1 /*
2 * Copyright (c) 2001
3 * Fortress Technologies, Inc. All rights reserved.
4 * Charlie Lenahan (clenahan@fortresstech.com)
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that: (1) source code distributions
8 * retain the above copyright notice and this paragraph in its entirety, (2)
9 * distributions including binary code include the above copyright notice and
10 * this paragraph in its entirety in the documentation or other materials
11 * provided with the distribution, and (3) all advertising materials mentioning
12 * features or use of this software display the following acknowledgement:
13 * ``This product includes software developed by the University of California,
14 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
15 * the University nor the names of its contributors may be used to endorse
16 * or promote products derived from this software without specific prior
17 * written permission.
18 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
19 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
20 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
21 */
22
23 #ifndef lint
24 static const char rcsid[] _U_ =
25 "@(#) $Header: /tcpdump/master/tcpdump/print-802_11.c,v 1.49 2007-12-29 23:25:02 guy Exp $ (LBL)";
26 #endif
27
28 #ifdef HAVE_CONFIG_H
29 #include "config.h"
30 #endif
31
32 #include <tcpdump-stdinc.h>
33
34 #include <stdio.h>
35 #include <pcap.h>
36 #include <string.h>
37
38 #include "interface.h"
39 #include "addrtoname.h"
40 #include "ethertype.h"
41
42 #include "extract.h"
43
44 #include "cpack.h"
45
46 #include "ieee802_11.h"
47 #include "ieee802_11_radio.h"
48
49 /* Radiotap state */
50 /* This is used to save state when parsing/processing parameters */
51 struct radiotap_state
52 {
53 u_int32_t present;
54
55 u_int8_t rate;
56 };
57
58 #define PRINT_SSID(p) \
59 if (p.ssid_present) { \
60 printf(" ("); \
61 fn_print(p.ssid.ssid, NULL); \
62 printf(")"); \
63 }
64
65 #define PRINT_RATE(_sep, _r, _suf) \
66 printf("%s%2.1f%s", _sep, (.5 * ((_r) & 0x7f)), _suf)
67 #define PRINT_RATES(p) \
68 if (p.rates_present) { \
69 int z; \
70 const char *sep = " ["; \
71 for (z = 0; z < p.rates.length ; z++) { \
72 PRINT_RATE(sep, p.rates.rate[z], \
73 (p.rates.rate[z] & 0x80 ? "*" : "")); \
74 sep = " "; \
75 } \
76 if (p.rates.length != 0) \
77 printf(" Mbit]"); \
78 }
79
80 #define PRINT_DS_CHANNEL(p) \
81 if (p.ds_present) \
82 printf(" CH: %u", p.ds.channel); \
83 printf("%s", \
84 CAPABILITY_PRIVACY(p.capability_info) ? ", PRIVACY" : "" );
85
86 #define MAX_MCS_INDEX 76
87
88 /*
89 * Indices are:
90 *
91 * the MCS index (0-76);
92 *
93 * 0 for 20 MHz, 1 for 40 MHz;
94 *
95 * 0 for a long guard interval, 1 for a short guard interval.
