1 /*
2 * Copyright (c) 2001
3 * Fortress Technologies, Inc. All rights reserved.
4 * Charlie Lenahan (clenahan@fortresstech.com)
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that: (1) source code distributions
8 * retain the above copyright notice and this paragraph in its entirety, (2)
9 * distributions including binary code include the above copyright notice and
10 * this paragraph in its entirety in the documentation or other materials
11 * provided with the distribution, and (3) all advertising materials mentioning
12 * features or use of this software display the following acknowledgement:
13 * ``This product includes software developed by the University of California,
14 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
15 * the University nor the names of its contributors may be used to endorse
16 * or promote products derived from this software without specific prior
17 * written permission.
18 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
19 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
20 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
21 */
22
23 #ifndef lint
24 static const char rcsid[] _U_ =
25 "@(#) $Header: /tcpdump/master/tcpdump/print-802_11.c,v 1.31.2.15 2007/07/22 23:14:14 guy Exp $ (LBL)";
26 #endif
27
28 #ifdef HAVE_CONFIG_H
29 #include "config.h"
30 #endif
31
32 #include <tcpdump-stdinc.h>
33
34 #include <stdio.h>
35 #include <pcap.h>
36 #include <string.h>
37
38 #include "interface.h"
39 #include "addrtoname.h"
40 #include "ethertype.h"
41
42 #include "extract.h"
43
44 #include "cpack.h"
45
46 #include "ieee802_11.h"
47 #include "ieee802_11_radio.h"
48
49 #define PRINT_SSID(p) \
50 switch (p.ssid_status) { \
51 case TRUNCATED: \
52 return 0; \
53 case PRESENT: \
54 printf(" ("); \
55 fn_print(p.ssid.ssid, NULL); \
56 printf(")"); \
57 break; \
58 case NOT_PRESENT: \
59 break; \
60 }
61
62 #define PRINT_RATE(_sep, _r, _suf) \
63 printf("%s%2.1f%s", _sep, (.5 * ((_r) & 0x7f)), _suf)
64 #define PRINT_RATES(p) \
65 switch (p.rates_status) { \
66 case TRUNCATED: \
67 return 0; \
68 case PRESENT: \
69 do { \
70 int z; \
71 const char *sep = " ["; \
72 for (z = 0; z < p.rates.length ; z++) { \
73 PRINT_RATE(sep, p.rates.rate[z], \
74 (p.rates.rate[z] & 0x80 ? "*" : "")); \
75 sep = " "; \
76 } \
77 if (p.rates.length != 0) \
78 printf(" Mbit]"); \
79 } while (0); \
80 break; \
81 case NOT_PRESENT: \
82 break; \
83 }
84
85 #define PRINT_DS_CHANNEL(p) \
86 switch (p.ds_status) { \
87 case TRUNCATED: \
88 return 0; \
89 case PRESENT: \
90 printf(" CH: %u", p.ds.channel); \
91 break; \
92 case NOT_PRESENT: \
93 break; \
94 } \
95 printf("%s", \
96 CAPABILITY_PRIVACY(p.capability_info) ? ", PRIVACY" : "" );
97
98 static const char *auth_alg_text[]={"Open System","Shared Key","EAP"};
99 #define NUM_AUTH_ALGS (sizeof auth_alg_text / sizeof auth_alg_text[0])
100
101 static const char *status_text[] = {
102 "Succesful", /* 0 */
103 "Unspecified failure", /* 1 */
104 "Reserved", /* 2 */
105 "Reserved", /* 3 */
106 "Reserved", /* 4 */
107 "Reserved", /* 5 */
108 "Reserved", /* 6 */
109 "Reserved", /* 7 */
110 "Reserved", /* 8 */
111 "Reserved", /* 9 */
112 "Cannot Support all requested capabilities in the Capability Information field", /* 10 */
113 "Reassociation denied due to inability to confirm that association exists", /* 11 */
114 "Association denied due to reason outside the scope of the standard", /* 12 */
115 "Responding station does not support the specified authentication algorithm ", /* 13 */
116 "Received an Authentication frame with authentication transaction " \
117 "sequence number out of expected sequence", /* 14 */
118 "Authentication rejected because of challenge failure", /* 15 */
119 "Authentication rejected due to timeout waiting for next frame in sequence", /* 16 */
120 "Association denied because AP is unable to handle additional associated stations", /* 17 */
121 "Association denied due to requesting station not supporting all of the " \
122 "data rates in BSSBasicRateSet parameter", /* 18 */
123 };
124 #define NUM_STATUSES (sizeof status_text / sizeof status_text[0])
125
126 static const char *reason_text[] = {
127 "Reserved", /* 0 */
128 "Unspecified reason", /* 1 */
129 "Previous authentication no longer valid", /* 2 */
130 "Deauthenticated because sending station is leaving (or has left) IBSS or ESS", /* 3 */
131 "Disassociated due to inactivity", /* 4 */
132 "Disassociated because AP is unable to handle all currently associated stations", /* 5 */
133 "Class 2 frame received from nonauthenticated station", /* 6 */
134 "Class 3 frame received from nonassociated station", /* 7 */
135 "Disassociated because sending station is leaving (or has left) BSS", /* 8 */
136 "Station requesting (re)association is not authenticated with responding station", /* 9 */
137 };
138 #define NUM_REASONS (sizeof reason_text / sizeof reason_text[0])
139
140 static int
wep_print(const u_char * p)141 wep_print(const u_char *p)
142 {
143 u_int32_t iv;
144
145 if (!TTEST2(*p, IEEE802_11_IV_LEN + IEEE802_11_KID_LEN))
146 return 0;
147 iv = EXTRACT_LE_32BITS(p);
148
149 printf("Data IV:%3x Pad %x KeyID %x", IV_IV(iv), IV_PAD(iv),
150 IV_KEYID(iv));
151
152 return 1;
153 }
154
155 static void
parse_elements(struct mgmt_body_t * pbody,const u_char * p,int offset)156 parse_elements(struct mgmt_body_t *pbody, const u_char *p, int offset)
157 {
158 /*
159 * We haven't seen any elements yet.
