1ff66a890SHiten Pandya.\" 2ff66a890SHiten Pandya.\" Copyright (c) 2004 Bruce M. Simpson <bms@spc.org>, 3ff66a890SHiten Pandya.\" Darron Broad <darron@kewl.org>, 4ff66a890SHiten Pandya.\" David Young <dyoung@pobox.com>. 5ff66a890SHiten Pandya.\" All rights reserved. 6ff66a890SHiten Pandya.\" 7ff66a890SHiten Pandya.\" Redistribution and use in source and binary forms, with or without 8ff66a890SHiten Pandya.\" modification, are permitted provided that the following conditions 9ff66a890SHiten Pandya.\" are met: 10ff66a890SHiten Pandya.\" 1. Redistributions of source code must retain the above copyright 11ff66a890SHiten Pandya.\" notice, this list of conditions and the following disclaimer. 12ff66a890SHiten Pandya.\" 2. Redistributions in binary form must reproduce the above copyright 13ff66a890SHiten Pandya.\" notice, this list of conditions and the following disclaimer in the 14ff66a890SHiten Pandya.\" documentation and/or other materials provided with the distribution. 15ff66a890SHiten Pandya.\" 16ff66a890SHiten Pandya.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 17ff66a890SHiten Pandya.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18ff66a890SHiten Pandya.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19ff66a890SHiten Pandya.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 20ff66a890SHiten Pandya.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21ff66a890SHiten Pandya.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22ff66a890SHiten Pandya.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23ff66a890SHiten Pandya.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24ff66a890SHiten Pandya.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25ff66a890SHiten Pandya.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26ff66a890SHiten Pandya.\" SUCH DAMAGE. 27ff66a890SHiten Pandya.\" 28*e4c06619SSascha Wildner.\" $FreeBSD: head/share/man/man9/ieee80211_radiotap.9 267936 2014-06-26 21:44:30Z bapt $ 29ff66a890SHiten Pandya.\" 30*e4c06619SSascha Wildner.Dd May 25, 2016 31ff66a890SHiten Pandya.Dt IEEE80211_RADIOTAP 9 32ff66a890SHiten Pandya.Os 33ff66a890SHiten Pandya.Sh NAME 34ff66a890SHiten Pandya.Nm ieee80211_radiotap 3505ac2d0dSSascha Wildner.Nd 802.11 device packet capture support 36ff66a890SHiten Pandya.Sh SYNOPSIS 377d9c9280SSascha Wildner.In net/if.h 387d9c9280SSascha Wildner.In net/if_media.h 39737edb20SSascha Wildner.In netproto/802_11/ieee80211_var.h 40ff66a890SHiten Pandya.\" 4105ac2d0dSSascha Wildner.Pp 4205ac2d0dSSascha Wildner.Ft void 4305ac2d0dSSascha Wildner.Fo ieee80211_radiotap_attach 4405ac2d0dSSascha Wildner.Fa "struct ieee80211com *" 4505ac2d0dSSascha Wildner.Fa "struct ieee80211_radiotap_header *th" 4605ac2d0dSSascha Wildner.Fa "int tlen" 4705ac2d0dSSascha Wildner.Fa "uint32_t tx_radiotap" 4805ac2d0dSSascha Wildner.Fa "struct ieee80211_radiotap_header *rh" 4905ac2d0dSSascha Wildner.Fa "int rlen" 5005ac2d0dSSascha Wildner.Fa "uint32_t rx_radiotap" 5105ac2d0dSSascha Wildner.Fc 5205ac2d0dSSascha Wildner.\" 5305ac2d0dSSascha Wildner.Ft int 5405ac2d0dSSascha Wildner.Fn ieee80211_radiotap_active_vap "struct ieee80211vap *" 5505ac2d0dSSascha Wildner.