1 /* 2 * Copyright (c) 2001 3 * Fortress Technologies, Inc. All rights reserved. 4 * Charlie Lenahan (clenahan@fortresstech.com) 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that: (1) source code distributions 8 * retain the above copyright notice and this paragraph in its entirety, (2) 9 * distributions including binary code include the above copyright notice and 10 * this paragraph in its entirety in the documentation or other materials 11 * provided with the distribution, and (3) all advertising materials mentioning 12 * features or use of this software display the following acknowledgement: 13 * ``This product includes software developed by the University of California, 14 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of 15 * the University nor the names of its contributors may be used to endorse 16 * or promote products derived from this software without specific prior 17 * written permission. 18 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 19 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 20 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 21 */ 22 23 #include <sys/cdefs.h> 24 #ifndef lint 25 #if 0 26 static const char rcsid[] _U_ = 27 "@(#) Header: /tcpdump/master/tcpdump/print-802_11.c,v 1.49 2007-12-29 23:25:02 guy Exp (LBL)"; 28 #else 29 __RCSID("$NetBSD: print-802_11.c,v 1.4 2013/12/31 17:33:31 christos Exp $"); 30 #endif 31 #endif 32 33 #ifdef HAVE_CONFIG_H 34 #include "config.h" 35 #endif 36 37 #include <tcpdump-stdinc.h> 38 39 #include <stdio.h> 40 #include <pcap.h> 41 #include <string.h> 42 43 #include "interface.h" 44 #include "addrtoname.h" 45 #include "ethertype.h" 46 47 #include "extract.h" 48 49 #include "cpack.h" 50 51 #include "ieee802_11.h" 52 #include "ieee802_11_radio.h" 53 54 /* Radiotap state */ 55 /* This is used to save state when parsing/processing parameters */ 56 struct radiotap_state 57 { 58 u_int32_t present; 59 60 u_int8_t rate; 61 }; 62 63 #define PRINT_SSID(p) \ 64 if (p.ssid_present) { \ 65 printf(" ("); \ 66 fn_print(p.ssid.ssid, NULL); \ 67 printf(")"); \ 68 } 69 70 #define PRINT_RATE(_sep, _r, _suf) \ 71 printf("%s%2.1f%s", _sep, (.5 * ((_r) & 0x7f)), _suf) 72 #define PRINT_RATES(p) \ 73 if (p.rates_present) { \ 74 int z; \ 75 const char *sep = " ["; \ 76 for (z = 0; z < p.rates.length ; z++) { \ 77 PRINT_RATE(sep, p.rates.rate[z], \ 78 (p.rates.rate[z] & 0x80 ? "*" : "")); \ 79 sep = " "; \ 80 } \ 81 if (p.rates.length != 0) \ 82 printf(" Mbit]"); \ 83 } 84 85 #define PRINT_DS_CHANNEL(p) \ 86 if (p.ds_present) \ 87 printf(" CH: %u", p.ds.channel); \ 88 printf("%s", \ 89 CAPABILITY_PRIVACY(p.capability_info) ? ", PRIVACY" : "" ); 90 91 #define MAX_MCS_INDEX 76 92 93 /* 94 * Indices are: 95 * 96 * the MCS index (0-76); 97 * 98 * 0 for 20 MHz, 1 for 40 MHz; 99 * 100 * 0 for a long guard interval, 1 for a short guard interval. 101 */ 102 static const float ieee80211_float_htrates[MAX_MCS_INDEX+1][2][2] = { 103 /* MCS 0 */ 104 { /* 20 Mhz */ { 6.5, /* SGI */ 7.2, }, 105 /* 40 Mhz */ { 13.5, /* SGI */ 15.0, }, 106 }, 107 108 /* MCS 1 */ 109 { /* 20 Mhz */ { 13.0, /* SGI */ 14.4, }, 110 /* 40 Mhz */ { 27.0, /* SGI */ 30.0, }, 111 }, 112 113 /* MCS 2 */ 114 { /* 20 Mhz */ { 19.5, /* SGI */ 21.7, }, 115 /* 40 Mhz */ { 40.5, /* SGI */ 45.0, }, 116 }, 117 118 /* MCS 3 */ 119 { /* 20 Mhz */ { 26.0, /* SGI */ 28.9, }, 120 /* 40 Mhz */ { 54.0, /* SGI */ 60.0, }, 121 }, 122 123 /* MCS 4 */ 124 { /* 20 Mhz */ { 39.0, /* SGI */ 43.3, }, 125 /* 40 Mhz */ { 81.0, /* SGI */ 90.0, }, 126 }, 127 128 /* MCS 5 */ 129 { /* 20 Mhz */ { 52.0, /* SGI */ 57.8, }, 130 /* 40 Mhz */ { 108.0, /* SGI */ 120.0, }, 131 }, 132 133 /* MCS 6 */ 134 { /* 20 Mhz */ { 58.5, /* SGI */ 65.0, }, 135 /* 40 Mhz */ { 121.5, /* SGI */ 135.0, }, 136 }, 137 138 /* MCS 7 */ 139 { /* 20 Mhz */ { 65.0, /* SGI */ 72.2, }, 140 /* 40 Mhz */ { 135.0, /* SGI */ 150.0, }, 141 }, 142 143 /* MCS 8 */ 144 { /* 20 Mhz */ { 13.0, /* SGI */ 14.4, }, 145 /* 40 Mhz */ { 27.0, /* SGI */ 30.0, }, 146 }, 147 148 /* MCS 9 */ 149 { /* 20 Mhz */ { 26.0, /* SGI */ 28.9, }, 150 /* 40 Mhz */ { 54.0, /* SGI */ 60.0, }, 151 }, 152 153 /* MCS 10 */ 154 { /* 20 Mhz */ { 39.0, /* SGI */ 43.3, }, 155 /* 40 Mhz */ { 81.0, /* SGI */ 90.0, }, 156 }, 157 158 /* MCS 11 */ 159 { /* 20 Mhz */ { 52.0, /* SGI */ 57.8, }, 160 /* 40 Mhz */ { 108.0, /* SGI */ 120.0, }, 161 }, 162 163 /* MCS 12 */ 164 { /* 20 Mhz */ { 78.0, /* SGI */ 86.7, }, 165 /* 40 Mhz */ { 162.0, /* SGI */ 180.0, }, 166 }, 167 168 /* MCS 13 */ 169 { /* 20 Mhz */ { 104.0, /* SGI */ 115.6, }, 170 /* 40 Mhz */ { 216.0, /* SGI */ 240.0, }, 171 }, 172 173 /* MCS 14 */ 174 { /* 20 Mhz */ { 117.0, /* SGI */ 130.0, }, 175 /* 40 Mhz */ { 243.0, /* SGI */ 270.0, }, 176 }, 177 178 /* MCS 15 */ 179 { /* 20 Mhz */ { 130.0, /* SGI */ 144.4, }, 180 /* 40 Mhz */ { 270.0, /* SGI */ 300.0, }, 181 }, 182 183 /* MCS 16 */ 184 { /* 20 Mhz */ { 19.5, /* SGI */ 21.7, }, 185 /* 40 Mhz */ { 40.5, /* SGI */ 45.0, }, 186 }, 187 188 /* MCS 17 */ 189 { /* 20 Mhz */ { 39.0, /* SGI */ 43.3, }, 190 /* 40 Mhz */ { 81.0, /* SGI */ 90.0, }, 191 }, 192 193 /* MCS 18 */ 194 { /* 20 Mhz */ { 58.5, /* SGI */ 65.0, }, 195 /* 40 Mhz */ { 121.5, /* SGI */ 135.0, }, 196 }, 197 198 /* MCS 19 */ 199 { /* 20 Mhz */ { 78.0, /* SGI */ 86.7, }, 200 /* 40 Mhz */ { 162.0, /* SGI */ 180.0, }, 201 }, 202 203 /* MCS 20 */ 204 { /* 20 Mhz */ { 117.0, /* SGI */ 130.0, }, 205 /* 40 Mhz */ { 243.0, /* SGI */ 270.0, }, 206 }, 207 208 /* MCS 21 */ 209 { /* 20 Mhz */ { 156.0, /* SGI */ 173.3, }, 210 /* 40 Mhz */ { 324.0, /* SGI */ 360.0, }, 211 }, 212 213 /* MCS 22 */ 214 { /* 20 Mhz */ { 175.5, /* SGI */ 195.0, }, 215 /* 40 Mhz */ { 364.5, /* SGI */ 405.0, }, 216 }, 217 218 /* MCS 23 */ 219 { /* 20 Mhz */ { 195.0, /* SGI */ 216.7, }, 220 /* 40 Mhz */ { 405.0, /* SGI */ 450.0, }, 221 }, 222 223 /* MCS 24 */ 224 { /* 20 Mhz */ { 26.0, /* SGI */ 28.9, }, 225 /* 40 Mhz */ { 54.0, /* SGI */ 60.0, }, 226 }, 227 228 /* MCS 25 */ 229 { /* 20 Mhz */ { 52.0, /* SGI */ 57.8, }, 230 /* 40 Mhz */ { 108.0, /* SGI */ 120.0, }, 231 }, 232 233 /* MCS 26 */ 234 { /* 20 Mhz */ { 78.0, /* SGI */ 86.7, }, 235 /* 40 Mhz */ { 162.0, /* SGI */ 180.0, }, 236 }, 237 238 /* MCS 27 */ 239 { /* 20 Mhz */ { 104.0, /* SGI */ 115.6, }, 240 /* 40 Mhz */ { 216.0, /* SGI */ 240.0, }, 241 }, 242 243 /* MCS 28 */ 244 { /* 20 Mhz */ { 156.0, /* SGI */ 173.3, }, 245 /* 40 Mhz */ { 324.0, /* SGI */ 360.0, }, 246 }, 247 248 /* MCS 29 */ 249 { /* 20 Mhz */ { 208.0, /* SGI */ 231.1, }, 250 /* 40 Mhz */ { 432.0, /* SGI */ 480.0, }, 251 }, 252 253 /* MCS 30 */ 254 { /* 20 Mhz */ { 234.0, /* SGI */ 260.0, }, 255 /* 40 Mhz */ { 486.0, /* SGI */ 540.0, }, 256 }, 257 258 /* MCS 31 */ 259 { /* 20 Mhz */ { 260.0, /* SGI */ 288.9, }, 260 /* 40 Mhz */ { 540.0, /* SGI */ 600.0, }, 261 }, 262 263 /* MCS 32 */ 264 { /* 20 Mhz */ { 0.0, /* SGI */ 0.0, }, /* not valid */ 265 /* 40 Mhz */ { 6.0, /* SGI */ 6.7, }, 266 }, 267 268 /* MCS 33 */ 269 { /* 20 Mhz */ { 39.0, /* SGI */ 43.3, }, 270 /* 40 Mhz */ { 81.0, /* SGI */ 90.0, }, 271 }, 272 273 /* MCS 34 */ 274 { /* 20 Mhz */ { 52.0, /* SGI */ 57.8, }, 275 /* 40 Mhz */ { 108.0, /* SGI */ 120.0, }, 276 }, 277 278 /* MCS 35 */ 279 { /* 20 Mhz */ { 65.0, /* SGI */ 72.2, }, 280 /* 40 Mhz */ { 135.0, /* SGI */ 150.0, }, 281 }, 282 283 /* MCS 36 */ 284 { /* 20 Mhz */ { 58.5, /* SGI */ 65.0, }, 285 /* 40 Mhz */ { 121.5, /* SGI */ 135.0, }, 286 }, 287 288 /* MCS 37 */ 289 { /* 20 Mhz */ { 78.0, /* SGI */ 86.7, }, 290 /* 40 Mhz */ { 162.0, /* SGI */ 180.0, }, 291 }, 292 293 /* MCS 38 */ 294 { /* 20 Mhz */ { 97.5, /* SGI */ 108.3, }, 295 /* 40 Mhz */ { 202.5, /* SGI */ 225.0, }, 296 }, 297 298 /* MCS 39 */ 299 { /* 20 Mhz */ { 52.0, /* SGI */ 57.8, }, 300 /* 40 Mhz */ { 108.0, /* SGI */ 120.0, }, 301 }, 302 303 /* MCS 40 */ 304 { /* 20 Mhz */ { 65.0, /* SGI */ 72.2, }, 305 /* 40 Mhz */ { 135.0, /* SGI */ 150.0, }, 306 }, 307 308 /* MCS 41 */ 309 { /* 20 Mhz */ { 65.0, /* SGI */ 72.2, }, 310 /* 40 Mhz */ { 135.0, /* SGI */ 150.0, }, 311 }, 312 313 /* MCS 42 */ 314 { /* 20 Mhz */ { 78.0, /* SGI */ 86.7, }, 315 /* 40 Mhz */ { 162.0, /* SGI */ 180.0, }, 316 }, 317 318 /* MCS 43 */ 319 { /* 20 Mhz */ { 91.0, /* SGI */ 101.1, }, 320 /* 40 Mhz */ { 189.0, /* SGI */ 210.0, }, 321 }, 322 323 /* MCS 44 */ 324 { /* 20 Mhz */ { 91.0, /* SGI */ 101.1, }, 325 /* 40 Mhz */ { 189.0, /* SGI */ 210.0, }, 326 }, 327 328 /* MCS 45 */ 329 { /* 20 Mhz */ { 104.0, /* SGI */ 115.6, }, 330 /* 40 Mhz */ { 216.0, /* SGI */ 240.0, }, 331 }, 332 333 /* MCS 46 */ 334 { /* 20 Mhz */ { 78.0, /* SGI */ 