160 */
161 pbody->challenge_status = NOT_PRESENT;
162 pbody->ssid_status = NOT_PRESENT;
163 pbody->rates_status = NOT_PRESENT;
164 pbody->ds_status = NOT_PRESENT;
165 pbody->cf_status = NOT_PRESENT;
166 pbody->tim_status = NOT_PRESENT;
167
168 for (;;) {
169 if (!TTEST2(*(p + offset), 1))
170 return;
171 switch (*(p + offset)) {
172 case E_SSID:
173 /* Present, possibly truncated */
174 pbody->ssid_status = TRUNCATED;
175 if (!TTEST2(*(p + offset), 2))
176 return;
177 memcpy(&pbody->ssid, p + offset, 2);
178 offset += 2;
179 if (pbody->ssid.length != 0) {
180 if (pbody->ssid.length >
181 sizeof(pbody->ssid.ssid) - 1)
182 return;
183 if (!TTEST2(*(p + offset), pbody->ssid.length))
184 return;
185 memcpy(&pbody->ssid.ssid, p + offset,
186 pbody->ssid.length);
187 offset += pbody->ssid.length;
188 }
189 pbody->ssid.ssid[pbody->ssid.length] = '\0';
190 /* Present and not truncated */
191 pbody->ssid_status = PRESENT;
192 break;
193 case E_CHALLENGE:
194 /* Present, possibly truncated */
195 pbody->challenge_status = TRUNCATED;
196 if (!TTEST2(*(p + offset), 2))
197 return;
198 memcpy(&pbody->challenge, p + offset, 2);
199 offset += 2;
200 if (pbody->challenge.length != 0) {
201 if (pbody->challenge.length >
202 sizeof(pbody->challenge.text) - 1)
203 return;
204 if (!TTEST2(*(p + offset), pbody->challenge.length))
205 return;
206 memcpy(&pbody->challenge.text, p + offset,
207 pbody->challenge.length);
208 offset += pbody->challenge.length;
209 }
210 pbody->challenge.text[pbody->challenge.length] = '\0';
211 /* Present and not truncated */
212 pbody->challenge_status = PRESENT;
213 break;
214 case E_RATES:
215 /* Present, possibly truncated */
216 pbody->rates_status = TRUNCATED;
217 if (!TTEST2(*(p + offset), 2))
218 return;
219 memcpy(&(pbody->rates), p + offset, 2);
220 offset += 2;
221 if (pbody->rates.length != 0) {
222 if (pbody->rates.length > sizeof pbody->rates.rate)
223 return;
224 if (!TTEST2(*(p + offset), pbody->rates.length))
225 return;
226 memcpy(&pbody->rates.rate, p + offset,
227 pbody->rates.length);
228 offset += pbody->rates.length;
229 }
230 /* Present and not truncated */
231 pbody->rates_status = PRESENT;
232 break;
233 case E_DS:
234 /* Present, possibly truncated */
235 pbody->ds_status = TRUNCATED;
236 if (!TTEST2(*(p + offset), 3))
237 return;
238 memcpy(&pbody->ds, p + offset, 3);
239 offset += 3;
240 /* Present and not truncated */
241 pbody->ds_status = PRESENT;
242 break;
243 case E_CF:
244 /* Present, possibly truncated */
245 pbody->cf_status = TRUNCATED;
246 if (!TTEST2(*(p + offset), 8))
247 return;
248 memcpy(&pbody->cf, p + offset, 8);
249 offset += 8;
250 /* Present and not truncated */
251 pbody->cf_status = PRESENT;
252 break;
253 case E_TIM:
254 /* Present, possibly truncated */
255 pbody->tim_status = TRUNCATED;
256 if (!TTEST2(*(p + offset), 2))
257 return;
258 memcpy(&pbody->tim, p + offset, 2);
259 offset += 2;
260 if (!TTEST2(*(p + offset), 3))
261 return;
262 memcpy(&pbody->tim.count, p + offset, 3);
263 offset += 3;
264
265 if (pbody->tim.length <= 3)
266 break;
267 if (pbody->tim.length - 3 > sizeof pbody->tim.bitmap)
268 return;
269 if (!TTEST2(*(p + offset), pbody->tim.length - 3))
270 return;
271 memcpy(pbody->tim.bitmap, p + (pbody->tim.length - 3),
272 (pbody->tim.length - 3));
273 offset += pbody->tim.length - 3;
274 /* Present and not truncated */
275 pbody->tim_status = PRESENT;
276 break;
277 default:
278 #if 0
279 printf("(1) unhandled element_id (%d) ",
280 *(p + offset) );
281 #endif
282 if (!TTEST2(*(p + offset), 2))
283 return;
284 if (!TTEST2(*(p + offset + 2), *(p + offset + 1)))
285 return;
286 offset += *(p + offset + 1) + 2;
287 break;
288 }
289 }
290 }
291
292 /*********************************************************************************
293 * Print Handle functions for the management frame types
294 *********************************************************************************/
295
296 static int
handle_beacon(const u_char * p)297 handle_beacon(const u_char *p)
298 {
299 struct mgmt_body_t pbody;
300 int offset = 0;
301
302 memset(&pbody, 0, sizeof(pbody));
303
304 if (!TTEST2(*p, IEEE802_11_TSTAMP_LEN + IEEE802_11_BCNINT_LEN +
305 IEEE802_11_CAPINFO_LEN))
306 return 0;
307 memcpy(&pbody.timestamp, p, IEEE802_11_TSTAMP_LEN);
308 offset += IEEE802_11_TSTAMP_LEN;
309 pbody.beacon_interval = EXTRACT_LE_16BITS(p+offset);
310 offset += IEEE802_11_BCNINT_LEN;
311 pbody.capability_info = EXTRACT_LE_16BITS(p+offset);
312 offset += IEEE802_11_CAPINFO_LEN;
313
314 parse_elements(&pbody, p, offset);
315
316 PRINT_SSID(pbody);
317 PRINT_RATES(pbody);
318 printf(" %s",
319 CAPABILITY_ESS(pbody.capability_info) ? "ESS" : "IBSS");
320 PRINT_DS_CHANNEL(pbody);
321
322 return 1;
323 }
324
325 static int
handle_assoc_request(const u_char * p)326 handle_assoc_request(const u_char *p)
