search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
kernel: Replace the remaining __amd64__ with __x86_64__ for consistency.
[dragonfly.git] / contrib / tcpdump / print-802_11.c
blob6f2231d7dcc581396832721812acb65d1f384ba0
1 /*
2 * Copyright (c) 2001
3 * Fortress Technologies, Inc. All rights reserved.
4 * Charlie Lenahan (clenahan@fortresstech.com)
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that: (1) source code distributions
8 * retain the above copyright notice and this paragraph in its entirety, (2)
9 * distributions including binary code include the above copyright notice and
10 * this paragraph in its entirety in the documentation or other materials
11 * provided with the distribution, and (3) all advertising materials mentioning
12 * features or use of this software display the following acknowledgement:
13 * ``This product includes software developed by the University of California,
14 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
15 * the University nor the names of its contributors may be used to endorse
16 * or promote products derived from this software without specific prior
17 * written permission.
18 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
19 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
20 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
21 */
22
23 #ifndef lint
24 static const char rcsid[] _U_ =
25 "@(#) $Header: /tcpdump/master/tcpdump/print-802_11.c,v 1.49 2007-12-29 23:25:02 guy Exp $ (LBL)";
26 #endif
27
28 #ifdef HAVE_CONFIG_H
29 #include "config.h"
30 #endif
31
32 #include <tcpdump-stdinc.h>
33
34 #include <stdio.h>
35 #include <pcap.h>
36 #include <string.h>
37
38 #include "interface.h"
39 #include "addrtoname.h"
40 #include "ethertype.h"
41
42 #include "extract.h"
43
44 #include "cpack.h"
45
46 #include "ieee802_11.h"
47 #include "ieee802_11_radio.h"
48
49 /* Radiotap state */
50 /* This is used to save state when parsing/processing parameters */
51 struct radiotap_state
52 {
53 u_int32_t present;
54
55 u_int8_t rate;
56 };
57
58 #define PRINT_SSID(p) \
59 if (p.ssid_present) { \
60 printf(" ("); \
61 fn_print(p.ssid.ssid, NULL); \
62 printf(")"); \
63 }
64
65 #define PRINT_RATE(_sep, _r, _suf) \
66 printf("%s%2.1f%s", _sep, (.5 * ((_r) & 0x7f)), _suf)
67 #define PRINT_RATES(p) \
68 if (p.rates_present) { \
69 int z; \
70 const char *sep = " ["; \
71 for (z = 0; z < p.rates.length ; z++) { \
72 PRINT_RATE(sep, p.rates.rate[z], \
73 (p.rates.rate[z] & 0x80 ? "*" : "")); \
74 sep = " "; \
75 } \
76 if (p.rates.length != 0) \
77 printf(" Mbit]"); \
78 }
79
80 #define PRINT_DS_CHANNEL(p) \
81 if (p.ds_present) \
82 printf(" CH: %u", p.ds.channel); \
83 printf("%s", \
84 CAPABILITY_PRIVACY(p.capability_info) ? ", PRIVACY" : "" );
85
86 #define MAX_MCS_INDEX 76
87
88 /*
89 * Indices are:
90 *
91 * the MCS index (0-76);
92 *
93 * 0 for 20 MHz, 1 for 40 MHz;
94 *
95 * 0 for a long guard interval, 1 for a short guard interval.
96 */
97 static const float ieee80211_float_htrates[MAX_MCS_INDEX+1][2][2] = {
98 /* MCS 0 */
99 { /* 20 Mhz */ { 6.5, /* SGI */ 7.2, },
100 /* 40 Mhz */ { 13.5, /* SGI */ 15.0, },
101 },
102
103 /* MCS 1 */
104 { /* 20 Mhz */ { 13.0, /* SGI */ 14.4, },
105 /* 40 Mhz */ { 27.0, /* SGI */ 30.0, },
106 },
107
108 /* MCS 2 */
109 { /* 20 Mhz */ { 19.5, /* SGI */ 21.7, },
110 /* 40 Mhz */ { 40.5, /* SGI */ 45.0, },
111 },
112
113 /* MCS 3 */
114 { /* 20 Mhz */ { 26.0, /* SGI */ 28.9, },
115 /* 40 Mhz */ { 54.0, /* SGI */ 60.0, },
116 },
117
118 /* MCS 4 */
119 { /* 20 Mhz */ { 39.0, /* SGI */ 43.3, },
120 /* 40 Mhz */ { 81.0, /* SGI */ 90.0, },
121 },
122
123 /* MCS 5 */
124 { /* 20 Mhz */ { 52.0, /* SGI */ 57.8, },
125 /* 40 Mhz */ { 108.0, /* SGI */ 120.0, },
126 },
127
128 /* MCS 6 */
129 { /* 20 Mhz */ { 58.5, /* SGI */ 65.0, },
130 /* 40 Mhz */ { 121.5, /* SGI */ 135.0, },
131 },
132
133 /* MCS 7 */
134 { /* 20 Mhz */ { 65.0, /* SGI */ 72.2, },
135 /* 40 Mhz */ { 135.0, /* SGI */ 150.0, },
136 },
137
138 /* MCS 8 */
139 { /* 20 Mhz */ { 13.0, /* SGI */ 14.4, },
140 /* 40 Mhz */ { 27.0, /* SGI */ 30.0, },
141 },
142
143 /* MCS 9 */
144 { /* 20 Mhz */ { 26.0, /* SGI */ 28.9, },
145 /* 40 Mhz */ { 54.0, /* SGI */ 60.0, },
146 },
147
148 /* MCS 10 */
149 { /* 20 Mhz */ { 39.0, /* SGI */ 43.3, },
150 /* 40 Mhz */ { 81.0, /* SGI */ 90.0, },
151 },
152
153 /* MCS 11 */
154 { /* 20 Mhz */ { 52.0, /* SGI */ 57.8, },
155 /* 40 Mhz */ { 108.0, /* SGI */ 120.0, },
156 },
157
158 /* MCS 12 */
159 { /* 20 Mhz */ { 78.0, /* SGI */ 86.7, },
160 /* 40 Mhz */ { 162.0, /* SGI */ 180.0, },
161 },
162
163 /* MCS 13 */
164 { /* 20 Mhz */ { 104.0, /* SGI */ 115.6, },
165 /* 40 Mhz */ { 216.0, /* SGI */ 240.0, },
166 },
167
168 /* MCS 14 */
169 { /* 20 Mhz */ { 117.0, /* SGI */ 130.0, },
170 /* 40 Mhz */ { 243.0, /* SGI */ 270.0, },
171 },
172
173 /* MCS 15 */
174 { /* 20 Mhz */ { 130.0, /* SGI */ 144.4, },
175 /* 40 Mhz */ { 270.0, /* SGI */ 300.0, },
176 },
177
178 /* MCS 16 */
179 { /* 20 Mhz */ { 19.5, /* SGI */ 21.7, },
180 /* 40 Mhz */ { 40.5, /* SGI */ 45.0, },
181 },
182
183 /* MCS 17 */
184 { /* 20 Mhz */ { 39.0, /* SGI */ 43.3, },
185 /* 40 Mhz */ { 81.0, /* SGI */ 90.0, },
186 },
187
188 /* MCS 18 */
189 { /* 20 Mhz */ { 58.5, /* SGI */ 65.0, },
190 /* 40 Mhz */ { 121.5, /* SGI */ 135.0, },
191 },
192
193 /* MCS 19 */
194 { /* 20 Mhz */ { 78.0, /* SGI */ 86.7, },
195 /* 40 Mhz */ { 162.0, /* SGI */ 180.0, },
196 },
197
198 /* MCS 20 */
199 { /* 20 Mhz */ { 117.0, /* SGI */ 130.0, },
200 /* 40 Mhz */ { 243.0, /* SGI */ 270.0, },
201 },
202
203 /* MCS 21 */
204 { /* 20 Mhz */ { 156.0, /* SGI */ 173.3, },
205 /* 40 Mhz */ { 324.0, /* SGI */ 360.0, },
206 },
207
208 /* MCS 22 */
209 { /* 20 Mhz */ { 175.5, /* SGI */ 195.0, },
210 /* 40 Mhz */ { 364.5, /* SGI */ 405.0, },
211 },
212
213 /* MCS 23 */
214 { /* 20 Mhz */ { 195.0, /* SGI */ 216.7, },
215 /* 40 Mhz */ { 405.0, /* SGI */ 450.0, },
216 },
217
218 /* MCS 24 */
219 { /* 20 Mhz */ { 26.0, /* SGI */ 28.9, },
220 /* 40 Mhz */ { 54.0, /* SGI */ 60.0, },
221 },
222
223 /* MCS 25 */
224 { /* 20 Mhz */ { 52.0, /* SGI */ 57.8, },
225 /* 40 Mhz */ { 108.0, /* SGI */ 120.0, },
226 },
227
228 /* MCS 26 */
229 { /* 20 Mhz */ { 78.0, /* SGI */ 86.7, },
230 /* 40 Mhz */ { 162.0, /* SGI */ 180.0, },
231 },
232
233 /* MCS 27 */
234 { /* 20 Mhz */ { 104.0, /* SGI */ 115.6, },
235 /* 40 Mhz */ { 216.0, /* SGI */ 240.0, },
236 },
237
238 /* MCS 28 */
239 { /* 20 Mhz */ { 156.0, /* SGI */ 173.3, },
240 /* 40 Mhz */ { 324.0, /* SGI */ 360.0, },
241 },
242
243 /* MCS 29 */
244 { /* 20 Mhz */ { 208.0, /* SGI */ 231.1, },
245 /* 40 Mhz */ { 432.0, /* SGI */ 480.0, },
246 },
247
248 /* MCS 30 */
249 { /* 20 Mhz */ { 234.0, /* SGI */ 260.0, },
250 /* 40 Mhz */ { 486.0, /* SGI */ 540.0, },
251 },
252
253 /* MCS 31 */
254 { /* 20 Mhz */ { 260.0, /* SGI */ 288.9, },
255 /* 40 Mhz */ { 540.0, /* SGI */ 600.0, },
256 },
257
258 /* MCS 32 */
259 { /* 20 Mhz */ { 0.0, /* SGI */ 0.0, }, /* not valid */
260 /* 40 Mhz */ { 6.0, /* SGI */ 6.7, },
261 },
262
263 /* MCS 33 */
264 { /* 20 Mhz */ { 39.0, /* SGI */ 43.3, },
265 /* 40 Mhz */ { 81.0, /* SGI */ 90.0, },
266 },
267
268 /* MCS 34 */
269 { /* 20 Mhz */ { 52.0, /* SGI */ 57.8, },
270 /* 40 Mhz */ { 108.0, /* SGI */ 120.0, },
271 },
272
273 /* MCS 35 */
274 { /* 20 Mhz */ { 65.0, /* SGI */ 72.2, },
275 /* 40 Mhz */ { 135.0, /* SGI */ 150.0, },
276 },
277
278 /* MCS 36 */
279 { /* 20 Mhz */ { 58.5, /* SGI */ 65.0, },
280 /* 40 Mhz */ { 121.5, /* SGI */ 135.0, },
281 },
282
283 /* MCS 37 */
284 { /* 20 Mhz */ { 78.0, /* SGI */ 86.7, },
285 /* 40 Mhz */ { 162.0, /* SGI */ 180.0, },
286 },
287
288 /* MCS 38 */
289 { /* 20 Mhz */ { 97.5, /* SGI */ 108.3, },
290 /* 40 Mhz */ { 202.5, /* SGI */ 225.0, },
291 },
292
293 /* MCS 39 */
294 { /* 20 Mhz */ { 52.0, /* SGI */ 57.8, },
295 /* 40 Mhz */ { 108.0, /* SGI */ 120.0, },
296 },
297
298 /* MCS 40 */
299 { /* 20 Mhz */ { 65.0, /* SGI */ 72.2, },
300 /* 40 Mhz */ { 135.0, /* SGI */ 150.0, },
301 },
302
303 /* MCS 41 */
304 { /* 20 Mhz */ { 65.0, /* SGI */ 72.2, },
305 /* 40 Mhz */ { 135.0, /* SGI */ 150.0, },
306 },
307
308 /* MCS 42 */
309 { /* 20 Mhz */ { 78.0, /* SGI */ 86.7, },
310 /* 40 Mhz */ { 162.0, /* SGI */ 180.0, },
311 },
312
313 /* MCS 43 */
314 { /* 20 Mhz */ { 91.0, /* SGI */ 101.1, },
315 /* 40 Mhz */ { 189.0, /* SGI */ 210.0, },
316 },
317
318 /* MCS 44 */
319 { /* 20 Mhz */ { 91.0, /* SGI */ 101.1, },
