• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (c) 2001
3  *	Fortress Technologies, Inc.  All rights reserved.
4  *      Charlie Lenahan (clenahan@fortresstech.com)
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that: (1) source code distributions
8  * retain the above copyright notice and this paragraph in its entirety, (2)
9  * distributions including binary code include the above copyright notice and
10  * this paragraph in its entirety in the documentation or other materials
11  * provided with the distribution, and (3) all advertising materials mentioning
12  * features or use of this software display the following acknowledgement:
13  * ``This product includes software developed by the University of California,
14  * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
15  * the University nor the names of its contributors may be used to endorse
16  * or promote products derived from this software without specific prior
17  * written permission.
18  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
19  * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
20  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
21  */
22 
23 #ifndef lint
24 static const char rcsid[] _U_ =
25     "@(#) $Header: /tcpdump/master/tcpdump/print-802_11.c,v 1.31.2.15 2007/07/22 23:14:14 guy Exp $ (LBL)";
26 #endif
27 
28 #ifdef HAVE_CONFIG_H
29 #include "config.h"
30 #endif
31 
32 #include <tcpdump-stdinc.h>
33 
34 #include <stdio.h>
35 #include <pcap.h>
36 #include <string.h>
37 
38 #include "interface.h"
39 #include "addrtoname.h"
40 #include "ethertype.h"
41 
42 #include "extract.h"
43 
44 #include "cpack.h"
45 
46 #include "ieee802_11.h"
47 #include "ieee802_11_radio.h"
48 
49 #define PRINT_SSID(p) \
50 	switch (p.ssid_status) { \
51 	case TRUNCATED: \
52 		return 0; \
53 	case PRESENT: \
54 		printf(" ("); \
55 		fn_print(p.ssid.ssid, NULL); \
56 		printf(")"); \
57 		break; \
58 	case NOT_PRESENT: \
59 		break; \
60 	}
61 
62 #define PRINT_RATE(_sep, _r, _suf) \
63 	printf("%s%2.1f%s", _sep, (.5 * ((_r) & 0x7f)), _suf)
64 #define PRINT_RATES(p) \
65 	switch (p.rates_status) { \
66 	case TRUNCATED: \
67 		return 0; \
68 	case PRESENT: \
69 		do { \
70 			int z; \
71 			const char *sep = " ["; \
72 			for (z = 0; z < p.rates.length ; z++) { \
73 				PRINT_RATE(sep, p.rates.rate[z], \
74 					(p.rates.rate[z] & 0x80 ? "*" : "")); \
75 				sep = " "; \
76 			} \
77 			if (p.rates.length != 0) \
78 				printf(" Mbit]"); \
79 		} while (0); \
80 		break; \
81 	case NOT_PRESENT: \
82 		break; \
83 	}
84 
85 #define PRINT_DS_CHANNEL(p) \
86 	switch (p.ds_status) { \
87 	case TRUNCATED: \
88 		return 0; \
89 	case PRESENT: \
90 		printf(" CH: %u", p.ds.channel); \
91 		break; \
92 	case NOT_PRESENT: \
93 		break; \
94 	} \
95 	printf("%s", \
96 	    CAPABILITY_PRIVACY(p.capability_info) ? ", PRIVACY" : "" );
97 
98 static const char *auth_alg_text[]={"Open System","Shared Key","EAP"};
99 #define NUM_AUTH_ALGS	(sizeof auth_alg_text / sizeof auth_alg_text[0])
100 
101 static const char *status_text[] = {
102 	"Succesful",  /*  0  */
103 	"Unspecified failure",  /*  1  */
104 	"Reserved",	  /*  2  */
105 	"Reserved",	  /*  3  */
106 	"Reserved",	  /*  4  */
107 	"Reserved",	  /*  5  */
108 	"Reserved",	  /*  6  */
109 	"Reserved",	  /*  7  */
110 	"Reserved",	  /*  8  */
111 	"Reserved",	  /*  9  */
112 	"Cannot Support all requested capabilities in the Capability Information field",	  /*  10  */
113 	"Reassociation denied due to inability to confirm that association exists",	  /*  11  */
114 	"Association denied due to reason outside the scope of the standard",	  /*  12  */
115 	"Responding station does not support the specified authentication algorithm ",	  /*  13  */
116 	"Received an Authentication frame with authentication transaction " \
117 		"sequence number out of expected sequence",	  /*  14  */
118 	"Authentication rejected because of challenge failure",	  /*  15 */
119 	"Authentication rejected due to timeout waiting for next frame in sequence",	  /*  16 */
120 	"Association denied because AP is unable to handle additional associated stations",	  /*  17 */
121 	"Association denied due to requesting station not supporting all of the " \
122 		"data rates in BSSBasicRateSet parameter",	  /*  18 */
123 };
124 #define NUM_STATUSES	(sizeof status_text / sizeof status_text[0])
125 
126 static const char *reason_text[] = {
127 	"Reserved", /* 0 */
128 	"Unspecified reason", /* 1 */
129 	"Previous authentication no longer valid",  /* 2 */
130 	"Deauthenticated because sending station is leaving (or has left) IBSS or ESS", /* 3 */
131 	"Disassociated due to inactivity", /* 4 */
132 	"Disassociated because AP is unable to handle all currently associated stations", /* 5 */
133 	"Class 2 frame received from nonauthenticated station", /* 6 */
134 	"Class 3 frame received from nonassociated station", /* 7 */
135 	"Disassociated because sending station is leaving (or has left) BSS", /* 8 */
136 	"Station requesting (re)association is not authenticated with responding station", /* 9 */
137 };
138 #define NUM_REASONS	(sizeof reason_text / sizeof reason_text[0])
139 
140 static int
wep_print(const u_char * p)141 wep_print(const u_char *p)
142 {
143 	u_int32_t iv;
144 
145 	if (!TTEST2(*p, IEEE802_11_IV_LEN + IEEE802_11_KID_LEN))
146 		return 0;
147 	iv = EXTRACT_LE_32BITS(p);
148 
149 	printf("Data IV:%3x Pad %x KeyID %x", IV_IV(iv), IV_PAD(iv),
150 	    IV_KEYID(iv));
151 
152 	return 1;
153 }
154 
155 static void
parse_elements(struct mgmt_body_t * pbody,const u_char * p,int offset)156 parse_elements(struct mgmt_body_t *pbody, const u_char *p, int offset)
157 {
158 	/*
159 	 * We haven't seen any elements yet.
