1 /* 2 * Copyright (c) 2001 3 * Fortress Technologies, Inc. All rights reserved. 4 * Charlie Lenahan (clenahan@fortresstech.com) 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that: (1) source code distributions 8 * retain the above copyright notice and this paragraph in its entirety, (2) 9 * distributions including binary code include the above copyright notice and 10 * this paragraph in its entirety in the documentation or other materials 11 * provided with the distribution, and (3) all advertising materials mentioning 12 * features or use of this software display the following acknowledgement: 13 * ``This product includes software developed by the University of California, 14 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of 15 * the University nor the names of its contributors may be used to endorse 16 * or promote products derived from this software without specific prior 17 * written permission. 18 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 19 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 20 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 21 */ 22 23 #include <sys/cdefs.h> 24 #ifndef lint 25 #if 0 26 static const char rcsid[] _U_ = 27 "@(#) Header: /tcpdump/master/tcpdump/print-802_11.c,v 1.49 2007-12-29 23:25:02 guy Exp (LBL)"; 28 #else 29 __RCSID("$NetBSD: print-802_11.c,v 1.3 2013/04/06 19:33:08 christos Exp $"); 30 #endif 31 #endif 32 33 #ifdef HAVE_CONFIG_H 34 #include "config.h" 35 #endif 36 37 #include <tcpdump-stdinc.h> 38 39 #include <stdio.h> 40 #include <pcap.h> 41 #include <string.h> 42 43 #include "interface.h" 44 #include "addrtoname.h" 45 #include "ethertype.h" 46 47 #include "extract.h" 48 49 #include "cpack.h" 50 51 #include "ieee802_11.h" 52 #include "ieee802_11_radio.h" 53 54 /* Radiotap state */ 55 /* This is used to save state when parsing/processing parameters */ 56 struct radiotap_state 57 { 58 u_int32_t present; 59 60 u_int8_t rate; 61 }; 62 63 #define PRINT_SSID(p) \ 64 if (p.ssid_present) { \ 65 printf(" ("); \ 66 fn_print(p.ssid.ssid, NULL); \ 67 printf(")"); \ 68 } 69 70 #define PRINT_RATE(_sep, _r, _suf) \ 71 printf("%s%2.1f%s", _sep, (.5 * ((_r) & 0x7f)), _suf) 72 #define PRINT_RATES(p) \ 73 if (p.rates_present) { \ 74 int z; \ 75 const char *sep = " ["; \ 76 for (z = 0; z < p.rates.length ; z++) { \ 77 PRINT_RATE(sep, p.rates.rate[z], \ 78 (p.rates.rate[z] & 0x80 ? "*" : "")); \ 79 sep = " "; \ 80 } \ 81 if (p.rates.length != 0) \ 82 printf(" Mbit]"); \ 83 } 84 85 #define PRINT_DS_CHANNEL(p) \ 86 if (p.ds_present) \ 87 printf(" CH: %u", p.ds.channel); \ 88 printf("%s", \ 89 CAPABILITY_PRIVACY(p.capability_info) ? ", PRIVACY" : "" ); 90 91 #define MAX_MCS_INDEX 76 92 93 /* 94 * Indices are: 95 * 96 * the MCS index (0-76); 97 * 98 * 0 for 20 MHz, 1 for 40 MHz; 99 * 100 * 0 for a long guard interval, 1 for a short guard interval. 101 */ 102 static const float ieee80211_float_htrates[MAX_MCS_INDEX+1][2][2] = { 103 /* MCS 0 */ 104 { /* 20 Mhz */ { 6.5, /* SGI */ 7.2, }, 105 /* 40 Mhz */ { 13.5, /* SGI */ 15.0, }, 106 }, 107 108 /* MCS 1 */ 109 { /* 20 Mhz */ { 13.0, /* SGI */ 14.4, }, 110 /* 40 Mhz */ { 27.0, /* SGI */ 30.0, }, 111 }, 112 113 /* MCS 2 */ 114 { /* 20 Mhz */ { 19.5, /* SGI */ 21.7, }, 115 /* 40 Mhz */ { 40.5, /* SGI */ 45.0, }, 116 }, 117 118 /* MCS 3 */ 119 { /* 20 Mhz */ { 26.0, /* SGI */ 28.9, }, 120 /* 40 Mhz */ { 54.0, /* SGI */ 60.0, }, 121 }, 122 123 /* MCS 4 */ 124 { /* 20 Mhz */ { 39.0, /* SGI */ 43.3, }, 125 /* 40 Mhz */ { 81.0, /* SGI */ 90.0, }, 126 }, 127 128 /* MCS 5 */ 129 { /* 20 Mhz */ { 52.0, /* SGI */ 57.8, }, 130 /* 40 Mhz */ { 108.0, /* SGI */ 120.0, }, 131 }, 132 133 /* MCS 6 */ 134 { /* 20 Mhz */ { 58.5, /* SGI */ 65.0, }, 135 /* 40 Mhz */ { 121.5, /* SGI */ 135.0, }, 136 }, 137 138 /* MCS 7 */ 139 { /* 20 Mhz */ { 65.0, /* SGI */ 72.2, }, 140 /* 40 Mhz */ { 135.0, /* SGI */ 150.0, }, 141 }, 142 143 /* MCS 8 */ 144 { /* 20 Mhz */ { 13.0, /* SGI */ 14.4, }, 145 /* 40 Mhz */ { 27.0, /* SGI */ 30.0, }, 146 }, 147 148 /* MCS 9 */ 149 { /* 20 Mhz */ { 26.0, /* SGI */ 28.9, }, 150 /* 40 Mhz */ { 54.0, /* SGI */ 60.0, }, 151 }, 152 153 /* MCS 10 */ 154 { /* 20 Mhz */ { 39.0, /* SGI */ 43.3, }, 155 /* 40 Mhz */ { 81.0, /* SGI */ 90.0, }, 156 }, 157 158 /* MCS 11 */ 159 { /* 20 Mhz */ { 52.0, /* SGI */ 57.8, }, 160 /* 40 Mhz */ { 108.0, /* SGI */ 120.0, }, 161 }, 162 163 /* MCS 12 */ 164 { /* 20 Mhz */ { 78.0, /* SGI */ 86.7, }, 165 /* 40 Mhz */ { 162.0, /* SGI */ 180.0, }, 166 }, 167 168 /* MCS 13 */ 169 { /* 20 Mhz */ { 104.0, /* SGI */ 115.6, }, 170 /* 40 Mhz */ { 216.0, /* SGI */ 240.0, }, 171 }, 172 173 /* MCS 14 */ 174 { /* 20 Mhz */ { 117.0, /* SGI */ 130.0, }, 175 /* 40 Mhz */ { 243.0, /* SGI */ 270.0, }, 176 }, 177 178 /* MCS 15 */ 179 { /* 20 Mhz */ { 130.0, /* SGI */ 144.4, }, 180 /* 40 Mhz */ { 270.0, /* SGI */ 300.0, }, 181 }, 182 183 /* MCS 16 */ 184 { /* 20 Mhz */ { 19.5, /* SGI */ 21.7, }, 185 /* 40 Mhz */ { 40.5, /* SGI */ 45.0, }, 186 }, 187 188 /* MCS 17 */ 189 { /* 20 Mhz */ { 39.0, /* SGI */ 43.3, }, 190 /* 40 Mhz */ { 81.0, /* SGI */ 90.0, }, 191 }, 192 193 /* MCS 18 */ 194 { /* 20 Mhz */ { 58.5, /* SGI */ 65.0, }, 195 /* 40 Mhz */ { 121.5, /* SGI */ 135.0, }, 196 }, 197 198 /* MCS 19 */ 199 { /* 20 Mhz */ { 78.0, /* SGI */ 86.7, }, 200 /* 40 Mhz */ { 162.0, /* SGI */ 180.0, }, 201 }, 202 203 /* MCS 20 */ 204 { /* 20 Mhz */ { 117.0, /* SGI */ 130.0, }, 205 /* 40 Mhz */ { 243.0, /* SGI */ 270.0, }, 206 }, 207 208 /* MCS 21 */ 209 { /* 20 Mhz */ { 156.0, /* SGI */ 173.3, }, 210 /* 40 Mhz */ { 324.0, /* SGI */ 360.0, }, 211 }, 212 213 /* MCS 22 */ 214 { /* 20 Mhz */ { 175.5, /* SGI */ 195.0, }, 215 /* 40 Mhz */ { 364.5, /* SGI */ 405.0, }, 216 }, 217 218 /* MCS 23 */ 219 { /* 20 Mhz */ { 195.0, /* SGI */ 216.7, }, 220 /* 40 Mhz */ { 405.0, /* SGI */ 450.0, }, 221 }, 222 223 /* MCS 24 */ 224 { /* 20 Mhz */ { 26.0, /* SGI */ 28.9, }, 225 /* 40 Mhz */ { 54.0, /* SGI */ 60.0, }, 226 }, 227 228 /* MCS 25 */ 229 { /* 20 Mhz */ { 52.0, /* SGI */ 57.8, }, 230 /* 40 Mhz */ { 108.0, /* SGI */ 120.0, }, 231 }, 232 233 /* MCS 26 */ 234 { /* 20 Mhz */ { 78.0, /* SGI */ 86.7, }, 235 /* 40 Mhz */ { 162.0, /* SGI */ 180.0, }, 236 }, 237 238 /* MCS 27 */ 239 { /* 20 Mhz */ { 104.0, /* SGI */ 115.6, }, 240 /* 40 Mhz */ { 216.0, /* SGI */ 240.0, }, 241 }, 242 243 /* MCS 28 */ 244 { /* 20 Mhz */ { 156.0, /* SGI */ 173.3, }, 245 /* 40 Mhz */ { 324.0, /* SGI */ 360.0, }, 246 }, 247 248 /* MCS 29 */ 249 { /* 20 Mhz */ { 208.0, /* SGI */ 231.1, }, 250 /* 40 Mhz */ { 432.0, /* SGI */ 480.0, }, 251 }, 252 253 /* MCS 30 */ 254 { /* 20 Mhz */ { 234.0, /* SGI */ 260.0, }, 255 /* 40 Mhz */ { 486.0, /* SGI */ 540.0, }, 256 }, 257 258 /* MCS 31 */ 259 { /* 20 Mhz */ { 260.0, /* SGI */ 288.9, }, 260 /* 40 Mhz */ { 540.0, /* SGI */ 600.0, }, 261 }, 262 263 /* MCS 32 */ 264 { /* 20 Mhz */ { 0.0, /* SGI */ 0.0, }, /* not valid */ 265 /* 40 Mhz */ { 6.0, /* SGI */ 6.7, }, 266 }, 267 268 /* MCS 33 */ 269 { /* 20 Mhz */ { 39.0, /* SGI */ 43.3, }, 270 /* 40 Mhz */ { 81.0, /* SGI */ 90.0, }, 271 }, 272 273 /* MCS 34 */ 274 { /* 20 Mhz */ { 52.0, /* SGI */ 57.8, }, 275 /* 40 Mhz */ { 108.0, /* SGI */ 120.0, }, 276 }, 277 278 /* MCS 35 */ 279 { /* 20 Mhz */ { 65.0, /* SGI */ 72.2, }, 280 /* 40 Mhz */ { 135.0, /* SGI */ 150.0, }, 281 }, 282 283 /* MCS 36 */ 284 { /* 20 Mhz */ { 58.5, /* SGI */ 65.0, }, 285 /* 40 Mhz */ { 121.5, /* SGI */ 135.0, }, 286 }, 287 288 /* MCS 37 */ 289 { /* 20 Mhz */ { 78.0, /* SGI */ 86.7, }, 290 /* 40 Mhz */ { 162.0, /* SGI */ 180.0, }, 291 }, 292 293 /* MCS 38 */ 294 { /* 20 Mhz */ { 97.5, /* SGI */ 108.3, }, 295 /* 40 Mhz */ { 202.5, /* SGI */ 225.0, }, 296 }, 297 298 /* MCS 39 */ 299 { /* 20 Mhz */ { 52.0, /* SGI */ 57.8, }, 300 /* 40 Mhz */ { 108.0, /* SGI */ 120.0, }, 301 }, 302 303 /* MCS 40 */ 304 { /* 20 Mhz */ { 65.0, /* SGI */ 72.2, }, 305 /* 40 Mhz */ { 135.0, /* SGI */ 150.0, }, 306 }, 307 308 /* MCS 41 */ 309 { /* 20 Mhz */ { 65.0, /* SGI */ 72.2, }, 310 /* 40 Mhz */ { 135.0, /* SGI */ 150.0, }, 311 }, 312 313 /* MCS 42 */ 314 { /* 20 Mhz */ { 78.0, /* SGI */ 86.7, }, 315 /* 40 Mhz */ { 162.0, /* SGI */ 180.0, }, 316 }, 317 318 /* MCS 43 */ 319 { /* 20 Mhz */ { 91.0, /* SGI */ 101.1, }, 320 /* 40 Mhz */ { 189.0, /* SGI */ 210.0, }, 321 }, 322 323 /* MCS 44 */ 324 { /* 20 Mhz */ { 91.0, /* SGI */ 101.1, }, 325 /* 40 Mhz */ { 189.0, /* SGI */ 210.0, }, 326 }, 327 328 /* MCS 45 */ 329 { /* 20 Mhz */ { 104.0, /* SGI */ 115.6, }, 330 /* 40 Mhz */ { 216.0, /* SGI */ 240.0, }, 331 }, 332 333 /* MCS 46 */ 334 { /* 20 Mhz */ { 78.0, /* SGI */ 86.7, }, 335 /* 40 Mhz */ { 162.0, /* SGI */ 180.0, }, 336 }, 337 338 /* MCS 47 */ 339 { /* 20 Mhz */ { 97.5, /* SGI */ 108.3, }, 340 /* 40 Mhz */ { 202.5, /* SGI */ 225.0, }, 341 }, 342 343 /* MCS 48 */ 344 { /* 20 Mhz */ { 97.5, /* SGI */ 108.3, }, 345 /* 40 Mhz */ { 202.5, /* SGI */ 225.0, }, 346 }, 347 348 /* MCS 49 */ 349 { /* 20 Mhz */ { 117.0, /* SGI */ 130.0, }, 350 /* 40 Mhz */ { 243.0, /* SGI */ 270.0, }, 351 }, 352 353 /* MCS 50 */ 354 { /* 20 Mhz */ { 136.5, /* SGI */ 151.7, }, 355 /* 40 Mhz */ { 283.5, /* SGI */ 315.0, }, 356 }, 357 358 /* MCS 51 */ 359 { /* 20 Mhz */ { 136.5, /* SGI */ 151.7, }, 360 /* 40 Mhz */ { 283.5, /* SGI */ 315.0, }, 361 }, 362 363 /* MCS 52 */ 364 { /* 20 Mhz */ { 156.0, /* SGI */ 173.3, }, 365 /* 40 Mhz */ { 324.0, /* SGI */ 360.0, }, 366 }, 367 368 /* MCS 53 */ 369 { /* 20 Mhz */ { 65.0, /* SGI */ 72.2, }, 370 /* 40 Mhz */ { 135.0, /* SGI */ 150.0, }, 371 }, 372 373 /* MCS 54 */ 374 { /* 20 Mhz */ { 78.0, /* SGI */ 86.7, }, 375 /* 40 Mhz */ { 162.0, /* SGI */ 180.0, }, 376 }, 377 378 /* MCS 55 */ 379 { /* 20 Mhz */ { 91.0, /* SGI */ 101.1, }, 380 /* 40 Mhz */ { 189.0, /* SGI */ 210.0, }, 381 }, 382 383 /* MCS 56 */ 384 { /* 20 Mhz */ { 78.0, /* SGI */ 86.7, }, 385 /* 40 Mhz */ { 162.0, /* SGI */ 180.0, }, 386 }, 387 388 /* MCS 57 */ 389 { /* 20 Mhz */ { 91.0, /* SGI */ 101.1, }, 390 /* 40 Mhz */ { 189.0, /* SGI */ 210.0, }, 391 }, 392 393 /* MCS 58 */ 394 { /* 20 Mhz */ { 104.0, /* SGI */ 115.6, }, 395 /* 40 Mhz */ { 216.0, /* SGI */ 240.0, }, 396 }, 397 398 /* MCS 59 */ 399 { /* 20 Mhz */ { 117.0, /* SGI */ 130.0, }, 400 /* 40 Mhz */ { 243.0, /* SGI */ 270.0, }, 401 }, 402 403 /* MCS 60 */ 404 { /* 20 Mhz */ { 104.0, /* SGI */ 115.6, }, 405 /* 40 Mhz */ { 216.0, /* SGI */ 240.0, }, 406 }, 407 408 /* MCS 61 */ 409 { /* 20 Mhz */ { 117.0, /* SGI */ 130.0, }, 410 /* 40 Mhz */ { 243.0, /* SGI */ 270.0, }, 411 }, 412 413 /* MCS 62 */ 414 { /* 20 Mhz */ { 130.0, /* SGI */ 144.4, }, 415 /* 40 Mhz */ { 270.0, /* SGI */ 300.0, }, 416 }, 417 418 /* MCS 63 */ 419 { /* 20 Mhz */ { 130.0, /* SGI */ 144.4, }, 420 /* 40 Mhz */ { 270.0, /* SGI */ 300.0, }, 421 }, 422 423 /* MCS 64 */ 424 { /* 20 Mhz */ { 143.0, /* SGI */ 158.9, }, 425 /* 40 Mhz */ { 297.0, /* SGI */ 330.0, }, 426 }, 427 428 /* MCS 65 */ 429 { /* 20 Mhz */ { 97.5, /* SGI */ 108.3, }, 430 /* 40 Mhz */ { 202.5, /* SGI */ 225.0, }, 431 }, 432 433 /* MCS 66 */ 434 { /* 20 Mhz */ { 117.0, /* SGI */ 130.0, }, 435 /* 40 Mhz */ { 243.0, /* SGI */ 270.0, }, 436 }, 437 438 /* MCS 67 */ 439 { /* 20 Mhz */ { 136.5, /* SGI */ 151.7, }, 440 /* 40 Mhz */ { 283.5, /* SGI */ 315.0, }, 441 }, 442 443 /* MCS 68 */ 444 { /* 20 Mhz */ { 117.0, /* SGI */ 130.0, }, 445 /* 40 Mhz */ { 243.0, /* SGI */ 270.0, }, 446 }, 447 448 /* MCS 69 */ 449 { /* 20 Mhz */ { 136.5, /* SGI */ 151.7, }, 450 /* 40 Mhz */ { 283.5, /* SGI */ 315.0, }, 451 }, 452 453 /* MCS 70 */ 454 { /* 20 Mhz */ { 156.0, /* SGI */ 173.3, }, 455 /* 40 Mhz */ { 324.0, /* SGI */ 360.0, }, 456 }, 457 458 /* MCS 71 */ 459 { /* 20 Mhz */ { 175.5, /* SGI */ 195.0, }, 460 /* 40 Mhz */ { 364.5, /* SGI */ 405.0, }, 461 }, 462 463 /* MCS 72 */ 464 { /* 20 Mhz */ { 156.0, /* SGI */ 173.3, }, 465 /* 40 Mhz */ { 324.0, /* SGI */ 360.0, }, 466 }, 467 468 /* MCS 73 */ 469 { /* 20 Mhz */ { 175.5, /* SGI */ 195.0, }, 470 /* 40 Mhz */ { 364.5, /* SGI */ 405.0, }, 471 }, 472 473 /* MCS 74 */ 474 { /* 20 Mhz */ { 195.0, /* SGI */ 216.7, }, 475 /* 40 Mhz */ { 405.0, /* SGI */ 450.0, }, 476 }, 477 478 /* MCS 75 */ 479 { /* 20 Mhz */ { 195.0, /* SGI */ 216.7, }, 480 /* 40 Mhz */ { 405.0, /* SGI */ 450.0, }, 481 }, 482 483 /* MCS 76 */ 484 { /* 20 Mhz */ { 214.5, /* SGI */ 238.3, }, 485 /* 40 Mhz */ { 445.5, /* SGI */ 495.0, }, 486 }, 487 }; 488 489 static const char *auth_alg_text[]={"Open System","Shared Key","EAP"}; 490 #define NUM_AUTH_ALGS (sizeof auth_alg_text / sizeof auth_alg_text[0]) 491 492 static const char *status_text[] = { 493 "Successful", /* 0 */ 494 "Unspecified failure", /* 1 */ 495 "Reserved", /* 2 */ 496 "Reserved", /* 3 */ 497 "Reserved", /* 4 */ 498 "Reserved", /* 5 */ 499 "Reserved", /* 6 */ 500 "Reserved", /* 7 */ 501 "Reserved", /* 8 */ 502 "Reserved", /* 9 */ 503 "Cannot Support all requested capabilities in the Capability " 504 "Information field", /* 10 */ 505 "Reassociation denied due to inability to confirm that association " 506 "exists", /* 11 */ 507 "Association denied due to reason outside the scope of the " 508 "standard", /* 12 */ 509 "Responding station does not support the specified authentication " 510 "algorithm ", /* 13 */ 511 "Received an Authentication frame with authentication transaction " 512 "sequence number out of expected sequence", /* 14 */ 513 "Authentication rejected because of challenge failure", /* 15 */ 514 "Authentication rejected due to timeout waiting for next frame in " 515 "sequence", /* 16 */ 516 "Association denied because AP is unable to handle additional" 517 "associated stations", /* 17 */ 518 "Association denied due to requesting station not supporting all of " 519 "the data rates in BSSBasicRateSet parameter", /* 18 */ 520 "Association denied due to requesting station not supporting " 521 "short preamble operation", /* 19 */ 522 "Association denied due to requesting station not supporting " 523 "PBCC encoding", /* 20 */ 524 "Association denied due to requesting station not supporting " 525 "channel agility", /* 21 */ 526 "Association request rejected because Spectrum Management " 527 "capability is required", /* 22 */ 528 "Association request rejected because the information in the " 529 "Power Capability element is unacceptable", /* 23 */ 530 "Association request rejected because the information in the " 531 "Supported Channels element is unacceptable", /* 24 */ 532 "Association denied due to requesting station not supporting " 533 "short slot operation", /* 25 */ 534 "Association denied due to requesting station not supporting " 535 "DSSS-OFDM operation", /* 26 */ 536 "Association denied because the requested STA does not support HT " 537 "features", /* 27 */ 538 "Reserved", /* 28 */ 539 "Association denied because the requested STA does not support " 540 "the PCO transition time required by the AP", /* 29 */ 541 "Reserved", /* 30 */ 542 "Reserved", /* 31 */ 543 "Unspecified, QoS-related failure", /* 32 */ 544 "Association denied due to QAP having insufficient bandwidth " 545 "to handle another QSTA", /* 33 */ 546 "Association denied due to excessive frame loss rates and/or " 547 "poor conditions on current operating channel", /* 34 */ 548 "Association (with QBSS) denied due to requesting station not " 549 "supporting the QoS facility", /* 35 */ 550 "Association denied due to requesting station not supporting " 551 "Block Ack", /* 36 */ 552 "The request has been declined", /* 37 */ 553 "The request has not been successful as one or more parameters " 554 "have invalid values", /* 38 */ 555 "The TS has not been created because the request cannot be honored. " 556 "However, a suggested TSPEC is provided so that the initiating QSTA" 557 "may attempt to set another TS with the suggested changes to the " 558 "TSPEC", /* 39 */ 559 "Invalid Information Element", /* 40 */ 560 "Group Cipher is not valid", /* 41 */ 561 "Pairwise Cipher is not valid", /* 42 */ 562 "AKMP is not valid", /* 43 */ 563 "Unsupported RSN IE version", /* 44 */ 564 "Invalid RSN IE Capabilities", /* 45 */ 565 "Cipher suite is rejected per security policy", /* 46 */ 566 "The TS has not been created. However, the HC may be capable of " 567 "creating a TS, in response to a request, after the time indicated " 568 "in the TS Delay element", /* 47 */ 569 "Direct Link is not allowed in the BSS by policy", /* 48 */ 570 "Destination STA is not present within this QBSS.", /* 49 */ 571 "The Destination STA is not a QSTA.", /* 50 */ 572 573 }; 574 #define NUM_STATUSES (sizeof status_text / sizeof status_text[0]) 575 576 static const char *reason_text[] = { 577 "Reserved", /* 0 */ 578 "Unspecified reason", /* 1 */ 579 "Previous authentication no longer valid", /* 2 */ 580 "Deauthenticated because sending station is leaving (or has left) " 581 "IBSS or ESS", /* 3 */ 582 "Disassociated due to inactivity", /* 4 */ 583 "Disassociated because AP is unable