320 /* 40 Mhz */ { 189.0, /* SGI */ 210.0, },
321 },
322
323 /* MCS 45 */
324 { /* 20 Mhz */ { 104.0, /* SGI */ 115.6, },
325 /* 40 Mhz */ { 216.0, /* SGI */ 240.0, },
326 },
327
328 /* MCS 46 */
329 { /* 20 Mhz */ { 78.0, /* SGI */ 86.7, },
330 /* 40 Mhz */ { 162.0, /* SGI */ 180.0, },
331 },
332
333 /* MCS 47 */
334 { /* 20 Mhz */ { 97.5, /* SGI */ 108.3, },
335 /* 40 Mhz */ { 202.5, /* SGI */ 225.0, },
336 },
337
338 /* MCS 48 */
339 { /* 20 Mhz */ { 97.5, /* SGI */ 108.3, },
340 /* 40 Mhz */ { 202.5, /* SGI */ 225.0, },
341 },
342
343 /* MCS 49 */
344 { /* 20 Mhz */ { 117.0, /* SGI */ 130.0, },
345 /* 40 Mhz */ { 243.0, /* SGI */ 270.0, },
346 },
347
348 /* MCS 50 */
349 { /* 20 Mhz */ { 136.5, /* SGI */ 151.7, },
350 /* 40 Mhz */ { 283.5, /* SGI */ 315.0, },
351 },
352
353 /* MCS 51 */
354 { /* 20 Mhz */ { 136.5, /* SGI */ 151.7, },
355 /* 40 Mhz */ { 283.5, /* SGI */ 315.0, },
356 },
357
358 /* MCS 52 */
359 { /* 20 Mhz */ { 156.0, /* SGI */ 173.3, },
360 /* 40 Mhz */ { 324.0, /* SGI */ 360.0, },
361 },
362
363 /* MCS 53 */
364 { /* 20 Mhz */ { 65.0, /* SGI */ 72.2, },
365 /* 40 Mhz */ { 135.0, /* SGI */ 150.0, },
366 },
367
368 /* MCS 54 */
369 { /* 20 Mhz */ { 78.0, /* SGI */ 86.7, },
370 /* 40 Mhz */ { 162.0, /* SGI */ 180.0, },
371 },
372
373 /* MCS 55 */
374 { /* 20 Mhz */ { 91.0, /* SGI */ 101.1, },
375 /* 40 Mhz */ { 189.0, /* SGI */ 210.0, },
376 },
377
378 /* MCS 56 */
379 { /* 20 Mhz */ { 78.0, /* SGI */ 86.7, },
380 /* 40 Mhz */ { 162.0, /* SGI */ 180.0, },
381 },
382
383 /* MCS 57 */
384 { /* 20 Mhz */ { 91.0, /* SGI */ 101.1, },
385 /* 40 Mhz */ { 189.0, /* SGI */ 210.0, },
386 },
387
388 /* MCS 58 */
389 { /* 20 Mhz */ { 104.0, /* SGI */ 115.6, },
390 /* 40 Mhz */ { 216.0, /* SGI */ 240.0, },
391 },
392
393 /* MCS 59 */
394 { /* 20 Mhz */ { 117.0, /* SGI */ 130.0, },
395 /* 40 Mhz */ { 243.0, /* SGI */ 270.0, },
396 },
397
398 /* MCS 60 */
399 { /* 20 Mhz */ { 104.0, /* SGI */ 115.6, },
400 /* 40 Mhz */ { 216.0, /* SGI */ 240.0, },
401 },
402
403 /* MCS 61 */
404 { /* 20 Mhz */ { 117.0, /* SGI */ 130.0, },
405 /* 40 Mhz */ { 243.0, /* SGI */ 270.0, },
406 },
407
408 /* MCS 62 */
409 { /* 20 Mhz */ { 130.0, /* SGI */ 144.4, },
410 /* 40 Mhz */ { 270.0, /* SGI */ 300.0, },
411 },
412
413 /* MCS 63 */
414 { /* 20 Mhz */ { 130.0, /* SGI */ 144.4, },
415 /* 40 Mhz */ { 270.0, /* SGI */ 300.0, },
416 },
417
418 /* MCS 64 */
419 { /* 20 Mhz */ { 143.0, /* SGI */ 158.9, },
420 /* 40 Mhz */ { 297.0, /* SGI */ 330.0, },
421 },
422
423 /* MCS 65 */
424 { /* 20 Mhz */ { 97.5, /* SGI */ 108.3, },
425 /* 40 Mhz */ { 202.5, /* SGI */ 225.0, },
426 },
427
428 /* MCS 66 */
429 { /* 20 Mhz */ { 117.0, /* SGI */ 130.0, },
430 /* 40 Mhz */ { 243.0, /* SGI */ 270.0, },
431 },
432
433 /* MCS 67 */
434 { /* 20 Mhz */ { 136.5, /* SGI */ 151.7, },
435 /* 40 Mhz */ { 283.5, /* SGI */ 315.0, },
436 },
437
438 /* MCS 68 */
439 { /* 20 Mhz */ { 117.0, /* SGI */ 130.0, },
440 /* 40 Mhz */ { 243.0, /* SGI */ 270.0, },
441 },
442
443 /* MCS 69 */
444 { /* 20 Mhz */ { 136.5, /* SGI */ 151.7, },
445 /* 40 Mhz */ { 283.5, /* SGI */ 315.0, },
446 },
447
448 /* MCS 70 */
449 { /* 20 Mhz */ { 156.0, /* SGI */ 173.3, },
450 /* 40 Mhz */ { 324.0, /* SGI */ 360.0, },
451 },
452
453 /* MCS 71 */
454 { /* 20 Mhz */ { 175.5, /* SGI */ 195.0, },
455 /* 40 Mhz */ { 364.5, /* SGI */ 405.0, },
456 },
457
458 /* MCS 72 */
459 { /* 20 Mhz */ { 156.0, /* SGI */ 173.3, },
460 /* 40 Mhz */ { 324.0, /* SGI */ 360.0, },
461 },
462
463 /* MCS 73 */
464 { /* 20 Mhz */ { 175.5, /* SGI */ 195.0, },
465 /* 40 Mhz */ { 364.5, /* SGI */ 405.0, },
466 },
467
468 /* MCS 74 */
469 { /* 20 Mhz */ { 195.0, /* SGI */ 216.7, },
470 /* 40 Mhz */ { 405.0, /* SGI */ 450.0, },
471 },
472
473 /* MCS 75 */
474 { /* 20 Mhz */ { 195.0, /* SGI */ 216.7, },
475 /* 40 Mhz */ { 405.0, /* SGI */ 450.0, },
476 },
477
478 /* MCS 76 */
479 { /* 20 Mhz */ { 214.5, /* SGI */ 238.3, },
480 /* 40 Mhz */ { 445.5, /* SGI */ 495.0, },
481 },
482 };
483
484 static const char *auth_alg_text[]={"Open System","Shared Key","EAP"};
485 #define NUM_AUTH_ALGS (sizeof auth_alg_text / sizeof auth_alg_text[0])
486
487 static const char *status_text[] = {
488 "Successful", /* 0 */
489 "Unspecified failure", /* 1 */
490 "Reserved", /* 2 */
491 "Reserved", /* 3 */
492 "Reserved", /* 4 */
493 "Reserved", /* 5 */
494 "Reserved", /* 6 */
495 "Reserved", /* 7 */
496 "Reserved", /* 8 */
497 "Reserved", /* 9 */
498 "Cannot Support all requested capabilities in the Capability "
499 "Information field", /* 10 */
500 "Reassociation denied due to inability to confirm that association "
501 "exists", /* 11 */
502 "Association denied due to reason outside the scope of the "
503 "standard", /* 12 */
504 "Responding station does not support the specified authentication "
505 "algorithm ", /* 13 */
506 "Received an Authentication frame with authentication transaction "
507 "sequence number out of expected sequence", /* 14 */
508 "Authentication rejected because of challenge failure", /* 15 */
509 "Authentication rejected due to timeout waiting for next frame in "
510 "sequence", /* 16 */
511 "Association denied because AP is unable to handle additional"
512 "associated stations", /* 17 */
513 "Association denied due to requesting station not supporting all of "
514 "the data rates in BSSBasicRateSet parameter", /* 18 */
515 "Association denied due to requesting station not supporting "
516 "short preamble operation", /* 19 */
517 "Association denied due to requesting station not supporting "
518 "PBCC encoding", /* 20 */
519 "Association denied due to requesting station not supporting "
520 "channel agility", /* 21 */
521 "Association request rejected because Spectrum Management "
522 "capability is required", /* 22 */
523 "Association request rejected because the information in the "
524 "Power Capability element is unacceptable", /* 23 */
525 "Association request rejected because the information in the "
526 "Supported Channels element is unacceptable", /* 24 */
527 "Association denied due to requesting station not supporting "
528 "short slot operation", /* 25 */
529 "Association denied due to requesting station not supporting "
530 "DSSS-OFDM operation", /* 26 */
531 "Association denied because the requested STA does not support HT "
532 "features", /* 27 */
533 "Reserved", /* 28 */
534 "Association denied because the requested STA does not support "
535 "the PCO transition time required by the AP", /* 29 */
536 "Reserved", /* 30 */
537 "Reserved", /* 31 */
538 "Unspecified, QoS-related failure", /* 32 */
539 "Association denied due to QAP having insufficient bandwidth "
540 "to handle another QSTA", /* 33 */
541 "Association denied due to excessive frame loss rates and/or "
542 "poor conditions on current operating channel", /* 34 */
543 "Association (with QBSS) denied due to requesting station not "
544 "supporting the QoS facility", /* 35 */
545 "Association denied due to requesting station not supporting "
546 "Block Ack", /* 36 */
547 "The request has been declined", /* 37 */
548 "The request has not been successful as one or more parameters "
549 "have invalid values", /* 38 */
550 "The TS has not been created because the request cannot be honored. "
551 "However, a suggested TSPEC is provided so that the initiating QSTA"
552 "may attempt to set another TS with the suggested changes to the "
553 "TSPEC", /* 39 */
554 "Invalid Information Element", /* 40 */
555 "Group Cipher is not valid", /* 41 */
556 "Pairwise Cipher is not valid", /* 42 */
557 "AKMP is not valid", /* 43 */
558 "Unsupported RSN IE version", /* 44 */
559 "Invalid RSN IE Capabilities", /* 45 */
560 "Cipher suite is rejected per security policy", /* 46 */
561 "The TS has not been created. However, the HC may be capable of "
562 "creating a TS, in response to a request, after the time indicated "
563 "in the TS Delay element", /* 47 */
564 "Direct Link is not allowed in the BSS by policy", /* 48 */
565 "Destination STA is not present within this QBSS.", /* 49 */
566 "The Destination STA is not a QSTA.", /* 50 */
567
568 };
569 #define NUM_STATUSES (sizeof status_text / sizeof status_text[0])
570
571 static const char *reason_text[] = {
572 "Reserved", /* 0 */
573 "Unspecified reason", /* 1 */
574 "Previous authentication no longer valid", /* 2 */
575 "Deauthenticated because sending station is leaving (or has left) "
576 "IBSS or ESS", /* 3 */