160 	 */
161 	pbody->challenge_status = NOT_PRESENT;
162 	pbody->ssid_status = NOT_PRESENT;
163 	pbody->rates_status = NOT_PRESENT;
164 	pbody->ds_status = NOT_PRESENT;
165 	pbody->cf_status = NOT_PRESENT;
166 	pbody->tim_status = NOT_PRESENT;
167 
168 	for (;;) {
169 		if (!TTEST2(*(p + offset), 1))
170 			return;
171 		switch (*(p + offset)) {
172 		case E_SSID:
173 			/* Present, possibly truncated */
174 			pbody->ssid_status = TRUNCATED;
175 			if (!TTEST2(*(p + offset), 2))
176 				return;
177 			memcpy(&pbody->ssid, p + offset, 2);
178 			offset += 2;
179 			if (pbody->ssid.length != 0) {
180 				if (pbody->ssid.length >
181 				    sizeof(pbody->ssid.ssid) - 1)
182 					return;
183 				if (!TTEST2(*(p + offset), pbody->ssid.length))
184 					return;
185 				memcpy(&pbody->ssid.ssid, p + offset,
186 				    pbody->ssid.length);
187 				offset += pbody->ssid.length;
188 			}
189 			pbody->ssid.ssid[pbody->ssid.length] = '\0';
190 			/* Present and not truncated */
191 			pbody->ssid_status = PRESENT;
192 			break;
193 		case E_CHALLENGE:
194 			/* Present, possibly truncated */
195 			pbody->challenge_status = TRUNCATED;
196 			if (!TTEST2(*(p + offset), 2))
197 				return;
198 			memcpy(&pbody->challenge, p + offset, 2);
199 			offset += 2;
200 			if (pbody->challenge.length != 0) {
201 				if (pbody->challenge.length >
202 				    sizeof(pbody->challenge.text) - 1)
203 					return;
204 				if (!TTEST2(*(p + offset), pbody->challenge.length))
205 					return;
206 				memcpy(&pbody->challenge.text, p + offset,
207 				    pbody->challenge.length);
208 				offset += pbody->challenge.length;
209 			}
210 			pbody->challenge.text[pbody->challenge.length] = '\0';
211 			/* Present and not truncated */
212 			pbody->challenge_status = PRESENT;
213 			break;
214 		case E_RATES:
215 			/* Present, possibly truncated */
216 			pbody->rates_status = TRUNCATED;
217 			if (!TTEST2(*(p + offset), 2))
218 				return;
219 			memcpy(&(pbody->rates), p + offset, 2);
220 			offset += 2;
221 			if (pbody->rates.length != 0) {
222 				if (pbody->rates.length > sizeof pbody->rates.rate)
223 					return;
224 				if (!TTEST2(*(p + offset), pbody->rates.length))
225 					return;
226 				memcpy(&pbody->rates.rate, p + offset,
227 				    pbody->rates.length);
228 				offset += pbody->rates.length;
229 			}
230 			/* Present and not truncated */
231 			pbody->rates_status = PRESENT;
232 			break;
233 		case E_DS:
234 			/* Present, possibly truncated */
235 			pbody->ds_status = TRUNCATED;
236 			if (!TTEST2(*(p + offset), 3))
237 				return;
238 			memcpy(&pbody->ds, p + offset, 3);
239 			offset += 3;
240 			/* Present and not truncated */
241 			pbody->ds_status = PRESENT;
242 			break;
243 		case E_CF:
244 			/* Present, possibly truncated */
245 			pbody->cf_status = TRUNCATED;
246 			if (!TTEST2(*(p + offset), 8))
247 				return;
248 			memcpy(&pbody->cf, p + offset, 8);
249 			offset += 8;
250 			/* Present and not truncated */
251 			pbody->cf_status = PRESENT;
252 			break;
253 		case E_TIM:
254 			/* Present, possibly truncated */
255 			pbody->tim_status = TRUNCATED;
256 			if (!TTEST2(*(p + offset), 2))
257 				return;
258 			memcpy(&pbody->tim, p + offset, 2);
259 			offset += 2;
260 			if (!TTEST2(*(p + offset), 3))
261 				return;
262 			memcpy(&pbody->tim.count, p + offset, 3);
263 			offset += 3;
264 
265 			if (pbody->tim.length <= 3)
266 				break;
267 			if (pbody->tim.length - 3 > sizeof pbody->tim.bitmap)
268 				return;
269 			if (!TTEST2(*(p + offset), pbody->tim.length - 3))
270 				return;
271 			memcpy(pbody->tim.bitmap, p + (pbody->tim.length - 3),
272 			    (pbody->tim.length - 3));
273 			offset += pbody->tim.length - 3;
274 			/* Present and not truncated */
275 			pbody->tim_status = PRESENT;
276 			break;
277 		default:
278 #if 0
279 			printf("(1) unhandled element_id (%d)  ",
280 			    *(p + offset) );
281 #endif
282 			if (!TTEST2(*(p + offset), 2))
283 				return;
284 			if (!TTEST2(*(p + offset + 2), *(p + offset + 1)))
285 				return;
286 			offset += *(p + offset + 1) + 2;
287 			break;
288 		}
289 	}
290 }
291 
292 /*********************************************************************************
293  * Print Handle functions for the management frame types
294  *********************************************************************************/
295 
296 static int
handle_beacon(const u_char * p)297 handle_beacon(const u_char *p)
298 {
299 	struct mgmt_body_t pbody;
300 	int offset = 0;
301 
302 	memset(&pbody, 0, sizeof(pbody));
303 
304 	if (!TTEST2(*p, IEEE802_11_TSTAMP_LEN + IEEE802_11_BCNINT_LEN +
305 	    IEEE802_11_CAPINFO_LEN))
306 		return 0;
307 	memcpy(&pbody.timestamp, p, IEEE802_11_TSTAMP_LEN);
308 	offset += IEEE802_11_TSTAMP_LEN;
309 	pbody.beacon_interval = EXTRACT_LE_16BITS(p+offset);
310 	offset += IEEE802_11_BCNINT_LEN;
311 	pbody.capability_info = EXTRACT_LE_16BITS(p+offset);
312 	offset += IEEE802_11_CAPINFO_LEN;
313 
314 	parse_elements(&pbody, p, offset);
315 
316 	PRINT_SSID(pbody);
317 	PRINT_RATES(pbody);
318 	printf(" %s",
319 	    CAPABILITY_ESS(pbody.capability_info) ? "ESS" : "IBSS");
320 	PRINT_DS_CHANNEL(pbody);
321 
322 	return 1;
323 }
324 
