(pmh, p);
626 printf("Unhandled Management subtype(%x)",
633 /*********************************************************************************
634 * Handles printing all the control frame types
635 *********************************************************************************/
638 ctrl_body_print(u_int16_t fc, const u_char *p)
640 switch (FC_SUBTYPE(fc)) {
643 if (!TTEST2(*p, CTRL_BAR_HDRLEN))
646 printf(" RA:%s TA:%s CTL(%x) SEQ(%u) ",
647 etheraddr_string(((const struct ctrl_bar_t *)p)->ra),
648 etheraddr_string(((const struct ctrl_bar_t *)p)->ta),
649 EXTRACT_LE_16BITS(&(((const struct ctrl_bar_t *)p)->ctl)),
650 EXTRACT_LE_16BITS(&(((const struct ctrl_bar_t *)p)->seq)));
653 printf("Power Save-Poll");
654 if (!TTEST2(*p, CTRL_PS_POLL_HDRLEN))
657 EXTRACT_LE_16BITS(&(((const struct ctrl_ps_poll_t *)p)->aid)));
660 printf("Request-To-Send");
661 if (!TTEST2(*p, CTRL_RTS_HDRLEN))
665 etheraddr_string(((const struct ctrl_rts_t *)p)->ta));
668 printf("Clear-To-Send");
669 if (!TTEST2(*p, CTRL_CTS_HDRLEN))
673 etheraddr_string(((const struct ctrl_cts_t *)p)->ra));
676 printf("Acknowledgment");
677 if (!TTEST2(*p, CTRL_ACK_HDRLEN))
681 etheraddr_string(((const struct ctrl_ack_t *)p)->ra));
685 if (!TTEST2(*p, CTRL_END_HDRLEN))
689 etheraddr_string(((const struct ctrl_end_t *)p)->ra));
692 printf("CF-End+CF-Ack");
693 if (!TTEST2(*p, CTRL_END_ACK_HDRLEN))
697 etheraddr_string(((const struct ctrl_end_ack_t *)p)->ra));
700 printf("Unknown Ctrl Subtype");
710 * Data Frame - Address field contents
712 * To Ds | From DS | Addr 1 | Addr 2 | Addr 3 | Addr 4
713 * 0 | 0 | DA | SA | BSSID | n/a
714 * 0 | 1 | DA | BSSID | SA | n/a
715 * 1 | 0 | BSSID | SA | DA | n/a
716 * 1 | 1 | RA | TA | DA | SA
720 data_header_print(u_int16_t fc, const u_char *p, const u_int8_t **srcp,
721 const u_int8_t **dstp)
723 u_int subtype = FC_SUBTYPE(fc);
725 if (DATA_FRAME_IS_CF_ACK(subtype) || DATA_FRAME_IS_CF_POLL(subtype) ||
726 DATA_FRAME_IS_QOS(subtype)) {
728 if (DATA_FRAME_IS_CF_ACK(subtype)) {
729 if (DATA_FRAME_IS_CF_POLL(subtype))
734 if (DATA_FRAME_IS_CF_POLL(subtype))
737 if (DATA_FRAME_IS_QOS(subtype))
742 #define ADDR1 (p + 4)
743 #define ADDR2 (p + 10)
744 #define ADDR3 (p + 16)
745 #define ADDR4 (p + 24)
747 if (!FC_TO_DS(fc) && !FC_FROM_DS(fc)) {
754 printf("DA:%s SA:%s BSSID:%s ",
755 etheraddr_string(ADDR1), etheraddr_string(ADDR2),
756 etheraddr_string(ADDR3));
757 } else if (!FC_TO_DS(fc) && FC_FROM_DS(fc)) {
764 printf("DA:%s BSSID:%s SA:%s ",
765 etheraddr_string(ADDR1), etheraddr_string(ADDR2),