to handle all currently " 584 " associated stations", /* 5 */ 585 "Class 2 frame received from nonauthenticated station", /* 6 */ 586 "Class 3 frame received from nonassociated station", /* 7 */ 587 "Disassociated because sending station is leaving " 588 "(or has left) BSS", /* 8 */ 589 "Station requesting (re)association is not authenticated with " 590 "responding station", /* 9 */ 591 "Disassociated because the information in the Power Capability " 592 "element is unacceptable", /* 10 */ 593 "Disassociated because the information in the SupportedChannels " 594 "element is unacceptable", /* 11 */ 595 "Invalid Information Element", /* 12 */ 596 "Reserved", /* 13 */ 597 "Michael MIC failure", /* 14 */ 598 "4-Way Handshake timeout", /* 15 */ 599 "Group key update timeout", /* 16 */ 600 "Information element in 4-Way Handshake different from (Re)Association" 601 "Request/Probe Response/Beacon", /* 17 */ 602 "Group Cipher is not valid", /* 18 */ 603 "AKMP is not valid", /* 20 */ 604 "Unsupported RSN IE version", /* 21 */ 605 "Invalid RSN IE Capabilities", /* 22 */ 606 "IEEE 802.1X Authentication failed", /* 23 */ 607 "Cipher suite is rejected per security policy", /* 24 */ 608 "Reserved", /* 25 */ 609 "Reserved", /* 26 */ 610 "Reserved", /* 27 */ 611 "Reserved", /* 28 */ 612 "Reserved", /* 29 */ 613 "Reserved", /* 30 */ 614 "TS deleted because QoS AP lacks sufficient bandwidth for this " 615 "QoS STA due to a change in BSS service characteristics or " 616 "operational mode (e.g. an HT BSS change from 40 MHz channel " 617 "to 20 MHz channel)", /* 31 */ 618 "Disassociated for unspecified, QoS-related reason", /* 32 */ 619 "Disassociated because QoS AP lacks sufficient bandwidth for this " 620 "QoS STA", /* 33 */ 621 "Disassociated because of excessive number of frames that need to be " 622 "acknowledged, but are not acknowledged for AP transmissions " 623 "and/or poor channel conditions", /* 34 */ 624 "Disassociated because STA is transmitting outside the limits " 625 "of its TXOPs", /* 35 */ 626 "Requested from peer STA as the STA is leaving the BSS " 627 "(or resetting)", /* 36 */ 628 "Requested from peer STA as it does not want to use the " 629 "mechanism", /* 37 */ 630 "Requested from peer STA as the STA received frames using the " 631 "mechanism for which a set up is required", /* 38 */ 632 "Requested from peer STA due to time out", /* 39 */ 633 "Reserved", /* 40 */ 634 "Reserved", /* 41 */ 635 "Reserved", /* 42 */ 636 "Reserved", /* 43 */ 637 "Reserved", /* 44 */ 638 "Peer STA does not support the requested cipher suite", /* 45 */ 639 "Association denied due to requesting STA not supporting HT " 640 "features", /* 46 */ 641 }; 642 #define NUM_REASONS (sizeof reason_text / sizeof reason_text[0]) 643 644 static int 645 wep_print(const u_char *p) 646 { 647 u_int32_t iv; 648 649 if (!TTEST2(*p, IEEE802_11_IV_LEN + IEEE802_11_KID_LEN)) 650 return 0; 651 iv = EXTRACT_LE_32BITS(p); 652 653 printf("Data IV:%3x Pad %x KeyID %x", IV_IV(iv), IV_PAD(iv), 654 IV_KEYID(iv)); 655 656 return 1; 657 } 658 659 static int 660 parse_elements(struct mgmt_body_t *pbody, const u_char *p, int offset, 661 u_int length) 662 { 663 u_int elementlen; 664 struct ssid_t ssid; 665 struct challenge_t challenge; 666 struct rates_t rates; 667 struct ds_t ds; 668 struct cf_t cf; 669 struct tim_t tim; 670 671 /* 672 * We haven't seen any elements yet. 673 */ 674 pbody->challenge_present = 0; 675 pbody->ssid_present = 0; 676 pbody->rates_present = 0; 677 pbody->ds_present = 0; 678 pbody->cf_present = 0; 679 pbody->tim_present = 0; 680 681 while (length != 0) { 682 if (!TTEST2(*(p + offset), 1)) 683 return 0; 684 if (length < 1) 685 return 0; 686 switch (*(p + offset)) { 687 case E_SSID: 688 if (!TTEST2(*(p + offset), 2)) 689 return 0; 690 if (length < 2) 691 return 0; 692 memcpy(&ssid, p + offset, 2); 693 offset += 2; 694 length -= 2; 695 if (ssid.length != 0) { 696 if (ssid.length > sizeof(ssid.ssid) - 1) 697 return 0; 698 if (!TTEST2(*(p + offset), ssid.length)) 699 return 0; 700 if (length < ssid.length) 701 return 0; 702 memcpy(&ssid.ssid, p + offset, ssid.length); 703 offset += ssid.length; 704 length -= ssid.length; 705 } 706 ssid.ssid[ssid.length] = '\0'; 707 /* 708 * Present and not truncated. 709 * 710 * If we haven't already seen an SSID IE, 711 * copy this one, otherwise ignore this one, 712 * so we later report the first one we saw. 713 */ 714 if (!pbody->ssid_present) { 715 pbody->ssid = ssid; 716 pbody->ssid_present = 1; 717 } 718 break; 719 case E_CHALLENGE: 720 if (!TTEST2(*(p + offset), 2)) 721 return 0; 722 if (length < 2) 723 return 0; 724 memcpy(&challenge, p + offset, 2); 725 offset += 2; 726 length -= 2; 727 if (challenge.length != 0) { 728 if (challenge.length > 729 sizeof(challenge.text) - 1) 730 return 0; 731 if (!TTEST2(*(p + offset), challenge.length)) 732 return 0; 733 if (length < challenge.length) 734 return 0; 735 memcpy(&challenge.text, p + offset, 736 challenge.length); 737 offset += challenge.length; 738 length -= challenge.length; 739 } 740 challenge.text[challenge.length] = '\0'; 741 /* 742 * Present and not truncated. 743 * 744 * If we haven't already seen a challenge IE, 745 * copy this one, otherwise ignore this one, 746 * so we later report the first one we saw. 747 */ 748 if (!pbody->challenge_present) { 749 pbody->challenge = challenge; 750 pbody->challenge_present = 1; 751 } 752 break; 753 case E_RATES: 754 if (!TTEST2(*(p + offset), 2)) 755 return 0; 756 if (length < 2) 757 return 0; 758 memcpy(&rates, p + offset, 2); 759 offset += 2; 760 length -= 2; 761 if (rates.length != 0) { 762 if (rates.length > sizeof rates.rate) 763 return 0; 764 if (!TTEST2(*(p + offset), rates.length)) 765 return 0; 766 if (length < rates.length) 767 return 0; 768 memcpy(&rates.rate, p + offset, rates.length); 769 offset += rates.length; 770 length -= rates.length; 771 } 772 /* 773 * Present and not truncated. 774 * 775 * If we haven't already seen a rates IE, 776 * copy this one if it's not zero-length, 777 * otherwise ignore this one, so we later 778 * report the first one we saw. 779 * 780 * We ignore zero-length rates IEs as some 781 * devices seem to put a zero-length rates 782 * IE, followed by an SSID IE, followed by 783 * a non-zero-length rates IE into frames, 784 * even though IEEE Std 802.11-2007 doesn't 785 * seem to indicate that a zero-length rates 786 * IE is valid. 787 */ 788 if (!pbody->rates_present && rates.length != 0) { 789 pbody->rates = rates; 790 pbody->rates_present = 1; 791 } 792 break; 793 case E_DS: 794 if (!TTEST2(*(p + offset), 3)) 795 return 0; 796 if (length < 3) 797 return 0; 798 memcpy(&ds, p + offset, 3); 799 offset += 3; 800 length -= 3; 801 /* 802 * Present and not truncated. 803 * 804 * If we haven't already seen a DS IE, 805 * copy this one, otherwise ignore this one, 806 * so we later report the first one we saw. 807 */ 808 if (!pbody->ds_present) { 809 pbody->ds = ds; 810 pbody->ds_present = 1; 811 } 812 break; 813 case E_CF: 814 if (!TTEST2(*(p + offset), 8)) 815 return 0; 816 if (length < 8) 817 return 0; 818 memcpy(&cf, p + offset, 8); 819 offset += 8; 820 length -= 8; 821 /* 822 * Present and not truncated. 823 * 824 * If we haven't already seen a CF IE, 825 * copy this one, otherwise ignore this one, 826 * so we later report the first one we saw. 827 */ 828 if (!pbody->cf_present) { 829 pbody->cf = cf; 830 pbody->cf_present = 1; 831 } 832 break; 833 case E_TIM: 834 if (!TTEST2(*(p + offset), 2)) 835 return 0; 836 if (length < 2) 837 return 0; 838 memcpy(&tim, p + offset, 2); 839 offset += 2; 840 length -= 2; 841 if (!TTEST2(*(p + offset), 3)) 842 return 0; 843 if (length < 3) 844 return 0; 845 memcpy(&tim.count, p + offset, 3); 846 offset += 3; 847 length -= 3; 848 849 if (tim.length <= 3) 850 break; 851 if (tim.length - 3 > (int)sizeof tim.bitmap) 852 return 0; 853 if (!TTEST2(*(p + offset), tim.length - 3)) 854 return 0; 855 if (length < (u_int)(tim.length - 3)) 856 return 0; 857 memcpy(tim.bitmap, p + (tim.length - 3), 858 (tim.length - 3)); 859 offset += tim.length - 3; 860 length -= tim.length - 3; 861 /* 862 * Present and not truncated. 