96 */
97 static const float ieee80211_float_htrates[MAX_MCS_INDEX+1][2][2] = {
98 /* MCS 0 */
99 { /* 20 Mhz */ { 6.5, /* SGI */ 7.2, },
100 /* 40 Mhz */ { 13.5, /* SGI */ 15.0, },
101 },
102
103 /* MCS 1 */
104 { /* 20 Mhz */ { 13.0, /* SGI */ 14.4, },
105 /* 40 Mhz */ { 27.0, /* SGI */ 30.0, },
106 },
107
108 /* MCS 2 */
109 { /* 20 Mhz */ { 19.5, /* SGI */ 21.7, },
110 /* 40 Mhz */ { 40.5, /* SGI */ 45.0, },
111 },
112
113 /* MCS 3 */
114 { /* 20 Mhz */ { 26.0, /* SGI */ 28.9, },
115 /* 40 Mhz */ { 54.0, /* SGI */ 60.0, },
116 },
117
118 /* MCS 4 */
119 { /* 20 Mhz */ { 39.0, /* SGI */ 43.3, },
120 /* 40 Mhz */ { 81.0, /* SGI */ 90.0, },
121 },
122
123 /* MCS 5 */
124 { /* 20 Mhz */ { 52.0, /* SGI */ 57.8, },
125 /* 40 Mhz */ { 108.0, /* SGI */ 120.0, },
126 },
127
128 /* MCS 6 */
129 { /* 20 Mhz */ { 58.5, /* SGI */ 65.0, },
130 /* 40 Mhz */ { 121.5, /* SGI */ 135.0, },
131 },
132
133 /* MCS 7 */
134 { /* 20 Mhz */ { 65.0, /* SGI */ 72.2, },
135 /* 40 Mhz */ { 135.0, /* SGI */ 150.0, },
136 },
137
138 /* MCS 8 */
139 { /* 20 Mhz */ { 13.0, /* SGI */ 14.4, },
140 /* 40 Mhz */ { 27.0, /* SGI */ 30.0, },
141 },
142
143 /* MCS 9 */
144 { /* 20 Mhz */ { 26.0, /* SGI */ 28.9, },
145 /* 40 Mhz */ { 54.0, /* SGI */ 60.0, },
146 },
147
148 /* MCS 10 */
149 { /* 20 Mhz */ { 39.0, /* SGI */ 43.3, },
150 /* 40 Mhz */ { 81.0, /* SGI */ 90.0, },
151 },
152
153 /* MCS 11 */
154 { /* 20 Mhz */ { 52.0, /* SGI */ 57.8, },
155 /* 40 Mhz */ { 108.0, /* SGI */ 120.0, },
156 },
157
158 /* MCS 12 */
159 { /* 20 Mhz */ { 78.0, /* SGI */ 86.7, },
160 /* 40 Mhz */ { 162.0, /* SGI */ 180.0, },
161 },
162
163 /* MCS 13 */
164 { /* 20 Mhz */ { 104.0, /* SGI */ 115.6, },
165 /* 40 Mhz */ { 216.0, /* SGI */ 240.0, },
166 },
167
168 /* MCS 14 */
169 { /* 20 Mhz */ { 117.0, /* SGI */ 130.0, },
170 /* 40 Mhz */ { 243.0, /* SGI */ 270.0, },
171 },
172
173 /* MCS 15 */
174 { /* 20 Mhz */ { 130.0, /* SGI */ 144.4, },
175 /* 40 Mhz */ { 270.0, /* SGI */ 300.0, },
176 },
177
178 /* MCS 16 */
179 { /* 20 Mhz */ { 19.5, /* SGI */ 21.7, },
180 /* 40 Mhz */ { 40.5, /* SGI */ 45.0, },
181 },
182
183 /* MCS 17 */
184 { /* 20 Mhz */ { 39.0, /* SGI */ 43.3, },
185 /* 40 Mhz */ { 81.0, /* SGI */ 90.0, },
186 },
187
188 /* MCS 18 */
189 { /* 20 Mhz */ { 58.5, /* SGI */ 65.0, },
190 /* 40 Mhz */ { 121.5, /* SGI */ 135.0, },
191 },
192
193 /* MCS 19 */
194 { /* 20 Mhz */ { 78.0, /* SGI */ 86.7, },
195 /* 40 Mhz */ { 162.0, /* SGI */ 180.0, },
196 },
197
198 /* MCS 20 */
199 { /* 20 Mhz */ { 117.0, /* SGI */ 130.0, },
200 /* 40 Mhz */ { 243.0, /* SGI */ 270.0, },
201 },
202
203 /* MCS 21 */
204 { /* 20 Mhz */ { 156.0, /* SGI */ 173.3, },
205 /* 40 Mhz */ { 324.0, /* SGI */ 360.0, },
206 },
207
208 /* MCS 22 */
209 { /* 20 Mhz */ { 175.5, /* SGI */ 195.0, },
210 /* 40 Mhz */ { 364.5, /* SGI */ 405.0, },
211 },
212
213 /* MCS 23 */
214 { /* 20 Mhz */ { 195.0, /* SGI */ 216.7, },