327 {
328 struct mgmt_body_t pbody;
329 int offset = 0;
330
331 memset(&pbody, 0, sizeof(pbody));
332
333 if (!TTEST2(*p, IEEE802_11_CAPINFO_LEN + IEEE802_11_LISTENINT_LEN))
334 return 0;
335 pbody.capability_info = EXTRACT_LE_16BITS(p);
336 offset += IEEE802_11_CAPINFO_LEN;
337 pbody.listen_interval = EXTRACT_LE_16BITS(p+offset);
338 offset += IEEE802_11_LISTENINT_LEN;
339
340 parse_elements(&pbody, p, offset);
341
342 PRINT_SSID(pbody);
343 PRINT_RATES(pbody);
344 return 1;
345 }
346
347 static int
handle_assoc_response(const u_char * p)348 handle_assoc_response(const u_char *p)
349 {
350 struct mgmt_body_t pbody;
351 int offset = 0;
352
353 memset(&pbody, 0, sizeof(pbody));
354
355 if (!TTEST2(*p, IEEE802_11_CAPINFO_LEN + IEEE802_11_STATUS_LEN +
356 IEEE802_11_AID_LEN))
357 return 0;
358 pbody.capability_info = EXTRACT_LE_16BITS(p);
359 offset += IEEE802_11_CAPINFO_LEN;
360 pbody.status_code = EXTRACT_LE_16BITS(p+offset);
361 offset += IEEE802_11_STATUS_LEN;
362 pbody.aid = EXTRACT_LE_16BITS(p+offset);
363 offset += IEEE802_11_AID_LEN;
364
365 parse_elements(&pbody, p, offset);
366
367 printf(" AID(%x) :%s: %s", ((u_int16_t)(pbody.aid << 2 )) >> 2 ,
368 CAPABILITY_PRIVACY(pbody.capability_info) ? " PRIVACY " : "",
369 (pbody.status_code < NUM_STATUSES
370 ? status_text[pbody.status_code]
371 : "n/a"));
372
373 return 1;
374 }
375
376 static int
handle_reassoc_request(const u_char * p)377 handle_reassoc_request(const u_char *p)
378 {
379 struct mgmt_body_t pbody;
380 int offset = 0;
381
382 memset(&pbody, 0, sizeof(pbody));
383
384 if (!TTEST2(*p, IEEE802_11_CAPINFO_LEN + IEEE802_11_LISTENINT_LEN +
385 IEEE802_11_AP_LEN))
386 return 0;
387 pbody.capability_info = EXTRACT_LE_16BITS(p);
388 offset += IEEE802_11_CAPINFO_LEN;
389 pbody.listen_interval = EXTRACT_LE_16BITS(p+offset);
390 offset += IEEE802_11_LISTENINT_LEN;
391 memcpy(&pbody.ap, p+offset, IEEE802_11_AP_LEN);
392 offset += IEEE802_11_AP_LEN;
393
394 parse_elements(&pbody, p, offset);
395
396 PRINT_SSID(pbody);
397 printf(" AP : %s", etheraddr_string( pbody.ap ));
398
399 return 1;
400 }
401
402 static int
handle_reassoc_response(const u_char * p)403 handle_reassoc_response(const u_char *p)
404 {
405 /* Same as a Association Reponse */
406 return handle_assoc_response(p);
407 }
408
409 static int
handle_probe_request(const u_char * p)410 handle_probe_request(const u_char *p)
411 {
412 struct mgmt_body_t pbody;
413 int offset = 0;
414
415 memset(&pbody, 0, sizeof(pbody));
416
417 parse_elements(&pbody, p, offset);
418
419 PRINT_SSID(pbody);
420 PRINT_RATES(pbody);
421
422 return 1;
423 }
424
425 static int
handle_probe_response(const u_char * p)426 handle_probe_response(const u_char *p)
427 {
428 struct mgmt_body_t pbody;
429 int offset = 0;
430
431 memset(&pbody, 0, sizeof(pbody));
432
433 if (!TTEST2(*p, IEEE802_11_TSTAMP_LEN + IEEE802_11_BCNINT_LEN +
434 IEEE802_11_CAPINFO_LEN))
435 return 0;
436
437 memcpy(&pbody.timestamp, p, IEEE802_11_TSTAMP_LEN);
438 offset += IEEE802_11_TSTAMP_LEN;
439 pbody.beacon_interval = EXTRACT_LE_16BITS(p+offset);
440 offset += IEEE802_11_BCNINT_LEN;
441 pbody.capability_info = EXTRACT_LE_16BITS(p+offset);
442 offset += IEEE802_11_CAPINFO_LEN;
443
444 parse_elements(&pbody, p, offset);
445
446 PRINT_SSID(pbody);
447 PRINT_RATES(pbody);
448 PRINT_DS_CHANNEL(pbody);
449
450 return 1;
451 }
452
453 static int
handle_atim(void)454 handle_atim(void)
455 {
456 /* the frame body for ATIM is null. */
457 return 1;
458 }
459
460 static int
handle_disassoc(const u_char * p)461 handle_disassoc(const u_char *p)
462 {
463 struct mgmt_body_t pbody;
464
465 memset(&pbody, 0, sizeof(pbody));
466
467 if (!TTEST2(*p, IEEE802_11_REASON_LEN))
468 return 0;
469 pbody.reason_code = EXTRACT_LE_16BITS(p);
470
471 printf(": %s",
472 (pbody.reason_code < NUM_REASONS)
473 ? reason_text[pbody.reason_code]
474 : "Reserved" );
475
476 return 1;
477 }
478
479 static int
handle_auth(const u_char * p)480 handle_auth(const u_char *p)
481 {
482 struct mgmt_body_t pbody;
483 int offset = 0;
484
485 memset(&pbody, 0, sizeof(pbody));
486
487 if (!TTEST2(*p, 6))
488 return 0;
489 pbody.auth_alg = EXTRACT_LE_16BITS(p);
490 offset += 2;
491 pbody.auth_trans_seq_num = EXTRACT_LE_16BITS(p + offset);
492 offset += 2;
493 pbody.status_code = EXTRACT_LE_16BITS(p + offset);
494 offset += 2;
495
496 parse_elements(&pbody, p, offset);
497
498 if ((pbody.auth_alg == 1) &&
499 ((pbody.auth_trans_seq_num == 2) ||
500 (pbody.auth_trans_seq_num == 3))) {
501 printf(" (%s)-%x [Challenge Text] %s",
502 (pbody.auth_alg < NUM_AUTH_ALGS)
503 ? auth_alg_text[pbody.auth_alg]
504 : "Reserved",
505 pbody.auth_trans_seq_num,
506 ((pbody.auth_trans_seq_num % 2)
507 ? ((pbody.status_code < NUM_STATUSES)
508 ? status_text[pbody.status_code]
509 : "n/a") : ""));
510 return 1;
511 }
512 printf(" (%s)-%x: %s",