\" 5605ac2d0dSSascha Wildner.Ft int 5705ac2d0dSSascha Wildner.Fn ieee80211_radiotap_active "struct ieee80211com *" 5805ac2d0dSSascha Wildner.\" 5905ac2d0dSSascha Wildner.Ft void 6005ac2d0dSSascha Wildner.Fn ieee80211_radiotap_tx "struct ieee80211vap *" "struct mbuf *" 61ff66a890SHiten Pandya.Sh DESCRIPTION 62ff66a890SHiten PandyaThe 6305ac2d0dSSascha Wildner.Nm net80211 6405ac2d0dSSascha Wildnerlayer used by 802.11 drivers includes support for a device-independent 6505ac2d0dSSascha Wildnerpacket capture format called 6605ac2d0dSSascha Wildner.Nm radiotap 6705ac2d0dSSascha Wildnerthat is understood by tools such as 6805ac2d0dSSascha Wildner.Xr tcpdump 1 . 6905ac2d0dSSascha WildnerThis facility is designed for capturing 802.11 traffic, 7005ac2d0dSSascha Wildnerincluding information that is not part of the normal 802.11 frame structure. 71ff66a890SHiten Pandya.Pp 7205ac2d0dSSascha WildnerRadiotap was designed to balance the desire for a hardware-independent, 7305ac2d0dSSascha Wildnerextensible capture format against the need to 7405ac2d0dSSascha Wildnerconserve CPU and memory bandwidth on embedded systems. 7505ac2d0dSSascha WildnerThese considerations led to a format consisting of 76ff66a890SHiten Pandyaa standard preamble followed by an extensible bitmap indicating the 77ff66a890SHiten Pandyapresence of optional capture fields. 7805ac2d0dSSascha WildnerA 7905ac2d0dSSascha Wildner.Nm net80211 8005ac2d0dSSascha Wildnerdevice driver supporting 8105ac2d0dSSascha Wildner.Vt radiotap 8205ac2d0dSSascha Wildnerdefines two packed structures that it shares with 8305ac2d0dSSascha Wildner.Nm net80211 . 8405ac2d0dSSascha WildnerThese structures embed an instance of a 8505ac2d0dSSascha Wildner.Vt ieee80211_radiotap_header 8605ac2d0dSSascha Wildnerstructure at the beginning, 8705ac2d0dSSascha Wildnerwith subsequent fields in the appropriate order, 8805ac2d0dSSascha Wildnerand macros to set the bits of the 8905ac2d0dSSascha Wildner.Va it_present 9005ac2d0dSSascha Wildnerbitmap to indicate which fields exist and are filled in by the driver. 9105ac2d0dSSascha WildnerThis information is then supplied through the 9205ac2d0dSSascha Wildner.Fn ieee80211_radiotap_attach 9305ac2d0dSSascha Wildnercall after a successful 9405ac2d0dSSascha Wildner.Fn ieee80211_ifattach 9505ac2d0dSSascha Wildnerrequest. 96ff66a890SHiten Pandya.Pp 9705ac2d0dSSascha WildnerWith radiotap setup, drivers just need to fill in per-packet 9805ac2d0dSSascha Wildnercapture state for frames sent/received and dispatch capture state 9905ac2d0dSSascha Wildnerin the transmit path (since control is not returned to the 10005ac2d0dSSascha Wildner.Nm net80211 10105ac2d0dSSascha Wildnerlayer before the packet is handed to the device). 10205ac2d0dSSascha WildnerTo minimize overhead this work should be done only when one 10305ac2d0dSSascha Wildneror more processes are actively capturing data; 10405ac2d0dSSascha Wildnerthis is checked with one of 10505ac2d0dSSascha Wildner.Fn ieee80211_radiotap_active_vap 10605ac2d0dSSascha Wildnerand 10705ac2d0dSSascha Wildner.Fn ieee80211_radiotap_active . 