215 /* 40 Mhz */ { 405.0, /* SGI */ 450.0, },
216 },
217
218 /* MCS 24 */
219 { /* 20 Mhz */ { 26.0, /* SGI */ 28.9, },
220 /* 40 Mhz */ { 54.0, /* SGI */ 60.0, },
221 },
222
223 /* MCS 25 */
224 { /* 20 Mhz */ { 52.0, /* SGI */ 57.8, },
225 /* 40 Mhz */ { 108.0, /* SGI */ 120.0, },
226 },
227
228 /* MCS 26 */
229 { /* 20 Mhz */ { 78.0, /* SGI */ 86.7, },
230 /* 40 Mhz */ { 162.0, /* SGI */ 180.0, },
231 },
232
233 /* MCS 27 */
234 { /* 20 Mhz */ { 104.0, /* SGI */ 115.6, },
235 /* 40 Mhz */ { 216.0, /* SGI */ 240.0, },
236 },
237
238 /* MCS 28 */
239 { /* 20 Mhz */ { 156.0, /* SGI */ 173.3, },
240 /* 40 Mhz */ { 324.0, /* SGI */ 360.0, },
241 },
242
243 /* MCS 29 */
244 { /* 20 Mhz */ { 208.0, /* SGI */ 231.1, },
245 /* 40 Mhz */ { 432.0, /* SGI */ 480.0, },
246 },
247
248 /* MCS 30 */
249 { /* 20 Mhz */ { 234.0, /* SGI */ 260.0, },
250 /* 40 Mhz */ { 486.0, /* SGI */ 540.0, },
251 },
252
253 /* MCS 31 */
254 { /* 20 Mhz */ { 260.0, /* SGI */ 288.9, },
255 /* 40 Mhz */ { 540.0, /* SGI */ 600.0, },
256 },
257
258 /* MCS 32 */
259 { /* 20 Mhz */ { 0.0, /* SGI */ 0.0, }, /* not valid */
260 /* 40 Mhz */ { 6.0, /* SGI */ 6.7, },
261 },
262
263 /* MCS 33 */
264 { /* 20 Mhz */ { 39.0, /* SGI */ 43.3, },
265 /* 40 Mhz */ { 81.0, /* SGI */ 90.0, },
266 },
267
268 /* MCS 34 */
269 { /* 20 Mhz */ { 52.0, /* SGI */ 57.8, },
270 /* 40 Mhz */ { 108.0, /* SGI */ 120.0, },
271 },
272
273 /* MCS 35 */
274 { /* 20 Mhz */ { 65.0, /* SGI */ 72.2, },
275 /* 40 Mhz */ { 135.0, /* SGI */ 150.0, },
276 },
277
278 /* MCS 36 */
279 { /* 20 Mhz */ { 58.5, /* SGI */ 65.0, },
280 /* 40 Mhz */ { 121.5, /* SGI */ 135.0, },
281 },
282
283 /* MCS 37 */
284 { /* 20 Mhz */ { 78.0, /* SGI */ 86.7, },
285 /* 40 Mhz */ { 162.0, /* SGI */ 180.0, },
286 },
287
288 /* MCS 38 */
289 { /* 20 Mhz */ { 97.5, /* SGI */ 108.3, },
290 /* 40 Mhz */ { 202.5, /* SGI */ 225.0, },
291 },
292
293 /* MCS 39 */
294 { /* 20 Mhz */ { 52.0, /* SGI */ 57.8, },
295 /* 40 Mhz */ { 108.0, /* SGI */ 120.0, },
296 },
297
298 /* MCS 40 */
299 { /* 20 Mhz */ { 65.0, /* SGI */ 72.2, },
300 /* 40 Mhz */ { 135.0, /* SGI */ 150.0, },
301 },
302
303 /* MCS 41 */
304 { /* 20 Mhz */ { 65.0, /* SGI */ 72.2, },
305 /* 40 Mhz */ { 135.0, /* SGI */ 150.0, },
306 },
307
308 /* MCS 42 */
309 { /* 20 Mhz */ { 78.0, /* SGI */ 86.7, },
310 /* 40 Mhz */ { 162.0, /* SGI */ 180.0, },
311 },
312
313 /* MCS 43 */
314 { /* 20 Mhz */ { 91.0, /* SGI */ 101.1, },
315 /* 40 Mhz */ { 189.0, /* SGI */ 210.0, },
316 },
317
318 /* MCS 44 */
319 { /* 20 Mhz */ { 91.0, /* SGI */ 101.1, },
320 /* 40 Mhz */ { 189.0, /* SGI */ 210.0, },
321 },
322
323 /* MCS 45 */
324 { /* 20 Mhz */ { 104.0, /* SGI */ 115.6, },
325 /* 40 Mhz */ { 216.0, /* SGI */ 240.0, },
326 },
327
328 /* MCS 46 */
329 { /* 20 Mhz */ { 78.0, /* SGI */ 86.7, },
330 /* 40 Mhz */ { 162.0, /* SGI */ 180.0, },
331 },
332
333 /* MCS 47 */
334 { /* 20 Mhz */ { 97.5, /* SGI */ 108.3, },