577 "Disassociated due to inactivity", /* 4 */
578 "Disassociated because AP is unable to handle all currently "
579 " associated stations", /* 5 */
580 "Class 2 frame received from nonauthenticated station", /* 6 */
581 "Class 3 frame received from nonassociated station", /* 7 */
582 "Disassociated because sending station is leaving "
583 "(or has left) BSS", /* 8 */
584 "Station requesting (re)association is not authenticated with "
585 "responding station", /* 9 */
586 "Disassociated because the information in the Power Capability "
587 "element is unacceptable", /* 10 */
588 "Disassociated because the information in the SupportedChannels "
589 "element is unacceptable", /* 11 */
590 "Invalid Information Element", /* 12 */
591 "Reserved", /* 13 */
592 "Michael MIC failure", /* 14 */
593 "4-Way Handshake timeout", /* 15 */
594 "Group key update timeout", /* 16 */
595 "Information element in 4-Way Handshake different from (Re)Association"
596 "Request/Probe Response/Beacon", /* 17 */
597 "Group Cipher is not valid", /* 18 */
598 "AKMP is not valid", /* 20 */
599 "Unsupported RSN IE version", /* 21 */
600 "Invalid RSN IE Capabilities", /* 22 */
601 "IEEE 802.1X Authentication failed", /* 23 */
602 "Cipher suite is rejected per security policy", /* 24 */
603 "Reserved", /* 25 */
604 "Reserved", /* 26 */
605 "Reserved", /* 27 */
606 "Reserved", /* 28 */
607 "Reserved", /* 29 */
608 "Reserved", /* 30 */
609 "TS deleted because QoS AP lacks sufficient bandwidth for this "
610 "QoS STA due to a change in BSS service characteristics or "
611 "operational mode (e.g. an HT BSS change from 40 MHz channel "
612 "to 20 MHz channel)", /* 31 */
613 "Disassociated for unspecified, QoS-related reason", /* 32 */
614 "Disassociated because QoS AP lacks sufficient bandwidth for this "
615 "QoS STA", /* 33 */
616 "Disassociated because of excessive number of frames that need to be "
617 "acknowledged, but are not acknowledged for AP transmissions "
618 "and/or poor channel conditions", /* 34 */
619 "Disassociated because STA is transmitting outside the limits "
620 "of its TXOPs", /* 35 */
621 "Requested from peer STA as the STA is leaving the BSS "
622 "(or resetting)", /* 36 */
623 "Requested from peer STA as it does not want to use the "
624 "mechanism", /* 37 */
625 "Requested from peer STA as the STA received frames using the "
626 "mechanism for which a set up is required", /* 38 */
627 "Requested from peer STA due to time out", /* 39 */
628 "Reserved", /* 40 */
629 "Reserved", /* 41 */
630 "Reserved", /* 42 */
631 "Reserved", /* 43 */
632 "Reserved", /* 44 */
633 "Peer STA does not support the requested cipher suite", /* 45 */
634 "Association denied due to requesting STA not supporting HT "
635 "features", /* 46 */
636 };
637 #define NUM_REASONS (sizeof reason_text / sizeof reason_text[0])
638
639 static int
640 wep_print(const u_char *p)
641 {
642 u_int32_t iv;
643
644 if (!TTEST2(*p, IEEE802_11_IV_LEN + IEEE802_11_KID_LEN))
645 return 0;
646 iv = EXTRACT_LE_32BITS(p);
647
648 printf("Data IV:%3x Pad %x KeyID %x", IV_IV(iv), IV_PAD(iv),
649 IV_KEYID(iv));
650
651 return 1;
652 }
653
654 static int
655 parse_elements(struct mgmt_body_t *pbody, const u_char *p, int offset,
656 u_int length)
657 {
658 u_int elementlen;
659 struct ssid_t ssid;
660 struct challenge_t challenge;
661 struct rates_t rates;
662 struct ds_t ds;
663 struct cf_t cf;
664 struct tim_t tim;
665
666 /*
667 * We haven't seen any elements yet.
668 */
669 pbody->challenge_present = 0;
670 pbody->ssid_present = 0;
671 pbody->rates_present = 0;
672 pbody->ds_present = 0;
673 pbody->cf_present = 0;
674 pbody->tim_present = 0;
675
676 while (length != 0) {
677 if (!TTEST2(*(p + offset), 1))
678 return 0;
679 if (length < 1)
680 return 0;
681 switch (*(p + offset)) {
682 case E_SSID:
683 if (!TTEST2(*(p + offset), 2))
684 return 0;
685 if (length < 2)
686 return 0;
687 memcpy(&ssid, p + offset, 2);
688 offset += 2;
689 length -= 2;
690 if (ssid.length != 0) {
691 if (ssid.length > sizeof(ssid.ssid) - 1)
692 return 0;
693 if (!TTEST2(*(p + offset), ssid.length))
694 return 0;
695 if (length < ssid.length)
696 return 0;
697 memcpy(&ssid.ssid, p + offset, ssid.length);
698 offset += ssid.length;
699 length -= ssid.length;
700 }
701 ssid.ssid[ssid.length] = '\0';
702 /*
703 * Present and not truncated.
704 *
705 * If we haven't already seen an SSID IE,
706 * copy this one, otherwise ignore this one,
707 * so we later report the first one we saw.
708 */
709 if (!pbody->ssid_present) {
710 pbody->ssid = ssid;
711 pbody->ssid_present = 1;
712 }
713 break;
714 case E_CHALLENGE:
715 if (!TTEST2(*(p + offset), 2))
716 return 0;
717 if (length < 2)
718 return 0;
719 memcpy(&challenge, p + offset, 2);
720 offset += 2;
721 length -= 2;
722 if (challenge.length != 0) {
723 if (challenge.length >
724 sizeof(challenge.text) - 1)
725 return 0;
726 if (!TTEST2(*(p + offset), challenge.length))
727 return 0;
728 if (length < challenge.length)
729 return 0;
730 memcpy(&challenge.text, p + offset,
731 challenge.length);
732 offset += challenge.length;
733 length -= challenge.length;
734 }
735 challenge.text[challenge.length] = '\0';
736 /*
737 * Present and not truncated.
738 *
739 * If we haven't already seen a challenge IE,
740 * copy this one, otherwise ignore this one,
741 * so we later report the first one we saw.
742 */
743 if (!pbody->challenge_present) {
744 pbody->challenge = challenge;
745 pbody->challenge_present = 1;
746 }
747 break;
748 case E_RATES:
749 if (!TTEST2(*(p + offset), 2))
750 return 0;
751 if (length < 2)
752 return 0;
753 memcpy(&rates, p + offset, 2);
754 offset += 2;
755 length -= 2;
756 if (rates.length != 0) {
757 if (rates.length > sizeof rates.rate)
758 return 0;
759 if (!TTEST2(*(p + offset), rates.length))
760 return 0;
761 if (length < rates.length)
762 return 0;
763 memcpy(&rates.rate, p + offset, rates.length);
764 offset += rates.length;
765 length -= rates.length;
766 }
767 /*
768 * Present and not truncated.
769 *
770 * If we haven't already seen a rates IE,
771 * copy this one if it's not zero-length,
772 * otherwise ignore this one, so we later
773 * report the first one we saw.
774 *
775 * We ignore zero-length rates IEs as some
776 * devices seem to put a zero-length rates
777 * IE, followed by an SSID IE, followed by
778 * a non-zero-length rates IE into frames,
779 * even though IEEE Std 802.11-2007 doesn't
780 * seem to indicate that a zero-length rates
781 * IE is valid.
782 */
783 if (!pbody->rates_present && rates.length != 0) {
784 pbody->rates = rates;
785 pbody->rates_present = 1;
786 }
787 break;
788 case E_DS:
789 if (!TTEST2(*(p + offset), 3))
790 return 0;
791 if (length < 3)
792 return 0;
793 memcpy(&ds, p + offset, 3);
794 offset += 3;
795 length -= 3;
796 /*
797 * Present and not truncated.
798 *
799 * If we haven't already seen a DS IE,
800 * copy this one, otherwise ignore this one,
801 * so we later report the first one we saw.
802 */
803 if (!pbody->ds_present) {
804 pbody->ds = ds;
805 pbody->ds_present = 1;
806 }
807 break;
808 case E_CF:
809 if (!TTEST2(*(p + offset), 8))
810 return 0;
811 if (length < 8)
812 return 0;
813 memcpy(&cf, p + offset, 8);
814 offset += 8;
815 length -= 8;
816 /*
817 * Present and not truncated.
818 *
819 * If we haven't already seen a CF IE,
820 * copy this one, otherwise ignore this one,
821 * so we later report the first one we saw.
822 */
823 if (!pbody->cf_present) {
824 pbody->cf = cf;
825 pbody->cf_present = 1;
826 }
827 break;
828 case E_TIM:
829 if (!TTEST2(*(p + offset), 2))
830 return 0;
831 if (length < 2)
832 return 0;
833 memcpy(&tim, p + offset, 2);
834 offset += 2;
835 length -= 2;
836 if (!TTEST2(*(p + offset), 3))
837 return 0;
838 if (length < 3)
839 return 0;
840 memcpy(&tim.count, p + offset, 3);
841 offset += 3;
842 length -= 3;
843
844 if (tim.length <= 3)
845 break;
846 if (tim.length - 3 > (int)sizeof tim.bitmap)
847 return 0;
848 if (!TTEST2(*(p + offset), tim.length - 3))
849 return 0;
850 if (length < (u_int)(tim.length - 3))
851 return 0;
852 memcpy(tim.bitmap, p + (tim.length - 3),
853 (tim.length - 3));
854 offset += tim.length - 3;
855 length -= tim.length - 3;
856 /*
857 * Present and not truncated.
858 *
859 * If we haven't already seen a TIM IE,
860 * copy this one, otherwise ignore this one,
861 * so we later report the first one we saw.