325 static int
handle_assoc_request(const u_char * p)326 handle_assoc_request(const u_char *p)
327 {
328 	struct mgmt_body_t pbody;
329 	int offset = 0;
330 
331 	memset(&pbody, 0, sizeof(pbody));
332 
333 	if (!TTEST2(*p, IEEE802_11_CAPINFO_LEN + IEEE802_11_LISTENINT_LEN))
334 		return 0;
335 	pbody.capability_info = EXTRACT_LE_16BITS(p);
336 	offset += IEEE802_11_CAPINFO_LEN;
337 	pbody.listen_interval = EXTRACT_LE_16BITS(p+offset);
338 	offset += IEEE802_11_LISTENINT_LEN;
339 
340 	parse_elements(&pbody, p, offset);
341 
342 	PRINT_SSID(pbody);
343 	PRINT_RATES(pbody);
344 	return 1;
345 }
346 
347 static int
handle_assoc_response(const u_char * p)348 handle_assoc_response(const u_char *p)
349 {
350 	struct mgmt_body_t pbody;
351 	int offset = 0;
352 
353 	memset(&pbody, 0, sizeof(pbody));
354 
355 	if (!TTEST2(*p, IEEE802_11_CAPINFO_LEN + IEEE802_11_STATUS_LEN +
356 	    IEEE802_11_AID_LEN))
357 		return 0;
358 	pbody.capability_info = EXTRACT_LE_16BITS(p);
359 	offset += IEEE802_11_CAPINFO_LEN;
360 	pbody.status_code = EXTRACT_LE_16BITS(p+offset);
361 	offset += IEEE802_11_STATUS_LEN;
362 	pbody.aid = EXTRACT_LE_16BITS(p+offset);
363 	offset += IEEE802_11_AID_LEN;
364 
365 	parse_elements(&pbody, p, offset);
366 
367 	printf(" AID(%x) :%s: %s", ((u_int16_t)(pbody.aid << 2 )) >> 2 ,
368 	    CAPABILITY_PRIVACY(pbody.capability_info) ? " PRIVACY " : "",
369 	    (pbody.status_code < NUM_STATUSES
370 		? status_text[pbody.status_code]
371 		: "n/a"));
372 
373 	return 1;
374 }
375 
376 static int
handle_reassoc_request(const u_char * p)377 handle_reassoc_request(const u_char *p)
378 {
379 	struct mgmt_body_t pbody;
380 	int offset = 0;
381 
382 	memset(&pbody, 0, sizeof(pbody));
383 
384 	if (!TTEST2(*p, IEEE802_11_CAPINFO_LEN + IEEE802_11_LISTENINT_LEN +
385 	    IEEE802_11_AP_LEN))
386 		return 0;
387 	pbody.capability_info = EXTRACT_LE_16BITS(p);
388 	offset += IEEE802_11_CAPINFO_LEN;
389 	pbody.listen_interval = EXTRACT_LE_16BITS(p+offset);
390 	offset += IEEE802_11_LISTENINT_LEN;
391 	memcpy(&pbody.ap, p+offset, IEEE802_11_AP_LEN);
392 	offset += IEEE802_11_AP_LEN;
393 
394 	parse_elements(&pbody, p, offset);
395 
396 	PRINT_SSID(pbody);
397 	printf(" AP : %s", etheraddr_string( pbody.ap ));
398 
399 	return 1;
400 }
401 
402 static int
handle_reassoc_response(const u_char * p)403 handle_reassoc_response(const u_char *p)
404 {
405 	/* Same as a Association Reponse */
406 	return handle_assoc_response(p);
407 }
408 
409 static int
handle_probe_request(const u_char * p)410 handle_probe_request(const u_char *p)
411 {
412 	struct mgmt_body_t  pbody;
413 	int offset = 0;
414 
415 	memset(&pbody, 0, sizeof(pbody));
416 
417 	parse_elements(&pbody, p, offset);
418 
419 	PRINT_SSID(pbody);
420 	PRINT_RATES(pbody);
421 
422 	return 1;
423 }
424 
425 static int
handle_probe_response(const u_char * p)426 handle_probe_response(const u_char *p)
427 {
428 	struct mgmt_body_t  pbody;
429 	int offset = 0;
430 
431 	memset(&pbody, 0, sizeof(pbody));
432 
433 	if (!TTEST2(*p, IEEE802_11_TSTAMP_LEN + IEEE802_11_BCNINT_LEN +
434 	    IEEE802_11_CAPINFO_LEN))
435 		return 0;
436 
437 	memcpy(&pbody.timestamp, p, IEEE802_11_TSTAMP_LEN);
438 	offset += IEEE802_11_TSTAMP_LEN;
439 	pbody.beacon_interval = EXTRACT_LE_16BITS(p+offset);
440 	offset += IEEE802_11_BCNINT_LEN;
441 	pbody.capability_info = EXTRACT_LE_16BITS(p+offset);
442 	offset += IEEE802_11_CAPINFO_LEN;
443 
444 	parse_elements(&pbody, p, offset);
445 
446 	PRINT_SSID(pbody);
447 	PRINT_RATES(pbody);
448 	PRINT_DS_CHANNEL(pbody);
449 
450 	return 1;
451 }
452 
453 static int
handle_atim(void)454 handle_atim(void)
455 {
456 	/* the frame body for ATIM is null. */
457 	return 1;
458 }
459 
460 static int
handle_disassoc(const u_char * p)461 handle_disassoc(const u_char *p)
462 {
463 	struct mgmt_body_t  pbody;
464 
465 	memset(&pbody, 0, sizeof(pbody));
466 
467 	if (!TTEST2(*p, IEEE802_11_REASON_LEN))
468 		return 0;
469 	pbody.reason_code = EXTRACT_LE_16BITS(p);
470 
471 	printf(": %s",
472 	    (pbody.reason_code < NUM_REASONS)
473 		? reason_text[pbody.reason_code]
474 		: "Reserved" );
475 
476 	return 1;
477 }
478 
479 static int
handle_auth(const u_char * p)480 handle_auth(const u_char *p)
481 {
482 	struct mgmt_body_t  pbody;
483 	int offset = 0;
484 
485 	memset(&pbody, 0, sizeof(pbody));
486 
487 	if (!TTEST2(*p, 6))
488 		return 0;
489 	pbody.auth_alg = EXTRACT_LE_16BITS(p);
490 	offset += 2;
491 	pbody.auth_trans_seq_num = EXTRACT_LE_16BITS(p + offset);
492 	offset += 2;
493 	pbody.status_code = EXTRACT_LE_16BITS(p + offset);
494 	offset += 2;
495 
496 	parse_elements(&pbody, p, offset);
497 
498 	if ((pbody.auth_alg == 1) &&
499 	    ((pbody.auth_trans_seq_num == 2) ||
500 	     (pbody.auth_trans_seq_num == 3))) {
501 		printf(" (%s)-%x [Challenge Text] %s",
502 		    (pbody.auth_alg < NUM_AUTH_ALGS)
503 			? auth_alg_text[pbody.auth_alg]
504 			: "Reserved",
505 		    pbody.auth_trans_seq_num,
506 		    ((pbody.auth_trans_seq_num % 2)
507 		        ? ((pbody.status_code < NUM_STATUSES)
508 			       ? status_text[pbody.status_code]
509 			       : "n/a") : ""));
510 		return 1;
511 	}
512 	printf(" (%s)-%x: %s",
513 	    (pbody.auth_alg < NUM_AUTH_ALGS)