335 /* 40 Mhz */ { 202.5, /* SGI */ 225.0, },
336 },
337
338 /* MCS 48 */
339 { /* 20 Mhz */ { 97.5, /* SGI */ 108.3, },
340 /* 40 Mhz */ { 202.5, /* SGI */ 225.0, },
341 },
342
343 /* MCS 49 */
344 { /* 20 Mhz */ { 117.0, /* SGI */ 130.0, },
345 /* 40 Mhz */ { 243.0, /* SGI */ 270.0, },
346 },
347
348 /* MCS 50 */
349 { /* 20 Mhz */ { 136.5, /* SGI */ 151.7, },
350 /* 40 Mhz */ { 283.5, /* SGI */ 315.0, },
351 },
352
353 /* MCS 51 */
354 { /* 20 Mhz */ { 136.5, /* SGI */ 151.7, },
355 /* 40 Mhz */ { 283.5, /* SGI */ 315.0, },
356 },
357
358 /* MCS 52 */
359 { /* 20 Mhz */ { 156.0, /* SGI */ 173.3, },
360 /* 40 Mhz */ { 324.0, /* SGI */ 360.0, },
361 },
362
363 /* MCS 53 */
364 { /* 20 Mhz */ { 65.0, /* SGI */ 72.2, },
365 /* 40 Mhz */ { 135.0, /* SGI */ 150.0, },
366 },
367
368 /* MCS 54 */
369 { /* 20 Mhz */ { 78.0, /* SGI */ 86.7, },
370 /* 40 Mhz */ { 162.0, /* SGI */ 180.0, },
371 },
372
373 /* MCS 55 */
374 { /* 20 Mhz */ { 91.0, /* SGI */ 101.1, },
375 /* 40 Mhz */ { 189.0, /* SGI */ 210.0, },
376 },
377
378 /* MCS 56 */
379 { /* 20 Mhz */ { 78.0, /* SGI */ 86.7, },
380 /* 40 Mhz */ { 162.0, /* SGI */ 180.0, },
381 },
382
383 /* MCS 57 */
384 { /* 20 Mhz */ { 91.0, /* SGI */ 101.1, },
385 /* 40 Mhz */ { 189.0, /* SGI */ 210.0, },
386 },
387
388 /* MCS 58 */
389 { /* 20 Mhz */ { 104.0, /* SGI */ 115.6, },
390 /* 40 Mhz */ { 216.0, /* SGI */ 240.0, },
391 },
392
393 /* MCS 59 */
394 { /* 20 Mhz */ { 117.0, /* SGI */ 130.0, },
395 /* 40 Mhz */ { 243.0, /* SGI */ 270.0, },
396 },
397
398 /* MCS 60 */
399 { /* 20 Mhz */ { 104.0, /* SGI */ 115.6, },
400 /* 40 Mhz */ { 216.0, /* SGI */ 240.0, },
401 },
402
403 /* MCS 61 */
404 { /* 20 Mhz */ { 117.0, /* SGI */ 130.0, },
405 /* 40 Mhz */ { 243.0, /* SGI */ 270.0, },
406 },
407
408 /* MCS 62 */
409 { /* 20 Mhz */ { 130.0, /* SGI */ 144.4, },
410 /* 40 Mhz */ { 270.0, /* SGI */ 300.0, },
411 },
412
413 /* MCS 63 */
414 { /* 20 Mhz */ { 130.0, /* SGI */ 144.4, },
415 /* 40 Mhz */ { 270.0, /* SGI */ 300.0, },
416 },
417
418 /* MCS 64 */
419 { /* 20 Mhz */ { 143.0, /* SGI */ 158.9, },
420 /* 40 Mhz */ { 297.0, /* SGI */ 330.0, },
421 },
422
423 /* MCS 65 */
424 { /* 20 Mhz */ { 97.5, /* SGI */ 108.3, },
425 /* 40 Mhz */ { 202.5, /* SGI */ 225.0, },
426 },
427
428 /* MCS 66 */
429 { /* 20 Mhz */ { 117.0, /* SGI */ 130.0, },
430 /* 40 Mhz */ { 243.0, /* SGI */ 270.0, },
431 },
432
433 /* MCS 67 */
434 { /* 20 Mhz */ { 136.5, /* SGI */ 151.7, },
435 /* 40 Mhz */ { 283.5, /* SGI */ 315.0, },
436 },
437
438 /* MCS 68 */
439 { /* 20 Mhz */ { 117.0, /* SGI */ 130.0, },
440 /* 40 Mhz */ { 243.0, /* SGI */ 270.0, },
441 },
442
443 /* MCS 69 */
444 { /* 20 Mhz */ { 136.5, /* SGI */ 151.7, },
445 /* 40 Mhz */ { 283.5, /* SGI */ 315.0, },
446 },
447
448 /* MCS 70 */
449 { /* 20 Mhz */ { 156.0, /* SGI */ 173.3, },
450 /* 40 Mhz */ { 324.0, /* SGI */ 360.0, },
451 },
452
453 /* MCS 71 */
454 { /* 20 Mhz */ { 175.5, /* SGI */ 195.0, },