766 etheraddr_string(ADDR3));
767 } else if (FC_TO_DS(fc) && !FC_FROM_DS(fc)) {
774 printf("BSSID:%s SA:%s DA:%s ",
775 etheraddr_string(ADDR1), etheraddr_string(ADDR2),
776 etheraddr_string(ADDR3));
777 } else if (FC_TO_DS(fc) && FC_FROM_DS(fc)) {
784 printf("RA:%s TA:%s DA:%s SA:%s ",
785 etheraddr_string(ADDR1), etheraddr_string(ADDR2),
786 etheraddr_string(ADDR3), etheraddr_string(ADDR4));
796 mgmt_header_print(const u_char *p, const u_int8_t **srcp,
797 const u_int8_t **dstp)
799 const struct mgmt_header_t *hp = (const struct mgmt_header_t *) p;
808 printf("BSSID:%s DA:%s SA:%s ",
809 etheraddr_string((hp)->bssid), etheraddr_string((hp)->da),
810 etheraddr_string((hp)->sa));
814 ctrl_header_print(u_int16_t fc, const u_char *p, const u_int8_t **srcp,
815 const u_int8_t **dstp)
824 switch (FC_SUBTYPE(fc)) {
826 printf(" RA:%s TA:%s CTL(%x) SEQ(%u) ",
827 etheraddr_string(((const struct ctrl_bar_t *)p)->ra),
828 etheraddr_string(((const struct ctrl_bar_t *)p)->ta),
829 EXTRACT_LE_16BITS(&(((const struct ctrl_bar_t *)p)->ctl)),
830 EXTRACT_LE_16BITS(&(((const struct ctrl_bar_t *)p)->seq)));
833 printf("BSSID:%s TA:%s ",
834 etheraddr_string(((const struct ctrl_ps_poll_t *)p)->bssid),
835 etheraddr_string(((const struct ctrl_ps_poll_t *)p)->ta));
838 printf("RA:%s TA:%s ",
839 etheraddr_string(((const struct ctrl_rts_t *)p)->ra),
840 etheraddr_string(((const struct ctrl_rts_t *)p)->ta));
844 etheraddr_string(((const struct ctrl_cts_t *)p)->ra));
848 etheraddr_string(((const struct ctrl_ack_t *)p)->ra));
851 printf("RA:%s BSSID:%s ",
852 etheraddr_string(((const struct ctrl_end_t *)p)->ra),
853 etheraddr_string(((const struct ctrl_end_t *)p)->bssid));
856 printf("RA:%s BSSID:%s ",
857 etheraddr_string(((const struct ctrl_end_ack_t *)p)->ra),
858 etheraddr_string(((const struct ctrl_end_ack_t *)p)->bssid));
861 printf("(H) Unknown Ctrl Subtype");
867 extract_header_length(u_int16_t fc)
871 switch (FC_TYPE(fc)) {
875 switch (FC_SUBTYPE(fc)) {
877 return CTRL_BAR_HDRLEN;
879 return CTRL_PS_POLL_HDRLEN;
881 return CTRL_RTS_HDRLEN;
883 return CTRL_CTS_HDRLEN;
885 return CTRL_ACK_HDRLEN;
887 return CTRL_END_HDRLEN;
889 return CTRL_END_ACK_HDRLEN;
894 len = (FC_TO_DS(fc) && FC_FROM_DS(fc)) ? 30 : 24;
895 if (DATA_FRAME_IS_QOS(FC_SUBTYPE(fc)))
899 printf("unknown IEEE802.11 frame type (%d)", FC_TYPE(fc));
905 * Print the 802.11 MAC header if eflag is set, and set "*srcp" and "*dstp"
906 * to point to the source and destination MAC addresses in any case if
907 * "srcp" and "dstp" aren't null.