10805ac2d0dSSascha WildnerIn the transmit path capture work looks like this: 109ff66a890SHiten Pandya.Bd -literal -offset indent 11005ac2d0dSSascha Wildnerif (ieee80211_radiotap_active_vap(vap)) { 11105ac2d0dSSascha Wildner ... /* record transmit state */ 11205ac2d0dSSascha Wildner ieee80211_radiotap_tx(vap, m); /* capture transmit event */ 11305ac2d0dSSascha Wildner} 11405ac2d0dSSascha Wildner.Ed 11505ac2d0dSSascha Wildner.Pp 11605ac2d0dSSascha WildnerWhile in the receive path capture is handled in 11705ac2d0dSSascha Wildner.Nm net80211 11805ac2d0dSSascha Wildnerbut state must be captured before dispatching a frame: 11905ac2d0dSSascha Wildner.Bd -literal -offset indent 12005ac2d0dSSascha Wildnerif (ieee80211_radiotap_active(ic)) { 12105ac2d0dSSascha Wildner ... /* record receive state */ 12205ac2d0dSSascha Wildner} 12305ac2d0dSSascha Wildner\&... 12405ac2d0dSSascha Wildnerieee80211_input(...); /* packet capture handled in net80211 */ 125ff66a890SHiten Pandya.Ed 126ff66a890SHiten Pandya.Pp 127ff66a890SHiten Pandya.\" 12805ac2d0dSSascha WildnerThe following fields are defined for 129ff66a890SHiten Pandya.Vt radiotap , 13005ac2d0dSSascha Wildnerin the order in which they should appear in the buffer supplied 13105ac2d0dSSascha Wildnerto 13205ac2d0dSSascha Wildner.Nm net80211 . 133ff66a890SHiten Pandya.Bl -tag -width indent 134ff66a890SHiten Pandya.It Dv IEEE80211_RADIOTAP_TSFT 135ff66a890SHiten PandyaThis field contains the unsigned 64-bit value, in microseconds, 13605ac2d0dSSascha Wildnerof the MAC's 802.11 Time Synchronization Function (TSF). 13705ac2d0dSSascha WildnerIn theory, for each received frame, this value is recorded 138ff66a890SHiten Pandyawhen the first bit of the MPDU arrived at the MAC. 13905ac2d0dSSascha WildnerIn practice, hardware snapshots the TSF otherwise and one cannot assume 14005ac2d0dSSascha Wildnerthis data is accurate without driver adjustment. 141ff66a890SHiten Pandya.It Dv IEEE80211_RADIOTAP_FLAGS 14205ac2d0dSSascha WildnerThis field contains a single unsigned 8-bit value, containing one or 14305ac2d0dSSascha Wildnermore of these bit flags: 14405ac2d0dSSascha Wildner.Bl -tag -width indent 14505ac2d0dSSascha Wildner.It Dv IEEE80211_RADIOTAP_F_CFP 14605ac2d0dSSascha WildnerFrame was sent/received during the Contention Free Period (CFP). 14705ac2d0dSSascha Wildner.It Dv IEEE80211_RADIOTAP_F_SHORTPRE 14805ac2d0dSSascha WildnerFrame was sent/received with short preamble. 14905ac2d0dSSascha Wildner.It Dv IEEE80211_RADIOTAP_F_WEP 15005ac2d0dSSascha WildnerFrame was encrypted. 15105ac2d0dSSascha Wildner.It Dv IEEE80211_RADIOTAP_F_FRAG 15205ac2d0dSSascha WildnerFrame was an 802.11 fragment. 15305ac2d0dSSascha Wildner.It Dv IEEE80211_RADIOTAP_F_FCS 15405ac2d0dSSascha WildnerFrame contents includes the FCS. 15505ac2d0dSSascha Wildner.It Dv IEEE80211_RADIOTAP_F_DATAPAD 15605ac2d0dSSascha WildnerFrame contents potentially has padding between the 802.11 header and the 15705ac2d0dSSascha Wildnerdata payload to align the payload to a 32-bit boundary. 