514 		? auth_alg_text[pbody.auth_alg]
515 		: "Reserved",
516 	    pbody.auth_trans_seq_num,
517 	    (pbody.auth_trans_seq_num % 2)
518 	        ? ((pbody.status_code < NUM_STATUSES)
519 		    ? status_text[pbody.status_code]
520 	            : "n/a")
521 	        : "");
522 
523 	return 1;
524 }
525 
526 static int
handle_deauth(const struct mgmt_header_t * pmh,const u_char * p)527 handle_deauth(const struct mgmt_header_t *pmh, const u_char *p)
528 {
529 	struct mgmt_body_t  pbody;
530 	int offset = 0;
531 	const char *reason = NULL;
532 
533 	memset(&pbody, 0, sizeof(pbody));
534 
535 	if (!TTEST2(*p, IEEE802_11_REASON_LEN))
536 		return 0;
537 	pbody.reason_code = EXTRACT_LE_16BITS(p);
538 	offset += IEEE802_11_REASON_LEN;
539 
540 	reason = (pbody.reason_code < NUM_REASONS)
541 			? reason_text[pbody.reason_code]
542 			: "Reserved";
543 
544 	if (eflag) {
545 		printf(": %s", reason);
546 	} else {
547 		printf(" (%s): %s", etheraddr_string(pmh->sa), reason);
548 	}
549 	return 1;
550 }
551 
552 
553 /*********************************************************************************
554  * Print Body funcs
555  *********************************************************************************/
556 
557 
558 static int
mgmt_body_print(u_int16_t fc,const struct mgmt_header_t * pmh,const u_char * p)559 mgmt_body_print(u_int16_t fc, const struct mgmt_header_t *pmh,
560     const u_char *p)
561 {
562 	switch (FC_SUBTYPE(fc)) {
563 	case ST_ASSOC_REQUEST:
564 		printf("Assoc Request");
565 		return handle_assoc_request(p);
566 	case ST_ASSOC_RESPONSE:
567 		printf("Assoc Response");
568 		return handle_assoc_response(p);
569 	case ST_REASSOC_REQUEST:
570 		printf("ReAssoc Request");
571 		return handle_reassoc_request(p);
572 	case ST_REASSOC_RESPONSE:
573 		printf("ReAssoc Response");
574 		return handle_reassoc_response(p);
575 	case ST_PROBE_REQUEST:
576 		printf("Probe Request");
577 		return handle_probe_request(p);
578 	case ST_PROBE_RESPONSE:
579 		printf("Probe Response");
580 		return handle_probe_response(p);
581 	case ST_BEACON:
582 		printf("Beacon");
583 		return handle_beacon(p);
584 	case ST_ATIM:
585 		printf("ATIM");
586 		return handle_atim();
587 	case ST_DISASSOC:
588 		printf("Disassociation");
589 		return handle_disassoc(p);
590 	case ST_AUTH:
591 		printf("Authentication");
592 		if (!TTEST2(*p, 3))
593 			return 0;
594 		if ((p[0] == 0 ) && (p[1] == 0) && (p[2] == 0)) {
595 			printf("Authentication (Shared-Key)-3 ");
596 			return wep_print(p);
597 		}
598 		return handle_auth(p);
599 	case ST_DEAUTH:
600 		printf("DeAuthentication");
601 		return handle_deauth(pmh, p);
602 		break;
603 	default:
604 		printf("Unhandled Management subtype(%x)",
605 		    FC_SUBTYPE(fc));
606 		return 1;
607 	}
608 }
609 
610 
611 /*********************************************************************************
612  * Handles printing all the control frame types
613  *********************************************************************************/
614 
615 static int
ctrl_body_print(u_int16_t fc,const u_char * p)616 ctrl_body_print(u_int16_t fc, const u_char *p)
617 {
618 	switch (FC_SUBTYPE(fc)) {
619 	case CTRL_PS_POLL:
620 		printf("Power Save-Poll");
621 		if (!TTEST2(*p, CTRL_PS_POLL_HDRLEN))
622 			return 0;
623 		printf(" AID(%x)",
624 		    EXTRACT_LE_16BITS(&(((const struct ctrl_ps_poll_t *)p)->aid)));
625 		break;
626 	case CTRL_RTS:
627 		printf("Request-To-Send");
628 		if (!TTEST2(*p, CTRL_RTS_HDRLEN))
629 			return 0;
630 		if (!eflag)
631 			printf(" TA:%s ",
632 			    etheraddr_string(((const struct ctrl_rts_t *)p)->ta));
633 		break;
634 	case CTRL_CTS:
635 		printf("Clear-To-Send");
636 		if (!TTEST2(*p, CTRL_CTS_HDRLEN))
637 			return 0;
638 		if (!eflag)
639 			printf(" RA:%s ",
640 			    etheraddr_string(((const struct ctrl_cts_t *)p)->ra));
641 		break;
642 	case CTRL_ACK:
643 		printf("Acknowledgment");
644 		if (!TTEST2(*p, CTRL_ACK_HDRLEN))
645 			return 0;
646 		if (!eflag)
647 			printf(" RA:%s ",
648 			    etheraddr_string(((const struct ctrl_ack_t *)p)->ra));
649 		break;
650 	case CTRL_CF_END:
651 		printf("CF-End");
652 		if (!TTEST2(*p, CTRL_END_HDRLEN))
653 			return 0;
654 		if (!eflag)
655 			printf(" RA:%s ",
656 			    etheraddr_string(((const struct ctrl_end_t *)p)->ra));
657 		break;
658 	case CTRL_END_ACK:
659 		printf("CF-End+CF-Ack");
660 		if (!TTEST2(*p, CTRL_END_ACK_HDRLEN))
661 			return 0;
662 		if (!eflag)
663 			printf(" RA:%s ",
664 			    etheraddr_string(((const struct ctrl_end_ack_t *)p)->ra));
665 		break;
666 	default:
667 		printf("Unknown Ctrl Subtype");
668 	}
669 	return 1;
670 }
671 
672 /*
673  * Print Header funcs
674  */
675 
676 /*
677  *  Data Frame - Address field contents
678  *
679  *  To Ds  | From DS | Addr 1 | Addr 2 | Addr 3 | Addr 4
680  *    0    |  0      |  DA    | SA     | BSSID  | n/a
681  *    0    |  1      |  DA    | BSSID  | SA     | n/a
682  *    1    |  0      |  BSSID | SA     | DA     | n/a
683  *    1    |  1      |  RA    | TA     | DA     | SA
684  */
685 
686 static void
data_header_print(u_int16_t fc,const u_char * p,const u_int8_t ** srcp,const u_int8_t ** dstp)687 data_header_print(u_int16_t fc, const u_char *p, const u_int8_t **srcp,