910 ieee_802_11_hdr_print(u_int16_t fc, const u_char *p, const u_int8_t **srcp,
911 const u_int8_t **dstp)
914 if (FC_MORE_DATA(fc))
915 printf("More Data ");
916 if (FC_MORE_FLAG(fc))
917 printf("More Fragments ");
918 if (FC_POWER_MGMT(fc))
923 printf("Strictly Ordered ");
925 printf("WEP Encrypted ");
926 if (FC_TYPE(fc) != T_CTRL || FC_SUBTYPE(fc) != CTRL_PS_POLL)
929 &((const struct mgmt_header_t *)p)->duration));
932 switch (FC_TYPE(fc)) {
934 mgmt_header_print(p, srcp, dstp);
937 ctrl_header_print(fc, p, srcp, dstp);
940 data_header_print(fc, p, srcp, dstp);
943 printf("(header) unknown IEEE802.11 frame type (%d)",
952 #define roundup2(x, y) (((x)+((y)-1))&(~((y)-1))) /* if y is powers of two */
956 ieee802_11_print(const u_char *p, u_int length, u_int caplen, int pad)
960 const u_int8_t *src, *dst;
961 u_short extracted_ethertype;
963 if (caplen < IEEE802_11_FC_LEN) {
968 fc = EXTRACT_LE_16BITS(p);
969 hdrlen = extract_header_length(fc);
971 hdrlen = roundup2(hdrlen, 4);
973 if (caplen < hdrlen) {
978 ieee_802_11_hdr_print(fc, p, &src, &dst);
981 * Go past the 802.11 header.
987 switch (FC_TYPE(fc)) {
989 if (!mgmt_body_print(fc,
990 (const struct mgmt_header_t *)(p - hdrlen), p)) {
996 if (!ctrl_body_print(fc, p - hdrlen)) {
1002 if (DATA_FRAME_IS_NULL(FC_SUBTYPE(fc)))
1003 return hdrlen; /* no-data frame */
1004 /* There may be a problem w/ AP not having this bit set */
1006 if (!wep_print(p)) {
1007 printf("[|802.11]");
1010 } else if (llc_print(p, length, caplen, dst, src,
1011 &extracted_ethertype) == 0) {
1013 * Some kinds of LLC packet we cannot
1014 * handle intelligently
1017 ieee_802_11_hdr_print(fc, p - hdrlen, NULL,
1019 if (extracted_ethertype)
1022 htons(extracted_ethertype)));
1023 if (!suppress_default_print)
1024 default_print(p, caplen);
1028 printf("unknown 802.11 frame type (%d)", FC_TYPE(fc));
1036 * This is the top level routine of the printer. 'p' points
1037 * to the 802.11 header of the packet, 'h->ts' is the timestamp,
1038 * 'h->len' is the length of the packet off the wire, and 'h->caplen'
1039 * is the number of bytes actually captured.
1042 ieee802_11_if_print(const struct pcap_pkthdr *h, const u_char *p)
1044 return ieee802_11_print(p, h->len, h->caplen, 0);
1047 #define IEEE80211_CHAN_FHSS \
1048 (IEEE80211_CHAN_2GHZ | IEEE80211_CHAN_GFSK)
1049 #define IEEE80211_CHAN_A \
1050 (IEEE80211_CHAN_5GHZ | IEEE80211_CHAN_OFDM)
1051 #define IEEE80211_CHAN_B \
1052 (IEEE80211_CHAN_2GHZ | IEEE80211_CHAN_CCK)
1053 #define IEEE80211_CHAN_PUREG \
1054 (IEEE80211_CHAN_2GHZ | IEEE80211_CHAN_OFDM)
1055 #define IEEE80211_CHAN_G \
1056 (IEEE80211_CHAN_2GHZ | IEEE80211_CHAN_DYN)