863 * 864 * If we haven't already seen a TIM IE, 865 * copy this one, otherwise ignore this one, 866 * so we later report the first one we saw. 867 */ 868 if (!pbody->tim_present) { 869 pbody->tim = tim; 870 pbody->tim_present = 1; 871 } 872 break; 873 default: 874 #if 0 875 printf("(1) unhandled element_id (%d) ", 876 *(p + offset)); 877 #endif 878 if (!TTEST2(*(p + offset), 2)) 879 return 0; 880 if (length < 2) 881 return 0; 882 elementlen = *(p + offset + 1); 883 if (!TTEST2(*(p + offset + 2), elementlen)) 884 return 0; 885 if (length < elementlen + 2) 886 return 0; 887 offset += elementlen + 2; 888 length -= elementlen + 2; 889 break; 890 } 891 } 892 893 /* No problems found. */ 894 return 1; 895 } 896 897 /********************************************************************************* 898 * Print Handle functions for the management frame types 899 *********************************************************************************/ 900 901 static int 902 handle_beacon(const u_char *p, u_int length) 903 { 904 struct mgmt_body_t pbody; 905 int offset = 0; 906 int ret; 907 908 memset(&pbody, 0, sizeof(pbody)); 909 910 if (!TTEST2(*p, IEEE802_11_TSTAMP_LEN + IEEE802_11_BCNINT_LEN + 911 IEEE802_11_CAPINFO_LEN)) 912 return 0; 913 if (length < IEEE802_11_TSTAMP_LEN + IEEE802_11_BCNINT_LEN + 914 IEEE802_11_CAPINFO_LEN) 915 return 0; 916 memcpy(&pbody.timestamp, p, IEEE802_11_TSTAMP_LEN); 917 offset += IEEE802_11_TSTAMP_LEN; 918 length -= IEEE802_11_TSTAMP_LEN; 919 pbody.beacon_interval = EXTRACT_LE_16BITS(p+offset); 920 offset += IEEE802_11_BCNINT_LEN; 921 length -= IEEE802_11_BCNINT_LEN; 922 pbody.capability_info = EXTRACT_LE_16BITS(p+offset); 923 offset += IEEE802_11_CAPINFO_LEN; 924 length -= IEEE802_11_CAPINFO_LEN; 925 926 ret = parse_elements(&pbody, p, offset, length); 927 928 PRINT_SSID(pbody); 929 PRINT_RATES(pbody); 930 printf(" %s", 931 CAPABILITY_ESS(pbody.capability_info) ? "ESS" : "IBSS"); 932 PRINT_DS_CHANNEL(pbody); 933 934 return ret; 935 } 936 937 static int 938 handle_assoc_request(const u_char *p, u_int length) 939 { 940 struct mgmt_body_t pbody; 941 int offset = 0; 942 int ret; 943 944 memset(&pbody, 0, sizeof(pbody)); 945 946 if (!TTEST2(*p, IEEE802_11_CAPINFO_LEN + IEEE802_11_LISTENINT_LEN)) 947 return 0; 948 if (length < IEEE802_11_CAPINFO_LEN + IEEE802_11_LISTENINT_LEN) 949 return 0; 950 pbody.capability_info = EXTRACT_LE_16BITS(p); 951 offset += IEEE802_11_CAPINFO_LEN; 952 length -= IEEE802_11_CAPINFO_LEN; 953 pbody.listen_interval = EXTRACT_LE_16BITS(p+offset); 954 offset += IEEE802_11_LISTENINT_LEN; 955 length -= IEEE802_11_LISTENINT_LEN; 956 957 ret = parse_elements(&pbody, p, offset, length); 958 959 PRINT_SSID(pbody); 960 PRINT_RATES(pbody); 961 return ret; 962 } 963 964 static int 965 handle_assoc_response(const u_char *p, u_int length) 966 { 967 struct mgmt_body_t pbody; 968 int offset = 0; 969 int ret; 970 971 memset(&pbody, 0, sizeof(pbody)); 972 973 if (!TTEST2(*p, IEEE802_11_CAPINFO_LEN + IEEE802_11_STATUS_LEN + 974 IEEE802_11_AID_LEN)) 975 return 0; 976 if (length < IEEE802_11_CAPINFO_LEN + IEEE802_11_STATUS_LEN + 977 IEEE802_11_AID_LEN) 978 return 0; 979 pbody.capability_info = EXTRACT_LE_16BITS(p); 980 offset += IEEE802_11_CAPINFO_LEN; 981 length -= IEEE802_11_CAPINFO_LEN; 982 pbody.status_code = EXTRACT_LE_16BITS(p+offset); 983 offset += IEEE802_11_STATUS_LEN; 984 length -= IEEE802_11_STATUS_LEN; 985 pbody.aid = EXTRACT_LE_16BITS(p+offset); 986 offset += IEEE802_11_AID_LEN; 987 length -= IEEE802_11_AID_LEN; 988 989 ret = parse_elements(&pbody, p, offset, length); 990 991 printf(" AID(%x) :%s: %s", ((u_int16_t)(pbody.aid << 2 )) >> 2 , 992 CAPABILITY_PRIVACY(pbody.capability_info) ? " PRIVACY " : "", 993 (pbody.status_code < NUM_STATUSES 994 ? status_text[pbody.status_code] 995 : "n/a")); 996 997 return ret; 998 } 999 1000 static int 1001 handle_reassoc_request(const u_char *p, u_int length) 1002 { 1003 struct mgmt_body_t pbody; 1004 int offset = 0; 1005 int ret; 1006 1007 memset(&pbody, 0, sizeof(pbody)); 1008 1009 if (!TTEST2(*p, IEEE802_11_CAPINFO_LEN + IEEE802_11_LISTENINT_LEN + 1010 IEEE802_11_AP_LEN)) 1011 return 0; 1012 if (length < IEEE802_11_CAPINFO_LEN + IEEE802_11_LISTENINT_LEN + 1013 IEEE802_11_AP_LEN) 1014 return 0; 1015 pbody.capability_info = EXTRACT_LE_16BITS(p); 1016 offset += IEEE802_11_CAPINFO_LEN; 1017 length -= IEEE802_11_CAPINFO_LEN; 1018 pbody.listen_interval = EXTRACT_LE_16BITS(p+offset); 1019 offset += IEEE802_11_LISTENINT_LEN; 1020 length -= IEEE802_11_LISTENINT_LEN; 1021 memcpy(&pbody.ap, p+offset, IEEE802_11_AP_LEN); 1022 offset += IEEE802_11_AP_LEN; 1023 length -= IEEE802_11_AP_LEN; 1024 1025 ret = parse_elements(&pbody, p, offset, length); 1026 1027 PRINT_SSID(pbody); 1028 printf(" AP : %s", etheraddr_string( pbody.ap )); 1029 1030 return ret; 1031 } 1032 1033 static int 1034 handle_reassoc_response(const u_char *p, u_int length) 1035 { 1036 /* Same as a Association Reponse */ 1037 return handle_assoc_response(p, length); 1038 } 1039 1040 static int 1041 handle_probe_request(const u_char *p, u_int length) 1042 { 1043 struct mgmt_body_t pbody; 1044 int offset = 0; 1045 int ret; 1046 1047 memset(&pbody, 0, sizeof(pbody)); 1048 1049 ret = parse_elements(&pbody, p, offset, length); 1050 1051 PRINT_SSID(pbody); 1052 PRINT_RATES(pbody); 1053 1054 return ret; 1055 } 1056 1057 static int 1058 handle_probe_response(const u_char *p, u_int length) 1059 { 1060 struct mgmt_body_t pbody; 1061 int offset = 0; 1062 int ret; 1063 1064 memset(&pbody, 0, sizeof(pbody)); 1065 1066 if (!TTEST2(*p, IEEE802_11_TSTAMP_LEN + IEEE802_11_BCNINT_LEN + 1067 IEEE802_11_CAPINFO_LEN)) 1068 return 0; 1069 if (length < IEEE802_11_TSTAMP_LEN + IEEE802_11_BCNINT_LEN + 1070 IEEE802_11_CAPINFO_LEN) 1071 return 0; 1072 memcpy(&pbody.timestamp, p, IEEE802_11_TSTAMP_LEN); 1073 offset += IEEE802_11_TSTAMP_LEN; 1074 length -= IEEE802_11_TSTAMP_LEN; 1075 pbody.beacon_interval = EXTRACT_LE_16BITS(p+offset); 1076 offset += IEEE802_11_BCNINT_LEN; 1077 length -= IEEE802_11_BCNINT_LEN; 1078 pbody.capability_info = EXTRACT_LE_16BITS(p+offset); 1079 offset += IEEE802_11_CAPINFO_LEN; 1080 length -= IEEE802_11_CAPINFO_LEN; 1081 1082 ret = parse_elements(&pbody, p, offset, length); 1083 1084 PRINT_SSID(pbody); 1085 PRINT_RATES(pbody); 1086 PRINT_DS_CHANNEL(pbody); 1087 1088 return ret; 1089 } 1090 1091 static int 1092 handle_atim(void) 1093 { 1094 /* the frame body for ATIM is null. */ 1095 return 1; 1096 } 1097 1098 static int 1099 handle_disassoc(const u_char *p, u_int length) 1100 { 1101 struct mgmt_body_t pbody; 1102 1103 memset(&pbody, 0, sizeof(pbody)); 1104 1105 if (!TTEST2(*p, IEEE802_11_REASON_LEN)) 1106 return 0; 1107 if (length < IEEE802_11_REASON_LEN) 1108 return 0; 1109 pbody.reason_code = EXTRACT_LE_16BITS(p); 1110 1111 printf(": %s", 1112 (pbody.reason_code < NUM_REASONS) 1113 ? reason_text[pbody.reason_code] 1114 : "Reserved" ); 1115 1116 return 1; 1117 } 1118 1119 static int 1120 handle_auth(const u_char *p, u_int length) 1121 { 1122 struct mgmt_body_t pbody; 1123 int offset = 0; 1124 int ret; 1125 1126 memset(&pbody, 0, sizeof(pbody)); 1127 1128 if (!TTEST2(*p, 6)) 1129 return 0; 1130 if (length < 6) 1131 return 0; 1132 pbody.auth_alg = EXTRACT_LE_16BITS(p); 1133 offset += 2; 1134 length -= 2; 1135 pbody.auth_trans_seq_num = EXTRACT_LE_16BITS(p + offset); 1136 offset += 2; 1137 length -= 2; 1138 pbody.status_code = EXTRACT_LE_16BITS(p + offset); 1139 offset += 2; 1140 length -= 2; 1141 1142 ret = parse_elements(&pbody, p, offset, length); 1143 1144 if ((pbody.auth_alg == 1) && 1145 ((pbody.auth_trans_seq_num == 2) || 1146 (pbody.auth_trans_seq_num == 3))) { 1147 printf(" (%s)-%x [Challenge Text] %s", 1148 (pbody.auth_alg < NUM_AUTH_ALGS) 1149 ? auth_alg_text[pbody.auth_alg] 1150 : "Reserved", 1151 pbody.auth_trans_seq_num, 1152 ((pbody.auth_trans_seq_num % 2) 1153 ? ((pbody.status_code < NUM_STATUSES) 1154 ? status_text[pbody.status_code] 1155 : "n/a") : "")); 1156 return ret; 1157 } 1158 printf(" (%s)-%x: %s", 1159 (pbody.auth_alg < NUM_AUTH_ALGS) 1160 ? auth_alg_text[pbody.auth_alg] 1161 : "Reserved", 1162 pbody.auth_trans_seq_num, 1163 (pbody.auth_trans_seq_num % 2) 1164 ? ((pbody.status_code < NUM_STATUSES) 1165 ? status_text[pbody.status_code] 1166 : "n/a") 1167 : ""); 1168 1169 return ret; 1170 } 1171 1172 static int 1173 handle_deauth(const struct mgmt_header_t *pmh, const u_char *p, u_int length) 1174 { 1175 struct mgmt_body_t pbody; 1176 int offset = 0; 1177 const char *reason = NULL; 1178 1179 memset(&pbody, 0, sizeof(pbody)); 1180 1181 if (!TTEST2(*p, IEEE802_11_REASON_LEN)) 1182 return 0; 1183 if (length < IEEE802_11_REASON_LEN) 1184 return 0; 1185 pbody.reason_code = EXTRACT_LE_16BITS(p); 1186 offset += IEEE802_11_REASON_LEN; 1187 length -= IEEE802_11_REASON_LEN; 1188 1189 reason = (pbody.reason_code < NUM_REASONS) 1190 ? reason_text[pbody.reason_code] 1191 : "Reserved"; 1192 1193 if (eflag) { 1194 printf(": %s", reason); 1195 } else { 1196 printf(" (%s): %s", etheraddr_string(pmh->sa), reason); 1197 } 1198 return 1; 1199 } 1200 1201 #define PRINT_HT_ACTION(v) (\ 1202 (v) == 0 ? printf("TxChWidth") : \ 1203 (v) == 1 ? printf("MIMOPwrSave") : \ 1204 printf("Act#%d", (v)) \ 1205 ) 1206 #define PRINT_BA_ACTION(v) (\ 1207 (v) == 0 ? printf("ADDBA Request") : \ 1208 (v) == 1 ? printf("ADDBA Response") : \ 1209 (v) == 2 ? printf("DELBA") : \ 1210 printf("Act#%d", (v)) \ 1211 ) 1212 #define PRINT_MESHLINK_ACTION(v) (\ 1213 (v) == 0 ? printf("Request") : \ 1214 (v) == 1 ? printf("Report") : \ 1215 printf("Act#%d", (v)) \ 1216 ) 1217 #define PRINT_MESHPEERING_ACTION(v) (\ 1218 (v) == 0 ? printf("Open") : \ 1219 (v) == 1 ? printf("Confirm") : \ 1220 (v) == 2 ? printf("Close") : \ 1221 printf("Act#%d", (v)) \ 1222 ) 1223 #define PRINT_MESHPATH_ACTION(v) (\ 1224 (v) == 0 ? printf("Request") : \ 1225 (v) == 1 ? printf("Report") : \ 1226 (v) == 2 ? printf("Error") : \ 1227 (v) == 3 ? printf("RootAnnouncement") : \ 1228 printf("Act#%d", (v)) \ 1229 ) 1230 1231 static int 1232 handle_action(const struct mgmt_header_t *pmh, const u_char *p, u_int length) 1233 { 1234 if (!TTEST2(*p, 2)) 1235 return 0; 1236 if (length < 2) 1237 return 0; 1238 if (eflag) { 1239 printf(": "); 1240 } else { 1241 printf(" (%s): ", etheraddr_string(pmh->sa)); 1242 } 1243 switch (p[0]) { 1244 case 0: printf("Spectrum Management Act#%d", p[1]); break; 1245 case 1: printf("QoS Act#%d", p[1]); break; 1246 case 2: printf("DLS Act#%d", p[1]); break; 1247 case 3: printf("BA "); PRINT_BA_ACTION(p[1]); break; 1248 case 7: printf("HT "); PRINT_HT_ACTION(p[1]); break; 1249 case 13: printf("MeshLMetric "); PRINT_MESHLINK_ACTION(p[1]); break; 1250 case 15: printf("Interwork Act#%d", p[1]); break; 1251 case 16: printf("Resource Act#%d", p[1]); break; 1252 case 17: printf("Proxy Act#%d", p[1]); break; 1253 case 30: printf("MeshPeering "); PRINT_MESHPEERING_ACTION(p[1]); break; 1254 case 32: printf("MeshPath "); PRINT_MESHPATH_ACTION(p[1]); break; 1255 case 127: printf("Vendor Act#%d", p[1]); break; 1256 default: 1257 printf("Reserved(%d) Act#%d", p[0], p[1]); 1258 break; 1259 } 1260 return 1; 1261 } 1262 1263 1264 /********************************************************************************* 1265 * Print Body funcs 1266 *********************************************************************************/ 1267 1268 1269 static int 1270 mgmt_body_print(u_int16_t fc, const struct mgmt_header_t *pmh, 1271 const u_char *p, u_int length) 1272 { 1273 switch (FC_SUBTYPE(fc)) { 1274 case ST_ASSOC_REQUEST: 1275 printf("Assoc Request"); 1276 return handle_assoc_request(p, length); 1277 case ST_ASSOC_RESPONSE: 1278 printf("Assoc Response"); 1279 return handle_assoc_response(p, length); 1280 case ST_REASSOC_REQUEST: 1281 printf("ReAssoc Request"); 1282 return handle_reassoc_request(p, length); 1283 case ST_REASSOC_RESPONSE: 1284 printf("ReAssoc Response"); 1285 return handle_reassoc_response(p, length); 1286 case ST_PROBE_REQUEST: 1287 printf("Probe Request"); 1288 return handle_probe_request(p, length); 1289 case ST_PROBE_RESPONSE: 1290 printf("Probe Response"); 1291 return handle_probe_response(p, length); 1292 case ST_BEACON: 1293 printf("Beacon"); 1294 return handle_beacon(p, length); 1295 case ST_ATIM: 1296 printf("ATIM"); 1297 return handle_atim(); 1298 case ST_DISASSOC: 1299 printf("Disassociation"); 1300 return handle_disassoc(p, length); 1301 case ST_AUTH: 1302 printf("Authentication"); 1303 if (!TTEST2(*p, 3)) 1304 return 0; 1305 if ((p[0] == 0 ) && (p[1] == 0) && (p[2] == 0)) { 1306 printf("Authentication (Shared-Key)-3 "); 1307 return wep_print(p); 1308 } 1309 return handle_auth(p, length); 1310 case ST_DEAUTH: 1311 printf("DeAuthentication"); 1312 return handle_deauth(pmh, p, length); 1313 break; 1314 case ST_ACTION: 1315 printf("Action"); 1316 return handle_action(pmh, p, length); 1317 break; 1318 default: 1319 printf("Unhandled Management subtype(%x)", 1320 FC_SUBTYPE(fc)); 1321 return 1; 1322 } 1323 } 1324 1325 1326 /********************************************************************************* 1327 * Handles printing all the control frame types 1328 *********************************************************************************/ 1329 1330 static int 1331 ctrl_body_print(u_int16_t fc, const u_char *p) 1332 { 1333 switch (FC_SUBTYPE(fc)) { 1334 case CTRL_CONTROL_WRAPPER: 1335 printf("Control Wrapper"); 1336 /* XXX - requires special handling */ 1337 break; 1338 case CTRL_BAR: 1339 printf("BAR"); 1340 if (!TTEST2(*p, CTRL_BAR_HDRLEN)) 1341 return 0; 1342 if (!eflag) 1343 printf(" RA:%s TA:%s CTL(%x) SEQ(%u) ", 1344 etheraddr_string(((const struct ctrl_bar_t *)p)->ra), 1345 etheraddr_string(((const struct ctrl_bar_t *)p)->ta), 1346 EXTRACT_LE_16BITS(&(((const struct ctrl_bar_t *)p)->ctl)), 1347 EXTRACT_LE_16BITS(&(((const struct ctrl_bar_t *)p)->seq))); 1348 break; 1349 case CTRL_BA: 1350 printf("BA"); 1351 if (!TTEST2(*p, CTRL_BA_HDRLEN)) 1352 return 0; 1353 if (!eflag) 1354 printf(" RA:%s ", 1355 etheraddr_string(((const struct ctrl_ba_t *)p)->ra)); 1356 break; 1357 case CTRL_PS_POLL: 1358 printf("Power Save-Poll"); 1359 if (!TTEST2(*p, CTRL_PS_POLL_HDRLEN)) 1360 return 0; 1361 printf(" AID(%x)", 1362 EXTRACT_LE_16BITS(&(((const struct ctrl_ps_poll_t *)p)->aid))); 1363 break; 1364 case CTRL_RTS: 1365 printf("Request-To-Send"); 1366 if (!TTEST2(*p, CTRL_RTS_HDRLEN)) 1367 return 0; 1368 if (!eflag) 1369 printf(" TA:%s ", 1370 etheraddr_string(((const struct ctrl_rts_t *)p)->ta)); 1371 break; 1372 case CTRL_CTS: 1373 printf("Clear-To-Send"); 1374 if (!TTEST2(*p, CTRL_CTS_HDRLEN)) 1375 return 0; 1376 if (!eflag) 1377 printf(" RA:%s ", 1378 etheraddr_string(((const struct ctrl_cts_t *)p)->ra)); 1379 break; 1380 case CTRL_ACK: 1381 printf("Acknowledgment"); 1382 if (!TTEST2(*p, CTRL_ACK_HDRLEN)) 1383 return 0; 1384 if (!eflag) 1385 printf(" RA:%s ", 1386 etheraddr_string(((const struct ctrl_ack_t *)p)->ra)); 1387 break; 1388 case CTRL_CF_END: 1389 printf("CF-End"); 1390 if (!TTEST2(*p, CTRL_END_HDRLEN)) 1391 return 0; 1392 if (!eflag) 1393 printf(" RA:%s ", 1394 etheraddr_string(((const struct ctrl_end_t *)p)->ra)); 1395 break; 1396 case CTRL_END_ACK: 1397 printf("CF-End+CF-Ack"); 1398 if (!TTEST2(*p, CTRL_END_ACK_HDRLEN)) 1399 return 0; 1400 if (!eflag) 1401 printf(" RA:%s ", 1402 etheraddr_string(((const struct ctrl_end_ack_t *)p)->ra)); 1403 break; 1404 default: 1405 printf("Unknown Ctrl Subtype"); 1406 } 1407 return 1; 1408 } 1409 1410 /* 1411 * Print Header funcs 1412 */ 1413 1414 /* 1415 * Data Frame - Address field contents 1416 * 1417 * To Ds | From DS | Addr 1 | Addr 2 | Addr 3 | Addr 4 1418 * 0 | 0 | DA | SA | BSSID | n/a 1419 * 0 | 1 | DA | BSSID | SA | n/a 1420 * 1 | 0 | BSSID | SA | DA | n/a 1421 * 1 | 1 | RA | TA | DA | SA 1422 */ 1423 1424 static void 1425 data_header_print(u_int16_t fc, const u_char *p, const u_int8_t **srcp, 1426 const u_int8_t **dstp) 1427 { 1428 u_int subtype = FC_SUBTYPE(fc); 1429 1430 if (DATA_FRAME_IS_CF_ACK(subtype) || DATA_FRAME_IS_CF_POLL(subtype) || 1431 DATA_FRAME_IS_QOS(subtype)) { 1432 printf("CF "); 1433 if (DATA_FRAME_IS_CF_ACK(subtype)) { 1434 if (DATA_FRAME_IS_CF_POLL(subtype)) 1435 printf("Ack/Poll"); 1436 else 1437 printf("Ack"); 1438 } else { 1439 if (DATA_FRAME_IS_CF_POLL(subtype)) 1440 printf("Poll"); 1441 } 1442 if (DATA_FRAME_IS_QOS(subtype)) 1443 printf("+QoS"); 1444 printf(" "); 1445 } 1446 1447 #define ADDR1 (p + 4) 1448 #define ADDR2 (p + 10) 1449 #define ADDR3 (p + 16) 1450 #define ADDR4 (p + 24) 1451 1452 if (!FC_TO_DS(fc) && !FC_FROM_DS(fc)) { 1453 if (srcp != NULL) 1454 *srcp = ADDR2; 1455 if (dstp != NULL) 1456 *dstp = ADDR1; 1457 if (!eflag) 1458 return; 1459 printf("DA:%s SA:%s BSSID:%s ", 1460 etheraddr_string(ADDR1), etheraddr_string(ADDR2), 1461 etheraddr_string(ADDR3)); 1462 } else if (!FC_TO_DS(fc) && FC_FROM_DS(fc)) { 1463 if (srcp != NULL) 1464 *srcp = ADDR3; 1465 if (dstp != NULL) 1466 *dstp = ADDR1; 1467 if (!eflag) 1468 return; 1469 printf("DA:%s BSSID:%s SA:%s ", 1470 