688     const u_int8_t **dstp)
689 {
690 	u_int subtype = FC_SUBTYPE(fc);
691 
692 	if (DATA_FRAME_IS_CF_ACK(subtype) || DATA_FRAME_IS_CF_POLL(subtype) ||
693 	    DATA_FRAME_IS_QOS(subtype)) {
694 		printf("CF ");
695 		if (DATA_FRAME_IS_CF_ACK(subtype)) {
696 			if (DATA_FRAME_IS_CF_POLL(subtype))
697 				printf("Ack/Poll");
698 			else
699 				printf("Ack");
700 		} else {
701 			if (DATA_FRAME_IS_CF_POLL(subtype))
702 				printf("Poll");
703 		}
704 		if (DATA_FRAME_IS_QOS(subtype))
705 			printf("+QoS");
706 		printf(" ");
707 	}
708 
709 #define ADDR1  (p + 4)
710 #define ADDR2  (p + 10)
711 #define ADDR3  (p + 16)
712 #define ADDR4  (p + 24)
713 
714 	if (!FC_TO_DS(fc) && !FC_FROM_DS(fc)) {
715 		if (srcp != NULL)
716 			*srcp = ADDR2;
717 		if (dstp != NULL)
718 			*dstp = ADDR1;
719 		if (!eflag)
720 			return;
721 		printf("DA:%s SA:%s BSSID:%s ",
722 		    etheraddr_string(ADDR1), etheraddr_string(ADDR2),
723 		    etheraddr_string(ADDR3));
724 	} else if (!FC_TO_DS(fc) && FC_FROM_DS(fc)) {
725 		if (srcp != NULL)
726 			*srcp = ADDR3;
727 		if (dstp != NULL)
728 			*dstp = ADDR1;
729 		if (!eflag)
730 			return;
731 		printf("DA:%s BSSID:%s SA:%s ",
732 		    etheraddr_string(ADDR1), etheraddr_string(ADDR2),
733 		    etheraddr_string(ADDR3));
734 	} else if (FC_TO_DS(fc) && !FC_FROM_DS(fc)) {
735 		if (srcp != NULL)
736 			*srcp = ADDR2;
737 		if (dstp != NULL)
738 			*dstp = ADDR3;
739 		if (!eflag)
740 			return;
741 		printf("BSSID:%s SA:%s DA:%s ",
742 		    etheraddr_string(ADDR1), etheraddr_string(ADDR2),
743 		    etheraddr_string(ADDR3));
744 	} else if (FC_TO_DS(fc) && FC_FROM_DS(fc)) {
745 		if (srcp != NULL)
746 			*srcp = ADDR4;
747 		if (dstp != NULL)
748 			*dstp = ADDR3;
749 		if (!eflag)
750 			return;
751 		printf("RA:%s TA:%s DA:%s SA:%s ",
752 		    etheraddr_string(ADDR1), etheraddr_string(ADDR2),
753 		    etheraddr_string(ADDR3), etheraddr_string(ADDR4));
754 	}
755 
756 #undef ADDR1
757 #undef ADDR2
758 #undef ADDR3
759 #undef ADDR4
760 }
761 
762 static void
mgmt_header_print(const u_char * p,const u_int8_t ** srcp,const u_int8_t ** dstp)763 mgmt_header_print(const u_char *p, const u_int8_t **srcp,
764     const u_int8_t **dstp)
765 {
766 	const struct mgmt_header_t *hp = (const struct mgmt_header_t *) p;
767 
768 	if (srcp != NULL)
769 		*srcp = hp->sa;
770 	if (dstp != NULL)
771 		*dstp = hp->da;
772 	if (!eflag)
773 		return;
774 
775 	printf("BSSID:%s DA:%s SA:%s ",
776 	    etheraddr_string((hp)->bssid), etheraddr_string((hp)->da),
777 	    etheraddr_string((hp)->sa));
778 }
779 
780 static void
ctrl_header_print(u_int16_t fc,const u_char * p,const u_int8_t ** srcp,const u_int8_t ** dstp)781 ctrl_header_print(u_int16_t fc, const u_char *p, const u_int8_t **srcp,
782     const u_int8_t **dstp)
783 {
784 	if (srcp != NULL)
785 		*srcp = NULL;
786 	if (dstp != NULL)
787 		*dstp = NULL;
788 	if (!eflag)
789 		return;
790 
791 	switch (FC_SUBTYPE(fc)) {
792 	case CTRL_PS_POLL:
793 		printf("BSSID:%s TA:%s ",
794 		    etheraddr_string(((const struct ctrl_ps_poll_t *)p)->bssid),
795 		    etheraddr_string(((const struct ctrl_ps_poll_t *)p)->ta));
796 		break;
797 	case CTRL_RTS:
798 		printf("RA:%s TA:%s ",
799 		    etheraddr_string(((const struct ctrl_rts_t *)p)->ra),
800 		    etheraddr_string(((const struct ctrl_rts_t *)p)->ta));
801 		break;
802 	case CTRL_CTS:
803 		printf("RA:%s ",
804 		    etheraddr_string(((const struct ctrl_cts_t *)p)->ra));
805 		break;
806 	case CTRL_ACK:
807 		printf("RA:%s ",
808 		    etheraddr_string(((const struct ctrl_ack_t *)p)->ra));
809 		break;
810 	case CTRL_CF_END:
811 		printf("RA:%s BSSID:%s ",
812 		    etheraddr_string(((const struct ctrl_end_t *)p)->ra),
813 		    etheraddr_string(((const struct ctrl_end_t *)p)->bssid));
814 		break;
815 	case CTRL_END_ACK:
816 		printf("RA:%s BSSID:%s ",
817 		    etheraddr_string(((const struct ctrl_end_ack_t *)p)->ra),
818 		    etheraddr_string(((const struct ctrl_end_ack_t *)p)->bssid));
819 		break;
820 	default:
821 		printf("(H) Unknown Ctrl Subtype");
822 		break;
823 	}
824 }
825 
826 static int
extract_header_length(u_int16_t fc)827 extract_header_length(u_int16_t fc)
828 {
829 	int len;
830 
831 	switch (FC_TYPE(fc)) {
832 	case T_MGMT:
833 		return MGMT_HDRLEN;
834 	case T_CTRL:
835 		switch (FC_SUBTYPE(fc)) {
836 		case CTRL_PS_POLL:
837 			return CTRL_PS_POLL_HDRLEN;
838 		case CTRL_RTS:
839 			return CTRL_RTS_HDRLEN;
840 		case CTRL_CTS:
841 			return CTRL_CTS_HDRLEN;
842 		case CTRL_ACK:
843 			return CTRL_ACK_HDRLEN;
844 		case CTRL_CF_END:
845 			return CTRL_END_HDRLEN;
846 		case CTRL_END_ACK:
847 			return CTRL_END_ACK_HDRLEN;
848 		default:
849 			return 0;
850 		}
851 	case T_DATA:
852 		len = (FC_TO_DS(fc) && FC_FROM_DS(fc)) ? 30 : 24;
853 		if (DATA_FRAME_IS_QOS(FC_SUBTYPE(fc)))
854 			len += 2;
855 		return len;
856 	default:
857 		printf("unknown IEEE802.11 frame type (%d)", FC_TYPE(fc));
858 		return 0;
859 	}
860 }
861 
862 /*
863  * Print the 802.11 MAC header if eflag is set, and set "*srcp" and "*dstp"
864  * to point to the source and destination MAC addresses in any case if
865  * "srcp" and "dstp" aren't null.