862 */
863 if (!pbody->tim_present) {
864 pbody->tim = tim;
865 pbody->tim_present = 1;
866 }
867 break;
868 default:
869 #if 0
870 printf("(1) unhandled element_id (%d) ",
871 *(p + offset));
872 #endif
873 if (!TTEST2(*(p + offset), 2))
874 return 0;
875 if (length < 2)
876 return 0;
877 elementlen = *(p + offset + 1);
878 if (!TTEST2(*(p + offset + 2), elementlen))
879 return 0;
880 if (length < elementlen + 2)
881 return 0;
882 offset += elementlen + 2;
883 length -= elementlen + 2;
884 break;
885 }
886 }
887
888 /* No problems found. */
889 return 1;
890 }
891
892 /*********************************************************************************
893 * Print Handle functions for the management frame types
894 *********************************************************************************/
895
896 static int
897 handle_beacon(const u_char *p, u_int length)
898 {
899 struct mgmt_body_t pbody;
900 int offset = 0;
901 int ret;
902
903 memset(&pbody, 0, sizeof(pbody));
904
905 if (!TTEST2(*p, IEEE802_11_TSTAMP_LEN + IEEE802_11_BCNINT_LEN +
906 IEEE802_11_CAPINFO_LEN))
907 return 0;
908 if (length < IEEE802_11_TSTAMP_LEN + IEEE802_11_BCNINT_LEN +
909 IEEE802_11_CAPINFO_LEN)
910 return 0;
911 memcpy(&pbody.timestamp, p, IEEE802_11_TSTAMP_LEN);
912 offset += IEEE802_11_TSTAMP_LEN;
913 length -= IEEE802_11_TSTAMP_LEN;
914 pbody.beacon_interval = EXTRACT_LE_16BITS(p+offset);
915 offset += IEEE802_11_BCNINT_LEN;
916 length -= IEEE802_11_BCNINT_LEN;
917 pbody.capability_info = EXTRACT_LE_16BITS(p+offset);
918 offset += IEEE802_11_CAPINFO_LEN;
919 length -= IEEE802_11_CAPINFO_LEN;
920
921 ret = parse_elements(&pbody, p, offset, length);
922
923 PRINT_SSID(pbody);
924 PRINT_RATES(pbody);
925 printf(" %s",
926 CAPABILITY_ESS(pbody.capability_info) ? "ESS" : "IBSS");
927 PRINT_DS_CHANNEL(pbody);
928
929 return ret;
930 }
931
932 static int
933 handle_assoc_request(const u_char *p, u_int length)
934 {
935 struct mgmt_body_t pbody;
936 int offset = 0;
937 int ret;
938
939 memset(&pbody, 0, sizeof(pbody));
940
941 if (!TTEST2(*p, IEEE802_11_CAPINFO_LEN + IEEE802_11_LISTENINT_LEN))
942 return 0;
943 if (length < IEEE802_11_CAPINFO_LEN + IEEE802_11_LISTENINT_LEN)
944 return 0;
945 pbody.capability_info = EXTRACT_LE_16BITS(p);
946 offset += IEEE802_11_CAPINFO_LEN;
947 length -= IEEE802_11_CAPINFO_LEN;
948 pbody.listen_interval = EXTRACT_LE_16BITS(p+offset);
949 offset += IEEE802_11_LISTENINT_LEN;
950 length -= IEEE802_11_LISTENINT_LEN;
951
952 ret = parse_elements(&pbody, p, offset, length);
953
954 PRINT_SSID(pbody);
955 PRINT_RATES(pbody);
956 return ret;
957 }
958
959 static int
960 handle_assoc_response(const u_char *p, u_int length)
961 {
962 struct mgmt_body_t pbody;
963 int offset = 0;
964 int ret;
965
966 memset(&pbody, 0, sizeof(pbody));
967
968 if (!TTEST2(*p, IEEE802_11_CAPINFO_LEN + IEEE802_11_STATUS_LEN +
969 IEEE802_11_AID_LEN))
970 return 0;
971 if (length < IEEE802_11_CAPINFO_LEN + IEEE802_11_STATUS_LEN +
972 IEEE802_11_AID_LEN)
973 return 0;
974 pbody.capability_info = EXTRACT_LE_16BITS(p);
975 offset += IEEE802_11_CAPINFO_LEN;
976 length -= IEEE802_11_CAPINFO_LEN;
977 pbody.status_code = EXTRACT_LE_16BITS(p+offset);
978 offset += IEEE802_11_STATUS_LEN;
979 length -= IEEE802_11_STATUS_LEN;
980 pbody.aid = EXTRACT_LE_16BITS(p+offset);
981 offset += IEEE802_11_AID_LEN;
982 length -= IEEE802_11_AID_LEN;
983
984 ret = parse_elements(&pbody, p, offset, length);
985
986 printf(" AID(%x) :%s: %s", ((u_int16_t)(pbody.aid << 2 )) >> 2 ,
987 CAPABILITY_PRIVACY(pbody.capability_info) ? " PRIVACY " : "",
988 (pbody.status_code < NUM_STATUSES
989 ? status_text[pbody.status_code]
990 : "n/a"));
991
992 return ret;
993 }
994
995 static int
996 handle_reassoc_request(const u_char *p, u_int length)
997 {
998 struct mgmt_body_t pbody;
999 int offset = 0;
1000 int ret;
1001
1002 memset(&pbody, 0, sizeof(pbody));
1003
1004 if (!TTEST2(*p, IEEE802_11_CAPINFO_LEN + IEEE802_11_LISTENINT_LEN +
1005 IEEE802_11_AP_LEN))
1006 return 0;
1007 if (length < IEEE802_11_CAPINFO_LEN + IEEE802_11_LISTENINT_LEN +
1008 IEEE802_11_AP_LEN)
1009 return 0;
1010 pbody.capability_info = EXTRACT_LE_16BITS(p);
1011 offset += IEEE802_11_CAPINFO_LEN;
1012 length -= IEEE802_11_CAPINFO_LEN;
1013 pbody.listen_interval = EXTRACT_LE_16BITS(p+offset);
1014 offset += IEEE802_11_LISTENINT_LEN;
1015 length -= IEEE802_11_LISTENINT_LEN;
1016 memcpy(&pbody.ap, p+offset, IEEE802_11_AP_LEN);
1017 offset += IEEE802_11_AP_LEN;
1018 length -= IEEE802_11_AP_LEN;
1019
1020 ret = parse_elements(&pbody, p, offset, length);
1021
1022 PRINT_SSID(pbody);
1023 printf(" AP : %s", etheraddr_string( pbody.ap ));
1024
1025 return ret;
1026 }
1027
1028 static int
1029 handle_reassoc_response(const u_char *p, u_int length)
1030 {
1031 /* Same as a Association Reponse */
1032 return handle_assoc_response(p, length);
1033 }
1034
1035 static int
1036 handle_probe_request(const u_char *p, u_int length)
1037 {
1038 struct mgmt_body_t pbody;
1039 int offset = 0;
1040 int ret;
1041
1042 memset(&pbody, 0, sizeof(pbody));
1043
1044 ret = parse_elements(&pbody, p, offset, length);
1045
1046 PRINT_SSID(pbody);
1047 PRINT_RATES(pbody);
1048
1049 return ret;
1050 }
1051
1052 static int
1053 handle_probe_response(const u_char *p, u_int length)
1054 {
1055 struct mgmt_body_t pbody;
1056 int offset = 0;
1057 int ret;
1058
1059 memset(&pbody, 0, sizeof(pbody));
1060
1061 if (!TTEST2(*p, IEEE802_11_TSTAMP_LEN + IEEE802_11_BCNINT_LEN +
1062 IEEE802_11_CAPINFO_LEN))
1063 return 0;
1064 if (length < IEEE802_11_TSTAMP_LEN + IEEE802_11_BCNINT_LEN +
1065 IEEE802_11_CAPINFO_LEN)
1066 return 0;
1067 memcpy(&pbody.timestamp, p, IEEE802_11_TSTAMP_LEN);
1068 offset += IEEE802_11_TSTAMP_LEN;
1069 length -= IEEE802_11_TSTAMP_LEN;
1070 pbody.beacon_interval = EXTRACT_LE_16BITS(p+offset);
1071 offset += IEEE802_11_BCNINT_LEN;
1072 length -= IEEE802_11_BCNINT_LEN;
1073 pbody.capability_info = EXTRACT_LE_16BITS(p+offset);
1074 offset += IEEE802_11_CAPINFO_LEN;
1075 length -= IEEE802_11_CAPINFO_LEN;
1076
1077 ret = parse_elements(&pbody, p, offset, length);
1078
1079 PRINT_SSID(pbody);
1080 PRINT_RATES(pbody);
1081 PRINT_DS_CHANNEL(pbody);
1082
1083 return ret;
1084 }
1085
1086 static int
1087 handle_atim(void)
1088 {
1089 /* the frame body for ATIM is null. */
1090 return 1;
1091 }
1092
1093 static int
1094 handle_disassoc(const u_char *p, u_int length)
1095 {
1096 struct mgmt_body_t pbody;
1097
1098 memset(&pbody, 0, sizeof(pbody));
1099
1100 if (!TTEST2(*p, IEEE802_11_REASON_LEN))
1101 return 0;
1102 if (length < IEEE802_11_REASON_LEN)
1103 return 0;
1104 pbody.reason_code = EXTRACT_LE_16BITS(p);
1105
1106 printf(": %s",
1107 (pbody.reason_code < NUM_REASONS)
1108 ? reason_text[pbody.reason_code]
1109 : "Reserved" );
1110
1111 return 1;
1112 }
1113
1114 static int
1115 handle_auth(const u_char *p, u_int length)
1116 {
1117 struct mgmt_body_t pbody;
1118 int offset = 0;
1119 int ret;
1120
1121 memset(&pbody, 0, sizeof(pbody));
1122
1123 if (!TTEST2(*p, 6))
1124 return 0;
1125 if (length < 6)
1126 return 0;
1127 pbody.auth_alg = EXTRACT_LE_16BITS(p);
1128 offset += 2;
1129 length -= 2;
1130 pbody.auth_trans_seq_num = EXTRACT_LE_16BITS(p + offset);
1131 offset += 2;
1132 length -= 2;
1133 pbody.status_code = EXTRACT_LE_16BITS(p + offset);
1134 offset += 2;
1135 length -= 2;
1136
1137 ret = parse_elements(&pbody, p, offset, length);
1138
1139 if ((pbody.auth_alg == 1) &&
1140 ((pbody.auth_trans_seq_num == 2) ||
1141 (pbody.auth_trans_seq_num == 3))) {
1142 printf(" (%s)-%x [Challenge Text] %s",
1143 (pbody.auth_alg < NUM_AUTH_ALGS)
1144 ? auth_alg_text[pbody.auth_alg]
1145 : "Reserved",
1146 pbody.auth_trans_seq_num,
1147 ((pbody.auth_trans_seq_num % 2)
1148 ? ((pbody.status_code < NUM_STATUSES)
1149 ? status_text[pbody.status_code]
1150 : "n/a") : ""));
1151 return ret;
1152 }
1153 printf(" (%s)-%x: %s",
1154 (pbody.auth_alg < NUM_AUTH_ALGS)
1155 ? auth_alg_text[pbody.auth_alg]
1156 : "Reserved",
1157 pbody.auth_trans_seq_num,
1158 (pbody.auth_trans_seq_num % 2)
1159 ? ((pbody.status_code < NUM_STATUSES)
1160 ? status_text[pbody.status_code]
1161 : "n/a")
1162 : "");
1163
1164 return ret;
1165 }
1166
1167 static int
1168 handle_deauth(const struct mgmt_header_t *pmh, const u_char *p, u_int length)
1169 {
1170 struct mgmt_body_t pbody;
1171 int offset = 0;
1172 const char *reason = NULL;
1173
1174 memset(&pbody, 0, sizeof(pbody));
1175
1176 if (!TTEST2(*p, IEEE802_11_REASON_LEN))
1177 return 0;
1178 if (length < IEEE802_11_REASON_LEN)
1179 return 0;