1058 #define IS_CHAN_FHSS(flags) \
1059 ((flags & IEEE80211_CHAN_FHSS) == IEEE80211_CHAN_FHSS)
1060 #define IS_CHAN_A(flags) \
1061 ((flags & IEEE80211_CHAN_A) == IEEE80211_CHAN_A)
1062 #define IS_CHAN_B(flags) \
1063 ((flags & IEEE80211_CHAN_B) == IEEE80211_CHAN_B)
1064 #define IS_CHAN_PUREG(flags) \
1065 ((flags & IEEE80211_CHAN_PUREG) == IEEE80211_CHAN_PUREG)
1066 #define IS_CHAN_G(flags) \
1067 ((flags & IEEE80211_CHAN_G) == IEEE80211_CHAN_G)
1068 #define IS_CHAN_ANYG(flags) \
1069 (IS_CHAN_PUREG(flags) || IS_CHAN_G(flags))
1072 print_chaninfo(int freq, int flags)
1074 printf("%u MHz", freq);
1075 if (IS_CHAN_FHSS(flags))
1077 if (IS_CHAN_A(flags)) {
1078 if (flags & IEEE80211_CHAN_HALF)
1079 printf(" 11a/10Mhz");
1080 else if (flags & IEEE80211_CHAN_QUARTER)
1081 printf(" 11a/5Mhz");
1085 if (IS_CHAN_ANYG(flags)) {
1086 if (flags & IEEE80211_CHAN_HALF)
1087 printf(" 11g/10Mhz");
1088 else if (flags & IEEE80211_CHAN_QUARTER)
1089 printf(" 11g/5Mhz");
1092 } else if (IS_CHAN_B(flags))
1094 if (flags & IEEE80211_CHAN_TURBO)
1096 if (flags & IEEE80211_CHAN_HT20)
1098 else if (flags & IEEE80211_CHAN_HT40D)
1100 else if (flags & IEEE80211_CHAN_HT40U)
1106 print_radiotap_field(struct cpack_state *s, u_int32_t bit, int *pad)
1119 case IEEE80211_RADIOTAP_FLAGS:
1120 rc = cpack_uint8(s, &u.u8);
1121 if (u.u8 & IEEE80211_RADIOTAP_F_DATAPAD)
1124 case IEEE80211_RADIOTAP_RATE:
1125 case IEEE80211_RADIOTAP_DB_ANTSIGNAL:
1126 case IEEE80211_RADIOTAP_DB_ANTNOISE:
1127 case IEEE80211_RADIOTAP_ANTENNA:
1128 rc = cpack_uint8(s, &u.u8);
1130 case IEEE80211_RADIOTAP_DBM_ANTSIGNAL:
1131 case IEEE80211_RADIOTAP_DBM_ANTNOISE:
1132 rc = cpack_int8(s, &u.i8);
1134 case IEEE80211_RADIOTAP_CHANNEL:
1135 rc = cpack_uint16(s, &u.u16);
1138 rc = cpack_uint16(s, &u2.u16);
1140 case IEEE80211_RADIOTAP_FHSS:
1141 case IEEE80211_RADIOTAP_LOCK_QUALITY:
1142 case IEEE80211_RADIOTAP_TX_ATTENUATION:
1143 rc = cpack_uint16(s, &u.u16);
1145 case IEEE80211_RADIOTAP_DB_TX_ATTENUATION:
1146 rc = cpack_uint8(s, &u.u8);
1148 case IEEE80211_RADIOTAP_DBM_TX_POWER:
1149 rc = cpack_int8(s, &u.i8);
1151 case IEEE80211_RADIOTAP_TSFT:
1152 rc = cpack_uint64(s, &u.u64);
1154 case IEEE80211_RADIOTAP_XCHANNEL:
1155 rc = cpack_uint32(s, &u.u32);
1158 rc = cpack_uint16(s, &u2.u16);
1161 rc = cpack_uint8(s, &u3.u8);
1164 rc = cpack_uint8(s, &u4.u8);
1167 /* this bit indicates a field whose
1168 * size we do not know, so we cannot
1171 printf("[0x%08x] ", bit);
1176 printf("[|802.11]");
1181 case IEEE80211_RADIOTAP_CHANNEL:
1182 print_chaninfo(u.u16, u2.u16);
1184 case IEEE80211_RADIOTAP_FHSS:
1185 printf("fhset %d fhpat %d ", u.u16 & 0xff, (u.u16 >> 8) & 0xff);
1187 case IEEE80211_RADIOTAP_RATE:
1189 PRINT_HT_RATE("", u.u8, " Mb/s ");
1191 PRINT_RATE("", u.u8, " Mb/s ");
1193 case IEEE80211_RADIOTAP_DBM_ANTSIGNAL:
1194 printf("%ddB signal ", u.i8);
1196 case IEEE80211_RADIOTAP_DBM_ANTNOISE:
1197 printf("%ddB noise ", u.i8);
1199 case IEEE80211_RADIOTAP_DB_ANTSIGNAL:
1200 printf("%ddB signal ", u.u8);
1202 case IEEE80211_RADIOTAP_DB_ANTNOISE:
1203 printf("%ddB noise ", u.u8);
1205 case IEEE80211_RADIOTAP_LOCK_QUALITY:
1206 printf("%u sq ", u.u16);
1208 case IEEE80211_RADIOTAP_TX_ATTENUATION:
1209 printf("%d tx power ", -(int)u.u16);
1211 case IEEE80211_RADIOTAP_DB_TX_ATTENUATION:
1212 printf("%ddB tx power ", -(int)u.u8);
1214 case IEEE80211_RADIOTAP_DBM_TX_POWER:
1215 printf("%ddBm tx power ", u.i8);
1217 case IEEE80211_RADIOTAP_FLAGS:
1218 if (u.u8 & IEEE80211_RADIOTAP_F_CFP)
1220 if (u.u8 & IEEE80211_RADIOTAP_F_SHORTPRE)
1221 printf("short preamble ");
1222 if (u.u8 & IEEE80211_RADIOTAP_F_WEP)
1224 if (u.u8 & IEEE80211_RADIOTAP_F_FRAG)
1225 printf("fragmented ");
1226 if (u.u8 & IEEE80211_RADIOTAP_F_BADFCS)
1229 case IEEE80211_RADIOTAP_ANTENNA:
1230 printf("antenna %d ", u.u8);
1232 case IEEE80211_RADIOTAP_TSFT:
1233 printf("%" PRIu64 "us tsft ", u.u64);
1235 case IEEE80211_RADIOTAP_XCHANNEL:
1236 print_chaninfo(u2.u16, u.u32);
1243 ieee802_11_radio_print(const u_char *p, u_int length, u_int caplen)
1245 #define BITNO_32(x) (((x) >> 16) ? 16 + BITNO_16((x) >> 16) : BITNO_16((x)))
1246 #define BITNO_16(x) (((x) >> 8) ? 8 + BITNO_8((x) >> 8) : BITNO_8((x)))
1247 #define BITNO_8(x) (((x) >> 4) ? 4 + BITNO_4((x) >> 4) : BITNO_4((x)))
1248 #define BITNO_4(x) (((x) >> 2) ? 2 + BITNO_2((x) >> 2) : BITNO_2((x)))
1249 #define BITNO_2(x) (((x) & 2) ? 1 : 0)
1250 #define BIT(n) (1 << n)
1251 #define IS_EXTENDED(__p) \
1252 (EXTRACT_LE_32BITS(__p) & BIT(IEEE80211_RADIOTAP_EXT)) != 0
1254 struct cpack_state cpacker;
1255 struct ieee80211_radiotap_header *hdr;
1256 u_int32_t present, next_present;
1257 u_int32_t *presentp, *last_presentp;
1258 enum ieee80211_radiotap_type bit;
1264 if (caplen < sizeof(*hdr)) {
1265 printf("[|802.11]");
1269 hdr = (struct ieee80211_radiotap_header *)p;
1271 len = EXTRACT_LE_16BITS(&hdr->it_len);
1274 printf("[|802.11]");
1277 for (last_presentp = &hdr->it_present;
1278 IS_EXTENDED(last_presentp) &&
1279 (u_char*)(last_presentp + 1) <= p + len;
1282 /* are there more bitmap extensions than bytes in header? */
1283 if (IS_EXTENDED(last_presentp)) {
1284 printf("[|802.11]");
1288 iter = (u_char*)(last_presentp + 1);
1290 if (cpack_init(&cpacker, (u_int8_t*)iter, len - (iter - p)) != 0) {