866  */
867 static inline void
ieee_802_11_hdr_print(u_int16_t fc,const u_char * p,const u_int8_t ** srcp,const u_int8_t ** dstp)868 ieee_802_11_hdr_print(u_int16_t fc, const u_char *p, const u_int8_t **srcp,
869     const u_int8_t **dstp)
870 {
871 	if (vflag) {
872 		if (FC_MORE_DATA(fc))
873 			printf("More Data ");
874 		if (FC_MORE_FLAG(fc))
875 			printf("More Fragments ");
876 		if (FC_POWER_MGMT(fc))
877 			printf("Pwr Mgmt ");
878 		if (FC_RETRY(fc))
879 			printf("Retry ");
880 		if (FC_ORDER(fc))
881 			printf("Strictly Ordered ");
882 		if (FC_WEP(fc))
883 			printf("WEP Encrypted ");
884 		if (FC_TYPE(fc) != T_CTRL || FC_SUBTYPE(fc) != CTRL_PS_POLL)
885 			printf("%dus ",
886 			    EXTRACT_LE_16BITS(
887 			        &((const struct mgmt_header_t *)p)->duration));
888 	}
889 
890 	switch (FC_TYPE(fc)) {
891 	case T_MGMT:
892 		mgmt_header_print(p, srcp, dstp);
893 		break;
894 	case T_CTRL:
895 		ctrl_header_print(fc, p, srcp, dstp);
896 		break;
897 	case T_DATA:
898 		data_header_print(fc, p, srcp, dstp);
899 		break;
900 	default:
901 		printf("(header) unknown IEEE802.11 frame type (%d)",
902 		    FC_TYPE(fc));
903 		*srcp = NULL;
904 		*dstp = NULL;
905 		break;
906 	}
907 }
908 
909 #ifndef roundup2
910 #define	roundup2(x, y)	(((x)+((y)-1))&(~((y)-1))) /* if y is powers of two */
911 #endif
912 
913 static u_int
ieee802_11_print(const u_char * p,u_int length,u_int caplen,int pad)914 ieee802_11_print(const u_char *p, u_int length, u_int caplen, int pad)
915 {
916 	u_int16_t fc;
917 	u_int hdrlen;
918 	const u_int8_t *src, *dst;
919 	u_short extracted_ethertype;
920 
921 	if (caplen < IEEE802_11_FC_LEN) {
922 		printf("[|802.11]");
923 		return caplen;
924 	}
925 
926 	fc = EXTRACT_LE_16BITS(p);
927 	hdrlen = extract_header_length(fc);
928 	if (pad)
929 		hdrlen = roundup2(hdrlen, 4);
930 
931 	if (caplen < hdrlen) {
932 		printf("[|802.11]");
933 		return hdrlen;
934 	}
935 
936 	ieee_802_11_hdr_print(fc, p, &src, &dst);
937 
938 	/*
939 	 * Go past the 802.11 header.
940 	 */
941 	length -= hdrlen;
942 	caplen -= hdrlen;
943 	p += hdrlen;
944 
945 	switch (FC_TYPE(fc)) {
946 	case T_MGMT:
947 		if (!mgmt_body_print(fc,
948 		    (const struct mgmt_header_t *)(p - hdrlen), p)) {
949 			printf("[|802.11]");
950 			return hdrlen;
951 		}
952 		break;
953 	case T_CTRL:
954 		if (!ctrl_body_print(fc, p - hdrlen)) {
955 			printf("[|802.11]");
956 			return hdrlen;
957 		}
958 		break;
959 	case T_DATA:
960 		if (DATA_FRAME_IS_NULL(FC_SUBTYPE(fc)))
961 			return hdrlen;	/* no-data frame */
962 		/* There may be a problem w/ AP not having this bit set */
963 		if (FC_WEP(fc)) {
964 			if (!wep_print(p)) {
965 				printf("[|802.11]");
966 				return hdrlen;
967 			}
968 		} else if (llc_print(p, length, caplen, dst, src,
969 		    &extracted_ethertype) == 0) {
970 			/*
971 			 * Some kinds of LLC packet we cannot
972 			 * handle intelligently
973 			 */
974 			if (!eflag)
975 				ieee_802_11_hdr_print(fc, p - hdrlen, NULL,
976 				    NULL);
977 			if (extracted_ethertype)
978 				printf("(LLC %s) ",
979 				    etherproto_string(
980 				        htons(extracted_ethertype)));
981 			if (!suppress_default_print)
982 				default_print(p, caplen);
983 		}
984 		break;
985 	default:
986 		printf("unknown 802.11 frame type (%d)", FC_TYPE(fc));
987 		break;
988 	}
989 
990 	return hdrlen;
991 }
992 
993 /*
994  * This is the top level routine of the printer.  'p' points
995  * to the 802.11 header of the packet, 'h->ts' is the timestamp,
996  * 'h->len' is the length of the packet off the wire, and 'h->caplen'
997  * is the number of bytes actually captured.