1180 pbody.reason_code = EXTRACT_LE_16BITS(p);
1181 offset += IEEE802_11_REASON_LEN;
1182 length -= IEEE802_11_REASON_LEN;
1183
1184 reason = (pbody.reason_code < NUM_REASONS)
1185 ? reason_text[pbody.reason_code]
1186 : "Reserved";
1187
1188 if (eflag) {
1189 printf(": %s", reason);
1190 } else {
1191 printf(" (%s): %s", etheraddr_string(pmh->sa), reason);
1192 }
1193 return 1;
1194 }
1195
1196 #define PRINT_HT_ACTION(v) (\
1197 (v) == 0 ? printf("TxChWidth") : \
1198 (v) == 1 ? printf("MIMOPwrSave") : \
1199 printf("Act#%d", (v)) \
1200 )
1201 #define PRINT_BA_ACTION(v) (\
1202 (v) == 0 ? printf("ADDBA Request") : \
1203 (v) == 1 ? printf("ADDBA Response") : \
1204 (v) == 2 ? printf("DELBA") : \
1205 printf("Act#%d", (v)) \
1206 )
1207 #define PRINT_MESHLINK_ACTION(v) (\
1208 (v) == 0 ? printf("Request") : \
1209 (v) == 1 ? printf("Report") : \
1210 printf("Act#%d", (v)) \
1211 )
1212 #define PRINT_MESHPEERING_ACTION(v) (\
1213 (v) == 0 ? printf("Open") : \
1214 (v) == 1 ? printf("Confirm") : \
1215 (v) == 2 ? printf("Close") : \
1216 printf("Act#%d", (v)) \
1217 )
1218 #define PRINT_MESHPATH_ACTION(v) (\
1219 (v) == 0 ? printf("Request") : \
1220 (v) == 1 ? printf("Report") : \
1221 (v) == 2 ? printf("Error") : \
1222 (v) == 3 ? printf("RootAnnouncement") : \
1223 printf("Act#%d", (v)) \
1224 )
1225
1226 static int
1227 handle_action(const struct mgmt_header_t *pmh, const u_char *p, u_int length)
1228 {
1229 if (!TTEST2(*p, 2))
1230 return 0;
1231 if (length < 2)
1232 return 0;
1233 if (eflag) {
1234 printf(": ");
1235 } else {
1236 printf(" (%s): ", etheraddr_string(pmh->sa));
1237 }
1238 switch (p[0]) {
1239 case 0: printf("Spectrum Management Act#%d", p[1]); break;
1240 case 1: printf("QoS Act#%d", p[1]); break;
1241 case 2: printf("DLS Act#%d", p[1]); break;
1242 case 3: printf("BA "); PRINT_BA_ACTION(p[1]); break;
1243 case 7: printf("HT "); PRINT_HT_ACTION(p[1]); break;
1244 case 13: printf("MeshLMetric "); PRINT_MESHLINK_ACTION(p[1]); break;
1245 case 15: printf("Interwork Act#%d", p[1]); break;
1246 case 16: printf("Resource Act#%d", p[1]); break;
1247 case 17: printf("Proxy Act#%d", p[1]); break;
1248 case 30: printf("MeshPeering "); PRINT_MESHPEERING_ACTION(p[1]); break;
1249 case 32: printf("MeshPath "); PRINT_MESHPATH_ACTION(p[1]); break;
1250 case 127: printf("Vendor Act#%d", p[1]); break;
1251 default:
1252 printf("Reserved(%d) Act#%d", p[0], p[1]);
1253 break;
1254 }
1255 return 1;
1256 }
1257
1258
1259 /*********************************************************************************
1260 * Print Body funcs
1261 *********************************************************************************/
1262
1263
1264 static int
1265 mgmt_body_print(u_int16_t fc, const struct mgmt_header_t *pmh,
1266 const u_char *p, u_int length)
1267 {
1268 switch (FC_SUBTYPE(fc)) {
1269 case ST_ASSOC_REQUEST:
1270 printf("Assoc Request");
1271 return handle_assoc_request(p, length);
1272 case ST_ASSOC_RESPONSE:
1273 printf("Assoc Response");
1274 return handle_assoc_response(p, length);
1275 case ST_REASSOC_REQUEST:
1276 printf("ReAssoc Request");
1277 return handle_reassoc_request(p, length);
1278 case ST_REASSOC_RESPONSE:
1279 printf("ReAssoc Response");
1280 return handle_reassoc_response(p, length);
1281 case ST_PROBE_REQUEST:
1282 printf("Probe Request");
1283 return handle_probe_request(p, length);
1284 case ST_PROBE_RESPONSE:
1285 printf("Probe Response");
1286 return handle_probe_response(p, length);
1287 case ST_BEACON:
1288 printf("Beacon");
1289 return handle_beacon(p, length);
1290 case ST_ATIM:
1291 printf("ATIM");
1292 return handle_atim();
1293 case ST_DISASSOC:
1294 printf("Disassociation");
1295 return handle_disassoc(p, length);
1296 case ST_AUTH:
1297 printf("Authentication");
1298 if (!TTEST2(*p, 3))
1299 return 0;
1300 if ((p[0] == 0 ) && (p[1] == 0) && (p[2] == 0)) {
1301 printf("Authentication (Shared-Key)-3 ");
1302 return wep_print(p);
1303 }
1304 return handle_auth(p, length);
1305 case ST_DEAUTH:
1306 printf("DeAuthentication");
1307 return handle_deauth(pmh, p, length);
1308 break;
1309 case ST_ACTION:
1310 printf("Action");
1311 return handle_action(pmh, p, length);
1312 break;
1313 default:
1314 printf("Unhandled Management subtype(%x)",
1315 FC_SUBTYPE(fc));
1316 return 1;
1317 }
1318 }
1319
1320
1321 /*********************************************************************************
1322 * Handles printing all the control frame types
1323 *********************************************************************************/
1324
1325 static int
1326 ctrl_body_print(u_int16_t fc, const u_char *p)
1327 {
1328 switch (FC_SUBTYPE(fc)) {
1329 case CTRL_CONTROL_WRAPPER:
1330 printf("Control Wrapper");
1331 /* XXX - requires special handling */
1332 break;
1333 case CTRL_BAR:
1334 printf("BAR");
1335 if (!TTEST2(*p, CTRL_BAR_HDRLEN))
1336 return 0;
1337 if (!eflag)
1338 printf(" RA:%s TA:%s CTL(%x) SEQ(%u) ",
1339 etheraddr_string(((const struct ctrl_bar_t *)p)->ra),
1340 etheraddr_string(((const struct ctrl_bar_t *)p)->ta),
1341 EXTRACT_LE_16BITS(&(((const struct ctrl_bar_t *)p)->ctl)),
1342 EXTRACT_LE_16BITS(&(((const struct ctrl_bar_t *)p)->seq)));
1343 break;
1344 case CTRL_BA:
1345 printf("BA");
1346 if (!TTEST2(*p, CTRL_BA_HDRLEN))
1347 return 0;
1348 if (!eflag)
1349 printf(" RA:%s ",
1350 etheraddr_string(((const struct ctrl_ba_t *)p)->ra));
1351 break;
1352 case CTRL_PS_POLL:
1353 printf("Power Save-Poll");
1354 if (!TTEST2(*p, CTRL_PS_POLL_HDRLEN))
1355 return 0;
1356 printf(" AID(%x)",
1357 EXTRACT_LE_16BITS(&(((const struct ctrl_ps_poll_t *)p)->aid)));
1358 break;
1359 case CTRL_RTS:
1360 printf("Request-To-Send");
1361 if (!TTEST2(*p, CTRL_RTS_HDRLEN))
1362 return 0;
1363 if (!eflag)
1364 printf(" TA:%s ",
1365 etheraddr_string(((const struct ctrl_rts_t *)p)->ta));
1366 break;
1367 case CTRL_CTS:
1368 printf("Clear-To-Send");
1369 if (!TTEST2(*p, CTRL_CTS_HDRLEN))
1370 return 0;
1371 if (!eflag)
1372 printf(" RA:%s ",
1373 etheraddr_string(((const struct ctrl_cts_t *)p)->ra));
1374 break;
1375 case CTRL_ACK:
1376 printf("Acknowledgment");
1377 if (!TTEST2(*p, CTRL_ACK_HDRLEN))
1378 return 0;
1379 if (!eflag)
1380 printf(" RA:%s ",
1381 etheraddr_string(((const struct ctrl_ack_t *)p)->ra));
1382 break;
1383 case CTRL_CF_END:
1384 printf("CF-End");
1385 if (!TTEST2(*p, CTRL_END_HDRLEN))
1386 return 0;
1387 if (!eflag)
1388 printf(" RA:%s ",
1389 etheraddr_string(((const struct ctrl_end_t *)p)->ra));
1390 break;
1391 case CTRL_END_ACK:
1392 printf("CF-End+CF-Ack");
1393 if (!TTEST2(*p, CTRL_END_ACK_HDRLEN))
1394 return 0;
1395 if (!eflag)
1396 printf(" RA:%s ",
1397 etheraddr_string(((const struct ctrl_end_ack_t *)p)->ra));
1398 break;
1399 default:
1400 printf("Unknown Ctrl Subtype");
1401 }
1402 return 1;
1403 }
1404
1405 /*
1406 * Print Header funcs
1407 */
1408
1409 /*
1410 * Data Frame - Address field contents
1411 *
1412 * To Ds | From DS | Addr 1 | Addr 2 | Addr 3 | Addr 4
1413 * 0 | 0 | DA | SA | BSSID | n/a
1414 * 0 | 1 | DA | BSSID | SA | n/a
1415 * 1 | 0 | BSSID | SA | DA | n/a
1416 * 1 | 1 | RA | TA | DA | SA
1417 */
1418
1419 static void
1420 data_header_print(u_int16_t fc, const u_char *p, const u_int8_t **srcp,
1421 const u_int8_t **dstp)
1422 {
1423 u_int subtype = FC_SUBTYPE(fc);
1424
1425 if (DATA_FRAME_IS_CF_ACK(subtype) || DATA_FRAME_IS_CF_POLL(subtype) ||
1426 DATA_FRAME_IS_QOS(subtype)) {
1427 printf("CF ");
1428 if (DATA_FRAME_IS_CF_ACK(subtype)) {
1429 if (DATA_FRAME_IS_CF_POLL(subtype))
1430 printf("Ack/Poll");
1431 else
1432 printf("Ack");
1433 } else {
1434 if (DATA_FRAME_IS_CF_POLL(subtype))
1435 printf("Poll");
1436 }
1437 if (DATA_FRAME_IS_QOS(subtype))
1438 printf("+QoS");
1439 printf(" ");
1440 }
1441
1442 #define ADDR1 (p + 4)
1443 #define ADDR2 (p + 10)
1444 #define ADDR3 (p + 16)
1445 #define ADDR4 (p + 24)
1446
1447 if (!FC_TO_DS(fc) && !FC_FROM_DS(fc)) {
1448 if (srcp != NULL)
1449 *srcp = ADDR2;
1450 if (dstp != NULL)
1451 *dstp = ADDR1;
1452 if (!eflag)
1453 return;
1454 printf("DA:%s SA:%s BSSID:%s ",
1455 etheraddr_string(ADDR1), etheraddr_string(ADDR2),
1456 etheraddr_string(ADDR3));
1457 } else if (!FC_TO_DS(fc) && FC_FROM_DS(fc)) {
1458 if (srcp != NULL)
1459 *srcp = ADDR3;
1460 if (dstp != NULL)
1461 *dstp = ADDR1;
1462 if (!eflag)
1463 return;
1464 printf("DA:%s BSSID:%s SA:%s ",
1465 etheraddr_string(ADDR1), etheraddr_string(ADDR2),
1466 etheraddr_string(ADDR3));
1467 } else if (FC_TO_DS(fc) && !FC_FROM_DS(fc)) {
1468 if (srcp != NULL)
1469 *srcp = ADDR2;
1470 if (dstp != NULL)