15805ac2d0dSSascha Wildner.It Dv IEEE80211_RADIOTAP_F_BADFCS 15905ac2d0dSSascha WildnerFrame was received with an invalid FCS. 16005ac2d0dSSascha Wildner.It Dv IEEE80211_RADIOTAP_F_SHORTGI 16105ac2d0dSSascha WildnerFrame was sent/received with Short Guard Interval. 16205ac2d0dSSascha Wildner.El 163ff66a890SHiten Pandya.It Dv IEEE80211_RADIOTAP_RATE 16405ac2d0dSSascha WildnerThis field contains a single unsigned 8-bit value that is the data rate. 16505ac2d0dSSascha WildnerLegacy rates are in units of 500Kbps. 16605ac2d0dSSascha WildnerMCS rates (used on 802.11n/HT channels) have the high bit set and 16705ac2d0dSSascha Wildnerthe MCS in the low 7 bits. 168ff66a890SHiten Pandya.It Dv IEEE80211_RADIOTAP_CHANNEL 169ff66a890SHiten PandyaThis field contains two unsigned 16-bit values. 17005ac2d0dSSascha WildnerThe first value is the center frequency for the channel 17105ac2d0dSSascha Wildnerthe frame was sent/received on. 17205ac2d0dSSascha WildnerThe second value is a bitmap containing flags that specify channel properties. 17305ac2d0dSSascha Wildner.Pp 17405ac2d0dSSascha WildnerThis field is deprecated in favor of 17505ac2d0dSSascha Wildner.Dv IEEE80211_RADIOTAP_XCHANNEL 17605ac2d0dSSascha Wildnerbut may be used to save space in the capture file for legacy devices. 17705ac2d0dSSascha Wildner.\".It Dv IEEE80211_RADIOTAP_FHSS 17805ac2d0dSSascha Wildner.\"This field contains two 8-bit values. 17905ac2d0dSSascha Wildner.\"This field should be present only for frequency-hopping radios. 18005ac2d0dSSascha Wildner.\"The first byte is the hop set. 18105ac2d0dSSascha Wildner.\"The second byte is the pattern in use. 182ff66a890SHiten Pandya.It Dv IEEE80211_RADIOTAP_DBM_ANTSIGNAL 18305ac2d0dSSascha WildnerThis field contains a single signed 8-bit value that indicates the 184ff66a890SHiten PandyaRF signal power at the antenna, in decibels difference from 1mW. 185ff66a890SHiten Pandya.It Dv IEEE80211_RADIOTAP_DBM_ANTNOISE 18605ac2d0dSSascha WildnerThis field contains a single signed 8-bit value that indicates the 187ff66a890SHiten PandyaRF noise power at the antenna, in decibels difference from 1mW. 18805ac2d0dSSascha Wildner.\".It Dv IEEE80211_RADIOTAP_LOCK_QUALITY 18905ac2d0dSSascha Wildner.\"This field contains a single unsigned 16-bit value, indicating the 19005ac2d0dSSascha Wildner.\"quality of the Barker Code lock. 19105ac2d0dSSascha Wildner.\"No unit is specified for this field. 19205ac2d0dSSascha Wildner.\"There does not appear to be a standard way of measuring this at this time; 19305ac2d0dSSascha Wildner.\"this quantity is often referred to as 19405ac2d0dSSascha Wildner.\".Dq "Signal Quality" 19505ac2d0dSSascha Wildner.\"in some datasheets. 19605ac2d0dSSascha Wildner.\".It Dv IEEE80211_RADIOTAP_TX_ATTENUATION 19705ac2d0dSSascha Wildner.\"This field contains a single unsigned 16-bit value, expressing transmit 19805ac2d0dSSascha Wildner.\"power as unitless distance from maximum power set at factory calibration. 19905ac2d0dSSascha Wildner.\"0 indicates maximum transmit power. 20005ac2d0dSSascha Wildner.