86.7, }, 335 /* 40 Mhz */ { 162.0, /* SGI */ 180.0, }, 336 }, 337 338 /* MCS 47 */ 339 { /* 20 Mhz */ { 97.5, /* SGI */ 108.3, }, 340 /* 40 Mhz */ { 202.5, /* SGI */ 225.0, }, 341 }, 342 343 /* MCS 48 */ 344 { /* 20 Mhz */ { 97.5, /* SGI */ 108.3, }, 345 /* 40 Mhz */ { 202.5, /* SGI */ 225.0, }, 346 }, 347 348 /* MCS 49 */ 349 { /* 20 Mhz */ { 117.0, /* SGI */ 130.0, }, 350 /* 40 Mhz */ { 243.0, /* SGI */ 270.0, }, 351 }, 352 353 /* MCS 50 */ 354 { /* 20 Mhz */ { 136.5, /* SGI */ 151.7, }, 355 /* 40 Mhz */ { 283.5, /* SGI */ 315.0, }, 356 }, 357 358 /* MCS 51 */ 359 { /* 20 Mhz */ { 136.5, /* SGI */ 151.7, }, 360 /* 40 Mhz */ { 283.5, /* SGI */ 315.0, }, 361 }, 362 363 /* MCS 52 */ 364 { /* 20 Mhz */ { 156.0, /* SGI */ 173.3, }, 365 /* 40 Mhz */ { 324.0, /* SGI */ 360.0, }, 366 }, 367 368 /* MCS 53 */ 369 { /* 20 Mhz */ { 65.0, /* SGI */ 72.2, }, 370 /* 40 Mhz */ { 135.0, /* SGI */ 150.0, }, 371 }, 372 373 /* MCS 54 */ 374 { /* 20 Mhz */ { 78.0, /* SGI */ 86.7, }, 375 /* 40 Mhz */ { 162.0, /* SGI */ 180.0, }, 376 }, 377 378 /* MCS 55 */ 379 { /* 20 Mhz */ { 91.0, /* SGI */ 101.1, }, 380 /* 40 Mhz */ { 189.0, /* SGI */ 210.0, }, 381 }, 382 383 /* MCS 56 */ 384 { /* 20 Mhz */ { 78.0, /* SGI */ 86.7, }, 385 /* 40 Mhz */ { 162.0, /* SGI */ 180.0, }, 386 }, 387 388 /* MCS 57 */ 389 { /* 20 Mhz */ { 91.0, /* SGI */ 101.1, }, 390 /* 40 Mhz */ { 189.0, /* SGI */ 210.0, }, 391 }, 392 393 /* MCS 58 */ 394 { /* 20 Mhz */ { 104.0, /* SGI */ 115.6, }, 395 /* 40 Mhz */ { 216.0, /* SGI */ 240.0, }, 396 }, 397 398 /* MCS 59 */ 399 { /* 20 Mhz */ { 117.0, /* SGI */ 130.0, }, 400 /* 40 Mhz */ { 243.0, /* SGI */ 270.0, }, 401 }, 402 403 /* MCS 60 */ 404 { /* 20 Mhz */ { 104.0, /* SGI */ 115.6, }, 405 /* 40 Mhz */ { 216.0, /* SGI */ 240.0, }, 406 }, 407 408 /* MCS 61 */ 409 { /* 20 Mhz */ { 117.0, /* SGI */ 130.0, }, 410 /* 40 Mhz */ { 243.0, /* SGI */ 270.0, }, 411 }, 412 413 /* MCS 62 */ 414 { /* 20 Mhz */ { 130.0, /* SGI */ 144.4, }, 415 /* 40 Mhz */ { 270.0, /* SGI */ 300.0, }, 416 }, 417 418 /* MCS 63 */ 419 { /* 20 Mhz */ { 130.0, /* SGI */ 144.4, }, 420 /* 40 Mhz */ { 270.0, /* SGI */ 300.0, }, 421 }, 422 423 /* MCS 64 */ 424 { /* 20 Mhz */ { 143.0, /* SGI */ 158.9, }, 425 /* 40 Mhz */ { 297.0, /* SGI */ 330.0, }, 426 }, 427 428 /* MCS 65 */ 429 { /* 20 Mhz */ { 97.5, /* SGI */ 108.3, }, 430 /* 40 Mhz */ { 202.5, /* SGI */ 225.0, }, 431 }, 432 433 /* MCS 66 */ 434 { /* 20 Mhz */ { 117.0, /* SGI */ 130.0, }, 435 /* 40 Mhz */ { 243.0, /* SGI */ 270.0, }, 436 }, 437 438 /* MCS 67 */ 439 { /* 20 Mhz */ { 136.5, /* SGI */ 151.7, }, 440 /* 40 Mhz */ { 283.5, /* SGI */ 315.0, }, 441 }, 442 443 /* MCS 68 */ 444 { /* 20 Mhz */ { 117.0, /* SGI */ 130.0, }, 445 /* 40 Mhz */ { 243.0, /* SGI */ 270.0, }, 446 }, 447 448 /* MCS 69 */ 449 { /* 20 Mhz */ { 136.5, /* SGI */ 151.7, }, 450 /* 40 Mhz */ { 283.5, /* SGI */ 315.0, }, 451 }, 452 453 /* MCS 70 */ 454 { /* 20 Mhz */ { 156.0, /* SGI */ 173.3, }, 455 /* 40 Mhz */ { 324.0, /* SGI */ 360.0, }, 456 }, 457 458 /* MCS 71 */ 459 { /* 20 Mhz */ { 175.5, /* SGI */ 195.0, }, 460 /* 40 Mhz */ { 364.5, /* SGI */ 405.0, }, 461 }, 462 463 /* MCS 72 */ 464 { /* 20 Mhz */ { 156.0, /* SGI */ 173.3, }, 465 /* 40 Mhz */ { 324.0, /* SGI */ 360.0, }, 466 }, 467 468 /* MCS 73 */ 469 { /* 20 Mhz */ { 175.5, /* SGI */ 195.0, }, 470 /* 40 Mhz */ { 364.5, /* SGI */ 405.0, }, 471 }, 472 473 /* MCS 74 */ 474 { /* 20 Mhz */ { 195.0, /* SGI */ 216.7, }, 475 /* 40 Mhz */ { 405.0, /* SGI */ 450.0, }, 476 }, 477 478 /* MCS 75 */ 479 { /* 20 Mhz */ { 195.0, /* SGI */ 216.7, }, 480 /* 40 Mhz */ { 405.0, /* SGI */ 450.0, }, 481 }, 482 483 /* MCS 76 */ 484 { /* 20 Mhz */ { 214.5, /* SGI */ 238.3, }, 485 /* 40 Mhz */ { 445.5, /* SGI */ 495.0, }, 486 }, 487 }; 488 489 static const char *auth_alg_text[]={"Open System","Shared Key","EAP"}; 490 #define NUM_AUTH_ALGS (sizeof auth_alg_text / sizeof auth_alg_text[0]) 491 492 static const char *status_text[] = { 493 "Successful", /* 0 */ 494 "Unspecified failure", /* 1 */ 495 "Reserved", /* 2 */ 496 "Reserved", /* 3 */ 497 "Reserved", /* 4 */ 498 "Reserved", /* 5 */ 499 "Reserved", /* 6 */ 500 "Reserved", /* 7 */ 501 "Reserved", /* 8 */ 502 "Reserved", /* 9 */ 503 "Cannot Support all requested capabilities in the Capability " 504 "Information field", /* 10 */ 505 "Reassociation denied due to inability to confirm that association " 506 "exists", /* 11 */ 507 "Association denied due to reason outside the scope of the " 508 "standard", /* 12 */ 509 "Responding station does not support the specified authentication " 510 "algorithm ", /* 13 */ 511 "Received an Authentication frame with authentication transaction " 512 "sequence number out of expected sequence", /* 14 */ 513 "Authentication rejected because of challenge failure", /* 15 */ 514 "Authentication rejected due to timeout waiting for next frame in " 515 "sequence", /* 16 */ 516 "Association denied because AP is unable to handle additional" 517 "associated stations", /* 17 */ 518 "Association denied due to requesting station not supporting all of " 519 "the data rates in BSSBasicRateSet parameter", /* 18 */ 520 "Association denied due to requesting station not supporting " 521 "short preamble operation", /* 19 */ 522 "Association denied due to requesting station not supporting " 523 "PBCC encoding", /* 20 */ 524 "Association denied due to requesting station not supporting " 525 "channel agility", /* 21 */ 526 "Association request rejected because Spectrum Management " 527 "capability is required", /* 22 */ 528 "Association request rejected because the information in the " 529 "Power Capability element is unacceptable", /* 23 */ 530 "Association request rejected because the information in the " 531 "Supported Channels element is unacceptable", /* 24 */ 532 "Association denied due to requesting station not supporting " 533 "short slot operation", /* 25 */ 534 "Association denied due to requesting station not supporting " 535 "DSSS-OFDM operation", /* 26 */ 536 "Association denied because the requested STA does not support HT " 537 "features", /* 27 */ 538 "Reserved", /* 28 */ 539 "Association denied because the requested STA does not support " 540 "the PCO transition time required by the AP", /* 29 */ 541 "Reserved", /* 30 */ 542 "Reserved", /* 31 */ 543 "Unspecified, QoS-related failure", /* 32 */ 544 "Association denied due to QAP having insufficient bandwidth " 545 "to handle another QSTA", /* 33 */ 546 "Association denied due to excessive frame loss rates and/or " 547 "poor conditions on current operating channel", /* 34 */ 548 "Association (with QBSS) denied due to requesting station not " 549 "supporting the QoS facility", /* 35 */ 550 "Association denied due to requesting station not supporting " 551 "Block Ack", /* 36 */ 552 "The request has been declined", /* 37 */ 553 "The request has not been successful as one or more parameters " 554 "have invalid values", /* 38 */ 555 "The TS has not been created because the request cannot be honored. " 556 "However, a suggested TSPEC is provided so that the initiating QSTA" 557 "may attempt to set another TS with the suggested changes to the " 558 "TSPEC", /* 39 */ 559 "Invalid Information Element", /* 40 */ 560 "Group Cipher is not valid", /* 41 */ 561 "Pairwise Cipher is not valid", /* 42 */ 562 "AKMP is not valid", /* 43 */ 563 "Unsupported RSN IE version", /* 44 */ 564 "Invalid RSN IE Capabilities", /* 45 */ 565 "Cipher suite is rejected per security policy", /* 46 */ 566 "The TS has not been created. However, the HC may be capable of " 567 "creating a TS, in response to a request, after the time indicated " 568 "in the TS Delay element", /* 47 */ 569 "Direct Link is not allowed in the BSS by policy", /* 48 */ 570 "Destination STA is not present within this QBSS.", /* 49 */ 571 "The Destination STA is not a QSTA.", /* 50 */ 572 573 }; 574 #define NUM_STATUSES (sizeof status_text / sizeof status_text[0]) 575 576 static const char *reason_text[] = { 577 "Reserved", /* 0 */ 578 "Unspecified reason", /* 1 */ 579 "Previous authentication no longer valid", /* 2 */ 580 "Deauthenticated because sending station is leaving (or has left) " 581 "IBSS or ESS", /* 3 */ 582 "Disassociated due to inactivity", /* 4 */ 583 "Disassociated because AP is unable to handle all currently " 584 " associated stations", /* 5 */ 585 "Class 2 frame received from nonauthenticated station", /* 6 */ 586 "Class 3 frame received from nonassociated station", /* 7 */ 587 "Disassociated because sending station is leaving " 588 "(or has left) BSS", /* 8 */ 