455 /* 40 Mhz */ { 364.5, /* SGI */ 405.0, },
456 },
457
458 /* MCS 72 */
459 { /* 20 Mhz */ { 156.0, /* SGI */ 173.3, },
460 /* 40 Mhz */ { 324.0, /* SGI */ 360.0, },
461 },
462
463 /* MCS 73 */
464 { /* 20 Mhz */ { 175.5, /* SGI */ 195.0, },
465 /* 40 Mhz */ { 364.5, /* SGI */ 405.0, },
466 },
467
468 /* MCS 74 */
469 { /* 20 Mhz */ { 195.0, /* SGI */ 216.7, },
470 /* 40 Mhz */ { 405.0, /* SGI */ 450.0, },
471 },
472
473 /* MCS 75 */
474 { /* 20 Mhz */ { 195.0, /* SGI */ 216.7, },
475 /* 40 Mhz */ { 405.0, /* SGI */ 450.0, },
476 },
477
478 /* MCS 76 */
479 { /* 20 Mhz */ { 214.5, /* SGI */ 238.3, },
480 /* 40 Mhz */ { 445.5, /* SGI */ 495.0, },
481 },
482 };
483
484 static const char *auth_alg_text[]={"Open System","Shared Key","EAP"};
485 #define NUM_AUTH_ALGS (sizeof auth_alg_text / sizeof auth_alg_text[0])
486
487 static const char *status_text[] = {
488 "Successful", /* 0 */
489 "Unspecified failure", /* 1 */
490 "Reserved", /* 2 */
491 "Reserved", /* 3 */
492 "Reserved", /* 4 */
493 "Reserved", /* 5 */
494 "Reserved", /* 6 */
495 "Reserved", /* 7 */
496 "Reserved", /* 8 */
497 "Reserved", /* 9 */
498 "Cannot Support all requested capabilities in the Capability "
499 "Information field", /* 10 */
500 "Reassociation denied due to inability to confirm that association "
501 "exists", /* 11 */
502 "Association denied due to reason outside the scope of the "
503 "standard", /* 12 */
504 "Responding station does not support the specified authentication "
505 "algorithm ", /* 13 */
506 "Received an Authentication frame with authentication transaction "
507 "sequence number out of expected sequence", /* 14 */
508 "Authentication rejected because of challenge failure", /* 15 */
509 "Authentication rejected due to timeout waiting for next frame in "
510 "sequence", /* 16 */
511 "Association denied because AP is unable to handle additional"
512 "associated stations", /* 17 */
513 "Association denied due to requesting station not supporting all of "
514 "the data rates in BSSBasicRateSet parameter", /* 18 */
515 "Association denied due to requesting station not supporting "
516 "short preamble operation", /* 19 */
517 "Association denied due to requesting station not supporting "
518 "PBCC encoding", /* 20 */
519 "Association denied due to requesting station not supporting "
520 "channel agility", /* 21 */
521 "Association request rejected because Spectrum Management "
522 "capability is required", /* 22 */
523 "Association request rejected because the information in the "
524 "Power Capability element is unacceptable", /* 23 */
525 "Association request rejected because the information in the "
526 "Supported Channels element is unacceptable", /* 24 */
527 "Association denied due to requesting station not supporting "
528 "short slot operation", /* 25 */
529 "Association denied due to requesting station not supporting "