\"Monotonically nondecreasing with lower power levels. 20105ac2d0dSSascha Wildner.\".It Dv IEEE80211_RADIOTAP_DB_TX_ATTENUATION 20205ac2d0dSSascha Wildner.\"This field contains a single unsigned 16-bit value, expressing transmit 20305ac2d0dSSascha Wildner.\"power as decibel distance from maximum power set at factory calibration. 20405ac2d0dSSascha Wildner.\"0 indicates maximum transmit power. 20505ac2d0dSSascha Wildner.\"Monotonically nondecreasing with lower power levels. 206ff66a890SHiten Pandya.It Dv IEEE80211_RADIOTAP_DBM_TX_POWER 207ff66a890SHiten PandyaTransmit power expressed as decibels from a 1mW reference. 208ff66a890SHiten PandyaThis field is a single signed 8-bit value. 209ff66a890SHiten PandyaThis is the absolute power level measured at the antenna port. 210ff66a890SHiten Pandya.It Dv IEEE80211_RADIOTAP_ANTENNA 21105ac2d0dSSascha WildnerThis field contains a single unsigned 8-bit value that specifies 21205ac2d0dSSascha Wildnerwhich antenna was used to transmit or receive the frame. 21305ac2d0dSSascha WildnerAntenna numbering is device-specific but typically the primary antenna has 21405ac2d0dSSascha Wildnerthe lowest number. 21505ac2d0dSSascha WildnerOn transmit a value of zero may be seen which typically means 21605ac2d0dSSascha Wildnerantenna selection is left to the device. 217ff66a890SHiten Pandya.It Dv IEEE80211_RADIOTAP_DB_ANTSIGNAL 21805ac2d0dSSascha WildnerThis field contains a single unsigned 8-bit value that indicates the 219ff66a890SHiten PandyaRF signal power at the antenna, in decibels difference from an 220ff66a890SHiten Pandyaarbitrary, fixed reference. 221ff66a890SHiten Pandya.It Dv IEEE80211_RADIOTAP_DB_ANTNOISE 22205ac2d0dSSascha WildnerThis field contains a single unsigned 8-bit value that indicates the 223ff66a890SHiten PandyaRF noise power at the antenna, in decibels difference from an 224ff66a890SHiten Pandyaarbitrary, fixed reference. 22505ac2d0dSSascha Wildner.It Dv IEEE80211_RADIOTAP_XCHANNEL 22605ac2d0dSSascha WildnerThis field contains four values: a 32-bit unsigned bitmap of 22705ac2d0dSSascha Wildnerflags that describe the channel attributes, a 16-bit unsigned 22805ac2d0dSSascha Wildnerfrequency in MHz (typically the channel center), an 8-bit 22905ac2d0dSSascha Wildnerunsigned IEEE channel number, and a signed 8-bit value that 23005ac2d0dSSascha Wildnerholds the maximum regulatory transmit power cap in .5 dBm 23105ac2d0dSSascha Wildner(8 bytes total). 23205ac2d0dSSascha WildnerChannel flags are defined in: 233737edb20SSascha Wildner.In netproto/802_11/_ieee80211.h 23405ac2d0dSSascha Wildner(only a subset are found in 235737edb20SSascha Wildner.In netproto/802_11/ieee80211_radiotap.h ) . 23605ac2d0dSSascha WildnerThis property supersedes 23705ac2d0dSSascha Wildner.Dv IEEE80211_RADIOTAP_CHANNEL 23805ac2d0dSSascha Wildnerand is the only way to completely express all 23905ac2d0dSSascha Wildnerchannel attributes and the 24005ac2d0dSSascha Wildnermapping between channel frequency and IEEE channel number. 