1471 *dstp = ADDR3;
1472 if (!eflag)
1473 return;
1474 printf("BSSID:%s SA:%s DA:%s ",
1475 etheraddr_string(ADDR1), etheraddr_string(ADDR2),
1476 etheraddr_string(ADDR3));
1477 } else if (FC_TO_DS(fc) && FC_FROM_DS(fc)) {
1478 if (srcp != NULL)
1479 *srcp = ADDR4;
1480 if (dstp != NULL)
1481 *dstp = ADDR3;
1482 if (!eflag)
1483 return;
1484 printf("RA:%s TA:%s DA:%s SA:%s ",
1485 etheraddr_string(ADDR1), etheraddr_string(ADDR2),
1486 etheraddr_string(ADDR3), etheraddr_string(ADDR4));
1487 }
1488
1489 #undef ADDR1
1490 #undef ADDR2
1491 #undef ADDR3
1492 #undef ADDR4
1493 }
1494
1495 static void
1496 mgmt_header_print(const u_char *p, const u_int8_t **srcp,
1497 const u_int8_t **dstp)
1498 {
1499 const struct mgmt_header_t *hp = (const struct mgmt_header_t *) p;
1500
1501 if (srcp != NULL)
1502 *srcp = hp->sa;
1503 if (dstp != NULL)
1504 *dstp = hp->da;
1505 if (!eflag)
1506 return;
1507
1508 printf("BSSID:%s DA:%s SA:%s ",
1509 etheraddr_string((hp)->bssid), etheraddr_string((hp)->da),
1510 etheraddr_string((hp)->sa));
1511 }
1512
1513 static void
1514 ctrl_header_print(u_int16_t fc, const u_char *p, const u_int8_t **srcp,
1515 const u_int8_t **dstp)
1516 {
1517 if (srcp != NULL)
1518 *srcp = NULL;
1519 if (dstp != NULL)
1520 *dstp = NULL;
1521 if (!eflag)
1522 return;
1523
1524 switch (FC_SUBTYPE(fc)) {
1525 case CTRL_BAR:
1526 printf(" RA:%s TA:%s CTL(%x) SEQ(%u) ",
1527 etheraddr_string(((const struct ctrl_bar_t *)p)->ra),
1528 etheraddr_string(((const struct ctrl_bar_t *)p)->ta),
1529 EXTRACT_LE_16BITS(&(((const struct ctrl_bar_t *)p)->ctl)),
1530 EXTRACT_LE_16BITS(&(((const struct ctrl_bar_t *)p)->seq)));
1531 break;
1532 case CTRL_BA:
1533 printf("RA:%s ",
1534 etheraddr_string(((const struct ctrl_ba_t *)p)->ra));
1535 break;
1536 case CTRL_PS_POLL:
1537 printf("BSSID:%s TA:%s ",
1538 etheraddr_string(((const struct ctrl_ps_poll_t *)p)->bssid),
1539 etheraddr_string(((const struct ctrl_ps_poll_t *)p)->ta));
1540 break;
1541 case CTRL_RTS:
1542 printf("RA:%s TA:%s ",
1543 etheraddr_string(((const struct ctrl_rts_t *)p)->ra),
1544 etheraddr_string(((const struct ctrl_rts_t *)p)->ta));
1545 break;
1546 case CTRL_CTS:
1547 printf("RA:%s ",
1548 etheraddr_string(((const struct ctrl_cts_t *)p)->ra));
1549 break;
1550 case CTRL_ACK:
1551 printf("RA:%s ",
1552 etheraddr_string(((const struct ctrl_ack_t *)p)->ra));
1553 break;
1554 case CTRL_CF_END:
1555 printf("RA:%s BSSID:%s ",
1556 etheraddr_string(((const struct ctrl_end_t *)p)->ra),
1557 etheraddr_string(((const struct ctrl_end_t *)p)->bssid));
1558 break;
1559 case CTRL_END_ACK:
1560 printf("RA:%s BSSID:%s ",
1561 etheraddr_string(((const struct ctrl_end_ack_t *)p)->ra),
1562 etheraddr_string(((const struct ctrl_end_ack_t *)p)->bssid));
1563 break;
1564 default:
1565 printf("(H) Unknown Ctrl Subtype");
1566 break;
1567 }
1568 }
1569
1570 static int
1571 extract_header_length(u_int16_t fc)
1572 {
1573 int len;
1574
1575 switch (FC_TYPE(fc)) {
1576 case T_MGMT:
1577 return MGMT_HDRLEN;
1578 case T_CTRL:
1579 switch (FC_SUBTYPE(fc)) {
1580 case CTRL_BAR:
1581 return CTRL_BAR_HDRLEN;
1582 case CTRL_PS_POLL:
1583 return CTRL_PS_POLL_HDRLEN;
1584 case CTRL_RTS:
1585 return CTRL_RTS_HDRLEN;
1586 case CTRL_CTS:
1587 return CTRL_CTS_HDRLEN;
1588 case CTRL_ACK:
1589 return CTRL_ACK_HDRLEN;
1590 case CTRL_CF_END:
1591 return CTRL_END_HDRLEN;
1592 case CTRL_END_ACK:
1593 return CTRL_END_ACK_HDRLEN;
1594 default:
1595 return 0;
1596 }
1597 case T_DATA:
1598 len = (FC_TO_DS(fc) && FC_FROM_DS(fc)) ? 30 : 24;
1599 if (DATA_FRAME_IS_QOS(FC_SUBTYPE(fc)))
1600 len += 2;
1601 return len;
1602 default:
1603 printf("unknown IEEE802.11 frame type (%d)", FC_TYPE(fc));
1604 return 0;
1605 }
1606 }
1607
1608 static int
1609 extract_mesh_header_length(const u_char *p)
1610 {
1611 return (p[0] &~ 3) ? 0 : 6*(1 + (p[0] & 3));
1612 }
1613
1614 /*
1615 * Print the 802.11 MAC header if eflag is set, and set "*srcp" and "*dstp"
1616 * to point to the source and destination MAC addresses in any case if
1617 * "srcp" and "dstp" aren't null.
1618 */
1619 static void
1620 ieee_802_11_hdr_print(u_int16_t fc, const u_char *p, u_int hdrlen,
1621 u_int meshdrlen, const u_int8_t **srcp, const u_int8_t **dstp)
1622 {
1623 if (vflag) {
1624 if (FC_MORE_DATA(fc))
1625 printf("More Data ");
1626 if (FC_MORE_FLAG(fc))
1627 printf("More Fragments ");
1628 if (FC_POWER_MGMT(fc))
1629 printf("Pwr Mgmt ");
1630 if (FC_RETRY(fc))
1631 printf("Retry ");
1632 if (FC_ORDER(fc))
1633 printf("Strictly Ordered ");
1634 if (FC_WEP(fc))
1635 printf("WEP Encrypted ");
1636 if (FC_TYPE(fc) != T_CTRL || FC_SUBTYPE(fc) != CTRL_PS_POLL)
1637 printf("%dus ",
1638 EXTRACT_LE_16BITS(
1639 &((const struct mgmt_header_t *)p)->duration));
1640 }
1641 if (meshdrlen != 0) {
1642 const struct meshcntl_t *mc =
1643 (const struct meshcntl_t *)&p[hdrlen - meshdrlen];
1644 int ae = mc->flags & 3;
1645
1646 printf("MeshData (AE %d TTL %u seq %u", ae, mc->ttl,
1647 EXTRACT_LE_32BITS(mc->seq));
1648 if (ae > 0)
1649 printf(" A4:%s", etheraddr_string(mc->addr4));
1650 if (ae > 1)
1651 printf(" A5:%s", etheraddr_string(mc->addr5));
1652 if (ae > 2)
1653 printf(" A6:%s", etheraddr_string(mc->addr6));
1654 printf(") ");
1655 }
1656
1657 switch (FC_TYPE(fc)) {
1658 case T_MGMT:
1659 mgmt_header_print(p, srcp, dstp);
1660 break;
1661 case T_CTRL:
1662 ctrl_header_print(fc, p, srcp, dstp);
1663 break;
1664 case T_DATA:
1665 data_header_print(fc, p, srcp, dstp);
1666 break;
1667 default:
1668 printf("(header) unknown IEEE802.11 frame type (%d)",
1669 FC_TYPE(fc));
1670 *srcp = NULL;
1671 *dstp = NULL;
1672 break;
1673 }
1674 }
1675
1676 #ifndef roundup2
1677 #define roundup2(x, y) (((x)+((y)-1))&(~((y)-1))) /* if y is powers of two */
1678 #endif
1679
1680 static u_int
1681 ieee802_11_print(const u_char *p, u_int length, u_int orig_caplen, int pad,
1682 u_int fcslen)
1683 {
1684 u_int16_t fc;
1685 u_int caplen, hdrlen, meshdrlen;
1686 const u_int8_t *src, *dst;
1687 u_short extracted_ethertype;
1688
1689 caplen = orig_caplen;
1690 /* Remove FCS, if present */
1691 if (length < fcslen) {
1692 printf("[|802.11]");
1693 return caplen;
1694 }
1695 length -= fcslen;
1696 if (caplen > length) {
1697 /* Amount of FCS in actual packet data, if any */
1698 fcslen = caplen - length;
1699 caplen -= fcslen;
1700 snapend -= fcslen;
1701 }
1702
1703 if (caplen < IEEE802_11_FC_LEN) {
1704 printf("[|802.11]");
1705 return orig_caplen;
1706 }
1707
1708 fc = EXTRACT_LE_16BITS(p);
1709 hdrlen = extract_header_length(fc);
1710 if (pad)
1711 hdrlen = roundup2(hdrlen, 4);
1712 if (Hflag && FC_TYPE(fc) == T_DATA &&
1713 DATA_FRAME_IS_QOS(FC_SUBTYPE(fc))) {
1714 meshdrlen = extract_mesh_header_length(p+hdrlen);
1715 hdrlen += meshdrlen;
1716 } else
1717 meshdrlen = 0;
1718
1719
1720 if (caplen < hdrlen) {
1721 printf("[|802.11]");
1722 return hdrlen;
1723 }
1724
1725 ieee_802_11_hdr_print(fc, p, hdrlen, meshdrlen, &src, &dst);
1726
1727 /*
1728 * Go past the 802.11 header.
1729 */
1730 length -= hdrlen;
1731 caplen -= hdrlen;
1732 p += hdrlen;
1733
1734 switch (FC_TYPE(fc)) {
1735 case T_MGMT:
1736 if (!mgmt_body_print(fc,
1737 (const struct mgmt_header_t *)(p - hdrlen), p, length)) {
1738 printf("[|802.11]");
1739 return hdrlen;
1740 }
1741 break;
1742 case T_CTRL:
1743 if (!ctrl_body_print(fc, p - hdrlen)) {
1744 printf("[|802.11]");
1745 return hdrlen;
1746 }
1747 break;
1748 case T_DATA:
1749 if (DATA_FRAME_IS_NULL(FC_SUBTYPE(fc)))
1750 return hdrlen; /* no-data frame */
1751 /* There may be a problem w/ AP not having this bit set */
1752 if (FC_WEP(fc)) {
1753 if (!wep_print(p)) {
1754 printf("[|802.11]");
1755 return hdrlen;
1756 }
1757 } else if (llc_print(p, length, caplen, dst, src,
1758 &extracted_ethertype) == 0) {
1759 /*
1760 * Some kinds of LLC packet we cannot
1761 * handle intelligently
1762 */
1763 if (!eflag)
1764 ieee_802_11_hdr_print(fc, p - hdrlen, hdrlen,
1765 meshdrlen, NULL, NULL);
1766 if (extracted_ethertype)
1767 printf("(LLC %s) ",
1768 etherproto_string(
1769 htons(extracted_ethertype)));
1770 if (!suppress_default_print)
1771 default_print(p, caplen);
1772 }
1773 break;
1774 default:
1775 printf("unknown 802.11 frame type (%d)", FC_TYPE(fc));
1776 break;
1777 }
1778
1779 return hdrlen;
1780 }
1781
1782 /*
1783 * This is the top level routine of the printer. 'p' points
1784 * to the 802.11 header of the packet, 'h->ts' is the timestamp,
1785 * 'h->len' is the length of the packet off the wire, and 'h->caplen'
1786 * is the number of bytes actually captured.