etheraddr_string(ADDR1), etheraddr_string(ADDR2), 1471 etheraddr_string(ADDR3)); 1472 } else if (FC_TO_DS(fc) && !FC_FROM_DS(fc)) { 1473 if (srcp != NULL) 1474 *srcp = ADDR2; 1475 if (dstp != NULL) 1476 *dstp = ADDR3; 1477 if (!eflag) 1478 return; 1479 printf("BSSID:%s SA:%s DA:%s ", 1480 etheraddr_string(ADDR1), etheraddr_string(ADDR2), 1481 etheraddr_string(ADDR3)); 1482 } else if (FC_TO_DS(fc) && FC_FROM_DS(fc)) { 1483 if (srcp != NULL) 1484 *srcp = ADDR4; 1485 if (dstp != NULL) 1486 *dstp = ADDR3; 1487 if (!eflag) 1488 return; 1489 printf("RA:%s TA:%s DA:%s SA:%s ", 1490 etheraddr_string(ADDR1), etheraddr_string(ADDR2), 1491 etheraddr_string(ADDR3), etheraddr_string(ADDR4)); 1492 } 1493 1494 #undef ADDR1 1495 #undef ADDR2 1496 #undef ADDR3 1497 #undef ADDR4 1498 } 1499 1500 static void 1501 mgmt_header_print(const u_char *p, const u_int8_t **srcp, 1502 const u_int8_t **dstp) 1503 { 1504 const struct mgmt_header_t *hp = (const struct mgmt_header_t *) p; 1505 1506 if (srcp != NULL) 1507 *srcp = hp->sa; 1508 if (dstp != NULL) 1509 *dstp = hp->da; 1510 if (!eflag) 1511 return; 1512 1513 printf("BSSID:%s DA:%s SA:%s ", 1514 etheraddr_string((hp)->bssid), etheraddr_string((hp)->da), 1515 etheraddr_string((hp)->sa)); 1516 } 1517 1518 static void 1519 ctrl_header_print(u_int16_t fc, const u_char *p, const u_int8_t **srcp, 1520 const u_int8_t **dstp) 1521 { 1522 if (srcp != NULL) 1523 *srcp = NULL; 1524 if (dstp != NULL) 1525 *dstp = NULL; 1526 if (!eflag) 1527 return; 1528 1529 switch (FC_SUBTYPE(fc)) { 1530 case CTRL_BAR: 1531 printf(" RA:%s TA:%s CTL(%x) SEQ(%u) ", 1532 etheraddr_string(((const struct ctrl_bar_t *)p)->ra), 1533 etheraddr_string(((const struct ctrl_bar_t *)p)->ta), 1534 EXTRACT_LE_16BITS(&(((const struct ctrl_bar_t *)p)->ctl)), 1535 EXTRACT_LE_16BITS(&(((const struct ctrl_bar_t *)p)->seq))); 1536 break; 1537 case CTRL_BA: 1538 printf("RA:%s ", 1539 etheraddr_string(((const struct ctrl_ba_t *)p)->ra)); 1540 break; 1541 case CTRL_PS_POLL: 1542 printf("BSSID:%s TA:%s ", 1543 etheraddr_string(((const struct ctrl_ps_poll_t *)p)->bssid), 1544 etheraddr_string(((const struct ctrl_ps_poll_t *)p)->ta)); 1545 break; 1546 case CTRL_RTS: 1547 printf("RA:%s TA:%s ", 1548 etheraddr_string(((const struct ctrl_rts_t *)p)->ra), 1549 etheraddr_string(((const struct ctrl_rts_t *)p)->ta)); 1550 break; 1551 case CTRL_CTS: 1552 printf("RA:%s ", 1553 etheraddr_string(((const struct ctrl_cts_t *)p)->ra)); 1554 break; 1555 case CTRL_ACK: 1556 printf("RA:%s ", 1557 etheraddr_string(((const struct ctrl_ack_t *)p)->ra)); 1558 break; 1559 case CTRL_CF_END: 1560 printf("RA:%s BSSID:%s ", 1561 etheraddr_string(((const struct ctrl_end_t *)p)->ra), 1562 etheraddr_string(((const struct ctrl_end_t *)p)->bssid)); 1563 break; 1564 case CTRL_END_ACK: 1565 printf("RA:%s BSSID:%s ", 1566 etheraddr_string(((const struct ctrl_end_ack_t *)p)->ra), 1567 etheraddr_string(((const struct ctrl_end_ack_t *)p)->bssid)); 1568 break; 1569 default: 1570 printf("(H) Unknown Ctrl Subtype"); 1571 break; 1572 } 1573 } 1574 1575 static int 1576 extract_header_length(u_int16_t fc) 1577 { 1578 int len; 1579 1580 switch (FC_TYPE(fc)) { 1581 case T_MGMT: 1582 return MGMT_HDRLEN; 1583 case T_CTRL: 1584 switch (FC_SUBTYPE(fc)) { 1585 case CTRL_BAR: 1586 return CTRL_BAR_HDRLEN; 1587 case CTRL_PS_POLL: 1588 return CTRL_PS_POLL_HDRLEN; 1589 case CTRL_RTS: 1590 return CTRL_RTS_HDRLEN; 1591 case CTRL_CTS: 1592 return CTRL_CTS_HDRLEN; 1593 case CTRL_ACK: 1594 return CTRL_ACK_HDRLEN; 1595 case CTRL_CF_END: 1596 return CTRL_END_HDRLEN; 1597 case CTRL_END_ACK: 1598 return CTRL_END_ACK_HDRLEN; 1599 default: 1600 return 0; 1601 } 1602 case T_DATA: 1603 len = (FC_TO_DS(fc) && FC_FROM_DS(fc)) ? 30 : 24; 1604 if (DATA_FRAME_IS_QOS(FC_SUBTYPE(fc))) 1605 len += 2; 1606 return len; 1607 default: 1608 printf("unknown IEEE802.11 frame type (%d)", FC_TYPE(fc)); 1609 return 0; 1610 } 1611 } 1612 1613 static int 1614 extract_mesh_header_length(const u_char *p) 1615 { 1616 return (p[0] &~ 3) ? 0 : 6*(1 + (p[0] & 3)); 1617 } 1618 1619 /* 1620 * Print the 802.11 MAC header if eflag is set, and set "*srcp" and "*dstp" 1621 * to point to the source and destination MAC addresses in any case if 1622 * "srcp" and "dstp" aren't null. 1623 */ 1624 static void 1625 ieee_802_11_hdr_print(u_int16_t fc, const u_char *p, u_int hdrlen, 1626 u_int meshdrlen, const u_int8_t **srcp, const u_int8_t **dstp) 1627 { 1628 if (vflag) { 1629 if (FC_MORE_DATA(fc)) 1630 printf("More Data "); 1631 if (FC_MORE_FLAG(fc)) 1632 printf("More Fragments "); 1633 if (FC_POWER_MGMT(fc)) 1634 printf("Pwr Mgmt "); 1635 if (FC_RETRY(fc)) 1636 printf("Retry "); 1637 if (FC_ORDER(fc)) 1638 printf("Strictly Ordered "); 1639 if (FC_WEP(fc)) 1640 printf("WEP Encrypted "); 1641 if (FC_TYPE(fc) != T_CTRL || FC_SUBTYPE(fc) != CTRL_PS_POLL) 1642 printf("%dus ", 1643 EXTRACT_LE_16BITS( 1644 &((const struct mgmt_header_t *)p)->duration)); 1645 } 1646 if (meshdrlen != 0) { 1647 const struct meshcntl_t *mc = 1648 (const struct meshcntl_t *)&p[hdrlen - meshdrlen]; 1649 int ae = mc->flags & 3; 1650 1651 printf("MeshData (AE %d TTL %u seq %u", ae, mc->ttl, 1652 EXTRACT_LE_32BITS(mc->seq)); 1653 if (ae > 0) 1654 printf(" A4:%s", etheraddr_string(mc->addr4)); 1655 if (ae > 1) 1656 printf(" A5:%s", etheraddr_string(mc->addr5)); 1657 if (ae > 2) 1658 printf(" A6:%s", etheraddr_string(mc->addr6)); 1659 printf(") "); 1660 } 1661 1662 switch (FC_TYPE(fc)) { 1663 case T_MGMT: 1664 mgmt_header_print(p, srcp, dstp); 1665 break; 1666 case T_CTRL: 1667 ctrl_header_print(fc, p, srcp, dstp); 1668 break; 1669 case T_DATA: 1670 data_header_print(fc, p, srcp, dstp); 1671 break; 1672 default: 1673 printf("(header) unknown IEEE802.11 frame type (%d)", 1674 FC_TYPE(fc)); 1675 *srcp = NULL; 1676 *dstp = NULL; 1677 break; 1678 } 1679 } 1680 1681 #ifndef roundup2 1682 #define roundup2(x, y) (((x)+((y)-1))&(~((y)-1))) /* if y is powers of two */ 1683 #endif 1684 1685 static u_int 1686 ieee802_11_print(const u_char *p, u_int length, u_int orig_caplen, int pad, 1687 u_int fcslen) 1688 { 1689 u_int16_t fc; 1690 u_int caplen, hdrlen, meshdrlen; 1691 const u_int8_t *src, *dst; 1692 u_short extracted_ethertype; 1693 1694 caplen = orig_caplen; 1695 /* Remove FCS, if present */ 1696 if (length < fcslen) { 1697 printf("[|802.11]"); 1698 return caplen; 1699 } 1700 length -= fcslen; 1701 if (caplen > length) { 1702 /* Amount of FCS in actual packet data, if any */ 1703 fcslen = caplen - length; 1704 caplen -= fcslen; 1705 snapend -= fcslen; 1706 } 1707 1708 if (caplen < IEEE802_11_FC_LEN) { 1709 printf("[|802.11]"); 1710 return orig_caplen; 1711 } 1712 1713 fc = EXTRACT_LE_16BITS(p); 1714 hdrlen = extract_header_length(fc); 1715 if (pad) 1716 hdrlen = roundup2(hdrlen, 4); 1717 if (Hflag && FC_TYPE(fc) == T_DATA && 1718 DATA_FRAME_IS_QOS(FC_SUBTYPE(fc))) { 1719 meshdrlen = extract_mesh_header_length(p+hdrlen); 1720 hdrlen += meshdrlen; 1721 } else 1722 meshdrlen = 0; 1723 1724 1725 if (caplen < hdrlen) { 1726 printf("[|802.11]"); 1727 return hdrlen; 1728 } 1729 1730 ieee_802_11_hdr_print(fc, p, hdrlen, meshdrlen, &src, &dst); 1731 1732 /* 1733 * Go past the 802.11 header. 1734 */ 1735 length -= hdrlen; 1736 caplen -= hdrlen; 1737 p += hdrlen; 1738 1739 switch (FC_TYPE(fc)) { 1740 case T_MGMT: 1741 if (!mgmt_body_print(fc, 1742 (const struct mgmt_header_t *)(p - hdrlen), p, length)) { 1743 printf("[|802.11]"); 1744 return hdrlen; 1745 } 1746 break; 1747 case T_CTRL: 1748 if (!ctrl_body_print(fc, p - hdrlen)) { 1749 printf("[|802.11]"); 1750 return hdrlen; 1751 } 1752 break; 1753 case T_DATA: 1754 if (DATA_FRAME_IS_NULL(FC_SUBTYPE(fc))) 1755 return hdrlen; /* no-data frame */ 1756 /* There may be a problem w/ AP not having this bit set */ 1757 if (FC_WEP(fc)) { 1758 if (!wep_print(p)) { 1759 printf("[|802.11]"); 1760 return hdrlen; 1761 } 1762 } else if (llc_print(p, length, caplen, dst, src, 1763 &extracted_ethertype) == 0) { 1764 /* 1765 * Some kinds of LLC packet we cannot 1766 * handle intelligently 1767 */ 1768 if (!eflag) 1769 ieee_802_11_hdr_print(fc, p - hdrlen, hdrlen, 1770 meshdrlen, NULL, NULL); 1771 if (extracted_ethertype) 1772 printf("(LLC %s) ", 1773 etherproto_string( 1774 htons(extracted_ethertype))); 1775 if (!suppress_default_print) 1776 default_print(p, caplen); 1777 } 1778 break; 1779 default: 1780 printf("unknown 802.11 frame type (%d)", FC_TYPE(fc)); 1781 break; 1782 } 1783 1784 return hdrlen; 1785 } 1786 1787 /* 1788 * This is the top level routine of the printer. 