589 "Station requesting (re)association is not authenticated with " 590 "responding station", /* 9 */ 591 "Disassociated because the information in the Power Capability " 592 "element is unacceptable", /* 10 */ 593 "Disassociated because the information in the SupportedChannels " 594 "element is unacceptable", /* 11 */ 595 "Invalid Information Element", /* 12 */ 596 "Reserved", /* 13 */ 597 "Michael MIC failure", /* 14 */ 598 "4-Way Handshake timeout", /* 15 */ 599 "Group key update timeout", /* 16 */ 600 "Information element in 4-Way Handshake different from (Re)Association" 601 "Request/Probe Response/Beacon", /* 17 */ 602 "Group Cipher is not valid", /* 18 */ 603 "AKMP is not valid", /* 20 */ 604 "Unsupported RSN IE version", /* 21 */ 605 "Invalid RSN IE Capabilities", /* 22 */ 606 "IEEE 802.1X Authentication failed", /* 23 */ 607 "Cipher suite is rejected per security policy", /* 24 */ 608 "Reserved", /* 25 */ 609 "Reserved", /* 26 */ 610 "Reserved", /* 27 */ 611 "Reserved", /* 28 */ 612 "Reserved", /* 29 */ 613 "Reserved", /* 30 */ 614 "TS deleted because QoS AP lacks sufficient bandwidth for this " 615 "QoS STA due to a change in BSS service characteristics or " 616 "operational mode (e.g. an HT BSS change from 40 MHz channel " 617 "to 20 MHz channel)", /* 31 */ 618 "Disassociated for unspecified, QoS-related reason", /* 32 */ 619 "Disassociated because QoS AP lacks sufficient bandwidth for this " 620 "QoS STA", /* 33 */ 621 "Disassociated because of excessive number of frames that need to be " 622 "acknowledged, but are not acknowledged for AP transmissions " 623 "and/or poor channel conditions", /* 34 */ 624 "Disassociated because STA is transmitting outside the limits " 625 "of its TXOPs", /* 35 */ 626 "Requested from peer STA as the STA is leaving the BSS " 627 "(or resetting)", /* 36 */ 628 "Requested from peer STA as it does not want to use the " 629 "mechanism", /* 37 */ 630 "Requested from peer STA as the STA received frames using the " 631 "mechanism for which a set up is required", /* 38 */ 632 "Requested from peer STA due to time out", /* 39 */ 633 "Reserved", /* 40 */ 634 "Reserved", /* 41 */ 635 "Reserved", /* 42 */ 636 "Reserved", /* 43 */ 637 "Reserved", /* 44 */ 638 "Peer STA does not support the requested cipher suite", /* 45 */ 639 "Association denied due to requesting STA not supporting HT " 640 "features", /* 46 */ 641 }; 642 #define NUM_REASONS (sizeof reason_text / sizeof reason_text[0]) 643 644 static int 645 wep_print(const u_char *p) 646 { 647 u_int32_t iv; 648 649 if (!TTEST2(*p, IEEE802_11_IV_LEN + IEEE802_11_KID_LEN)) 650 return 0; 651 iv = EXTRACT_LE_32BITS(p); 652 653 printf("Data IV:%3x Pad %x KeyID %x", IV_IV(iv), IV_PAD(iv), 654 IV_KEYID(iv)); 655 656 return 1; 657 } 658 659 static int 660 parse_elements(struct mgmt_body_t *pbody, const u_char *p, int offset, 661 u_int length) 662 { 663 u_int elementlen; 664 struct ssid_t ssid; 665 struct challenge_t challenge; 666 struct rates_t rates; 667 struct ds_t ds; 668 struct cf_t cf; 669 struct tim_t tim; 670 671 /* 672 * We haven't seen any elements yet. 673 */ 674 pbody->challenge_present = 0; 675 pbody->ssid_present = 0; 676 pbody->rates_present = 0; 677 pbody->ds_present = 0; 678 pbody->cf_present = 0; 679 pbody->tim_present = 0; 680 681 while (length != 0) { 682 if (!TTEST2(*(p + offset), 1)) 683 return 0; 684 if (length < 1) 685 return 0; 686 switch (*(p + offset)) { 687 case E_SSID: 688 if (!TTEST2(*(p + offset), 2)) 689 return 0; 690 if (length < 2) 691 return 0; 692 memcpy(&ssid, p + offset, 2); 693 offset += 2; 694 length -= 2; 695 if (ssid.length != 0) { 696 if (ssid.length > sizeof(ssid.ssid) - 1) 697 return 0; 698 if (!TTEST2(*(p + offset), ssid.length)) 699 return 0; 700 if (length < ssid.length) 701 return 0; 702 memcpy(&ssid.ssid, p + offset, ssid.length); 703 offset += ssid.length; 704 length -= ssid.length; 705 } 706 ssid.ssid[ssid.length] = '\0'; 707 /* 708 * Present and not truncated. 709 * 710 * If we haven't already seen an SSID IE, 711 * copy this one, otherwise ignore this one, 712 * so we later report the first one we saw. 713 */ 714 if (!pbody->ssid_present) { 715 pbody->ssid = ssid; 716 pbody->ssid_present = 1; 717 } 718 break; 719 case E_CHALLENGE: 720 if (!TTEST2(*(p + offset), 2)) 721 return 0; 722 if (length < 2) 723 return 0; 724 memcpy(&challenge, p + offset, 2); 725 offset += 2; 726 length -= 2; 727 if (challenge.length != 0) { 728 if (challenge.length > 729 sizeof(challenge.text) - 1) 730 return 0; 731 if (!TTEST2(*(p + offset), challenge.length)) 732 return 0; 733 if (length < challenge.length) 734 return 0; 735 memcpy(&challenge.text, p + offset, 736 challenge.length); 737 offset += challenge.length; 738 length -= challenge.length; 739 } 740 challenge.text[challenge.length] = '\0'; 741 /* 742 * Present and not truncated. 743 * 744 * If we haven't already seen a challenge IE, 745 * copy this one, otherwise ignore this one, 746 * so we later report the first one we saw. 747 */ 748 if (!pbody->challenge_present) { 749 pbody->challenge = challenge; 750 pbody->challenge_present = 1; 751 } 752 break; 753 case E_RATES: 754 if (!TTEST2(*(p + offset), 2)) 755 return 0; 756 if (length < 2) 757 return 0; 758 memcpy(&rates, p + offset, 2); 759 offset += 2; 760 length -= 2; 761 if (rates.length != 0) { 762 if (rates.length > sizeof rates.rate) 763 return 0; 764 if (!TTEST2(*(p + offset), rates.length)) 765 return 0; 766 if (length < rates.length) 767 return 0; 768 memcpy(&rates.rate, p + offset, rates.length); 769 offset += rates.length; 770 length -= rates.length; 771 } 772 /* 773 * Present and not truncated. 774 * 775 * If we haven't already seen a rates IE, 776 * copy this one if it's not zero-length, 777 * otherwise ignore this one, so we later 778 * report the first one we saw. 779 * 780 * We ignore zero-length rates IEs as some 781 * devices seem to put a zero-length rates 782 * IE, followed by an SSID IE, followed by 783 * a non-zero-length rates IE into frames, 784 * even though IEEE Std 802.11-2007 doesn't 785 * seem to indicate that a zero-length rates 786 * IE is valid. 787 */ 788 if (!pbody->rates_present && rates.length != 0) { 789 pbody->rates = rates; 790 pbody->rates_present = 1; 791 } 792 break; 793 case E_DS: 794 if (!TTEST2(*(p + offset), 3)) 795 return 0; 796 if (length < 3) 797 return 0; 798 memcpy(&ds, p + offset, 3); 799 offset += 3; 800 length -= 3; 801 /* 802 * Present and not truncated. 803 * 804 * If we haven't already seen a DS IE, 805 * copy this one, otherwise ignore this one, 806 * so we later report the first one we saw. 807 */ 808 if (!pbody->ds_present) { 809 pbody->ds = ds; 810 pbody->ds_present = 1; 811 } 812 break; 813 case E_CF: 814 if (!TTEST2(*(p + offset), 8)) 815 return 0; 816 if (length < 8) 817 return 0; 818 memcpy(&cf, p + offset, 8); 819 offset += 8; 820 length -= 8; 821 /* 822 * Present and not truncated. 823 * 824 * If we haven't already seen a CF IE, 825 * copy this one, otherwise ignore this one, 826 * so we later report the first one we saw. 827 */ 828 if (!pbody->cf_present) { 829 pbody->cf = cf; 830 pbody->cf_present = 1; 831 } 832 break; 833 case E_TIM: 834 if (!TTEST2(*(p + offset), 2)) 835 return 0; 836 if (length < 2) 837 return 0; 838 memcpy(&tim, p + offset, 2); 839 offset += 2; 840 length -= 2; 841 if (!TTEST2(*(p + offset), 3)) 842 return 0; 843 if (length < 3) 844 return 0; 845 memcpy(&tim.count, p + offset, 3); 846 offset += 3; 847 length -= 3; 848 849 if (tim.length <= 3) 850 break; 851 if (tim.length - 3 > (int)sizeof tim.bitmap) 852 return 0; 853 if (!TTEST2(*(p + offset), tim.length - 3)) 854 return 0; 855 if (length < (u_int)(tim.length - 3)) 856 return 0; 857 memcpy(tim.bitmap, p + (tim.length - 3), 858 (tim.length - 3)); 859 offset += tim.length - 3; 860 length -= tim.length - 3; 861 /* 862 * Present and not truncated. 