530 "DSSS-OFDM operation", /* 26 */
531 "Association denied because the requested STA does not support HT "
532 "features", /* 27 */
533 "Reserved", /* 28 */
534 "Association denied because the requested STA does not support "
535 "the PCO transition time required by the AP", /* 29 */
536 "Reserved", /* 30 */
537 "Reserved", /* 31 */
538 "Unspecified, QoS-related failure", /* 32 */
539 "Association denied due to QAP having insufficient bandwidth "
540 "to handle another QSTA", /* 33 */
541 "Association denied due to excessive frame loss rates and/or "
542 "poor conditions on current operating channel", /* 34 */
543 "Association (with QBSS) denied due to requesting station not "
544 "supporting the QoS facility", /* 35 */
545 "Association denied due to requesting station not supporting "
546 "Block Ack", /* 36 */
547 "The request has been declined", /* 37 */
548 "The request has not been successful as one or more parameters "
549 "have invalid values", /* 38 */
550 "The TS has not been created because the request cannot be honored. "
551 "However, a suggested TSPEC is provided so that the initiating QSTA"
552 "may attempt to set another TS with the suggested changes to the "
553 "TSPEC", /* 39 */
554 "Invalid Information Element", /* 40 */
555 "Group Cipher is not valid", /* 41 */
556 "Pairwise Cipher is not valid", /* 42 */
557 "AKMP is not valid", /* 43 */
558 "Unsupported RSN IE version", /* 44 */
559 "Invalid RSN IE Capabilities", /* 45 */
560 "Cipher suite is rejected per security policy", /* 46 */
561 "The TS has not been created. However, the HC may be capable of "
562 "creating a TS, in response to a request, after the time indicated "
563 "in the TS Delay element", /* 47 */
564 "Direct Link is not allowed in the BSS by policy", /* 48 */
565 "Destination STA is not present within this QBSS.", /* 49 */
566 "The Destination STA is not a QSTA.", /* 50 */
567
568 };
569 #define NUM_STATUSES (sizeof status_text / sizeof status_text[0])
570
571 static const char *reason_text[] = {
572 "Reserved", /* 0 */
573 "Unspecified reason", /* 1 */
574 "Previous authentication no longer valid", /* 2 */
575 "Deauthenticated because sending station is leaving (or has left) "
576 "IBSS or ESS", /* 3 */
577 "Disassociated due to inactivity", /* 4 */
578 "Disassociated because AP is unable to handle all currently "
579 " associated stations", /* 5 */
580 "Class 2 frame received from nonauthenticated station", /* 6 */
581 "Class 3 frame received from nonassociated station", /* 7 */
582 "Disassociated because sending station is leaving "
583 "(or has left) BSS", /* 8 */
584 "Station requesting (re)association is not authenticated with "
585 "responding station", /* 9 */
586 "Disassociated because the information in the Power Capability "
587 "element is unacceptable", /* 10 */
588 "Disassociated because the information in the SupportedChannels "
589 "element is unacceptable", /* 11 */