'p' points 1789 * to the 802.11 header of the packet, 'h->ts' is the timestamp, 1790 * 'h->len' is the length of the packet off the wire, and 'h->caplen' 1791 * is the number of bytes actually captured. 1792 */ 1793 u_int 1794 ieee802_11_if_print(const struct pcap_pkthdr *h, const u_char *p) 1795 { 1796 return ieee802_11_print(p, h->len, h->caplen, 0, 0); 1797 } 1798 1799 #define IEEE80211_CHAN_FHSS \ 1800 (IEEE80211_CHAN_2GHZ | IEEE80211_CHAN_GFSK) 1801 #define IEEE80211_CHAN_A \ 1802 (IEEE80211_CHAN_5GHZ | IEEE80211_CHAN_OFDM) 1803 #define IEEE80211_CHAN_B \ 1804 (IEEE80211_CHAN_2GHZ | IEEE80211_CHAN_CCK) 1805 #define IEEE80211_CHAN_PUREG \ 1806 (IEEE80211_CHAN_2GHZ | IEEE80211_CHAN_OFDM) 1807 #define IEEE80211_CHAN_G \ 1808 (IEEE80211_CHAN_2GHZ | IEEE80211_CHAN_DYN) 1809 1810 #define IS_CHAN_FHSS(flags) \ 1811 ((flags & IEEE80211_CHAN_FHSS) == IEEE80211_CHAN_FHSS) 1812 #define IS_CHAN_A(flags) \ 1813 ((flags & IEEE80211_CHAN_A) == IEEE80211_CHAN_A) 1814 #define IS_CHAN_B(flags) \ 1815 ((flags & IEEE80211_CHAN_B) == IEEE80211_CHAN_B) 1816 #define IS_CHAN_PUREG(flags) \ 1817 ((flags & IEEE80211_CHAN_PUREG) == IEEE80211_CHAN_PUREG) 1818 #define IS_CHAN_G(flags) \ 1819 ((flags & IEEE80211_CHAN_G) == IEEE80211_CHAN_G) 1820 #define IS_CHAN_ANYG(flags) \ 1821 (IS_CHAN_PUREG(flags) || IS_CHAN_G(flags)) 1822 1823 static void 1824 print_chaninfo(int freq, int flags) 1825 { 1826 printf("%u MHz", freq); 1827 if (IS_CHAN_FHSS(flags)) 1828 printf(" FHSS"); 1829 if (IS_CHAN_A(flags)) { 1830 if (flags & IEEE80211_CHAN_HALF) 1831 printf(" 11a/10Mhz"); 1832 else if (flags & IEEE80211_CHAN_QUARTER) 1833 printf(" 11a/5Mhz"); 1834 else 1835 printf(" 11a"); 1836 } 1837 if (IS_CHAN_ANYG(flags)) { 1838 if (flags & IEEE80211_CHAN_HALF) 1839 printf(" 11g/10Mhz"); 1840 else if (flags & IEEE80211_CHAN_QUARTER) 1841 printf(" 11g/5Mhz"); 1842 else 1843 printf(" 11g"); 1844 } else if (IS_CHAN_B(flags)) 1845 printf(" 11b"); 1846 if (flags & IEEE80211_CHAN_TURBO) 1847 printf(" Turbo"); 1848 if (flags & IEEE80211_CHAN_HT20) 1849 printf(" ht/20"); 1850 else if (flags & IEEE80211_CHAN_HT40D) 1851 printf(" ht/40-"); 1852 else if (flags & IEEE80211_CHAN_HT40U) 1853 printf(" ht/40+"); 1854 printf(" "); 1855 } 1856 1857 static int 1858 print_radiotap_field(struct cpack_state *s, u_int32_t bit, u_int8_t *flags, 1859 struct radiotap_state *state, u_int32_t presentflags) 1860 { 1861 union { 1862 int8_t i8; 1863 u_int8_t u8; 1864 int16_t i16; 1865 u_int16_t u16; 1866 u_int32_t u32; 1867 u_int64_t u64; 1868 } u, u2, u3, u4; 1869 int rc; 1870 1871 switch (bit) { 1872 case IEEE80211_RADIOTAP_FLAGS: 1873 rc = cpack_uint8(s, &u.u8); 1874 if (rc != 0) 1875 break; 1876 *flags = u.u8; 1877 break; 1878 case IEEE80211_RADIOTAP_RATE: 1879 rc = cpack_uint8(s, &u.u8); 1880 if (rc != 0) 1881 break; 1882 1883 /* Save state rate */ 1884 state->rate = u.u8; 1885 break; 1886 case IEEE80211_RADIOTAP_DB_ANTSIGNAL: 1887 case IEEE80211_RADIOTAP_DB_ANTNOISE: 1888 case IEEE80211_RADIOTAP_ANTENNA: 1889 rc = cpack_uint8(s, &u.u8); 1890 break; 1891 case IEEE80211_RADIOTAP_DBM_ANTSIGNAL: 1892 case IEEE80211_RADIOTAP_DBM_ANTNOISE: 1893 rc = cpack_int8(s, &u.i8); 1894 break; 1895 case IEEE80211_RADIOTAP_CHANNEL: 1896 rc = cpack_uint16(s, &u.u16); 1897 if (rc != 0) 1898 break; 1899 rc = cpack_uint16(s, &u2.u16); 1900 break; 1901 case IEEE80211_RADIOTAP_FHSS: 1902 case IEEE80211_RADIOTAP_LOCK_QUALITY: 1903 case IEEE80211_RADIOTAP_TX_ATTENUATION: 1904 case IEEE80211_RADIOTAP_RX_FLAGS: 1905 rc = cpack_uint16(s, &u.u16); 1906 break; 1907 case IEEE80211_RADIOTAP_DB_TX_ATTENUATION: 1908 rc = cpack_uint8(s, &u.u8); 1909 break; 1910 case IEEE80211_RADIOTAP_DBM_TX_POWER: 1911 rc = cpack_int8(s, &u.i8); 1912 break; 1913 case IEEE80211_RADIOTAP_TSFT: 1914 rc = cpack_uint64(s, &u.u64); 1915 break; 1916 case IEEE80211_RADIOTAP_XCHANNEL: 1917 rc = cpack_uint32(s, &u.u32); 1918 if (rc != 0) 1919 break; 1920 rc = cpack_uint16(s, &u2.u16); 1921 if (rc != 0) 1922 break; 1923 rc = cpack_uint8(s, &u3.u8); 1924 if (rc != 0) 1925 break; 1926 rc = cpack_uint8(s, &u4.u8); 1927 break; 1928 case IEEE80211_RADIOTAP_MCS: 1929 rc = cpack_uint8(s, &u.u8); 1930 if (rc != 0) 1931 break; 1932 rc = cpack_uint8(s, &u2.u8); 1933 if (rc != 0) 1934 break; 1935 rc = cpack_uint8(s, &u3.u8); 1936 break; 1937 case IEEE80211_RADIOTAP_VENDOR_NAMESPACE: { 1938 u_int8_t vns[3]; 1939 u_int16_t length; 1940 u_int8_t subspace; 1941 1942 if ((cpack_align_and_reserve(s, 2)) == NULL) { 1943 rc = -1; 1944 break; 1945 } 1946 1947 rc = cpack_uint8(s, &vns[0]); 1948 if (rc != 0) 1949 break; 1950 rc = cpack_uint8(s, &vns[1]); 1951 if (rc != 0) 1952 break; 1953 rc = cpack_uint8(s, &vns[2]); 1954 if (rc != 0) 1955 break; 1956 rc = cpack_uint8(s, &subspace); 1957 if (rc != 0) 1958 break; 1959 rc = cpack_uint16(s, &length); 1960 if (rc != 0) 1961 break; 1962 1963 /* Skip up to length */ 1964 s->c_next += length; 1965 break; 1966 } 1967 default: 1968 /* this bit indicates a field whose 1969 * size we do not know, so we cannot 1970 * proceed. Just print the bit number. 1971 */ 1972 printf("[bit %u] ", bit); 1973 return -1; 1974 } 1975 1976 if (rc != 0) { 1977 printf("[|802.11]"); 1978 return rc; 1979 } 1980 1981 /* Preserve the state present flags */ 1982 state->present = presentflags; 1983 1984 switch (bit) { 1985 case IEEE80211_RADIOTAP_CHANNEL: 1986 /* 1987 * If CHANNEL and XCHANNEL are both present, skip 1988 * CHANNEL. 1989 */ 1990 if (presentflags & (1 << IEEE80211_RADIOTAP_XCHANNEL)) 1991 break; 1992 print_chaninfo(u.u16, u2.u16); 1993 break; 1994 case IEEE80211_RADIOTAP_FHSS: 1995 printf("fhset %d fhpat %d ", u.u16 & 0xff, (u.u16 >> 8) & 0xff); 1996 break; 1997 case IEEE80211_RADIOTAP_RATE: 1998 /* 1999 * XXX On FreeBSD rate & 0x80 means we have an MCS. On 2000 * Linux and AirPcap it does not. (What about 2001 * Mac OS X, NetBSD, OpenBSD, and DragonFly BSD?) 2002 * 2003 * This is an issue either for proprietary extensions 2004 * to 11a or 11g, which do exist, or for 11n 2005 * implementations that stuff a rate value into 2006 * this field, which also appear to exist. 2007 * 2008 * We currently handle that by assuming that 2009 * if the 0x80 bit is set *and* the remaining 2010 * bits have a value between 0 and 15 it's 2011 * an MCS value, otherwise it's a rate. If 2012 * there are cases where systems that use 2013 * "0x80 + MCS index" for MCS indices > 15, 2014 * or stuff a rate value here between 64 and 2015 * 71.5 Mb/s in here, we'll need a preference 2016 * setting. Such rates do exist, e.g. 11n 2017 * MCS 7 at 20 MHz with a long guard interval. 2018 */ 2019 if (u.u8 >= 0x80 && u.u8 <= 0x8f) { 2020 /* 2021 * XXX - we don't know the channel width 2022 * or guard interval length, so we can't 2023 * convert this to a data rate. 2024 * 2025 * If you want us to show a data rate, 2026 * use the MCS field, not the Rate field; 2027 * the MCS field includes not only the 2028 * MCS index, it also includes bandwidth 2029 * and guard interval information. 2030 * 2031 * XXX - can we get the channel width 2032 * from XChannel and the guard interval 2033 * information from Flags, at least on 2034 * FreeBSD? 2035 */ 2036 printf("MCS %u ", u.u8 & 0x7f); 2037 } else 2038 printf("%2.1f Mb/s ", .5*u.u8); 2039 break; 2040 case IEEE80211_RADIOTAP_DBM_ANTSIGNAL: 2041 printf("%ddB signal ", u.i8); 2042 break; 2043 case IEEE80211_RADIOTAP_DBM_ANTNOISE: 2044 printf("%ddB noise ", u.i8); 2045 break; 2046 case IEEE80211_RADIOTAP_DB_ANTSIGNAL: 2047 printf("%ddB signal ", u.u8); 2048 break; 2049 case IEEE80211_RADIOTAP_DB_ANTNOISE: 2050 printf("%ddB noise ", u.u8); 2051 break; 2052 case IEEE80211_RADIOTAP_LOCK_QUALITY: 2053 printf("%u sq ", u.u16); 2054 break; 2055 case IEEE80211_RADIOTAP_TX_ATTENUATION: 2056 printf("%d tx power ", -(int)u.u16); 2057 break; 2058 case IEEE80211_RADIOTAP_DB_TX_ATTENUATION: 2059 printf("%ddB tx power ", -(int)u.u8); 2060 break; 2061 case IEEE80211_RADIOTAP_DBM_TX_POWER: 2062 printf("%ddBm tx power ", u.i8); 2063 break; 2064 case IEEE80211_RADIOTAP_FLAGS: 2065 if (u.u8 & IEEE80211_RADIOTAP_F_CFP) 2066 printf("cfp "); 2067 if (u.u8 & IEEE80211_RADIOTAP_F_SHORTPRE) 2068 printf("short preamble "); 2069 if (u.u8 & IEEE80211_RADIOTAP_F_WEP) 2070 printf("wep "); 2071 if (u.u8 & IEEE80211_RADIOTAP_F_FRAG) 2072 printf("fragmented "); 2073 if (u.u8 & IEEE80211_RADIOTAP_F_BADFCS) 2074 printf("bad-fcs "); 2075 break; 2076 case IEEE80211_RADIOTAP_ANTENNA: 2077 printf("antenna %d ", u.u8); 2078 break; 2079 case IEEE80211_RADIOTAP_TSFT: 2080 printf("%" PRIu64 "us tsft ", u.u64); 2081 break; 2082 case IEEE80211_RADIOTAP_RX_FLAGS: 2083 /* Do nothing for now */ 2084 break; 2085 case IEEE80211_RADIOTAP_XCHANNEL: 2086 print_chaninfo(u2.u16, u.u32); 2087 break; 2088 case IEEE80211_RADIOTAP_MCS: { 2089 static const char *bandwidth[4] = { 2090 "20 MHz", 2091 "40 MHz", 2092 "20 MHz (L)", 2093 "20 MHz (U)" 2094 }; 2095 float htrate; 2096 2097 if (u.u8 & IEEE80211_RADIOTAP_MCS_MCS_INDEX_KNOWN) { 2098 /* 2099 * We know the MCS index. 