1292 printf("[|802.11]");
1296 /* Assume no Atheros padding between 802.11 header and body */
1298 for (bit0 = 0, presentp = &hdr->it_present; presentp <= last_presentp;
1299 presentp++, bit0 += 32) {
1300 for (present = EXTRACT_LE_32BITS(presentp); present;
1301 present = next_present) {
1302 /* clear the least significant bit that is set */
1303 next_present = present & (present - 1);
1305 /* extract the least significant bit that is set */
1306 bit = (enum ieee80211_radiotap_type)
1307 (bit0 + BITNO_32(present ^ next_present));
1309 if (print_radiotap_field(&cpacker, bit, &pad) != 0)
1314 return len + ieee802_11_print(p + len, length - len, caplen - len, pad);
1324 ieee802_11_avs_radio_print(const u_char *p, u_int length, u_int caplen)
1326 u_int32_t caphdr_len;
1328 caphdr_len = EXTRACT_32BITS(p + 4);
1329 if (caphdr_len < 8) {
1331 * Yow! The capture header length is claimed not
1332 * to be large enough to include even the version
1333 * cookie or capture header length!
1335 printf("[|802.11]");
1339 if (caplen < caphdr_len) {
1340 printf("[|802.11]");
1344 return caphdr_len + ieee802_11_print(p + caphdr_len,
1345 length - caphdr_len, caplen - caphdr_len, 0);
1348 #define PRISM_HDR_LEN 144
1350 #define WLANCAP_MAGIC_COOKIE_V1 0x80211001
1353 * For DLT_PRISM_HEADER; like DLT_IEEE802_11, but with an extra header,
1354 * containing information such as radio information, which we
1357 * If, however, the packet begins with WLANCAP_MAGIC_COOKIE_V1, it's
1358 * really DLT_IEEE802_11_RADIO (currently, on Linux, there's no
1359 * ARPHRD_ type for DLT_IEEE802_11_RADIO, as there is a
1360 * ARPHRD_IEEE80211_PRISM for DLT_PRISM_HEADER, so
1361 * ARPHRD_IEEE80211_PRISM is used for DLT_IEEE802_11_RADIO, and
1362 * the first 4 bytes of the header are used to indicate which it is).
1365 prism_if_print(const struct pcap_pkthdr *h, const u_char *p)
1367 u_int caplen = h->caplen;
1368 u_int length = h->len;
1371 printf("[|802.11]");
1375 if (EXTRACT_32BITS(p) == WLANCAP_MAGIC_COOKIE_V1)
1376 return ieee802_11_avs_radio_print(p, length, caplen);
1378 if (caplen < PRISM_HDR_LEN) {
1379 printf("[|802.11]");
1383 return PRISM_HDR_LEN + ieee802_11_print(p + PRISM_HDR_LEN,
1384 length - PRISM_HDR_LEN, caplen - PRISM_HDR_LEN, 0);
1388 * For DLT_IEEE802_11_RADIO; like DLT_IEEE802_11, but with an extra
1389 * header, containing information such as radio information, which we
1393 ieee802_11_radio_if_print(const struct pcap_pkthdr *h, const u_char *p)
1395 u_int caplen = h->caplen;
1396 u_int length = h->len;
1399 printf("[|802.11]");
1403 return ieee802_11_radio_print(p, length, caplen);