863 * 864 * If we haven't already seen a TIM IE, 865 * copy this one, otherwise ignore this one, 866 * so we later report the first one we saw. 867 */ 868 if (!pbody->tim_present) { 869 pbody->tim = tim; 870 pbody->tim_present = 1; 871 } 872 break; 873 default: 874 #if 0 875 printf("(1) unhandled element_id (%d) ", 876 *(p + offset)); 877 #endif 878 if (!TTEST2(*(p + offset), 2)) 879 return 0; 880 if (length < 2) 881 return 0; 882 elementlen = *(p + offset + 1); 883 if (!TTEST2(*(p + offset + 2), elementlen)) 884 return 0; 885 if (length < elementlen + 2) 886 return 0; 887 offset += elementlen + 2; 888 length -= elementlen + 2; 889 break; 890 } 891 } 892 893 /* No problems found. */ 894 return 1; 895 } 896 897 /********************************************************************************* 898 * Print Handle functions for the management frame types 899 *********************************************************************************/ 900 901 static int 902 handle_beacon(const u_char *p, u_int length) 903 { 904 struct mgmt_body_t pbody; 905 int offset = 0; 906 int ret; 907 908 memset(&pbody, 0, sizeof(pbody)); 909 910 if (!TTEST2(*p, IEEE802_11_TSTAMP_LEN + IEEE802_11_BCNINT_LEN + 911 IEEE802_11_CAPINFO_LEN)) 912 return 0; 913 if (length < IEEE802_11_TSTAMP_LEN + IEEE802_11_BCNINT_LEN + 914 IEEE802_11_CAPINFO_LEN) 915 return 0; 916 memcpy(&pbody.timestamp, p, IEEE802_11_TSTAMP_LEN); 917 offset += IEEE802_11_TSTAMP_LEN; 918 length -= IEEE802_11_TSTAMP_LEN; 919 pbody.beacon_interval = EXTRACT_LE_16BITS(p+offset); 920 offset += IEEE802_11_BCNINT_LEN; 921 length -= IEEE802_11_BCNINT_LEN; 922 pbody.capability_info = EXTRACT_LE_16BITS(p+offset); 923 offset += IEEE802_11_CAPINFO_LEN; 924 length -= IEEE802_11_CAPINFO_LEN; 925 926 ret = parse_elements(&pbody, p, offset, length); 927 928 PRINT_SSID(pbody); 929 PRINT_RATES(pbody); 930 printf(" %s", 931 CAPABILITY_ESS(pbody.capability_info) ? "ESS" : "IBSS"); 932 PRINT_DS_CHANNEL(pbody); 933 934 return ret; 935 } 936 937 static int 938 handle_assoc_request(const u_char *p, u_int length) 939 { 940 struct mgmt_body_t pbody; 941 int offset = 0; 942 int ret; 943 944 memset(&pbody, 0, sizeof(pbody)); 945 946 if (!TTEST2(*p, IEEE802_11_CAPINFO_LEN + IEEE802_11_LISTENINT_LEN)) 947 return 0; 948 if (length < IEEE802_11_CAPINFO_LEN + IEEE802_11_LISTENINT_LEN) 949 return 0; 950 pbody.capability_info = EXTRACT_LE_16BITS(p); 951 offset += IEEE802_11_CAPINFO_LEN; 952 length -= IEEE802_11_CAPINFO_LEN; 953 pbody.listen_interval = EXTRACT_LE_16BITS(p+offset); 954 offset += IEEE802_11_LISTENINT_LEN; 955 length -= IEEE802_11_LISTENINT_LEN; 956 957 ret = parse_elements(&pbody, p, offset, length); 958 959 PRINT_SSID(pbody); 960 PRINT_RATES(pbody); 961 return ret; 962 } 963 964 static int 965 handle_assoc_response(const u_char *p, u_int length) 966 { 967 struct mgmt_body_t pbody; 968 int offset = 0; 969 int ret; 970 971 memset(&pbody, 0, sizeof(pbody)); 972 973 if (!TTEST2(*p, IEEE802_11_CAPINFO_LEN + IEEE802_11_STATUS_LEN + 974 IEEE802_11_AID_LEN)) 975 return 0; 976 if (length < IEEE802_11_CAPINFO_LEN + IEEE802_11_STATUS_LEN + 977 IEEE802_11_AID_LEN) 978 return 0; 979 pbody.capability_info = EXTRACT_LE_16BITS(p); 980 offset += IEEE802_11_CAPINFO_LEN; 981 length -= IEEE802_11_CAPINFO_LEN; 982 pbody.status_code = EXTRACT_LE_16BITS(p+offset); 983 offset += IEEE802_11_STATUS_LEN; 984 length -= IEEE802_11_STATUS_LEN; 985 pbody.aid = EXTRACT_LE_16BITS(p+offset); 986 offset += IEEE802_11_AID_LEN; 987 length -= IEEE802_11_AID_LEN; 988 989 ret = parse_elements(&pbody, p, offset, length); 990 991 printf(" AID(%x) :%s: %s", ((u_int16_t)(pbody.aid << 2 )) >> 2 , 992 CAPABILITY_PRIVACY(pbody.capability_info) ? " PRIVACY " : "", 993 (pbody.status_code < NUM_STATUSES 994 ? status_text[pbody.status_code] 995 : "n/a")); 996 997 return ret; 998 } 999 1000 static int 1001 handle_reassoc_request(const u_char *p, u_int length) 1002 { 1003 struct mgmt_body_t pbody; 1004 int offset = 0; 1005 int ret; 1006 1007 memset(&pbody, 0, sizeof(pbody)); 1008 1009 if (!TTEST2(*p, IEEE802_11_CAPINFO_LEN + IEEE802_11_LISTENINT_LEN + 1010 IEEE802_11_AP_LEN)) 1011 return 0; 1012 if (length < IEEE802_11_CAPINFO_LEN + IEEE802_11_LISTENINT_LEN + 1013 IEEE802_11_AP_LEN) 1014 return 0; 1015 pbody.capability_info = EXTRACT_LE_16BITS(p); 1016 offset += IEEE802_11_CAPINFO_LEN; 1017 length -= IEEE802_11_CAPINFO_LEN; 1018 pbody.listen_interval = EXTRACT_LE_16BITS(p+offset); 1019 offset += IEEE802_11_LISTENINT_LEN; 1020 length -= IEEE802_11_LISTENINT_LEN; 1021 memcpy(&pbody.ap, p+offset, IEEE802_11_AP_LEN); 1022 offset += IEEE802_11_AP_LEN; 1023 length -= IEEE802_11_AP_LEN; 1024 1025 ret = parse_elements(&pbody, p, offset, length); 1026 1027 PRINT_SSID(pbody); 1028 printf(" AP : %s", etheraddr_string( pbody.ap )); 1029 1030 return ret; 1031 } 1032 1033 static int 1034 handle_reassoc_response(const u_char *p, u_int length) 1035 { 1036 /* Same as a Association Reponse */ 1037 return handle_assoc_response(p, length); 1038 } 1039 1040 static int 1041 handle_probe_request(const u_char *p, u_int length) 1042 { 1043 struct mgmt_body_t pbody; 1044 int offset = 0; 1045 int ret; 1046 1047 memset(&pbody, 0, sizeof(pbody)); 1048 1049 ret = parse_elements(&pbody, p, offset, length); 1050 1051 PRINT_SSID(pbody); 1052 PRINT_RATES(pbody); 1053 1054 return ret; 1055 } 1056 1057 static int 1058 handle_probe_response(const u_char *p, u_int length) 1059 { 1060 struct mgmt_body_t pbody; 1061 int offset = 0; 1062 int ret; 1063 1064 memset(&pbody, 0, sizeof(pbody)); 1065 1066 if (!TTEST2(*p, IEEE802_11_TSTAMP_LEN + IEEE802_11_BCNINT_LEN + 1067 IEEE802_11_CAPINFO_LEN)) 1068 return 0; 1069 if (length < IEEE802_11_TSTAMP_LEN + IEEE802_11_BCNINT_LEN + 1070 IEEE802_11_CAPINFO_LEN) 1071 return 0; 1072 memcpy(&pbody.timestamp, p, IEEE802_11_TSTAMP_LEN); 1073 offset += IEEE802_11_TSTAMP_LEN; 1074 length -= IEEE802_11_TSTAMP_LEN; 1075 pbody.beacon_interval = EXTRACT_LE_16BITS(p+offset); 1076 offset += IEEE802_11_BCNINT_LEN; 1077 length -= IEEE802_11_BCNINT_LEN; 1078 pbody.capability_info = EXTRACT_LE_16BITS(p+offset); 1079 offset += IEEE802_11_CAPINFO_LEN; 1080 length -= IEEE802_11_CAPINFO_LEN; 1081 1082 ret = parse_elements(&pbody, p, offset, length); 1083 1084 PRINT_SSID(pbody); 1085 PRINT_RATES(pbody); 1086 PRINT_DS_CHANNEL(pbody); 1087 1088 return ret; 1089 } 1090 1091 static int 1092 handle_atim(void) 1093 { 1094 /* the frame body for ATIM is null. */ 1095 return 1; 1096 } 1097 1098 static int 1099 handle_disassoc(const u_char *p, u_int length) 1100 { 1101 struct mgmt_body_t pbody; 1102 1103 memset(&pbody, 0, sizeof(pbody)); 1104 1105 if (!TTEST2(*p, IEEE802_11_REASON_LEN)) 1106 return 0; 1107 if (length < IEEE802_11_REASON_LEN) 1108 return 0; 1109 pbody.reason_code = EXTRACT_LE_16BITS(p); 1110 1111 printf(": %s", 1112 (pbody.reason_code < NUM_REASONS) 1113 ? reason_text[pbody.reason_code] 1114 : "Reserved" ); 1115 1116 return 1; 1117 } 1118 1119 static int 1120 handle_auth(const u_char *p, u_int length) 1121 { 1122 struct mgmt_body_t pbody; 1123 int offset = 0; 1124 int ret; 1125 1126 memset(&pbody, 0, sizeof(pbody)); 1127 1128 if (!TTEST2(*p, 6)) 1129 return 0; 1130 if (length < 6) 1131 return 0; 1132 pbody.auth_alg = EXTRACT_LE_16BITS(p); 1133 offset += 2; 1134 length -= 2; 1135 pbody.auth_trans_seq_num = EXTRACT_LE_16BITS(p + offset); 1136 offset += 2; 1137 length -= 2; 1138 pbody.status_code = EXTRACT_LE_16BITS(p + offset); 1139 offset += 2; 1140 length -= 2; 1141 1142 ret = parse_elements(&pbody, p, offset, length); 1143 1144 if ((pbody.auth_alg == 1) && 1145 ((pbody.auth_trans_seq_num == 2) || 1146 (pbody.auth_trans_seq_num == 3))) { 1147 printf(" (%s)-%x [Challenge Text] %s", 1148 (pbody.auth_alg < NUM_AUTH_ALGS) 1149 ? auth_alg_text[pbody.auth_alg] 1150 : "Reserved", 1151 pbody.auth_trans_seq_num, 1152 ((pbody.auth_trans_seq_num % 2) 1153 ? ((pbody.status_code < NUM_STATUSES) 1154 ? status_text[pbody.status_code] 1155 : "n/a") : "")); 1156 return ret; 1157 } 1158 printf(" (%s)-%x: %s", 1159 (pbody.auth_alg < NUM_AUTH_ALGS) 1160 ? auth_alg_text[pbody.auth_alg] 1161 : "Reserved", 1162 pbody.auth_trans_seq_num, 1163 (pbody.auth_trans_seq_num % 2) 1164 ? ((pbody.status_code < NUM_STATUSES) 1165 ? status_text[pbody.status_code] 1166 : "n/a") 1167 : ""); 1168 1169 return ret; 1170 } 1171 1172 static int 1173 handle_deauth(const struct mgmt_header_t *pmh, const u_char *p, u_int length) 1174 { 1175 struct mgmt_body_t pbody; 1176 int offset = 0; 1177 const char *reason = NULL; 1178 1179 memset(&pbody, 0, sizeof(pbody)); 1180 1181 if (!TTEST2(*p, IEEE802_11_REASON_LEN)) 1182 return 0; 1183 if (length < IEEE802_11_REASON_LEN) 1184 return 0; 1185 pbody.reason_code = EXTRACT_LE_16BITS(p); 1186 offset += IEEE802_11_REASON_LEN; 1187 length -= IEEE802_11_REASON_LEN; 1188 1189 reason = (pbody.reason_code < NUM_REASONS) 1190 ? reason_text[pbody.reason_code] 1191 : "Reserved"; 1192 1193 if (eflag) { 1194 printf(": %s", reason); 1195 } else { 1196 printf(" (%s): %s", etheraddr_string(pmh->sa), reason); 1197 } 1198 return 1; 1199 } 1200 1201 #define PRINT_HT_ACTION(v) (\ 1202 (v) == 0 ? printf("TxChWidth") : \ 1203 (v) == 1 ? printf("MIMOPwrSave") : \ 1204 printf("Act#%d", (v)) \ 