513 (pbody.auth_alg < NUM_AUTH_ALGS)
514 ? auth_alg_text[pbody.auth_alg]
515 : "Reserved",
516 pbody.auth_trans_seq_num,
517 (pbody.auth_trans_seq_num % 2)
518 ? ((pbody.status_code < NUM_STATUSES)
519 ? status_text[pbody.status_code]
520 : "n/a")
521 : "");
522
523 return 1;
524 }
525
526 static int
handle_deauth(const struct mgmt_header_t * pmh,const u_char * p)527 handle_deauth(const struct mgmt_header_t *pmh, const u_char *p)
528 {
529 struct mgmt_body_t pbody;
530 int offset = 0;
531 const char *reason = NULL;
532
533 memset(&pbody, 0, sizeof(pbody));
534
535 if (!TTEST2(*p, IEEE802_11_REASON_LEN))
536 return 0;
537 pbody.reason_code = EXTRACT_LE_16BITS(p);
538 offset += IEEE802_11_REASON_LEN;
539
540 reason = (pbody.reason_code < NUM_REASONS)
541 ? reason_text[pbody.reason_code]
542 : "Reserved";
543
544 if (eflag) {
545 printf(": %s", reason);
546 } else {
547 printf(" (%s): %s", etheraddr_string(pmh->sa), reason);
548 }
549 return 1;
550 }
551
552
553 /*********************************************************************************
554 * Print Body funcs
555 *********************************************************************************/
556
557
558 static int
mgmt_body_print(u_int16_t fc,const struct mgmt_header_t * pmh,const u_char * p)559 mgmt_body_print(u_int16_t fc, const struct mgmt_header_t *pmh,
560 const u_char *p)
561 {
562 switch (FC_SUBTYPE(fc)) {
563 case ST_ASSOC_REQUEST:
564 printf("Assoc Request");
565 return handle_assoc_request(p);
566 case ST_ASSOC_RESPONSE:
567 printf("Assoc Response");
568 return handle_assoc_response(p);
569 case ST_REASSOC_REQUEST:
570 printf("ReAssoc Request");
571 return handle_reassoc_request(p);
572 case ST_REASSOC_RESPONSE:
573 printf("ReAssoc Response");
574 return handle_reassoc_response(p);
575 case ST_PROBE_REQUEST:
576 printf("Probe Request");
577 return handle_probe_request(p);
578 case ST_PROBE_RESPONSE:
579 printf("Probe Response");
580 return handle_probe_response(p);
581 case ST_BEACON:
582 printf("Beacon");
583 return handle_beacon(p);
584 case ST_ATIM:
585 printf("ATIM");
586 return handle_atim();
587 case ST_DISASSOC:
588 printf("Disassociation");
589 return handle_disassoc(p);
590 case ST_AUTH:
591 printf("Authentication");
592 if (!TTEST2(*p, 3))
593 return 0;
594 if ((p[0] == 0 ) && (p[1] == 0) && (p[2] == 0)) {
595 printf("Authentication (Shared-Key)-3 ");
596 return wep_print(p);
597 }
598 return handle_auth(p);
599 case ST_DEAUTH:
600 printf("DeAuthentication");
601 return handle_deauth(pmh, p);
602 break;
603 default:
604 printf("Unhandled Management subtype(%x)",
605 FC_SUBTYPE(fc));
606 return 1;
607 }
608 }
609
610
611 /*********************************************************************************
612 * Handles printing all the control frame types
613 *********************************************************************************/
614
615 static int
ctrl_body_print(u_int16_t fc,const u_char * p)616 ctrl_body_print(u_int16_t fc, const u_char *p)
617 {
618 switch (FC_SUBTYPE(fc)) {
619 case CTRL_PS_POLL:
620 printf("Power Save-Poll");
621 if (!TTEST2(*p, CTRL_PS_POLL_HDRLEN))
622 return 0;
623 printf(" AID(%x)",
624 EXTRACT_LE_16BITS(&(((const struct ctrl_ps_poll_t *)p)->aid)));
625 break;
626 case CTRL_RTS:
627 printf("Request-To-Send");
628 if (!TTEST2(*p, CTRL_RTS_HDRLEN))
629 return 0;
630 if (!eflag)
631 printf(" TA:%s ",
632 etheraddr_string(((const struct ctrl_rts_t *)p)->ta));
633 break;
634 case CTRL_CTS:
635 printf("Clear-To-Send");
636 if (!TTEST2(*p, CTRL_CTS_HDRLEN))
637 return 0;
638 if (!eflag)
639 printf(" RA:%s ",
640 etheraddr_string(((const struct ctrl_cts_t *)p)->ra));
641 break;
642 case CTRL_ACK:
643 printf("Acknowledgment");
644 if (!TTEST2(*p, CTRL_ACK_HDRLEN))
645 return 0;
646 if (!eflag)
647 printf(" RA:%s ",
648 etheraddr_string(((const struct ctrl_ack_t *)p)->ra));
649 break;
650 case CTRL_CF_END:
651 printf("CF-End");
652 if (!TTEST2(*p, CTRL_END_HDRLEN))
653 return 0;
654 if (!eflag)
655 printf(" RA:%s ",
656 etheraddr_string(((const struct ctrl_end_t *)p)->ra));
657 break;
658 case CTRL_END_ACK:
659 printf("CF-End+CF-Ack");
660 if (!TTEST2(*p, CTRL_END_ACK_HDRLEN))
661 return 0;
662 if (!eflag)
663 printf(" RA:%s ",
664 etheraddr_string(((const struct ctrl_end_ack_t *)p)->ra));
665 break;
666 default:
667 printf("Unknown Ctrl Subtype");
668 }
669 return 1;
670 }
671
672 /*
673 * Print Header funcs
674 */
675
676 /*
677 * Data Frame - Address field contents
678 *
679 * To Ds | From DS | Addr 1 | Addr 2 | Addr 3 | Addr 4
680 * 0 | 0 | DA | SA | BSSID | n/a
681 * 0 | 1 | DA | BSSID | SA | n/a
682 * 1 | 0 | BSSID | SA | DA | n/a
683 * 1 | 1 | RA | TA | DA | SA
684 */
685
686 static void
data_header_print(u_int16_t fc,const u_char * p,const u_int8_t ** srcp,const u_int8_t ** dstp)687 data_header_print(u_int16_t fc, const u_char *p, const u_int8_t **srcp,