998  */
999 u_int
ieee802_11_if_print(const struct pcap_pkthdr * h,const u_char * p)1000 ieee802_11_if_print(const struct pcap_pkthdr *h, const u_char *p)
1001 {
1002 	return ieee802_11_print(p, h->len, h->caplen, 0);
1003 }
1004 
1005 static int
print_radiotap_field(struct cpack_state * s,u_int32_t bit,int * pad)1006 print_radiotap_field(struct cpack_state *s, u_int32_t bit, int *pad)
1007 {
1008 	union {
1009 		int8_t		i8;
1010 		u_int8_t	u8;
1011 		int16_t		i16;
1012 		u_int16_t	u16;
1013 		u_int32_t	u32;
1014 		u_int64_t	u64;
1015 	} u, u2;
1016 	int rc;
1017 
1018 	switch (bit) {
1019 	case IEEE80211_RADIOTAP_FLAGS:
1020 		rc = cpack_uint8(s, &u.u8);
1021 		if (u.u8 & IEEE80211_RADIOTAP_F_DATAPAD)
1022 			*pad = 1;
1023 		break;
1024 	case IEEE80211_RADIOTAP_RATE:
1025 	case IEEE80211_RADIOTAP_DB_ANTSIGNAL:
1026 	case IEEE80211_RADIOTAP_DB_ANTNOISE:
1027 	case IEEE80211_RADIOTAP_ANTENNA:
1028 		rc = cpack_uint8(s, &u.u8);
1029 		break;
1030 	case IEEE80211_RADIOTAP_DBM_ANTSIGNAL:
1031 	case IEEE80211_RADIOTAP_DBM_ANTNOISE:
1032 		rc = cpack_int8(s, &u.i8);
1033 		break;
1034 	case IEEE80211_RADIOTAP_CHANNEL:
1035 		rc = cpack_uint16(s, &u.u16);
1036 		if (rc != 0)
1037 			break;
1038 		rc = cpack_uint16(s, &u2.u16);
1039 		break;
1040 	case IEEE80211_RADIOTAP_FHSS:
1041 	case IEEE80211_RADIOTAP_LOCK_QUALITY:
1042 	case IEEE80211_RADIOTAP_TX_ATTENUATION:
1043 		rc = cpack_uint16(s, &u.u16);
1044 		break;
1045 	case IEEE80211_RADIOTAP_DB_TX_ATTENUATION:
1046 		rc = cpack_uint8(s, &u.u8);
1047 		break;
1048 	case IEEE80211_RADIOTAP_DBM_TX_POWER:
1049 		rc = cpack_int8(s, &u.i8);
1050 		break;
1051 	case IEEE80211_RADIOTAP_TSFT:
1052 		rc = cpack_uint64(s, &u.u64);
1053 		break;
1054 	default:
1055 		/* this bit indicates a field whose
1056 		 * size we do not know, so we cannot
1057 		 * proceed.
1058 		 */
1059 		printf("[0x%08x] ", bit);
1060 		return -1;
1061 	}
1062 
1063 	if (rc != 0) {
1064 		printf("[|802.11]");
1065 		return rc;
1066 	}
1067 
1068 	switch (bit) {
1069 	case IEEE80211_RADIOTAP_CHANNEL:
1070 		printf("%u MHz ", u.u16);
1071 		if (u2.u16 != 0)
1072 			printf("(0x%04x) ", u2.u16);
1073 		break;
1074 	case IEEE80211_RADIOTAP_FHSS:
1075 		printf("fhset %d fhpat %d ", u.u16 & 0xff, (u.u16 >> 8) & 0xff);
1076 		break;
1077 	case IEEE80211_RADIOTAP_RATE:
1078 		PRINT_RATE("", u.u8, " Mb/s ");
1079 		break;
1080 	case IEEE80211_RADIOTAP_DBM_ANTSIGNAL:
1081 		printf("%ddB signal ", u.i8);
1082 		break;
1083 	case IEEE80211_RADIOTAP_DBM_ANTNOISE:
1084 		printf("%ddB noise ", u.i8);
1085 		break;
1086 	case IEEE80211_RADIOTAP_DB_ANTSIGNAL:
1087 		printf("%ddB signal ", u.u8);
1088 		break;
1089 	case IEEE80211_RADIOTAP_DB_ANTNOISE:
1090 		printf("%ddB noise ", u.u8);
1091 		break;
1092 	case IEEE80211_RADIOTAP_LOCK_QUALITY:
1093 		printf("%u sq ", u.u16);
1094 		break;
1095 	case IEEE80211_RADIOTAP_TX_ATTENUATION:
1096 		printf("%d tx power ", -(int)u.u16);
1097 		break;
1098 	case IEEE80211_RADIOTAP_DB_TX_ATTENUATION:
1099 		printf("%ddB tx power ", -(int)u.u8);
1100 		break;
1101 	case IEEE80211_RADIOTAP_DBM_TX_POWER:
1102 		printf("%ddBm tx power ", u.i8);
1103 		break;
1104 	case IEEE80211_RADIOTAP_FLAGS:
1105 		if (u.u8 & IEEE80211_RADIOTAP_F_CFP)
1106 			printf("cfp ");
1107 		if (u.u8 & IEEE80211_RADIOTAP_F_SHORTPRE)
1108 			printf("short preamble ");
1109 		if (u.u8 & IEEE80211_RADIOTAP_F_WEP)
1110 			printf("wep ");
1111 		if (u.u8 & IEEE80211_RADIOTAP_F_FRAG)
1112 			printf("fragmented ");
1113 		if (u.u8 & IEEE80211_RADIOTAP_F_BADFCS)
1114 			printf("bad-fcs ");
1115 		break;
1116 	case IEEE80211_RADIOTAP_ANTENNA:
1117 		printf("antenna %d ", u.u8);
1118 		break;
1119 	case IEEE80211_RADIOTAP_TSFT:
1120 		printf("%" PRIu64 "us tsft ", u.u64);
1121 		break;
1122 	}
1123 	return 0;
1124 }
1125 
1126 static u_int
ieee802_11_radio_print(const u_char * p,u_int length,u_int caplen)1127 ieee802_11_radio_print(const u_char *p, u_int length, u_int caplen)
1128 {
1129 #define	BITNO_32(x) (((x) >> 16) ? 16 + BITNO_16((x) >> 16) : BITNO_16((x)))
1130 #define	BITNO_16(x) (((x) >> 8) ? 8 + BITNO_8((x) >> 8) : BITNO_8((x)))
1131 #define	BITNO_8(x) (((x) >> 4) ? 4 + BITNO_4((x) >> 4) : BITNO_4((x)))
1132 #define	BITNO_4(x) (((x) >> 2) ? 2 + BITNO_2((x) >> 2) : BITNO_2((x)))
1133 #define	BITNO_2(x) (((x) & 2) ? 1 : 0)
1134 #define	BIT(n)	(1 << n)
1135 #define	IS_EXTENDED(__p)	\
1136 	    (EXTRACT_LE_32BITS(__p) & BIT(IEEE80211_RADIOTAP_EXT)) != 0
1137 
1138 	struct cpack_state cpacker;
1139 	struct ieee80211_radiotap_header *hdr;
1140 	u_int32_t present, next_present;