1205 ) 1206 #define PRINT_BA_ACTION(v) (\ 1207 (v) == 0 ? printf("ADDBA Request") : \ 1208 (v) == 1 ? printf("ADDBA Response") : \ 1209 (v) == 2 ? printf("DELBA") : \ 1210 printf("Act#%d", (v)) \ 1211 ) 1212 #define PRINT_MESHLINK_ACTION(v) (\ 1213 (v) == 0 ? printf("Request") : \ 1214 (v) == 1 ? printf("Report") : \ 1215 printf("Act#%d", (v)) \ 1216 ) 1217 #define PRINT_MESHPEERING_ACTION(v) (\ 1218 (v) == 0 ? printf("Open") : \ 1219 (v) == 1 ? printf("Confirm") : \ 1220 (v) == 2 ? printf("Close") : \ 1221 printf("Act#%d", (v)) \ 1222 ) 1223 #define PRINT_MESHPATH_ACTION(v) (\ 1224 (v) == 0 ? printf("Request") : \ 1225 (v) == 1 ? printf("Report") : \ 1226 (v) == 2 ? printf("Error") : \ 1227 (v) == 3 ? printf("RootAnnouncement") : \ 1228 printf("Act#%d", (v)) \ 1229 ) 1230 1231 #define PRINT_MESH_ACTION(v) (\ 1232 (v) == 0 ? printf("MeshLink") : \ 1233 (v) == 1 ? printf("HWMP") : \ 1234 (v) == 2 ? printf("Gate Announcement") : \ 1235 (v) == 3 ? printf("Congestion Control") : \ 1236 (v) == 4 ? printf("MCCA Setup Request") : \ 1237 (v) == 5 ? printf("MCCA Setup Reply") : \ 1238 (v) == 6 ? printf("MCCA Advertisement Request") : \ 1239 (v) == 7 ? printf("MCCA Advertisement") : \ 1240 (v) == 8 ? printf("MCCA Teardown") : \ 1241 (v) == 9 ? printf("TBTT Adjustment Request") : \ 1242 (v) == 10 ? printf("TBTT Adjustment Response") : \ 1243 printf("Act#%d", (v)) \ 1244 ) 1245 #define PRINT_MULTIHOP_ACTION(v) (\ 1246 (v) == 0 ? printf("Proxy Update") : \ 1247 (v) == 1 ? printf("Proxy Update Confirmation") : \ 1248 printf("Act#%d", (v)) \ 1249 ) 1250 #define PRINT_SELFPROT_ACTION(v) (\ 1251 (v) == 1 ? printf("Peering Open") : \ 1252 (v) == 2 ? printf("Peering Confirm") : \ 1253 (v) == 3 ? printf("Peering Close") : \ 1254 (v) == 4 ? printf("Group Key Inform") : \ 1255 (v) == 5 ? printf("Group Key Acknowledge") : \ 1256 printf("Act#%d", (v)) \ 1257 ) 1258 1259 static int 1260 handle_action(const struct mgmt_header_t *pmh, const u_char *p, u_int length) 1261 { 1262 if (!TTEST2(*p, 2)) 1263 return 0; 1264 if (length < 2) 1265 return 0; 1266 if (eflag) { 1267 printf(": "); 1268 } else { 1269 printf(" (%s): ", etheraddr_string(pmh->sa)); 1270 } 1271 switch (p[0]) { 1272 case 0: printf("Spectrum Management Act#%d", p[1]); break; 1273 case 1: printf("QoS Act#%d", p[1]); break; 1274 case 2: printf("DLS Act#%d", p[1]); break; 1275 case 3: printf("BA "); PRINT_BA_ACTION(p[1]); break; 1276 case 7: printf("HT "); PRINT_HT_ACTION(p[1]); break; 1277 case 13: printf("MeshAction "); PRINT_MESH_ACTION(p[1]); break; 1278 case 14: 1279 printf("MultiohopAction "); 1280 PRINT_MULTIHOP_ACTION(p[1]); break; 1281 case 15: 1282 printf("SelfprotectAction "); 1283 PRINT_SELFPROT_ACTION(p[1]); break; 1284 case 127: printf("Vendor Act#%d", p[1]); break; 1285 default: 1286 printf("Reserved(%d) Act#%d", p[0], p[1]); 1287 break; 1288 } 1289 return 1; 1290 } 1291 1292 1293 /********************************************************************************* 1294 * Print Body funcs 1295 *********************************************************************************/ 1296 1297 1298 static int 1299 mgmt_body_print(u_int16_t fc, const struct mgmt_header_t *pmh, 1300 const u_char *p, u_int length) 1301 { 1302 switch (FC_SUBTYPE(fc)) { 1303 case ST_ASSOC_REQUEST: 1304 printf("Assoc Request"); 1305 return handle_assoc_request(p, length); 1306 case ST_ASSOC_RESPONSE: 1307 printf("Assoc Response"); 1308 return handle_assoc_response(p, length); 1309 case ST_REASSOC_REQUEST: 1310 printf("ReAssoc Request"); 1311 return handle_reassoc_request(p, length); 1312 case ST_REASSOC_RESPONSE: 1313 printf("ReAssoc Response"); 1314 return handle_reassoc_response(p, length); 1315 case ST_PROBE_REQUEST: 1316 printf("Probe Request"); 1317 return handle_probe_request(p, length); 1318 case ST_PROBE_RESPONSE: 1319 printf("Probe Response"); 1320 return handle_probe_response(p, length); 1321 case ST_BEACON: 1322 printf("Beacon"); 1323 return handle_beacon(p, length); 1324 case ST_ATIM: 1325 printf("ATIM"); 1326 return handle_atim(); 1327 case ST_DISASSOC: 1328 printf("Disassociation"); 1329 return handle_disassoc(p, length); 1330 case ST_AUTH: 1331 printf("Authentication"); 1332 if (!TTEST2(*p, 3)) 1333 return 0; 1334 if ((p[0] == 0 ) && (p[1] == 0) && (p[2] == 0)) { 1335 printf("Authentication (Shared-Key)-3 "); 1336 return wep_print(p); 1337 } 1338 return handle_auth(p, length); 1339 case ST_DEAUTH: 1340 printf("DeAuthentication"); 1341 return handle_deauth(pmh, p, length); 1342 break; 1343 case ST_ACTION: 1344 printf("Action"); 1345 return handle_action(pmh, p, length); 1346 break; 1347 default: 1348 printf("Unhandled Management subtype(%x)", 1349 FC_SUBTYPE(fc)); 1350 return 1; 1351 } 1352 } 1353 1354 1355 /********************************************************************************* 1356 * Handles printing all the control frame types 1357 *********************************************************************************/ 1358 1359 static int 1360 ctrl_body_print(u_int16_t fc, const u_char *p) 1361 { 1362 switch (FC_SUBTYPE(fc)) { 1363 case CTRL_CONTROL_WRAPPER: 1364 printf("Control Wrapper"); 1365 /* XXX - requires special handling */ 1366 break; 1367 case CTRL_BAR: 1368 printf("BAR"); 1369 if (!TTEST2(*p, CTRL_BAR_HDRLEN)) 1370 return 0; 1371 if (!eflag) 1372 printf(" RA:%s TA:%s CTL(%x) SEQ(%u) ", 1373 etheraddr_string(((const struct ctrl_bar_t *)p)->ra), 1374 etheraddr_string(((const struct ctrl_bar_t *)p)->ta), 1375 EXTRACT_LE_16BITS(&(((const struct ctrl_bar_t *)p)->ctl)), 1376 EXTRACT_LE_16BITS(&(((const struct ctrl_bar_t *)p)->seq))); 1377 break; 1378 case CTRL_BA: 1379 printf("BA"); 1380 if (!TTEST2(*p, CTRL_BA_HDRLEN)) 1381 return 0; 1382 if (!eflag) 1383 printf(" RA:%s ", 1384 etheraddr_string(((const struct ctrl_ba_t *)p)->ra)); 1385 break; 1386 case CTRL_PS_POLL: 1387 printf("Power Save-Poll"); 1388 if (!TTEST2(*p, CTRL_PS_POLL_HDRLEN)) 1389 return 0; 1390 printf(" AID(%x)", 1391 EXTRACT_LE_16BITS(&(((const struct ctrl_ps_poll_t *)p)->aid))); 1392 break; 1393 case CTRL_RTS: 1394 printf("Request-To-Send"); 1395 if (!TTEST2(*p, CTRL_RTS_HDRLEN)) 1396 return 0; 1397 if (!eflag) 1398 printf(" TA:%s ", 1399 etheraddr_string(((const struct ctrl_rts_t *)p)->ta)); 1400 break; 1401 case CTRL_CTS: 1402 printf("Clear-To-Send"); 1403 if (!TTEST2(*p, CTRL_CTS_HDRLEN)) 1404 return 0; 1405 if (!eflag) 1406 printf(" RA:%s ", 1407 etheraddr_string(((const struct ctrl_cts_t *)p)->ra)); 1408 break; 1409 case CTRL_ACK: 1410 printf("Acknowledgment"); 1411 if (!TTEST2(*p, CTRL_ACK_HDRLEN)) 1412 return 0; 1413 if (!eflag) 1414 printf(" RA:%s ", 1415 etheraddr_string(((const struct ctrl_ack_t *)p)->ra)); 1416 break; 1417 case CTRL_CF_END: 1418 printf("CF-End"); 1419 if (!TTEST2(*p, CTRL_END_HDRLEN)) 1420 return 0; 1421 if (!eflag) 1422 printf(" RA:%s ", 1423 etheraddr_string(((const struct ctrl_end_t *)p)->ra)); 1424 break; 1425 case CTRL_END_ACK: 1426 printf("CF-End+CF-Ack"); 1427 if (!TTEST2(*p, CTRL_END_ACK_HDRLEN)) 1428 return 0; 1429 if (!eflag) 1430 printf(" RA:%s ", 1431 etheraddr_string(((const struct ctrl_end_ack_t *)p)->ra)); 1432 break; 1433 default: 1434 printf("Unknown Ctrl Subtype"); 1435 } 1436 return 1; 1437 } 1438 1439 /* 1440 * Print Header funcs 1441 */ 1442 1443 /* 1444 * Data Frame - Address field contents 1445 * 1446 * To Ds | From DS | Addr 1 | Addr 2 | Addr 3 | Addr 4 1447 * 0 | 0 | DA | SA | BSSID | n/a 1448 * 0 | 1 | DA | BSSID | SA | n/a 1449 * 1 | 0 | BSSID | SA | DA | n/a 1450 * 1 | 1 | RA | TA | DA | SA 1451 */ 1452 1453 static void 1454 data_header_print(u_int16_t fc, const u_char *p, const u_int8_t **srcp, 1455 const u_int8_t **dstp) 1456 { 1457 u_int subtype = FC_SUBTYPE(fc); 1458 1459 if (DATA_FRAME_IS_CF_ACK(subtype) || DATA_FRAME_IS_CF_POLL(subtype) || 1460 DATA_FRAME_IS_QOS(subtype)) { 1461 printf("CF "); 1462 if (DATA_FRAME_IS_CF_ACK(subtype)) { 1463 if (DATA_FRAME_IS_CF_POLL(subtype)) 1464 printf("Ack/Poll"); 1465 else 1466 printf("Ack"); 1467 } else { 1468 if (DATA_FRAME_IS_CF_POLL(subtype)) 1469 printf("Poll"); 1470 } 1471 if (DATA_FRAME_IS_QOS(subtype)) 1472 printf("+QoS"); 1473 printf(" "); 1474 } 1475 1476 #define ADDR1 (p + 4) 1477 #define ADDR2 (p + 10) 1478 #define ADDR3 (p + 16) 1479 #define ADDR4 (p + 24) 1480 1481 if (!FC_TO_DS(fc) && !FC_FROM_DS(fc)) { 1482 if (srcp != NULL) 1483 *srcp = ADDR2; 1484 if (dstp != NULL) 1485 *dstp = ADDR1; 1486 if (!eflag) 1487 return; 1488 printf("DA:%s SA:%s BSSID:%s ", 1489 etheraddr_string(ADDR1), etheraddr_string(ADDR2), 1490 etheraddr_string(ADDR3)); 