1787 */
1788 u_int
1789 ieee802_11_if_print(const struct pcap_pkthdr *h, const u_char *p)
1790 {
1791 return ieee802_11_print(p, h->len, h->caplen, 0, 0);
1792 }
1793
1794 #define IEEE80211_CHAN_FHSS \
1795 (IEEE80211_CHAN_2GHZ | IEEE80211_CHAN_GFSK)
1796 #define IEEE80211_CHAN_A \
1797 (IEEE80211_CHAN_5GHZ | IEEE80211_CHAN_OFDM)
1798 #define IEEE80211_CHAN_B \
1799 (IEEE80211_CHAN_2GHZ | IEEE80211_CHAN_CCK)
1800 #define IEEE80211_CHAN_PUREG \
1801 (IEEE80211_CHAN_2GHZ | IEEE80211_CHAN_OFDM)
1802 #define IEEE80211_CHAN_G \
1803 (IEEE80211_CHAN_2GHZ | IEEE80211_CHAN_DYN)
1804
1805 #define IS_CHAN_FHSS(flags) \
1806 ((flags & IEEE80211_CHAN_FHSS) == IEEE80211_CHAN_FHSS)
1807 #define IS_CHAN_A(flags) \
1808 ((flags & IEEE80211_CHAN_A) == IEEE80211_CHAN_A)
1809 #define IS_CHAN_B(flags) \
1810 ((flags & IEEE80211_CHAN_B) == IEEE80211_CHAN_B)
1811 #define IS_CHAN_PUREG(flags) \
1812 ((flags & IEEE80211_CHAN_PUREG) == IEEE80211_CHAN_PUREG)
1813 #define IS_CHAN_G(flags) \
1814 ((flags & IEEE80211_CHAN_G) == IEEE80211_CHAN_G)
1815 #define IS_CHAN_ANYG(flags) \
1816 (IS_CHAN_PUREG(flags) || IS_CHAN_G(flags))
1817
1818 static void
1819 print_chaninfo(int freq, int flags)
1820 {
1821 printf("%u MHz", freq);
1822 if (IS_CHAN_FHSS(flags))
1823 printf(" FHSS");
1824 if (IS_CHAN_A(flags)) {
1825 if (flags & IEEE80211_CHAN_HALF)
1826 printf(" 11a/10Mhz");
1827 else if (flags & IEEE80211_CHAN_QUARTER)
1828 printf(" 11a/5Mhz");
1829 else
1830 printf(" 11a");
1831 }
1832 if (IS_CHAN_ANYG(flags)) {
1833 if (flags & IEEE80211_CHAN_HALF)
1834 printf(" 11g/10Mhz");
1835 else if (flags & IEEE80211_CHAN_QUARTER)
1836 printf(" 11g/5Mhz");
1837 else
1838 printf(" 11g");
1839 } else if (IS_CHAN_B(flags))
1840 printf(" 11b");
1841 if (flags & IEEE80211_CHAN_TURBO)
1842 printf(" Turbo");
1843 if (flags & IEEE80211_CHAN_HT20)
1844 printf(" ht/20");
1845 else if (flags & IEEE80211_CHAN_HT40D)
1846 printf(" ht/40-");
1847 else if (flags & IEEE80211_CHAN_HT40U)
1848 printf(" ht/40+");
1849 printf(" ");
1850 }
1851
1852 static int
1853 print_radiotap_field(struct cpack_state *s, u_int32_t bit, u_int8_t *flags,
1854 struct radiotap_state *state, u_int32_t presentflags)
1855 {
1856 union {
1857 int8_t i8;
1858 u_int8_t u8;
1859 int16_t i16;
1860 u_int16_t u16;
1861 u_int32_t u32;
1862 u_int64_t u64;
1863 } u, u2, u3, u4;
1864 int rc;
1865
1866 switch (bit) {
1867 case IEEE80211_RADIOTAP_FLAGS:
1868 rc = cpack_uint8(s, &u.u8);
1869 if (rc != 0)
1870 break;
1871 *flags = u.u8;
1872 break;
1873 case IEEE80211_RADIOTAP_RATE:
1874 rc = cpack_uint8(s, &u.u8);
1875 if (rc != 0)
1876 break;
1877
1878 /* Save state rate */
1879 state->rate = u.u8;
1880 break;
1881 case IEEE80211_RADIOTAP_DB_ANTSIGNAL:
1882 case IEEE80211_RADIOTAP_DB_ANTNOISE:
1883 case IEEE80211_RADIOTAP_ANTENNA:
1884 rc = cpack_uint8(s, &u.u8);
1885 break;
1886 case IEEE80211_RADIOTAP_DBM_ANTSIGNAL:
1887 case IEEE80211_RADIOTAP_DBM_ANTNOISE:
1888 rc = cpack_int8(s, &u.i8);
1889 break;
1890 case IEEE80211_RADIOTAP_CHANNEL:
1891 rc = cpack_uint16(s, &u.u16);
1892 if (rc != 0)
1893 break;
1894 rc = cpack_uint16(s, &u2.u16);
1895 break;
1896 case IEEE80211_RADIOTAP_FHSS:
1897 case IEEE80211_RADIOTAP_LOCK_QUALITY:
1898 case IEEE80211_RADIOTAP_TX_ATTENUATION:
1899 case IEEE80211_RADIOTAP_RX_FLAGS:
1900 rc = cpack_uint16(s, &u.u16);
1901 break;
1902 case IEEE80211_RADIOTAP_DB_TX_ATTENUATION:
1903 rc = cpack_uint8(s, &u.u8);
1904 break;
1905 case IEEE80211_RADIOTAP_DBM_TX_POWER:
1906 rc = cpack_int8(s, &u.i8);
1907 break;
1908 case IEEE80211_RADIOTAP_TSFT:
1909 rc = cpack_uint64(s, &u.u64);
1910 break;
1911 case IEEE80211_RADIOTAP_XCHANNEL:
1912 rc = cpack_uint32(s, &u.u32);
1913 if (rc != 0)
1914 break;
1915 rc = cpack_uint16(s, &u2.u16);
1916 if (rc != 0)
1917 break;
1918 rc = cpack_uint8(s, &u3.u8);
1919 if (rc != 0)
1920 break;
1921 rc = cpack_uint8(s, &u4.u8);
1922 break;
1923 case IEEE80211_RADIOTAP_MCS:
1924 rc = cpack_uint8(s, &u.u8);
1925 if (rc != 0)
1926 break;
1927 rc = cpack_uint8(s, &u2.u8);
1928 if (rc != 0)
1929 break;
1930 rc = cpack_uint8(s, &u3.u8);
1931 break;
1932 case IEEE80211_RADIOTAP_VENDOR_NAMESPACE: {
1933 u_int8_t vns[3];
1934 u_int16_t length;
1935 u_int8_t subspace;
1936
1937 if ((cpack_align_and_reserve(s, 2)) == NULL) {
1938 rc = -1;
1939 break;
1940 }
1941
1942 rc = cpack_uint8(s, &vns[0]);
1943 if (rc != 0)
1944 break;
1945 rc = cpack_uint8(s, &vns[1]);
1946 if (rc != 0)
1947 break;
1948 rc = cpack_uint8(s, &vns[2]);
1949 if (rc != 0)
1950 break;
1951 rc = cpack_uint8(s, &subspace);
1952 if (rc != 0)
1953 break;
1954 rc = cpack_uint16(s, &length);
1955 if (rc != 0)
1956 break;
1957
1958 /* Skip up to length */
1959 s->c_next += length;
1960 break;
1961 }
1962 default:
1963 /* this bit indicates a field whose
1964 * size we do not know, so we cannot
1965 * proceed. Just print the bit number.
1966 */
1967 printf("[bit %u] ", bit);
1968 return -1;
1969 }
1970
1971 if (rc != 0) {
1972 printf("[|802.11]");
1973 return rc;
1974 }
1975
1976 /* Preserve the state present flags */
1977 state->present = presentflags;
1978
1979 switch (bit) {
1980 case IEEE80211_RADIOTAP_CHANNEL:
1981 /*
1982 * If CHANNEL and XCHANNEL are both present, skip
1983 * CHANNEL.
1984 */
1985 if (presentflags & (1 << IEEE80211_RADIOTAP_XCHANNEL))
1986 break;
1987 print_chaninfo(u.u16, u2.u16);
1988 break;
1989 case IEEE80211_RADIOTAP_FHSS:
1990 printf("fhset %d fhpat %d ", u.u16 & 0xff, (u.u16 >> 8) & 0xff);
1991 break;
1992 case IEEE80211_RADIOTAP_RATE:
1993 /*
1994 * XXX On FreeBSD rate & 0x80 means we have an MCS. On
1995 * Linux and AirPcap it does not. (What about
1996 * Mac OS X, NetBSD, OpenBSD, and DragonFly BSD?)
1997 *
1998 * This is an issue either for proprietary extensions
1999 * to 11a or 11g, which do exist, or for 11n
2000 * implementations that stuff a rate value into
2001 * this field, which also appear to exist.
2002 *
2003 * We currently handle that by assuming that
2004 * if the 0x80 bit is set *and* the remaining
2005 * bits have a value between 0 and 15 it's
2006 * an MCS value, otherwise it's a rate. If
2007 * there are cases where systems that use
2008 * "0x80 + MCS index" for MCS indices > 15,
2009 * or stuff a rate value here between 64 and
2010 * 71.5 Mb/s in here, we'll need a preference
2011 * setting. Such rates do exist, e.g. 11n
2012 * MCS 7 at 20 MHz with a long guard interval.
2013 */
2014 if (u.u8 >= 0x80 && u.u8 <= 0x8f) {
2015 /*
2016 * XXX - we don't know the channel width
2017 * or guard interval length, so we can't
2018 * convert this to a data rate.
2019 *
2020 * If you want us to show a data rate,
2021 * use the MCS field, not the Rate field;
2022 * the MCS field includes not only the
2023 * MCS index, it also includes bandwidth
2024 * and guard interval information.
2025 *
2026 * XXX - can we get the channel width
2027 * from XChannel and the guard interval
2028 * information from Flags, at least on
2029 * FreeBSD?
2030 */
2031 printf("MCS %u ", u.u8 & 0x7f);
2032 } else
2033 printf("%2.1f Mb/s ", .5*u.u8);
2034 break;
2035 case IEEE80211_RADIOTAP_DBM_ANTSIGNAL:
2036 printf("%ddB signal ", u.i8);
2037 break;
2038 case IEEE80211_RADIOTAP_DBM_ANTNOISE:
2039 printf("%ddB noise ", u.i8);
2040 break;
2041 case IEEE80211_RADIOTAP_DB_ANTSIGNAL:
2042 printf("%ddB signal ", u.u8);
2043 break;
2044 case IEEE80211_RADIOTAP_DB_ANTNOISE:
2045 printf("%ddB noise ", u.u8);
2046 break;
2047 case IEEE80211_RADIOTAP_LOCK_QUALITY:
2048 printf("%u sq ", u.u16);
2049 break;
2050 case IEEE80211_RADIOTAP_TX_ATTENUATION:
2051 printf("%d tx power ", -(int)u.u16);
2052 break;
2053 case IEEE80211_RADIOTAP_DB_TX_ATTENUATION:
2054 printf("%ddB tx power ", -(int)u.u8);
2055 break;
2056 case IEEE80211_RADIOTAP_DBM_TX_POWER:
2057 printf("%ddBm tx power ", u.i8);
2058 break;
2059 case IEEE80211_RADIOTAP_FLAGS:
2060 if (u.u8 & IEEE80211_RADIOTAP_F_CFP)
2061 printf("cfp ");
2062 if (u.u8 & IEEE80211_RADIOTAP_F_SHORTPRE)
2063 printf("short preamble ");
2064 if (u.u8 & IEEE80211_RADIOTAP_F_WEP)
2065 printf("wep ");
2066 if (u.u8 & IEEE80211_RADIOTAP_F_FRAG)
2067 printf("fragmented ");
2068 if (u.u8 & IEEE80211_RADIOTAP_F_BADFCS)
2069 printf("bad-fcs ");
2070 break;
2071 case IEEE80211_RADIOTAP_ANTENNA:
2072 printf("antenna %d ", u.u8);
2073 break;
2074 case IEEE80211_RADIOTAP_TSFT:
2075 printf("%" PRIu64 "us tsft ", u.u64);
2076 break;
2077 case IEEE80211_RADIOTAP_RX_FLAGS:
2078 /* Do nothing for now */
2079 break;
2080 case IEEE80211_RADIOTAP_XCHANNEL:
2081 print_chaninfo(u2.u16, u.u32);
2082 break;
2083 case IEEE80211_RADIOTAP_MCS: {
2084 static const char *bandwidth[4] = {
2085 "20 MHz",
2086 "40 MHz",
2087 "20 MHz (L)",
2088 "20 MHz (U)"
2089 };
2090 float htrate;
2091
2092 if (u.u8 & IEEE80211_RADIOTAP_MCS_MCS_INDEX_KNOWN) {
2093 /*
2094 * We know the MCS index.