1141 	u_int32_t *presentp, *last_presentp;
1142 	enum ieee80211_radiotap_type bit;
1143 	int bit0;
1144 	const u_char *iter;
1145 	u_int len;
1146 	int pad;
1147 
1148 	if (caplen < sizeof(*hdr)) {
1149 		printf("[|802.11]");
1150 		return caplen;
1151 	}
1152 
1153 	hdr = (struct ieee80211_radiotap_header *)p;
1154 
1155 	len = EXTRACT_LE_16BITS(&hdr->it_len);
1156 
1157 	if (caplen < len) {
1158 		printf("[|802.11]");
1159 		return caplen;
1160 	}
1161 	for (last_presentp = &hdr->it_present;
1162 	     IS_EXTENDED(last_presentp) &&
1163 	     (u_char*)(last_presentp + 1) <= p + len;
1164 	     last_presentp++);
1165 
1166 	/* are there more bitmap extensions than bytes in header? */
1167 	if (IS_EXTENDED(last_presentp)) {
1168 		printf("[|802.11]");
1169 		return caplen;
1170 	}
1171 
1172 	iter = (u_char*)(last_presentp + 1);
1173 
1174 	if (cpack_init(&cpacker, (u_int8_t*)iter, len - (iter - p)) != 0) {
1175 		/* XXX */
1176 		printf("[|802.11]");
1177 		return caplen;
1178 	}
1179 
1180 	/* Assume no Atheros padding between 802.11 header and body */
1181 	pad = 0;
1182 	for (bit0 = 0, presentp = &hdr->it_present; presentp <= last_presentp;
1183 	     presentp++, bit0 += 32) {
1184 		for (present = EXTRACT_LE_32BITS(presentp); present;
1185 		     present = next_present) {
1186 			/* clear the least significant bit that is set */
1187 			next_present = present & (present - 1);
1188 
1189 			/* extract the least significant bit that is set */
1190 			bit = (enum ieee80211_radiotap_type)
1191 			    (bit0 + BITNO_32(present ^ next_present));
1192 
1193 			if (print_radiotap_field(&cpacker, bit, &pad) != 0)
1194 				goto out;
1195 		}
1196 	}
1197 out:
1198 	return len + ieee802_11_print(p + len, length - len, caplen - len, pad);
1199 #undef BITNO_32
1200 #undef BITNO_16
1201 #undef BITNO_8
1202 #undef BITNO_4
1203 #undef BITNO_2
1204 #undef BIT
1205 }
1206 
1207 static u_int
ieee802_11_avs_radio_print(const u_char * p,u_int length,u_int caplen)1208 ieee802_11_avs_radio_print(const u_char *p, u_int length, u_int caplen)
1209 {
1210 	u_int32_t caphdr_len;
1211 
1212 	caphdr_len = EXTRACT_32BITS(p + 4);
1213 	if (caphdr_len < 8) {
1214 		/*
1215 		 * Yow!  The capture header length is claimed not
1216 		 * to be large enough to include even the version
1217 		 * cookie or capture header length!
1218 		 */
1219 		printf("[|802.11]");
1220 		return caplen;
1221 	}
1222 
1223 	if (caplen < caphdr_len) {
1224 		printf("[|802.11]");
1225 		return caplen;
1226 	}
1227 
1228 	return caphdr_len + ieee802_11_print(p + caphdr_len,
1229 	    length - caphdr_len, caplen - caphdr_len, 0);
1230 }
1231 
1232 #define PRISM_HDR_LEN		144
1233 
1234 #define WLANCAP_MAGIC_COOKIE_V1	0x80211001
1235 
1236 /*
1237  * For DLT_PRISM_HEADER; like DLT_IEEE802_11, but with an extra header,
1238  * containing information such as radio information, which we
1239  * currently ignore.
1240  *
1241  * If, however, the packet begins with WLANCAP_MAGIC_COOKIE_V1, it's
1242  * really DLT_IEEE802_11_RADIO (currently, on Linux, there's no
1243  * ARPHRD_ type for DLT_IEEE802_11_RADIO, as there is a
1244  * ARPHRD_IEEE80211_PRISM for DLT_PRISM_HEADER, so
1245  * ARPHRD_IEEE80211_PRISM is used for DLT_IEEE802_11_RADIO, and
1246  * the first 4 bytes of the header are used to indicate which it is).
1247  */
1248 u_int
prism_if_print(const struct pcap_pkthdr * h,const u_char * p)1249 prism_if_print(const struct pcap_pkthdr *h, const u_char *p)
1250 {
1251 	u_int caplen = h->caplen;
1252 	u_int length = h->len;
1253 
1254 	if (caplen < 4) {
1255 		printf("[|802.11]");
1256 		return caplen;
1257 	}
1258 
1259 	if (EXTRACT_32BITS(p) == WLANCAP_MAGIC_COOKIE_V1)
1260 		return ieee802_11_avs_radio_print(p, length, caplen);
1261 
1262 	if (caplen < PRISM_HDR_LEN) {
1263 		printf("[|802.11]");
1264 		return caplen;
1265 	}
1266 
1267 	return PRISM_HDR_LEN + ieee802_11_print(p + PRISM_HDR_LEN,
1268 	    length - PRISM_HDR_LEN, caplen - PRISM_HDR_LEN, 0);
1269 }
1270 
1271 /*
1272  * For DLT_IEEE802_11_RADIO; like DLT_IEEE802_11, but with an extra
1273  * header, containing information such as radio information, which we
1274  * currently ignore.
1275  */
1276 u_int
ieee802_11_radio_if_print(const struct pcap_pkthdr * h,const u_char * p)1277 ieee802_11_radio_if_print(const struct pcap_pkthdr *h, const u_char *p)
1278 {
1279 	u_int caplen = h->caplen;
1280 	u_int length = h->len;
1281 
1282 	if (caplen < 8) {
1283 		printf("[|802.11]");
1284 		return caplen;
1285 	}
1286 
1287 	return ieee802_11_radio_print(p, length, caplen);
1288 }
1289