1491 } else if (!FC_TO_DS(fc) && FC_FROM_DS(fc)) { 1492 if (srcp != NULL) 1493 *srcp = ADDR3; 1494 if (dstp != NULL) 1495 *dstp = ADDR1; 1496 if (!eflag) 1497 return; 1498 printf("DA:%s BSSID:%s SA:%s ", 1499 etheraddr_string(ADDR1), etheraddr_string(ADDR2), 1500 etheraddr_string(ADDR3)); 1501 } else if (FC_TO_DS(fc) && !FC_FROM_DS(fc)) { 1502 if (srcp != NULL) 1503 *srcp = ADDR2; 1504 if (dstp != NULL) 1505 *dstp = ADDR3; 1506 if (!eflag) 1507 return; 1508 printf("BSSID:%s SA:%s DA:%s ", 1509 etheraddr_string(ADDR1), etheraddr_string(ADDR2), 1510 etheraddr_string(ADDR3)); 1511 } else if (FC_TO_DS(fc) && FC_FROM_DS(fc)) { 1512 if (srcp != NULL) 1513 *srcp = ADDR4; 1514 if (dstp != NULL) 1515 *dstp = ADDR3; 1516 if (!eflag) 1517 return; 1518 printf("RA:%s TA:%s DA:%s SA:%s ", 1519 etheraddr_string(ADDR1), etheraddr_string(ADDR2), 1520 etheraddr_string(ADDR3), etheraddr_string(ADDR4)); 1521 } 1522 1523 #undef ADDR1 1524 #undef ADDR2 1525 #undef ADDR3 1526 #undef ADDR4 1527 } 1528 1529 static void 1530 mgmt_header_print(const u_char *p, const u_int8_t **srcp, 1531 const u_int8_t **dstp) 1532 { 1533 const struct mgmt_header_t *hp = (const struct mgmt_header_t *) p; 1534 1535 if (srcp != NULL) 1536 *srcp = hp->sa; 1537 if (dstp != NULL) 1538 *dstp = hp->da; 1539 if (!eflag) 1540 return; 1541 1542 printf("BSSID:%s DA:%s SA:%s ", 1543 etheraddr_string((hp)->bssid), etheraddr_string((hp)->da), 1544 etheraddr_string((hp)->sa)); 1545 } 1546 1547 static void 1548 ctrl_header_print(u_int16_t fc, const u_char *p, const u_int8_t **srcp, 1549 const u_int8_t **dstp) 1550 { 1551 if (srcp != NULL) 1552 *srcp = NULL; 1553 if (dstp != NULL) 1554 *dstp = NULL; 1555 if (!eflag) 1556 return; 1557 1558 switch (FC_SUBTYPE(fc)) { 1559 case CTRL_BAR: 1560 printf(" RA:%s TA:%s CTL(%x) SEQ(%u) ", 1561 etheraddr_string(((const struct ctrl_bar_t *)p)->ra), 1562 etheraddr_string(((const struct ctrl_bar_t *)p)->ta), 1563 EXTRACT_LE_16BITS(&(((const struct ctrl_bar_t *)p)->ctl)), 1564 EXTRACT_LE_16BITS(&(((const struct ctrl_bar_t *)p)->seq))); 1565 break; 1566 case CTRL_BA: 1567 printf("RA:%s ", 1568 etheraddr_string(((const struct ctrl_ba_t *)p)->ra)); 1569 break; 1570 case CTRL_PS_POLL: 1571 printf("BSSID:%s TA:%s ", 1572 etheraddr_string(((const struct ctrl_ps_poll_t *)p)->bssid), 1573 etheraddr_string(((const struct ctrl_ps_poll_t *)p)->ta)); 1574 break; 1575 case CTRL_RTS: 1576 printf("RA:%s TA:%s ", 1577 etheraddr_string(((const struct ctrl_rts_t *)p)->ra), 1578 etheraddr_string(((const struct ctrl_rts_t *)p)->ta)); 1579 break; 1580 case CTRL_CTS: 1581 printf("RA:%s ", 1582 etheraddr_string(((const struct ctrl_cts_t *)p)->ra)); 1583 break; 1584 case CTRL_ACK: 1585 printf("RA:%s ", 1586 etheraddr_string(((const struct ctrl_ack_t *)p)->ra)); 1587 break; 1588 case CTRL_CF_END: 1589 printf("RA:%s BSSID:%s ", 1590 etheraddr_string(((const struct ctrl_end_t *)p)->ra), 1591 etheraddr_string(((const struct ctrl_end_t *)p)->bssid)); 1592 break; 1593 case CTRL_END_ACK: 1594 printf("RA:%s BSSID:%s ", 1595 etheraddr_string(((const struct ctrl_end_ack_t *)p)->ra), 1596 etheraddr_string(((const struct ctrl_end_ack_t *)p)->bssid)); 1597 break; 1598 default: 1599 printf("(H) Unknown Ctrl Subtype"); 1600 break; 1601 } 1602 } 1603 1604 static int 1605 extract_header_length(u_int16_t fc) 1606 { 1607 int len; 1608 1609 switch (FC_TYPE(fc)) { 1610 case T_MGMT: 1611 return MGMT_HDRLEN; 1612 case T_CTRL: 1613 switch (FC_SUBTYPE(fc)) { 1614 case CTRL_BAR: 1615 return CTRL_BAR_HDRLEN; 1616 case CTRL_PS_POLL: 1617 return CTRL_PS_POLL_HDRLEN; 1618 case CTRL_RTS: 1619 return CTRL_RTS_HDRLEN; 1620 case CTRL_CTS: 1621 return CTRL_CTS_HDRLEN; 1622 case CTRL_ACK: 1623 return CTRL_ACK_HDRLEN; 1624 case CTRL_CF_END: 1625 return CTRL_END_HDRLEN; 1626 case CTRL_END_ACK: 1627 return CTRL_END_ACK_HDRLEN; 1628 default: 1629 return 0; 1630 } 1631 case T_DATA: 1632 len = (FC_TO_DS(fc) && FC_FROM_DS(fc)) ? 30 : 24; 1633 if (DATA_FRAME_IS_QOS(FC_SUBTYPE(fc))) 1634 len += 2; 1635 return len; 1636 default: 1637 printf("unknown IEEE802.11 frame type (%d)", FC_TYPE(fc)); 1638 return 0; 1639 } 1640 } 1641 1642 static int 1643 extract_mesh_header_length(const u_char *p) 1644 { 1645 return (p[0] &~ 3) ? 0 : 6*(1 + (p[0] & 3)); 1646 } 1647 1648 /* 1649 * Print the 802.11 MAC header if eflag is set, and set "*srcp" and "*dstp" 1650 * to point to the source and destination MAC addresses in any case if 1651 * "srcp" and "dstp" aren't null. 1652 */ 1653 static void 1654 ieee_802_11_hdr_print(u_int16_t fc, const u_char *p, u_int hdrlen, 1655 u_int meshdrlen, const u_int8_t **srcp, const u_int8_t **dstp) 1656 { 1657 if (vflag) { 1658 if (FC_MORE_DATA(fc)) 1659 printf("More Data "); 1660 if (FC_MORE_FLAG(fc)) 1661 printf("More Fragments "); 1662 if (FC_POWER_MGMT(fc)) 1663 printf("Pwr Mgmt "); 1664 if (FC_RETRY(fc)) 1665 printf("Retry "); 1666 if (FC_ORDER(fc)) 1667 printf("Strictly Ordered "); 1668 if (FC_WEP(fc)) 1669 printf("WEP Encrypted "); 1670 if (FC_TYPE(fc) != T_CTRL || FC_SUBTYPE(fc) != CTRL_PS_POLL) 1671 printf("%dus ", 1672 EXTRACT_LE_16BITS( 1673 &((const struct mgmt_header_t *)p)->duration)); 1674 } 1675 if (meshdrlen != 0) { 1676 const struct meshcntl_t *mc = 1677 (const struct meshcntl_t *)&p[hdrlen - meshdrlen]; 1678 int ae = mc->flags & 3; 1679 1680 printf("MeshData (AE %d TTL %u seq %u", ae, mc->ttl, 1681 EXTRACT_LE_32BITS(mc->seq)); 1682 if (ae > 0) 1683 printf(" A4:%s", etheraddr_string(mc->addr4)); 1684 if (ae > 1) 1685 printf(" A5:%s", etheraddr_string(mc->addr5)); 1686 if (ae > 2) 1687 printf(" A6:%s", etheraddr_string(mc->addr6)); 1688 printf(") "); 1689 } 1690 1691 switch (FC_TYPE(fc)) { 1692 case T_MGMT: 1693 mgmt_header_print(p, srcp, dstp); 1694 break; 1695 case T_CTRL: 1696 ctrl_header_print(fc, p, srcp, dstp); 1697 break; 1698 case T_DATA: 1699 data_header_print(fc, p, srcp, dstp); 1700 break; 1701 default: 1702 printf("(header) unknown IEEE802.11 frame type (%d)", 1703 FC_TYPE(fc)); 1704 *srcp = NULL; 1705 *dstp = NULL; 1706 break; 1707 } 1708 } 1709 1710 #ifndef roundup2 1711 #define roundup2(x, y) (((x)+((y)-1))&(~((y)-1))) /* if y is powers of two */ 1712 #endif 1713 1714 static u_int 1715 ieee802_11_print(const u_char *p, u_int length, u_int orig_caplen, int pad, 1716 u_int fcslen) 1717 { 1718 u_int16_t fc; 1719 u_int caplen, hdrlen, meshdrlen; 1720 const u_int8_t *src, *dst; 1721 u_short extracted_ethertype; 1722 1723 caplen = orig_caplen; 1724 /* Remove FCS, if present */ 1725 if (length < fcslen) { 1726 printf("[|802.11]"); 1727 return caplen; 1728 } 1729 length -= fcslen; 1730 if (caplen > length) { 1731 /* Amount of FCS in actual packet data, if any */ 1732 fcslen = caplen - length; 1733 caplen -= fcslen; 1734 snapend -= fcslen; 1735 } 1736 1737 if (caplen < IEEE802_11_FC_LEN) { 1738 printf("[|802.11]"); 1739 return orig_caplen; 1740 } 1741 1742 fc = EXTRACT_LE_16BITS(p); 1743 hdrlen = extract_header_length(fc); 1744 if (pad) 1745 hdrlen = roundup2(hdrlen, 4); 1746 if (Hflag && FC_TYPE(fc) == T_DATA && 1747 DATA_FRAME_IS_QOS(FC_SUBTYPE(fc))) { 1748 meshdrlen = extract_mesh_header_length(p+hdrlen); 1749 hdrlen += meshdrlen; 1750 } else 1751 meshdrlen = 0; 1752 1753 1754 if (caplen < hdrlen) { 1755 printf("[|802.11]"); 1756 return hdrlen; 1757 } 1758 1759 ieee_802_11_hdr_print(fc, p, hdrlen, meshdrlen, &src, &dst); 1760 1761 /* 1762 * Go past the 802.11 header. 1763 */ 1764 length -= hdrlen; 1765 caplen -= hdrlen; 1766 p += hdrlen; 1767 1768 switch (FC_TYPE(fc)) { 1769 case T_MGMT: 1770 if (!mgmt_body_print(fc, 1771 (const struct mgmt_header_t *)(p - hdrlen), p, length)) { 1772 printf("[|802.11]"); 1773 return hdrlen; 1774 } 1775 break; 1776 case T_CTRL: 1777 if (!ctrl_body_print(fc, p - hdrlen)) { 1778 printf("[|802.11]"); 1779 return hdrlen; 1780 } 1781 break; 1782 case T_DATA: 1783 if (DATA_FRAME_IS_NULL(FC_SUBTYPE(fc))) 1784 return hdrlen; /* no-data frame */ 1785 /* There may be a problem w/ AP not having this bit set */ 1786 if (FC_WEP(fc)) { 1787 if (!wep_print(p)) { 1788 printf("[|802.11]"); 1789 return hdrlen; 1790 } 1791 } else if (llc_print(p, length, caplen, dst, src, 1792 &extracted_ethertype) == 0) { 1793 /* 1794 * Some kinds of LLC packet we cannot 1795 * handle intelligently 1796 */ 1797 if (!eflag) 1798 ieee_802_11_hdr_print(fc, p - hdrlen, hdrlen, 1799 meshdrlen, NULL, NULL); 1800 if (extracted_ethertype) 1801 printf("(LLC %s) ", 1802 etherproto_string( 1803 htons(extracted_ethertype))); 1804 if (!suppress_default_print) 1805 default_print(p, caplen); 1806 } 1807 break; 1808 default: 1809 printf("unknown 802.11 frame type (%d)", FC_TYPE(fc)); 1810 break; 1811 } 1812 1813 return hdrlen; 1814 } 1815 1816 /* 1817 * This is the top level routine of the printer. 