2095 */
2096 if (u3.u8 <= MAX_MCS_INDEX) {
2097 /*
2098 * And it's in-range.
2099 */
2100 if (u.u8 & (IEEE80211_RADIOTAP_MCS_BANDWIDTH_KNOWN|IEEE80211_RADIOTAP_MCS_GUARD_INTERVAL_KNOWN)) {
2101 /*
2102 * And we know both the bandwidth and
2103 * the guard interval, so we can look
2104 * up the rate.
2105 */
2106 htrate =
2107 ieee80211_float_htrates \
2108 [u3.u8] \
2109 [((u2.u8 & IEEE80211_RADIOTAP_MCS_BANDWIDTH_MASK) == IEEE80211_RADIOTAP_MCS_BANDWIDTH_40 ? 1 : 0)] \
2110 [((u2.u8 & IEEE80211_RADIOTAP_MCS_SHORT_GI) ? 1 : 0)];
2111 } else {
2112 /*
2113 * We don't know both the bandwidth
2114 * and the guard interval, so we can
2115 * only report the MCS index.
2116 */
2117 htrate = 0.0;
2118 }
2119 } else {
2120 /*
2121 * The MCS value is out of range.
2122 */
2123 htrate = 0.0;
2124 }
2125 if (htrate != 0.0) {
2126 /*
2127 * We have the rate.
2128 * Print it.
2129 */
2130 printf("%.1f Mb/s MCS %u ", htrate, u3.u8);
2131 } else {
2132 /*
2133 * We at least have the MCS index.
2134 * Print it.
2135 */
2136 printf("MCS %u ", u3.u8);
2137 }
2138 }
2139 if (u.u8 & IEEE80211_RADIOTAP_MCS_BANDWIDTH_KNOWN) {
2140 printf("%s ",
2141 bandwidth[u2.u8 & IEEE80211_RADIOTAP_MCS_BANDWIDTH_MASK]);
2142 }
2143 if (u.u8 & IEEE80211_RADIOTAP_MCS_GUARD_INTERVAL_KNOWN) {
2144 printf("%s GI ",
2145 (u2.u8 & IEEE80211_RADIOTAP_MCS_SHORT_GI) ?
2146 "short" : "lon");
2147 }
2148 if (u.u8 & IEEE80211_RADIOTAP_MCS_HT_FORMAT_KNOWN) {
2149 printf("%s ",
2150 (u2.u8 & IEEE80211_RADIOTAP_MCS_HT_GREENFIELD) ?
2151 "greenfield" : "mixed");
2152 }
2153 if (u.u8 & IEEE80211_RADIOTAP_MCS_FEC_TYPE_KNOWN) {
2154 printf("%s FEC ",
2155 (u2.u8 & IEEE80211_RADIOTAP_MCS_FEC_LDPC) ?
2156 "LDPC" : "BCC");
2157 }
2158 break;
2159 }
2160 }
2161 return 0;
2162 }
2163
2164 static u_int
2165 ieee802_11_radio_print(const u_char *p, u_int length, u_int caplen)
2166 {
2167 #define BITNO_32(x) (((x) >> 16) ? 16 + BITNO_16((x) >> 16) : BITNO_16((x)))
2168 #define BITNO_16(x) (((x) >> 8) ? 8 + BITNO_8((x) >> 8) : BITNO_8((x)))
2169 #define BITNO_8(x) (((x) >> 4) ? 4 + BITNO_4((x) >> 4) : BITNO_4((x)))
2170 #define BITNO_4(x) (((x) >> 2) ? 2 + BITNO_2((x) >> 2) : BITNO_2((x)))
2171 #define BITNO_2(x) (((x) & 2) ? 1 : 0)
2172 #define BIT(n) (1U << n)
2173 #define IS_EXTENDED(__p) \
2174 (EXTRACT_LE_32BITS(__p) & BIT(IEEE80211_RADIOTAP_EXT)) != 0
2175
2176 struct cpack_state cpacker;
2177 struct ieee80211_radiotap_header *hdr;
2178 u_int32_t present, next_present;
2179 u_int32_t presentflags = 0;
2180 u_int32_t *presentp, *last_presentp;
2181 enum ieee80211_radiotap_type bit;
2182 int bit0;
2183 const u_char *iter;
2184 u_int len;
2185 u_int8_t flags;
2186 int pad;
2187 u_int fcslen;
2188 struct radiotap_state state;
2189
2190 if (caplen < sizeof(*hdr)) {
2191 printf("[|802.11]");
2192 return caplen;
2193 }
2194
2195 hdr = (struct ieee80211_radiotap_header *)p;
2196
2197 len = EXTRACT_LE_16BITS(&hdr->it_len);
2198
2199 if (caplen < len) {
2200 printf("[|802.11]");
2201 return caplen;
2202 }
2203 for (last_presentp = &hdr->it_present;
2204 IS_EXTENDED(last_presentp) &&
2205 (u_char*)(last_presentp + 1) <= p + len;
2206 last_presentp++);
2207
2208 /* are there more bitmap extensions than bytes in header? */
2209 if (IS_EXTENDED(last_presentp)) {
2210 printf("[|802.11]");
2211 return caplen;
2212 }
2213
2214 iter = (u_char*)(last_presentp + 1);
2215
2216 if (cpack_init(&cpacker, (u_int8_t*)iter, len - (iter - p)) != 0) {
2217 /* XXX */
2218 printf("[|802.11]");
2219 return caplen;
2220 }
2221
2222 /* Assume no flags */
2223 flags = 0;
2224 /* Assume no Atheros padding between 802.11 header and body */
2225 pad = 0;
2226 /* Assume no FCS at end of frame */
2227 fcslen = 0;
2228 for (bit0 = 0, presentp = &hdr->it_present; presentp <= last_presentp;
2229 presentp++, bit0 += 32) {
2230 presentflags = EXTRACT_LE_32BITS(presentp);
2231
2232 /* Clear state. */
2233 memset(&state, 0, sizeof(state));
2234
2235 for (present = EXTRACT_LE_32BITS(presentp); present;
2236 present = next_present) {
2237 /* clear the least significant bit that is set */
2238 next_present = present & (present - 1);
2239
2240 /* extract the least significant bit that is set */
2241 bit = (enum ieee80211_radiotap_type)
2242 (bit0 + BITNO_32(present ^ next_present));
2243
2244 if (print_radiotap_field(&cpacker, bit, &flags, &state, presentflags) != 0)
2245 goto out;
2246 }
2247 }
2248
2249 out:
2250 if (flags & IEEE80211_RADIOTAP_F_DATAPAD)
2251 pad = 1; /* Atheros padding */
2252 if (flags & IEEE80211_RADIOTAP_F_FCS)
2253 fcslen = 4; /* FCS at end of packet */
2254 return len + ieee802_11_print(p + len, length - len, caplen - len, pad,
2255 fcslen);
2256 #undef BITNO_32
2257 #undef BITNO_16
2258 #undef BITNO_8
2259 #undef BITNO_4
2260 #undef BITNO_2
2261 #undef BIT
2262 }
2263
2264 static u_int
2265 ieee802_11_avs_radio_print(const u_char *p, u_int length, u_int caplen)
2266 {
2267 u_int32_t caphdr_len;
2268
2269 if (caplen < 8) {
2270 printf("[|802.11]");
2271 return caplen;
2272 }
2273
2274 caphdr_len = EXTRACT_32BITS(p + 4);
2275 if (caphdr_len < 8) {
2276 /*
2277 * Yow! The capture header length is claimed not
2278 * to be large enough to include even the version
2279 * cookie or capture header length!
2280 */
2281 printf("[|802.11]");
2282 return caplen;
2283 }
2284
2285 if (caplen < caphdr_len) {
2286 printf("[|802.11]");
2287 return caplen;
2288 }
2289
2290 return caphdr_len + ieee802_11_print(p + caphdr_len,
2291 length - caphdr_len, caplen - caphdr_len, 0, 0);
2292 }
2293
2294 #define PRISM_HDR_LEN 144
2295
2296 #define WLANCAP_MAGIC_COOKIE_BASE 0x80211000
2297 #define WLANCAP_MAGIC_COOKIE_V1 0x80211001
2298 #define WLANCAP_MAGIC_COOKIE_V2 0x80211002
2299
2300 /*
2301 * For DLT_PRISM_HEADER; like DLT_IEEE802_11, but with an extra header,
2302 * containing information such as radio information, which we
2303 * currently ignore.
2304 *
2305 * If, however, the packet begins with WLANCAP_MAGIC_COOKIE_V1 or
2306 * WLANCAP_MAGIC_COOKIE_V2, it's really DLT_IEEE802_11_RADIO_AVS
2307 * (currently, on Linux, there's no ARPHRD_ type for
2308 * DLT_IEEE802_11_RADIO_AVS, as there is a ARPHRD_IEEE80211_PRISM
2309 * for DLT_PRISM_HEADER, so ARPHRD_IEEE80211_PRISM is used for
2310 * the AVS header, and the first 4 bytes of the header are used to
2311 * indicate whether it's a Prism header or an AVS header).
2312 */
2313 u_int
2314 prism_if_print(const struct pcap_pkthdr *h, const u_char *p)
2315 {
2316 u_int caplen = h->caplen;
2317 u_int length = h->len;
2318 u_int32_t msgcode;
2319
2320 if (caplen < 4) {
2321 printf("[|802.11]");
2322 return caplen;
2323 }
2324
2325 msgcode = EXTRACT_32BITS(p);
2326 if (msgcode == WLANCAP_MAGIC_COOKIE_V1 ||
2327 msgcode == WLANCAP_MAGIC_COOKIE_V2)
2328 return ieee802_11_avs_radio_print(p, length, caplen);
2329
2330 if (caplen < PRISM_HDR_LEN) {
2331 printf("[|802.11]");
2332 return caplen;
2333 }
2334
2335 return PRISM_HDR_LEN + ieee802_11_print(p + PRISM_HDR_LEN,
2336 length - PRISM_HDR_LEN, caplen - PRISM_HDR_LEN, 0, 0);
2337 }
2338
2339 /*
2340 * For DLT_IEEE802_11_RADIO; like DLT_IEEE802_11, but with an extra
2341 * header, containing information such as radio information.
2342 */
2343 u_int
2344 ieee802_11_radio_if_print(const struct pcap_pkthdr *h, const u_char *p)
2345 {
2346 return ieee802_11_radio_print(p, h->len, h->caplen);
2347 }
2348
2349 /*
2350 * For DLT_IEEE802_11_RADIO_AVS; like DLT_IEEE802_11, but with an
2351 * extra header, containing information such as radio information,
2352 * which we currently ignore.
2353 */
2354 u_int
2355 ieee802_11_radio_avs_if_print(const struct pcap_pkthdr *h, const u_char *p)
2356 {
2357 return ieee802_11_avs_radio_print(p, h->len, h->caplen);
2358 }
DragonFly BSD