688 const u_int8_t **dstp)
689 {
690 u_int subtype = FC_SUBTYPE(fc);
691
692 if (DATA_FRAME_IS_CF_ACK(subtype) || DATA_FRAME_IS_CF_POLL(subtype) ||
693 DATA_FRAME_IS_QOS(subtype)) {
694 printf("CF ");
695 if (DATA_FRAME_IS_CF_ACK(subtype)) {
696 if (DATA_FRAME_IS_CF_POLL(subtype))
697 printf("Ack/Poll");
698 else
699 printf("Ack");
700 } else {
701 if (DATA_FRAME_IS_CF_POLL(subtype))
702 printf("Poll");
703 }
704 if (DATA_FRAME_IS_QOS(subtype))
705 printf("+QoS");
706 printf(" ");
707 }
708
709 #define ADDR1 (p + 4)
710 #define ADDR2 (p + 10)
711 #define ADDR3 (p + 16)
712 #define ADDR4 (p + 24)
713
714 if (!FC_TO_DS(fc) && !FC_FROM_DS(fc)) {
715 if (srcp != NULL)
716 *srcp = ADDR2;
717 if (dstp != NULL)
718 *dstp = ADDR1;
719 if (!eflag)
720 return;
721 printf("DA:%s SA:%s BSSID:%s ",
722 etheraddr_string(ADDR1), etheraddr_string(ADDR2),
723 etheraddr_string(ADDR3));
724 } else if (!FC_TO_DS(fc) && FC_FROM_DS(fc)) {
725 if (srcp != NULL)
726 *srcp = ADDR3;
727 if (dstp != NULL)
728 *dstp = ADDR1;
729 if (!eflag)
730 return;
731 printf("DA:%s BSSID:%s SA:%s ",
732 etheraddr_string(ADDR1), etheraddr_string(ADDR2),
733 etheraddr_string(ADDR3));
734 } else if (FC_TO_DS(fc) && !FC_FROM_DS(fc)) {
735 if (srcp != NULL)
736 *srcp = ADDR2;
737 if (dstp != NULL)
738 *dstp = ADDR3;
739 if (!eflag)
740 return;
741 printf("BSSID:%s SA:%s DA:%s ",
742 etheraddr_string(ADDR1), etheraddr_string(ADDR2),
743 etheraddr_string(ADDR3));
744 } else if (FC_TO_DS(fc) && FC_FROM_DS(fc)) {
745 if (srcp != NULL)
746 *srcp = ADDR4;
747 if (dstp != NULL)
748 *dstp = ADDR3;
749 if (!eflag)
750 return;
751 printf("RA:%s TA:%s DA:%s SA:%s ",
752 etheraddr_string(ADDR1), etheraddr_string(ADDR2),
753 etheraddr_string(ADDR3), etheraddr_string(ADDR4));
754 }
755
756 #undef ADDR1
757 #undef ADDR2
758 #undef ADDR3
759 #undef ADDR4
760 }
761
762 static void
mgmt_header_print(const u_char * p,const u_int8_t ** srcp,const u_int8_t ** dstp)763 mgmt_header_print(const u_char *p, const u_int8_t **srcp,
764 const u_int8_t **dstp)
765 {
766 const struct mgmt_header_t *hp = (const struct mgmt_header_t *) p;
767
768 if (srcp != NULL)
769 *srcp = hp->sa;
770 if (dstp != NULL)
771 *dstp = hp->da;
772 if (!eflag)
773 return;
774
775 printf("BSSID:%s DA:%s SA:%s ",
776 etheraddr_string((hp)->bssid), etheraddr_string((hp)->da),
777 etheraddr_string((hp)->sa));
778 }
779
780 static void
ctrl_header_print(u_int16_t fc,const u_char * p,const u_int8_t ** srcp,const u_int8_t ** dstp)781 ctrl_header_print(u_int16_t fc, const u_char *p, const u_int8_t **srcp,
782 const u_int8_t **dstp)
783 {
784 if (srcp != NULL)
785 *srcp = NULL;
786 if (dstp != NULL)
787 *dstp = NULL;
788 if (!eflag)
789 return;
790
791 switch (FC_SUBTYPE(fc)) {
792 case CTRL_PS_POLL:
793 printf("BSSID:%s TA:%s ",
794 etheraddr_string(((const struct ctrl_ps_poll_t *)p)->bssid),
795 etheraddr_string(((const struct ctrl_ps_poll_t *)p)->ta));
796 break;
797 case CTRL_RTS:
798 printf("RA:%s TA:%s ",
799 etheraddr_string(((const struct ctrl_rts_t *)p)->ra),
800 etheraddr_string(((const struct ctrl_rts_t *)p)->ta));
801 break;
802 case CTRL_CTS:
803 printf("RA:%s ",
804 etheraddr_string(((const struct ctrl_cts_t *)p)->ra));
805 break;
806 case CTRL_ACK:
807 printf("RA:%s ",
808 etheraddr_string(((const struct ctrl_ack_t *)p)->ra));
809 break;
810 case CTRL_CF_END:
811 printf("RA:%s BSSID:%s ",
812 etheraddr_string(((const struct ctrl_end_t *)p)->ra),
813 etheraddr_string(((const struct ctrl_end_t *)p)->bssid));
814 break;
815 case CTRL_END_ACK:
816 printf("RA:%s BSSID:%s ",
817 etheraddr_string(((const struct ctrl_end_ack_t *)p)->ra),
818 etheraddr_string(((const struct ctrl_end_ack_t *)p)->bssid));
819 break;
820 default:
821 printf("(H) Unknown Ctrl Subtype");
822 break;
823 }
824 }
825
826 static int
extract_header_length(u_int16_t fc)827 extract_header_length(u_int16_t fc)
828 {
829 int len;
830
831 switch (FC_TYPE(fc)) {
832 case T_MGMT:
833 return MGMT_HDRLEN;
834 case T_CTRL:
835 switch (FC_SUBTYPE(fc)) {
836 case CTRL_PS_POLL:
837 return CTRL_PS_POLL_HDRLEN;
838 case CTRL_RTS:
839 return CTRL_RTS_HDRLEN;
840 case CTRL_CTS:
841 return CTRL_CTS_HDRLEN;
842 case CTRL_ACK:
843 return CTRL_ACK_HDRLEN;
844 case CTRL_CF_END:
845 return CTRL_END_HDRLEN;
846 case CTRL_END_ACK:
847 return CTRL_END_ACK_HDRLEN;
848 default:
849 return 0;
850 }
851 case T_DATA:
852 len = (FC_TO_DS(fc) && FC_FROM_DS(fc)) ? 30 : 24;
853 if (DATA_FRAME_IS_QOS(FC_SUBTYPE(fc)))
854 len += 2;
855 return len;
856 default:
857 printf("unknown IEEE802.11 frame type (%d)", FC_TYPE(fc));
858 return 0;
859 }
860 }
861
862 /*
863 * Print the 802.11 MAC header if eflag is set, and set "*srcp" and "*dstp"
864 * to point to the source and destination MAC addresses in any case if
865 * "srcp" and "dstp" aren't null.