'p' points 1818 * to the 802.11 header of the packet, 'h->ts' is the timestamp, 1819 * 'h->len' is the length of the packet off the wire, and 'h->caplen' 1820 * is the number of bytes actually captured. 1821 */ 1822 u_int 1823 ieee802_11_if_print(const struct pcap_pkthdr *h, const u_char *p) 1824 { 1825 return ieee802_11_print(p, h->len, h->caplen, 0, 0); 1826 } 1827 1828 #define IEEE80211_CHAN_FHSS \ 1829 (IEEE80211_CHAN_2GHZ | IEEE80211_CHAN_GFSK) 1830 #define IEEE80211_CHAN_A \ 1831 (IEEE80211_CHAN_5GHZ | IEEE80211_CHAN_OFDM) 1832 #define IEEE80211_CHAN_B \ 1833 (IEEE80211_CHAN_2GHZ | IEEE80211_CHAN_CCK) 1834 #define IEEE80211_CHAN_PUREG \ 1835 (IEEE80211_CHAN_2GHZ | IEEE80211_CHAN_OFDM) 1836 #define IEEE80211_CHAN_G \ 1837 (IEEE80211_CHAN_2GHZ | IEEE80211_CHAN_DYN) 1838 1839 #define IS_CHAN_FHSS(flags) \ 1840 ((flags & IEEE80211_CHAN_FHSS) == IEEE80211_CHAN_FHSS) 1841 #define IS_CHAN_A(flags) \ 1842 ((flags & IEEE80211_CHAN_A) == IEEE80211_CHAN_A) 1843 #define IS_CHAN_B(flags) \ 1844 ((flags & IEEE80211_CHAN_B) == IEEE80211_CHAN_B) 1845 #define IS_CHAN_PUREG(flags) \ 1846 ((flags & IEEE80211_CHAN_PUREG) == IEEE80211_CHAN_PUREG) 1847 #define IS_CHAN_G(flags) \ 1848 ((flags & IEEE80211_CHAN_G) == IEEE80211_CHAN_G) 1849 #define IS_CHAN_ANYG(flags) \ 1850 (IS_CHAN_PUREG(flags) || IS_CHAN_G(flags)) 1851 1852 static void 1853 print_chaninfo(int freq, int flags) 1854 { 1855 printf("%u MHz", freq); 1856 if (IS_CHAN_FHSS(flags)) 1857 printf(" FHSS"); 1858 if (IS_CHAN_A(flags)) { 1859 if (flags & IEEE80211_CHAN_HALF) 1860 printf(" 11a/10Mhz"); 1861 else if (flags & IEEE80211_CHAN_QUARTER) 1862 printf(" 11a/5Mhz"); 1863 else 1864 printf(" 11a"); 1865 } 1866 if (IS_CHAN_ANYG(flags)) { 1867 if (flags & IEEE80211_CHAN_HALF) 1868 printf(" 11g/10Mhz"); 1869 else if (flags & IEEE80211_CHAN_QUARTER) 1870 printf(" 11g/5Mhz"); 1871 else 1872 printf(" 11g"); 1873 } else if (IS_CHAN_B(flags)) 1874 printf(" 11b"); 1875 if (flags & IEEE80211_CHAN_TURBO) 1876 printf(" Turbo"); 1877 if (flags & IEEE80211_CHAN_HT20) 1878 printf(" ht/20"); 1879 else if (flags & IEEE80211_CHAN_HT40D) 1880 printf(" ht/40-"); 1881 else if (flags & IEEE80211_CHAN_HT40U) 1882 printf(" ht/40+"); 1883 printf(" "); 1884 } 1885 1886 static int 1887 print_radiotap_field(struct cpack_state *s, u_int32_t bit, u_int8_t *flags, 1888 struct radiotap_state *state, u_int32_t presentflags) 1889 { 1890 union { 1891 int8_t i8; 1892 u_int8_t u8; 1893 int16_t i16; 1894 u_int16_t u16; 1895 u_int32_t u32; 1896 u_int64_t u64; 1897 } u, u2, u3, u4; 1898 int rc; 1899 1900 switch (bit) { 1901 case IEEE80211_RADIOTAP_FLAGS: 1902 rc = cpack_uint8(s, &u.u8); 1903 if (rc != 0) 1904 break; 1905 *flags = u.u8; 1906 break; 1907 case IEEE80211_RADIOTAP_RATE: 1908 rc = cpack_uint8(s, &u.u8); 1909 if (rc != 0) 1910 break; 1911 1912 /* Save state rate */ 1913 state->rate = u.u8; 1914 break; 1915 case IEEE80211_RADIOTAP_DB_ANTSIGNAL: 1916 case IEEE80211_RADIOTAP_DB_ANTNOISE: 1917 case IEEE80211_RADIOTAP_ANTENNA: 1918 rc = cpack_uint8(s, &u.u8); 1919 break; 1920 case IEEE80211_RADIOTAP_DBM_ANTSIGNAL: 1921 case IEEE80211_RADIOTAP_DBM_ANTNOISE: 1922 rc = cpack_int8(s, &u.i8); 1923 break; 1924 case IEEE80211_RADIOTAP_CHANNEL: 1925 rc = cpack_uint16(s, &u.u16); 1926 if (rc != 0) 1927 break; 1928 rc = cpack_uint16(s, &u2.u16); 1929 break; 1930 case IEEE80211_RADIOTAP_FHSS: 1931 case IEEE80211_RADIOTAP_LOCK_QUALITY: 1932 case IEEE80211_RADIOTAP_TX_ATTENUATION: 1933 case IEEE80211_RADIOTAP_RX_FLAGS: 1934 rc = cpack_uint16(s, &u.u16); 1935 break; 1936 case IEEE80211_RADIOTAP_DB_TX_ATTENUATION: 1937 rc = cpack_uint8(s, &u.u8); 1938 break; 1939 case IEEE80211_RADIOTAP_DBM_TX_POWER: 1940 rc = cpack_int8(s, &u.i8); 1941 break; 1942 case IEEE80211_RADIOTAP_TSFT: 1943 rc = cpack_uint64(s, &u.u64); 1944 break; 1945 case IEEE80211_RADIOTAP_XCHANNEL: 1946 rc = cpack_uint32(s, &u.u32); 1947 if (rc != 0) 1948 break; 1949 rc = cpack_uint16(s, &u2.u16); 1950 if (rc != 0) 1951 break; 1952 rc = cpack_uint8(s, &u3.u8); 1953 if (rc != 0) 1954 break; 1955 rc = cpack_uint8(s, &u4.u8); 1956 break; 1957 case IEEE80211_RADIOTAP_MCS: 1958 rc = cpack_uint8(s, &u.u8); 1959 if (rc != 0) 1960 break; 1961 rc = cpack_uint8(s, &u2.u8); 1962 if (rc != 0) 1963 break; 1964 rc = cpack_uint8(s, &u3.u8); 1965 break; 1966 case IEEE80211_RADIOTAP_VENDOR_NAMESPACE: { 1967 u_int8_t vns[3]; 1968 u_int16_t length; 1969 u_int8_t subspace; 1970 1971 if ((cpack_align_and_reserve(s, 2)) == NULL) { 1972 rc = -1; 1973 break; 1974 } 1975 1976 rc = cpack_uint8(s, &vns[0]); 1977 if (rc != 0) 1978 break; 1979 rc = cpack_uint8(s, &vns[1]); 1980 if (rc != 0) 1981 break; 1982 rc = cpack_uint8(s, &vns[2]); 1983 if (rc != 0) 1984 break; 1985 rc = cpack_uint8(s, &subspace); 1986 if (rc != 0) 1987 break; 1988 rc = cpack_uint16(s, &length); 1989 if (rc != 0) 1990 break; 1991 1992 /* Skip up to length */ 1993 s->c_next += length; 1994 break; 1995 } 1996 default: 1997 /* this bit indicates a field whose 1998 * size we do not know, so we cannot 1999 * proceed. Just print the bit number. 2000 */ 2001 printf("[bit %u] ", bit); 2002 return -1; 2003 } 2004 2005 if (rc != 0) { 2006 printf("[|802.11]"); 2007 return rc; 2008 } 2009 2010 /* Preserve the state present flags */ 2011 state->present = presentflags; 2012 2013 switch (bit) { 2014 case IEEE80211_RADIOTAP_CHANNEL: 2015 /* 2016 * If CHANNEL and XCHANNEL are both present, skip 2017 * CHANNEL. 2018 */ 2019 if (presentflags & (1 << IEEE80211_RADIOTAP_XCHANNEL)) 2020 break; 2021 print_chaninfo(u.u16, u2.u16); 2022 break; 2023 case IEEE80211_RADIOTAP_FHSS: 2024 printf("fhset %d fhpat %d ", u.u16 & 0xff, (u.u16 >> 8) & 0xff); 2025 break; 2026 case IEEE80211_RADIOTAP_RATE: 2027 /* 2028 * XXX On FreeBSD rate & 0x80 means we have an MCS. On 2029 * Linux and AirPcap it does not. (What about 2030 * Mac OS X, NetBSD, OpenBSD, and DragonFly BSD?) 2031 * 2032 * This is an issue either for proprietary extensions 2033 * to 11a or 11g, which do exist, or for 11n 2034 * implementations that stuff a rate value into 2035 * this field, which also appear to exist. 2036 * 2037 * We currently handle that by assuming that 2038 * if the 0x80 bit is set *and* the remaining 2039 * bits have a value between 0 and 15 it's 2040 * an MCS value, otherwise it's a rate. If 2041 * there are cases where systems that use 2042 * "0x80 + MCS index" for MCS indices > 15, 2043 * or stuff a rate value here between 64 and 2044 * 71.5 Mb/s in here, we'll need a preference 2045 * setting. Such rates do exist, e.g. 11n 2046 * MCS 7 at 20 MHz with a long guard interval. 2047 */ 2048 if (u.u8 >= 0x80 && u.u8 <= 0x8f) { 2049 /* 2050 * XXX - we don't know the channel width 2051 * or guard interval length, so we can't 2052 * convert this to a data rate. 2053 * 2054 * If you want us to show a data rate, 2055 * use the MCS field, not the Rate field; 2056 * the MCS field includes not only the 2057 * MCS index, it also includes bandwidth 2058 * and guard interval information. 2059 * 2060 * XXX - can we get the channel width 2061 * from XChannel and the guard interval 2062 * information from Flags, at least on 2063 * FreeBSD? 2064 */ 2065 printf("MCS %u ", u.u8 & 0x7f); 2066 } else 2067 printf("%2.1f Mb/s ", .5*u.u8); 2068 break; 2069 case IEEE80211_RADIOTAP_DBM_ANTSIGNAL: 2070 printf("%ddB signal ", u.i8); 2071 break; 2072 case IEEE80211_RADIOTAP_DBM_ANTNOISE: 2073 printf("%ddB noise ", u.i8); 2074 break; 2075 case IEEE80211_RADIOTAP_DB_ANTSIGNAL: 2076 printf("%ddB signal ", u.u8); 2077 break; 2078 case IEEE80211_RADIOTAP_DB_ANTNOISE: 2079 printf("%ddB noise ", u.u8); 2080 break; 2081 case IEEE80211_RADIOTAP_LOCK_QUALITY: 2082 printf("%u sq ", u.u16); 2083 break; 2084 case IEEE80211_RADIOTAP_TX_ATTENUATION: 2085 printf("%d tx power ", -(int)u.u16); 2086 break; 2087 case IEEE80211_RADIOTAP_DB_TX_ATTENUATION: 2088 printf("%ddB tx power ", -(int)u.u8); 2089 break; 2090 case IEEE80211_RADIOTAP_DBM_TX_POWER: 2091 printf("%ddBm tx power ", u.i8); 2092 break; 2093 case IEEE80211_RADIOTAP_FLAGS: 2094 if (u.u8 & IEEE80211_RADIOTAP_F_CFP) 2095 printf("cfp "); 2096 if (u.u8 & IEEE80211_RADIOTAP_F_SHORTPRE) 2097 printf("short preamble "); 2098 if (u.u8 & IEEE80211_RADIOTAP_F_WEP) 2099 printf("wep "); 2100 if (u.u8 & IEEE80211_RADIOTAP_F_FRAG) 2101 printf("fragmented "); 2102 if (u.u8 & IEEE80211_RADIOTAP_F_BADFCS) 2103 printf("bad-fcs "); 2104 break; 2105 case IEEE80211_RADIOTAP_ANTENNA: 2106 printf("antenna %d ", u.u8); 2107 break; 2108 case IEEE80211_RADIOTAP_TSFT: 2109 printf("%" PRIu64 "us tsft ", u.u64); 2110 break; 2111 case IEEE80211_RADIOTAP_RX_FLAGS: 2112 /* Do nothing for now */ 2113 break; 2114 case IEEE80211_RADIOTAP_XCHANNEL: 2115 print_chaninfo(u2.u16, u.u32); 2116 break; 2117 case IEEE80211_RADIOTAP_MCS: { 2118 static const char *bandwidth[4] = { 2119 "20 MHz", 2120 "40 MHz", 2121 "20 MHz (L)", 2122 "20 MHz (U)" 2123 }; 2124 float htrate; 2125 2126 if (u.u8 & IEEE80211_RADIOTAP_MCS_MCS_INDEX_KNOWN) { 2127 /* 2128 * We know the MCS index. 