590 "Invalid Information Element", /* 12 */
591 "Reserved", /* 13 */
592 "Michael MIC failure", /* 14 */
593 "4-Way Handshake timeout", /* 15 */
594 "Group key update timeout", /* 16 */
595 "Information element in 4-Way Handshake different from (Re)Association"
596 "Request/Probe Response/Beacon", /* 17 */
597 "Group Cipher is not valid", /* 18 */
598 "AKMP is not valid", /* 20 */
599 "Unsupported RSN IE version", /* 21 */
600 "Invalid RSN IE Capabilities", /* 22 */
601 "IEEE 802.1X Authentication failed", /* 23 */
602 "Cipher suite is rejected per security policy", /* 24 */
603 "Reserved", /* 25 */
604 "Reserved", /* 26 */
605 "Reserved", /* 27 */
606 "Reserved", /* 28 */
607 "Reserved", /* 29 */
608 "Reserved", /* 30 */
609 "TS deleted because QoS AP lacks sufficient bandwidth for this "
610 "QoS STA due to a change in BSS service characteristics or "
611 "operational mode (e.g. an HT BSS change from 40 MHz channel "
612 "to 20 MHz channel)", /* 31 */
613 "Disassociated for unspecified, QoS-related reason", /* 32 */
614 "Disassociated because QoS AP lacks sufficient bandwidth for this "
615 "QoS STA", /* 33 */
616 "Disassociated because of excessive number of frames that need to be "
617 "acknowledged, but are not acknowledged for AP transmissions "
618 "and/or poor channel conditions", /* 34 */
619 "Disassociated because STA is transmitting outside the limits "
620 "of its TXOPs", /* 35 */
621 "Requested from peer STA as the STA is leaving the BSS "
622 "(or resetting)", /* 36 */
623 "Requested from peer STA as it does not want to use the "
624 "mechanism", /* 37 */
625 "Requested from peer STA as the STA received frames using the "
626 "mechanism for which a set up is required", /* 38 */
627 "Requested from peer STA due to time out", /* 39 */
628 "Reserved", /* 40 */
629 "Reserved", /* 41 */
630 "Reserved", /* 42 */
631 "Reserved", /* 43 */
632 "Reserved", /* 44 */
633 "Peer STA does not support the requested cipher suite", /* 45 */
634 "Association denied due to requesting STA not supporting HT "
635 "features", /* 46 */
636 };
637 #define NUM_REASONS (sizeof reason_text / sizeof reason_text[0])
638
639 static int
wep_print(const u_char * p)640 wep_print(const u_char *p)
641 {
642 u_int32_t iv;
643
644 if (!TTEST2(*p, IEEE802_11_IV_LEN + IEEE802_11_KID_LEN))
645 return 0;
646 iv = EXTRACT_LE_32BITS(p);
647
648 printf("Data IV:%3x Pad %x KeyID %x", IV_IV(iv), IV_PAD(iv),
649 IV_KEYID(iv));
650
651 return 1;
652 }
653
654 static int
parse_elements(struct mgmt_body_t * pbody,const u_char * p,int offset,u_int length)655 parse_elements(struct mgmt_body_t *pbody, const u_char *p, int offset,
656 u_int length)
657 {
658 u_int elementlen;
659 struct ssid_t ssid;
660 struct challenge_t challenge;
661 struct rates_t rates;
662 struct ds_t ds;
663 struct cf_t cf;
664 struct tim_t tim;
665
666 /*
667 * We haven't seen any elements yet.