866 */
867 static inline void
ieee_802_11_hdr_print(u_int16_t fc,const u_char * p,const u_int8_t ** srcp,const u_int8_t ** dstp)868 ieee_802_11_hdr_print(u_int16_t fc, const u_char *p, const u_int8_t **srcp,
869 const u_int8_t **dstp)
870 {
871 if (vflag) {
872 if (FC_MORE_DATA(fc))
873 printf("More Data ");
874 if (FC_MORE_FLAG(fc))
875 printf("More Fragments ");
876 if (FC_POWER_MGMT(fc))
877 printf("Pwr Mgmt ");
878 if (FC_RETRY(fc))
879 printf("Retry ");
880 if (FC_ORDER(fc))
881 printf("Strictly Ordered ");
882 if (FC_WEP(fc))
883 printf("WEP Encrypted ");
884 if (FC_TYPE(fc) != T_CTRL || FC_SUBTYPE(fc) != CTRL_PS_POLL)
885 printf("%dus ",
886 EXTRACT_LE_16BITS(
887 &((const struct mgmt_header_t *)p)->duration));
888 }
889
890 switch (FC_TYPE(fc)) {
891 case T_MGMT:
892 mgmt_header_print(p, srcp, dstp);
893 break;
894 case T_CTRL:
895 ctrl_header_print(fc, p, srcp, dstp);
896 break;
897 case T_DATA:
898 data_header_print(fc, p, srcp, dstp);
899 break;
900 default:
901 printf("(header) unknown IEEE802.11 frame type (%d)",
902 FC_TYPE(fc));
903 *srcp = NULL;
904 *dstp = NULL;
905 break;
906 }
907 }
908
909 #ifndef roundup2
910 #define roundup2(x, y) (((x)+((y)-1))&(~((y)-1))) /* if y is powers of two */
911 #endif
912
913 static u_int
ieee802_11_print(const u_char * p,u_int length,u_int caplen,int pad)914 ieee802_11_print(const u_char *p, u_int length, u_int caplen, int pad)
915 {
916 u_int16_t fc;
917 u_int hdrlen;
918 const u_int8_t *src, *dst;
919 u_short extracted_ethertype;
920
921 if (caplen < IEEE802_11_FC_LEN) {
922 printf("[|802.11]");
923 return caplen;
924 }
925
926 fc = EXTRACT_LE_16BITS(p);
927 hdrlen = extract_header_length(fc);
928 if (pad)
929 hdrlen = roundup2(hdrlen, 4);
930
931 if (caplen < hdrlen) {
932 printf("[|802.11]");
933 return hdrlen;
934 }
935
936 ieee_802_11_hdr_print(fc, p, &src, &dst);
937
938 /*
939 * Go past the 802.11 header.
940 */
941 length -= hdrlen;
942 caplen -= hdrlen;
943 p += hdrlen;
944
945 switch (FC_TYPE(fc)) {
946 case T_MGMT:
947 if (!mgmt_body_print(fc,
948 (const struct mgmt_header_t *)(p - hdrlen), p)) {
949 printf("[|802.11]");
950 return hdrlen;
951 }
952 break;
953 case T_CTRL:
954 if (!ctrl_body_print(fc, p - hdrlen)) {
955 printf("[|802.11]");
956 return hdrlen;
957 }
958 break;
959 case T_DATA:
960 if (DATA_FRAME_IS_NULL(FC_SUBTYPE(fc)))
961 return hdrlen; /* no-data frame */
962 /* There may be a problem w/ AP not having this bit set */
963 if (FC_WEP(fc)) {
964 if (!wep_print(p)) {
965 printf("[|802.11]");
966 return hdrlen;
967 }
968 } else if (llc_print(p, length, caplen, dst, src,
969 &extracted_ethertype) == 0) {
970 /*
971 * Some kinds of LLC packet we cannot
972 * handle intelligently
973 */
974 if (!eflag)
975 ieee_802_11_hdr_print(fc, p - hdrlen, NULL,
976 NULL);
977 if (extracted_ethertype)
978 printf("(LLC %s) ",
979 etherproto_string(
980 htons(extracted_ethertype)));
981 if (!suppress_default_print)
982 default_print(p, caplen);
983 }
984 break;
985 default:
986 printf("unknown 802.11 frame type (%d)", FC_TYPE(fc));
987 break;
988 }
989
990 return hdrlen;
991 }
992
993 /*
994 * This is the top level routine of the printer. 'p' points
995 * to the 802.11 header of the packet, 'h->ts' is the timestamp,
996 * 'h->len' is the length of the packet off the wire, and 'h->caplen'
997 * is the number of bytes actually captured.