241ff66a890SHiten Pandya.El 242ff66a890SHiten Pandya.Sh EXAMPLES 24305ac2d0dSSascha WildnerRadiotap receive definitions for the Intersil Prism driver: 244ff66a890SHiten Pandya.Bd -literal -offset indent 24505ac2d0dSSascha Wildner#define WI_RX_RADIOTAP_PRESENT \\ 24605ac2d0dSSascha Wildner ((1 << IEEE80211_RADIOTAP_TSFT) \\ 24705ac2d0dSSascha Wildner (1 << IEEE80211_RADIOTAP_FLAGS) | \\ 24805ac2d0dSSascha Wildner (1 << IEEE80211_RADIOTAP_RATE) | \\ 24905ac2d0dSSascha Wildner (1 << IEEE80211_RADIOTAP_CHANNEL) | \\ 25005ac2d0dSSascha Wildner (1 << IEEE80211_RADIOTAP_DB_ANTSIGNAL) | \\ 25105ac2d0dSSascha Wildner (1 << IEEE80211_RADIOTAP_DB_ANTNOISE)) 25205ac2d0dSSascha Wildner 25305ac2d0dSSascha Wildnerstruct wi_rx_radiotap_header { 2541102a27eSSascha Wildner struct ieee80211_radiotap_header wr_ihdr; 25505ac2d0dSSascha Wildner uint64_t wr_tsf; 2561102a27eSSascha Wildner uint8_t wr_flags; 2571102a27eSSascha Wildner uint8_t wr_rate; 2581102a27eSSascha Wildner uint16_t wr_chan_freq; 2591102a27eSSascha Wildner uint16_t wr_chan_flags; 2601102a27eSSascha Wildner uint8_t wr_antsignal; 26105ac2d0dSSascha Wildner uint8_t wr_antnoise; 26205ac2d0dSSascha Wildner} __packed; 263ff66a890SHiten Pandya.Ed 264ff66a890SHiten Pandya.Pp 26505ac2d0dSSascha Wildnerand transmit definitions for the Atheros driver: 266ff66a890SHiten Pandya.Bd -literal -offset indent 26705ac2d0dSSascha Wildner#define ATH_TX_RADIOTAP_PRESENT ( \\ 26805ac2d0dSSascha Wildner (1 << IEEE80211_RADIOTAP_TSFT) | \\ 26905ac2d0dSSascha Wildner (1 << IEEE80211_RADIOTAP_FLAGS) | \\ 270ff66a890SHiten Pandya (1 << IEEE80211_RADIOTAP_RATE) | \\ 27105ac2d0dSSascha Wildner (1 << IEEE80211_RADIOTAP_DBM_TX_POWER) | \\ 27205ac2d0dSSascha Wildner (1 << IEEE80211_RADIOTAP_ANTENNA) | \\ 27305ac2d0dSSascha Wildner (1 << IEEE80211_RADIOTAP_XCHANNEL) | \\ 27405ac2d0dSSascha Wildner 0) 27505ac2d0dSSascha Wildner 27605ac2d0dSSascha Wildnerstruct ath_tx_radiotap_header { 27705ac2d0dSSascha Wildner struct ieee80211_radiotap_header wt_ihdr; 27805ac2d0dSSascha Wildner uint64_t wt_tsf; 27905ac2d0dSSascha Wildner uint8_t wt_flags; 28005ac2d0dSSascha Wildner uint8_t wt_rate; 28105ac2d0dSSascha Wildner uint8_t wt_txpower; 28205ac2d0dSSascha Wildner uint8_t wt_antenna; 28305ac2d0dSSascha Wildner uint32_t wt_chan_flags; 28405ac2d0dSSascha Wildner uint16_t wt_chan_freq; 28505ac2d0dSSascha Wildner uint8_t wt_chan_ieee; 28605ac2d0dSSascha Wildner int8_t wt_chan_maxpow; 28705ac2d0dSSascha Wildner} __packed; 288ff66a890SHiten Pandya.Ed 289ff66a890SHiten Pandya.Sh SEE ALSO 29005ac2d0dSSascha Wildner.Xr tcpdump 1 , 291ff66a890SHiten Pandya.Xr bpf 4 , 292ff66a890SHiten Pandya.Xr ieee80211 9 293ff66a890SHiten Pandya.Sh HISTORY 294ff66a890SHiten PandyaThe 295ff66a890SHiten Pandya.Nm 296ff66a890SHiten Pandyadefinitions first appeared in 29705ac2d0dSSascha Wildner.Nx 1.5 . 298ff66a890SHiten Pandya.\" 299ff66a890SHiten Pandya.Sh AUTHORS 300ff66a890SHiten Pandya.An -nosplit 30105ac2d0dSSascha WildnerThe original version of this manual page was written by 302c616d378SFranco Fichtner.An Bruce M. Simpson Aq Mt bms@FreeBSD.org 303ff66a890SHiten Pandyaand 304c616d378SFranco Fichtner.An Darron Broad Aq Mt darron@kewl.org . 305