2100 */ 2101 if (u3.u8 <= MAX_MCS_INDEX) { 2102 /* 2103 * And it's in-range. 2104 */ 2105 if (u.u8 & (IEEE80211_RADIOTAP_MCS_BANDWIDTH_KNOWN|IEEE80211_RADIOTAP_MCS_GUARD_INTERVAL_KNOWN)) { 2106 /* 2107 * And we know both the bandwidth and 2108 * the guard interval, so we can look 2109 * up the rate. 2110 */ 2111 htrate = 2112 ieee80211_float_htrates \ 2113 [u3.u8] \ 2114 [((u2.u8 & IEEE80211_RADIOTAP_MCS_BANDWIDTH_MASK) == IEEE80211_RADIOTAP_MCS_BANDWIDTH_40 ? 1 : 0)] \ 2115 [((u2.u8 & IEEE80211_RADIOTAP_MCS_SHORT_GI) ? 1 : 0)]; 2116 } else { 2117 /* 2118 * We don't know both the bandwidth 2119 * and the guard interval, so we can 2120 * only report the MCS index. 2121 */ 2122 htrate = 0.0; 2123 } 2124 } else { 2125 /* 2126 * The MCS value is out of range. 2127 */ 2128 htrate = 0.0; 2129 } 2130 if (htrate != 0.0) { 2131 /* 2132 * We have the rate. 2133 * Print it. 2134 */ 2135 printf("%.1f Mb/s MCS %u ", htrate, u3.u8); 2136 } else { 2137 /* 2138 * We at least have the MCS index. 2139 * Print it. 2140 */ 2141 printf("MCS %u ", u3.u8); 2142 } 2143 } 2144 if (u.u8 & IEEE80211_RADIOTAP_MCS_BANDWIDTH_KNOWN) { 2145 printf("%s ", 2146 bandwidth[u2.u8 & IEEE80211_RADIOTAP_MCS_BANDWIDTH_MASK]); 2147 } 2148 if (u.u8 & IEEE80211_RADIOTAP_MCS_GUARD_INTERVAL_KNOWN) { 2149 printf("%s GI ", 2150 (u2.u8 & IEEE80211_RADIOTAP_MCS_SHORT_GI) ? 2151 "short" : "lon"); 2152 } 2153 if (u.u8 & IEEE80211_RADIOTAP_MCS_HT_FORMAT_KNOWN) { 2154 printf("%s ", 2155 (u2.u8 & IEEE80211_RADIOTAP_MCS_HT_GREENFIELD) ? 2156 "greenfield" : "mixed"); 2157 } 2158 if (u.u8 & IEEE80211_RADIOTAP_MCS_FEC_TYPE_KNOWN) { 2159 printf("%s FEC ", 2160 (u2.u8 & IEEE80211_RADIOTAP_MCS_FEC_LDPC) ? 2161 "LDPC" : "BCC"); 2162 } 2163 break; 2164 } 2165 } 2166 return 0; 2167 } 2168 2169 static u_int 2170 ieee802_11_radio_print(const u_char *p, u_int length, u_int caplen) 2171 { 2172 #define BITNO_32(x) (((x) >> 16) ? 16 + BITNO_16((x) >> 16) : BITNO_16((x))) 2173 #define BITNO_16(x) (((x) >> 8) ? 8 + BITNO_8((x) >> 8) : BITNO_8((x))) 2174 #define BITNO_8(x) (((x) >> 4) ? 4 + BITNO_4((x) >> 4) : BITNO_4((x))) 2175 #define BITNO_4(x) (((x) >> 2) ? 2 + BITNO_2((x) >> 2) : BITNO_2((x))) 2176 #define BITNO_2(x) (((x) & 2) ? 1 : 0) 2177 #define BIT(n) (1U << n) 2178 #define IS_EXTENDED(__p) \ 2179 (EXTRACT_LE_32BITS(__p) & BIT(IEEE80211_RADIOTAP_EXT)) != 0 2180 2181 struct cpack_state cpacker; 2182 struct ieee80211_radiotap_header *hdr; 2183 u_int32_t present, next_present; 2184 u_int32_t presentflags = 0; 2185 u_int32_t *presentp, *last_presentp; 2186 enum ieee80211_radiotap_type bit; 2187 int bit0; 2188 const u_char *iter; 2189 u_int len; 2190 u_int8_t flags; 2191 int pad; 2192 u_int fcslen; 2193 struct radiotap_state state; 2194 2195 if (caplen < sizeof(*hdr)) { 2196 printf("[|802.11]"); 2197 return caplen; 2198 } 2199 2200 hdr = (struct ieee80211_radiotap_header *)p; 2201 2202 len = EXTRACT_LE_16BITS(&hdr->it_len); 2203 2204 if (caplen < len) { 2205 printf("[|802.11]"); 2206 return caplen; 2207 } 2208 for (last_presentp = &hdr->it_present; 2209 IS_EXTENDED(last_presentp) && 2210 (u_char*)(last_presentp + 1) <= p + len; 2211 last_presentp++); 2212 2213 /* are there more bitmap extensions than bytes in header? */ 2214 if (IS_EXTENDED(last_presentp)) { 2215 printf("[|802.11]"); 2216 return caplen; 2217 } 2218 2219 iter = (u_char*)(last_presentp + 1); 2220 2221 if (cpack_init(&cpacker, (u_int8_t*)iter, len - (iter - p)) != 0) { 2222 /* XXX */ 2223 printf("[|802.11]"); 2224 return caplen; 2225 } 2226 2227 /* Assume no flags */ 2228 flags = 0; 2229 /* Assume no Atheros padding between 802.11 header and body */ 2230 pad = 0; 2231 /* Assume no FCS at end of frame */ 2232 fcslen = 0; 2233 for (bit0 = 0, presentp = &hdr->it_present; presentp <= last_presentp; 2234 presentp++, bit0 += 32) { 2235 presentflags = EXTRACT_LE_32BITS(presentp); 2236 2237 /* Clear state. */ 2238 memset(&state, 0, sizeof(state)); 2239 2240 for (present = EXTRACT_LE_32BITS(presentp); present; 2241 present = next_present) { 2242 /* clear the least significant bit that is set */ 2243 next_present = present & (present - 1); 2244 2245 /* extract the least significant bit that is set */ 2246 bit = (enum ieee80211_radiotap_type) 2247 (bit0 + BITNO_32(present ^ next_present)); 2248 2249 if (print_radiotap_field(&cpacker, bit, &flags, &state, presentflags) != 0) 2250 goto out; 2251 } 2252 } 2253 2254 out: 2255 if (flags & IEEE80211_RADIOTAP_F_DATAPAD) 2256 pad = 1; /* Atheros padding */ 2257 if (flags & IEEE80211_RADIOTAP_F_FCS) 2258 fcslen = 4; /* FCS at end of packet */ 2259 return len + ieee802_11_print(p + len, length - len, caplen - len, pad, 2260 fcslen); 2261 #undef BITNO_32 2262 #undef BITNO_16 2263 #undef BITNO_8 2264 #undef BITNO_4 2265 #undef BITNO_2 2266 #undef BIT 2267 } 2268 2269 static u_int 2270 ieee802_11_avs_radio_print(const u_char *p, u_int length, u_int caplen) 2271 { 2272 u_int32_t caphdr_len; 2273 2274 if (caplen < 8) { 2275 printf("[|802.11]"); 2276 return caplen; 2277 } 2278 2279 caphdr_len = EXTRACT_32BITS(p + 4); 2280 if (caphdr_len < 8) { 2281 /* 2282 * Yow! The capture header length is claimed not 2283 * to be large enough to include even the version 2284 * cookie or capture header length! 2285 */ 2286 printf("[|802.11]"); 2287 return caplen; 2288 } 2289 2290 if (caplen < caphdr_len) { 2291 printf("[|802.11]"); 2292 return caplen; 2293 } 2294 2295 return caphdr_len + ieee802_11_print(p + caphdr_len, 2296 length - caphdr_len, caplen - caphdr_len, 0, 0); 2297 } 2298 2299 #define PRISM_HDR_LEN 144 2300 2301 #define WLANCAP_MAGIC_COOKIE_BASE 0x80211000 2302 #define WLANCAP_MAGIC_COOKIE_V1 0x80211001 2303 #define WLANCAP_MAGIC_COOKIE_V2 0x80211002 2304 2305 /* 2306 * For DLT_PRISM_HEADER; like DLT_IEEE802_11, but with an extra header, 2307 * containing information such as radio information, which we 2308 * currently ignore. 2309 * 2310 * If, however, the packet begins with WLANCAP_MAGIC_COOKIE_V1 or 2311 * WLANCAP_MAGIC_COOKIE_V2, it's really DLT_IEEE802_11_RADIO_AVS 2312 * (currently, on Linux, there's no ARPHRD_ type for 2313 * DLT_IEEE802_11_RADIO_AVS, as there is a ARPHRD_IEEE80211_PRISM 2314 * for DLT_PRISM_HEADER, so ARPHRD_IEEE80211_PRISM is used for 2315 * the AVS header, and the first 4 bytes of the header are used to 2316 * indicate whether it's a Prism header or an AVS header). 2317 */ 2318 u_int 2319 prism_if_print(const struct pcap_pkthdr *h, const u_char *p) 2320 { 2321 u_int caplen = h->caplen; 2322 u_int length = h->len; 2323 u_int32_t msgcode; 2324 2325 if (caplen < 4) { 2326 printf("[|802.11]"); 2327 return caplen; 2328 } 2329 2330 msgcode = EXTRACT_32BITS(p); 2331 if (msgcode == WLANCAP_MAGIC_COOKIE_V1 || 2332 msgcode == WLANCAP_MAGIC_COOKIE_V2) 2333 return ieee802_11_avs_radio_print(p, length, caplen); 2334 2335 if (caplen < PRISM_HDR_LEN) { 2336 printf("[|802.11]"); 2337 return caplen; 2338 } 2339 2340 return PRISM_HDR_LEN + ieee802_11_print(p + PRISM_HDR_LEN, 2341 length - PRISM_HDR_LEN, caplen - PRISM_HDR_LEN, 0, 0); 2342 } 2343 2344 /* 2345 * For DLT_IEEE802_11_RADIO; like DLT_IEEE802_11, but with an extra 2346 * header, containing information such as radio information. 2347 */ 2348 u_int 2349 ieee802_11_radio_if_print(const struct pcap_pkthdr *h, const u_char *p) 2350 { 2351 return ieee802_11_radio_print(p, h->len, h->caplen); 2352 } 2353 2354 /* 2355 * For DLT_IEEE802_11_RADIO_AVS; like DLT_IEEE802_11, but with an 2356 * extra header, containing information such as radio information, 2357 * which we currently ignore. 2358 */ 2359 u_int 2360 ieee802_11_radio_avs_if_print(const struct pcap_pkthdr *h, const u_char *p) 2361 { 2362 return ieee802_11_avs_radio_print(p, h->len, h->caplen); 2363 } 2364