998 */
999 u_int
ieee802_11_if_print(const struct pcap_pkthdr * h,const u_char * p)1000 ieee802_11_if_print(const struct pcap_pkthdr *h, const u_char *p)
1001 {
1002 return ieee802_11_print(p, h->len, h->caplen, 0);
1003 }
1004
1005 static int
print_radiotap_field(struct cpack_state * s,u_int32_t bit,int * pad)1006 print_radiotap_field(struct cpack_state *s, u_int32_t bit, int *pad)
1007 {
1008 union {
1009 int8_t i8;
1010 u_int8_t u8;
1011 int16_t i16;
1012 u_int16_t u16;
1013 u_int32_t u32;
1014 u_int64_t u64;
1015 } u, u2;
1016 int rc;
1017
1018 switch (bit) {
1019 case IEEE80211_RADIOTAP_FLAGS:
1020 rc = cpack_uint8(s, &u.u8);
1021 if (u.u8 & IEEE80211_RADIOTAP_F_DATAPAD)
1022 *pad = 1;
1023 break;
1024 case IEEE80211_RADIOTAP_RATE:
1025 case IEEE80211_RADIOTAP_DB_ANTSIGNAL:
1026 case IEEE80211_RADIOTAP_DB_ANTNOISE:
1027 case IEEE80211_RADIOTAP_ANTENNA:
1028 rc = cpack_uint8(s, &u.u8);
1029 break;
1030 case IEEE80211_RADIOTAP_DBM_ANTSIGNAL:
1031 case IEEE80211_RADIOTAP_DBM_ANTNOISE:
1032 rc = cpack_int8(s, &u.i8);
1033 break;
1034 case IEEE80211_RADIOTAP_CHANNEL:
1035 rc = cpack_uint16(s, &u.u16);
1036 if (rc != 0)
1037 break;
1038 rc = cpack_uint16(s, &u2.u16);
1039 break;
1040 case IEEE80211_RADIOTAP_FHSS:
1041 case IEEE80211_RADIOTAP_LOCK_QUALITY:
1042 case IEEE80211_RADIOTAP_TX_ATTENUATION:
1043 rc = cpack_uint16(s, &u.u16);
1044 break;
1045 case IEEE80211_RADIOTAP_DB_TX_ATTENUATION:
1046 rc = cpack_uint8(s, &u.u8);
1047 break;
1048 case IEEE80211_RADIOTAP_DBM_TX_POWER:
1049 rc = cpack_int8(s, &u.i8);
1050 break;
1051 case IEEE80211_RADIOTAP_TSFT:
1052 rc = cpack_uint64(s, &u.u64);
1053 break;
1054 default:
1055 /* this bit indicates a field whose
1056 * size we do not know, so we cannot
1057 * proceed.
1058 */
1059 printf("[0x%08x] ", bit);
1060 return -1;
1061 }
1062
1063 if (rc != 0) {
1064 printf("[|802.11]");
1065 return rc;
1066 }
1067
1068 switch (bit) {
1069 case IEEE80211_RADIOTAP_CHANNEL:
1070 printf("%u MHz ", u.u16);
1071 if (u2.u16 != 0)
1072 printf("(0x%04x) ", u2.u16);
1073 break;
1074 case IEEE80211_RADIOTAP_FHSS:
1075 printf("fhset %d fhpat %d ", u.u16 & 0xff, (u.u16 >> 8) & 0xff);
1076 break;
1077 case IEEE80211_RADIOTAP_RATE:
1078 PRINT_RATE("", u.u8, " Mb/s ");
1079 break;
1080 case IEEE80211_RADIOTAP_DBM_ANTSIGNAL:
1081 printf("%ddB signal ", u.i8);
1082 break;
1083 case IEEE80211_RADIOTAP_DBM_ANTNOISE:
1084 printf("%ddB noise ", u.i8);
1085 break;
1086 case IEEE80211_RADIOTAP_DB_ANTSIGNAL:
1087 printf("%ddB signal ", u.u8);
1088 break;
1089 case IEEE80211_RADIOTAP_DB_ANTNOISE:
1090 printf("%ddB noise ", u.u8);
1091 break;
1092 case IEEE80211_RADIOTAP_LOCK_QUALITY:
1093 printf("%u sq ", u.u16);
1094 break;
1095 case IEEE80211_RADIOTAP_TX_ATTENUATION:
1096 printf("%d tx power ", -(int)u.u16);
1097 break;
1098 case IEEE80211_RADIOTAP_DB_TX_ATTENUATION:
1099 printf("%ddB tx power ", -(int)u.u8);
1100 break;
1101 case IEEE80211_RADIOTAP_DBM_TX_POWER:
1102 printf("%ddBm tx power ", u.i8);
1103 break;
1104 case IEEE80211_RADIOTAP_FLAGS:
1105 if (u.u8 & IEEE80211_RADIOTAP_F_CFP)
1106 printf("cfp ");
1107 if (u.u8 & IEEE80211_RADIOTAP_F_SHORTPRE)
1108 printf("short preamble ");
1109 if (u.u8 & IEEE80211_RADIOTAP_F_WEP)
1110 printf("wep ");
1111 if (u.u8 & IEEE80211_RADIOTAP_F_FRAG)
1112 printf("fragmented ");
1113 if (u.u8 & IEEE80211_RADIOTAP_F_BADFCS)
1114 printf("bad-fcs ");
1115 break;
1116 case IEEE80211_RADIOTAP_ANTENNA:
1117 printf("antenna %d ", u.u8);
1118 break;
1119 case IEEE80211_RADIOTAP_TSFT:
1120 printf("%" PRIu64 "us tsft ", u.u64);
1121 break;
1122 }
1123 return 0;
1124 }
1125
1126 static u_int
ieee802_11_radio_print(const u_char * p,u_int length,u_int caplen)1127 ieee802_11_radio_print(const u_char *p, u_int length, u_int caplen)
1128 {
1129 #define BITNO_32(x) (((x) >> 16) ? 16 + BITNO_16((x) >> 16) : BITNO_16((x)))
1130 #define BITNO_16(x) (((x) >> 8) ? 8 + BITNO_8((x) >> 8) : BITNO_8((x)))
1131 #define BITNO_8(x) (((x) >> 4) ? 4 + BITNO_4((x) >> 4) : BITNO_4((x)))
1132 #define BITNO_4(x) (((x) >> 2) ? 2 + BITNO_2((x) >> 2) : BITNO_2((x)))
1133 #define BITNO_2(x) (((x) & 2) ? 1 : 0)
1134 #define BIT(n) (1 << n)
1135 #define IS_EXTENDED(__p) \
1136 (EXTRACT_LE_32BITS(__p) & BIT(IEEE80211_RADIOTAP_EXT)) != 0
1137
1138 struct cpack_state cpacker;
1139 struct ieee80211_radiotap_header *hdr;
1140 u_int32_t present, next_present;