2129 */ 2130 if (u3.u8 <= MAX_MCS_INDEX) { 2131 /* 2132 * And it's in-range. 2133 */ 2134 if (u.u8 & (IEEE80211_RADIOTAP_MCS_BANDWIDTH_KNOWN|IEEE80211_RADIOTAP_MCS_GUARD_INTERVAL_KNOWN)) { 2135 /* 2136 * And we know both the bandwidth and 2137 * the guard interval, so we can look 2138 * up the rate. 2139 */ 2140 htrate = 2141 ieee80211_float_htrates \ 2142 [u3.u8] \ 2143 [((u2.u8 & IEEE80211_RADIOTAP_MCS_BANDWIDTH_MASK) == IEEE80211_RADIOTAP_MCS_BANDWIDTH_40 ? 1 : 0)] \ 2144 [((u2.u8 & IEEE80211_RADIOTAP_MCS_SHORT_GI) ? 1 : 0)]; 2145 } else { 2146 /* 2147 * We don't know both the bandwidth 2148 * and the guard interval, so we can 2149 * only report the MCS index. 2150 */ 2151 htrate = 0.0; 2152 } 2153 } else { 2154 /* 2155 * The MCS value is out of range. 2156 */ 2157 htrate = 0.0; 2158 } 2159 if (htrate != 0.0) { 2160 /* 2161 * We have the rate. 2162 * Print it. 2163 */ 2164 printf("%.1f Mb/s MCS %u ", htrate, u3.u8); 2165 } else { 2166 /* 2167 * We at least have the MCS index. 2168 * Print it. 2169 */ 2170 printf("MCS %u ", u3.u8); 2171 } 2172 } 2173 if (u.u8 & IEEE80211_RADIOTAP_MCS_BANDWIDTH_KNOWN) { 2174 printf("%s ", 2175 bandwidth[u2.u8 & IEEE80211_RADIOTAP_MCS_BANDWIDTH_MASK]); 2176 } 2177 if (u.u8 & IEEE80211_RADIOTAP_MCS_GUARD_INTERVAL_KNOWN) { 2178 printf("%s GI ", 2179 (u2.u8 & IEEE80211_RADIOTAP_MCS_SHORT_GI) ? 2180 "short" : "lon"); 2181 } 2182 if (u.u8 & IEEE80211_RADIOTAP_MCS_HT_FORMAT_KNOWN) { 2183 printf("%s ", 2184 (u2.u8 & IEEE80211_RADIOTAP_MCS_HT_GREENFIELD) ? 2185 "greenfield" : "mixed"); 2186 } 2187 if (u.u8 & IEEE80211_RADIOTAP_MCS_FEC_TYPE_KNOWN) { 2188 printf("%s FEC ", 2189 (u2.u8 & IEEE80211_RADIOTAP_MCS_FEC_LDPC) ? 2190 "LDPC" : "BCC"); 2191 } 2192 if (u.u8 & IEEE80211_RADIOTAP_MCS_STBC_KNOWN) { 2193 printf("RX-STBC%u ", 2194 (u2.u8 & IEEE80211_RADIOTAP_MCS_STBC_MASK) >> IEEE80211_RADIOTAP_MCS_STBC_SHIFT); 2195 } 2196 2197 break; 2198 } 2199 } 2200 return 0; 2201 } 2202 2203 static u_int 2204 ieee802_11_radio_print(const u_char *p, u_int length, u_int caplen) 2205 { 2206 #define BITNO_32(x) (((x) >> 16) ? 16 + BITNO_16((x) >> 16) : BITNO_16((x))) 2207 #define BITNO_16(x) (((x) >> 8) ? 8 + BITNO_8((x) >> 8) : BITNO_8((x))) 2208 #define BITNO_8(x) (((x) >> 4) ? 4 + BITNO_4((x) >> 4) : BITNO_4((x))) 2209 #define BITNO_4(x) (((x) >> 2) ? 2 + BITNO_2((x) >> 2) : BITNO_2((x))) 2210 #define BITNO_2(x) (((x) & 2) ? 1 : 0) 2211 #define BIT(n) (1U << n) 2212 #define IS_EXTENDED(__p) \ 2213 (EXTRACT_LE_32BITS(__p) & BIT(IEEE80211_RADIOTAP_EXT)) != 0 2214 2215 struct cpack_state cpacker; 2216 struct ieee80211_radiotap_header *hdr; 2217 u_int32_t present, next_present; 2218 u_int32_t presentflags = 0; 2219 u_int32_t *presentp, *last_presentp; 2220 enum ieee80211_radiotap_type bit; 2221 int bit0; 2222 u_int len; 2223 u_int8_t flags; 2224 int pad; 2225 u_int fcslen; 2226 struct radiotap_state state; 2227 2228 if (caplen < sizeof(*hdr)) { 2229 printf("[|802.11]"); 2230 return caplen; 2231 } 2232 2233 hdr = (struct ieee80211_radiotap_header *)p; 2234 2235 len = EXTRACT_LE_16BITS(&hdr->it_len); 2236 2237 if (caplen < len) { 2238 printf("[|802.11]"); 2239 return caplen; 2240 } 2241 cpack_init(&cpacker, (u_int8_t *)hdr, len); /* align against header start */ 2242 cpack_advance(&cpacker, sizeof(*hdr)); /* includes the 1st bitmap */ 2243 for (last_presentp = &hdr->it_present; 2244 IS_EXTENDED(last_presentp) && 2245 (u_char*)(last_presentp + 1) <= p + len; 2246 last_presentp++) 2247 cpack_advance(&cpacker, sizeof(hdr->it_present)); /* more bitmaps */ 2248 2249 /* are there more bitmap extensions than bytes in header? */ 2250 if (IS_EXTENDED(last_presentp)) { 2251 printf("[|802.11]"); 2252 return caplen; 2253 } 2254 2255 /* Assume no flags */ 2256 flags = 0; 2257 /* Assume no Atheros padding between 802.11 header and body */ 2258 pad = 0; 2259 /* Assume no FCS at end of frame */ 2260 fcslen = 0; 2261 for (bit0 = 0, presentp = &hdr->it_present; presentp <= last_presentp; 2262 presentp++, bit0 += 32) { 2263 presentflags = EXTRACT_LE_32BITS(presentp); 2264 2265 /* Clear state. */ 2266 memset(&state, 0, sizeof(state)); 2267 2268 for (present = EXTRACT_LE_32BITS(presentp); present; 2269 present = next_present) { 2270 /* clear the least significant bit that is set */ 2271 next_present = present & (present - 1); 2272 2273 /* extract the least significant bit that is set */ 2274 bit = (enum ieee80211_radiotap_type) 2275 (bit0 + BITNO_32(present ^ next_present)); 2276 2277 if (print_radiotap_field(&cpacker, bit, &flags, &state, presentflags) != 0) 2278 goto out; 2279 } 2280 } 2281 2282 out: 2283 if (flags & IEEE80211_RADIOTAP_F_DATAPAD) 2284 pad = 1; /* Atheros padding */ 2285 if (flags & IEEE80211_RADIOTAP_F_FCS) 2286 fcslen = 4; /* FCS at end of packet */ 2287 return len + ieee802_11_print(p + len, length - len, caplen - len, pad, 2288 fcslen); 2289 #undef BITNO_32 2290 #undef BITNO_16 2291 #undef BITNO_8 2292 #undef BITNO_4 2293 #undef BITNO_2 2294 #undef BIT 2295 } 2296 2297 static u_int 2298 ieee802_11_avs_radio_print(const u_char *p, u_int length, u_int caplen) 2299 { 2300 u_int32_t caphdr_len; 2301 2302 if (caplen < 8) { 2303 printf("[|802.11]"); 2304 return caplen; 2305 } 2306 2307 caphdr_len = EXTRACT_32BITS(p + 4); 2308 if (caphdr_len < 8) { 2309 /* 2310 * Yow! The capture header length is claimed not 2311 * to be large enough to include even the version 2312 * cookie or capture header length! 2313 */ 2314 printf("[|802.11]"); 2315 return caplen; 2316 } 2317 2318 if (caplen < caphdr_len) { 2319 printf("[|802.11]"); 2320 return caplen; 2321 } 2322 2323 return caphdr_len + ieee802_11_print(p + caphdr_len, 2324 length - caphdr_len, caplen - caphdr_len, 0, 0); 2325 } 2326 2327 #define PRISM_HDR_LEN 144 2328 2329 #define WLANCAP_MAGIC_COOKIE_BASE 0x80211000 2330 #define WLANCAP_MAGIC_COOKIE_V1 0x80211001 2331 #define WLANCAP_MAGIC_COOKIE_V2 0x80211002 2332 2333 /* 2334 * For DLT_PRISM_HEADER; like DLT_IEEE802_11, but with an extra header, 2335 * containing information such as radio information, which we 2336 * currently ignore. 2337 * 2338 * If, however, the packet begins with WLANCAP_MAGIC_COOKIE_V1 or 2339 * WLANCAP_MAGIC_COOKIE_V2, it's really DLT_IEEE802_11_RADIO_AVS 2340 * (currently, on Linux, there's no ARPHRD_ type for 2341 * DLT_IEEE802_11_RADIO_AVS, as there is a ARPHRD_IEEE80211_PRISM 2342 * for DLT_PRISM_HEADER, so ARPHRD_IEEE80211_PRISM is used for 2343 * the AVS header, and the first 4 bytes of the header are used to 2344 * indicate whether it's a Prism header or an AVS header). 2345 */ 2346 u_int 2347 prism_if_print(const struct pcap_pkthdr *h, const u_char *p) 2348 { 2349 u_int caplen = h->caplen; 2350 u_int length = h->len; 2351 u_int32_t msgcode; 2352 2353 if (caplen < 4) { 2354 printf("[|802.11]"); 2355 return caplen; 2356 } 2357 2358 msgcode = EXTRACT_32BITS(p); 2359 if (msgcode == WLANCAP_MAGIC_COOKIE_V1 || 2360 msgcode == WLANCAP_MAGIC_COOKIE_V2) 2361 return ieee802_11_avs_radio_print(p, length, caplen); 2362 2363 if (caplen < PRISM_HDR_LEN) { 2364 printf("[|802.11]"); 2365 return caplen; 2366 } 2367 2368 return PRISM_HDR_LEN + ieee802_11_print(p + PRISM_HDR_LEN, 2369 length - PRISM_HDR_LEN, caplen - PRISM_HDR_LEN, 0, 0); 2370 } 2371 2372 /* 2373 * For DLT_IEEE802_11_RADIO; like DLT_IEEE802_11, but with an extra 2374 * header, containing information such as radio information. 2375 */ 2376 u_int 2377 ieee802_11_radio_if_print(const struct pcap_pkthdr *h, const u_char *p) 2378 { 2379 return ieee802_11_radio_print(p, h->len, h->caplen); 2380 } 2381 2382 /* 2383 * For DLT_IEEE802_11_RADIO_AVS; like DLT_IEEE802_11, but with an 2384 * extra header, containing information such as radio information, 2385 * which we currently ignore. 2386 */ 2387 u_int 2388 ieee802_11_radio_avs_if_print(const struct pcap_pkthdr *h, const u_char *p) 2389 { 2390 return ieee802_11_avs_radio_print(p, h->len, h->caplen); 2391 } 2392