1141 u_int32_t *presentp, *last_presentp;
1142 enum ieee80211_radiotap_type bit;
1143 int bit0;
1144 const u_char *iter;
1145 u_int len;
1146 int pad;
1147
1148 if (caplen < sizeof(*hdr)) {
1149 printf("[|802.11]");
1150 return caplen;
1151 }
1152
1153 hdr = (struct ieee80211_radiotap_header *)p;
1154
1155 len = EXTRACT_LE_16BITS(&hdr->it_len);
1156
1157 if (caplen < len) {
1158 printf("[|802.11]");
1159 return caplen;
1160 }
1161 for (last_presentp = &hdr->it_present;
1162 IS_EXTENDED(last_presentp) &&
1163 (u_char*)(last_presentp + 1) <= p + len;
1164 last_presentp++);
1165
1166 /* are there more bitmap extensions than bytes in header? */
1167 if (IS_EXTENDED(last_presentp)) {
1168 printf("[|802.11]");
1169 return caplen;
1170 }
1171
1172 iter = (u_char*)(last_presentp + 1);
1173
1174 if (cpack_init(&cpacker, (u_int8_t*)iter, len - (iter - p)) != 0) {
1175 /* XXX */
1176 printf("[|802.11]");
1177 return caplen;
1178 }
1179
1180 /* Assume no Atheros padding between 802.11 header and body */
1181 pad = 0;
1182 for (bit0 = 0, presentp = &hdr->it_present; presentp <= last_presentp;
1183 presentp++, bit0 += 32) {
1184 for (present = EXTRACT_LE_32BITS(presentp); present;
1185 present = next_present) {
1186 /* clear the least significant bit that is set */
1187 next_present = present & (present - 1);
1188
1189 /* extract the least significant bit that is set */
1190 bit = (enum ieee80211_radiotap_type)
1191 (bit0 + BITNO_32(present ^ next_present));
1192
1193 if (print_radiotap_field(&cpacker, bit, &pad) != 0)
1194 goto out;
1195 }
1196 }
1197 out:
1198 return len + ieee802_11_print(p + len, length - len, caplen - len, pad);
1199 #undef BITNO_32
1200 #undef BITNO_16
1201 #undef BITNO_8
1202 #undef BITNO_4
1203 #undef BITNO_2
1204 #undef BIT
1205 }
1206
1207 static u_int
ieee802_11_avs_radio_print(const u_char * p,u_int length,u_int caplen)1208 ieee802_11_avs_radio_print(const u_char *p, u_int length, u_int caplen)
1209 {
1210 u_int32_t caphdr_len;
1211
1212 caphdr_len = EXTRACT_32BITS(p + 4);
1213 if (caphdr_len < 8) {
1214 /*
1215 * Yow! The capture header length is claimed not
1216 * to be large enough to include even the version
1217 * cookie or capture header length!
1218 */
1219 printf("[|802.11]");
1220 return caplen;
1221 }
1222
1223 if (caplen < caphdr_len) {
1224 printf("[|802.11]");
1225 return caplen;
1226 }
1227
1228 return caphdr_len + ieee802_11_print(p + caphdr_len,
1229 length - caphdr_len, caplen - caphdr_len, 0);
1230 }
1231
1232 #define PRISM_HDR_LEN 144
1233
1234 #define WLANCAP_MAGIC_COOKIE_V1 0x80211001
1235
1236 /*
1237 * For DLT_PRISM_HEADER; like DLT_IEEE802_11, but with an extra header,
1238 * containing information such as radio information, which we
1239 * currently ignore.
1240 *
1241 * If, however, the packet begins with WLANCAP_MAGIC_COOKIE_V1, it's
1242 * really DLT_IEEE802_11_RADIO (currently, on Linux, there's no
1243 * ARPHRD_ type for DLT_IEEE802_11_RADIO, as there is a
1244 * ARPHRD_IEEE80211_PRISM for DLT_PRISM_HEADER, so
1245 * ARPHRD_IEEE80211_PRISM is used for DLT_IEEE802_11_RADIO, and
1246 * the first 4 bytes of the header are used to indicate which it is).
1247 */
1248 u_int
prism_if_print(const struct pcap_pkthdr * h,const u_char * p)1249 prism_if_print(const struct pcap_pkthdr *h, const u_char *p)
1250 {
1251 u_int caplen = h->caplen;
1252 u_int length = h->len;
1253
1254 if (caplen < 4) {
1255 printf("[|802.11]");
1256 return caplen;
1257 }
1258
1259 if (EXTRACT_32BITS(p) == WLANCAP_MAGIC_COOKIE_V1)
1260 return ieee802_11_avs_radio_print(p, length, caplen);
1261
1262 if (caplen < PRISM_HDR_LEN) {
1263 printf("[|802.11]");
1264 return caplen;
1265 }
1266
1267 return PRISM_HDR_LEN + ieee802_11_print(p + PRISM_HDR_LEN,
1268 length - PRISM_HDR_LEN, caplen - PRISM_HDR_LEN, 0);
1269 }
1270
1271 /*
1272 * For DLT_IEEE802_11_RADIO; like DLT_IEEE802_11, but with an extra
1273 * header, containing information such as radio information, which we
1274 * currently ignore.
1275 */
1276 u_int
ieee802_11_radio_if_print(const struct pcap_pkthdr * h,const u_char * p)1277 ieee802_11_radio_if_print(const struct pcap_pkthdr *h, const u_char *p)
1278 {
1279 u_int caplen = h->caplen;
1280 u_int length = h->len;
1281
1282 if (caplen < 8) {
1283 printf("[|802.11]");
1284 return caplen;
1285 }
1286
1287 return ieee802_11_radio_print(p, length, caplen);
1288 }
1289