668 */
669 pbody->challenge_present = 0;
670 pbody->ssid_present = 0;
671 pbody->rates_present = 0;
672 pbody->ds_present = 0;
673 pbody->cf_present = 0;
674 pbody->tim_present = 0;
675
676 while (length != 0) {
677 if (!TTEST2(*(p + offset), 1))
678 return 0;
679 if (length < 1)
680 return 0;
681 switch (*(p + offset)) {
682 case E_SSID:
683 if (!TTEST2(*(p + offset), 2))
684 return 0;
685 if (length < 2)
686 return 0;
687 memcpy(&ssid, p + offset, 2);
688 offset += 2;
689 length -= 2;
690 if (ssid.length != 0) {
691 if (ssid.length > sizeof(ssid.ssid) - 1)
692 return 0;
693 if (!TTEST2(*(p + offset), ssid.length))
694 return 0;
695 if (length < ssid.length)
696 return 0;
697 memcpy(&ssid.ssid, p + offset, ssid.length);
698 offset += ssid.length;
699 length -= ssid.length;
700 }
701 ssid.ssid[ssid.length] = '\0';
702 /*
703 * Present and not truncated.
704 *
705 * If we haven't already seen an SSID IE,
706 * copy this one, otherwise ignore this one,
707 * so we later report the first one we saw.
708 */
709 if (!pbody->ssid_present) {
710 pbody->ssid = ssid;
711 pbody->ssid_present = 1;
712 }
713 break;
714 case E_CHALLENGE:
715 if (!TTEST2(*(p + offset), 2))
716 return 0;
717 if (length < 2)
718 return 0;
719 memcpy(&challenge, p + offset, 2);
720 offset += 2;
721 length -= 2;
722 if (challenge.length != 0) {
723 if (challenge.length >
724 sizeof(challenge.text) - 1)
725 return 0;
726 if (!TTEST2(*(p + offset), challenge.length))
727 return 0;
728 if (length < challenge.length)
729 return 0;
730 memcpy(&challenge.text, p + offset,
731 challenge.length);
732 offset += challenge.length;
733 length -= challenge.length;
734 }
735 challenge.text[challenge.length] = '\0';
736 /*
737 * Present and not truncated.
738 *
739 * If we haven't already seen a challenge IE,
740 * copy this one, otherwise ignore this one,
741 * so we later report the first one we saw.
742 */
743 if (!pbody->challenge_present) {
744 pbody->challenge = challenge;
745 pbody->challenge_present = 1;
746 }
747 break;
748 case E_RATES:
749 if (!TTEST2(*(p + offset), 2))
750 return 0;
751 if (length < 2)
752 return 0;
753 memcpy(&rates, p + offset, 2);
754 offset += 2;
755 length -= 2;
756 if (rates.length != 0) {
757 if (rates.length > sizeof rates.rate)
758 return 0;
759 if (!TTEST2(*(p + offset), rates.length))
760 return 0;
761 if (length < rates.length)
762 return 0;
763 memcpy(&rates.rate, p + offset, rates.length);
764 offset += rates.length;
765 length -= rates.length;
766 }
767 /*
768 * Present and not truncated.
769 *
770 * If we haven't already seen a rates IE,
771 * copy this one if it's not zero-length,
772 * otherwise ignore this one, so we later
773 * report the first one we saw.
774 *
775 * We ignore zero-length rates IEs as some
776 * devices seem to put a zero-length rates
777 * IE, followed by an SSID IE, followed by
778 * a non-zero-length rates IE into frames,
779 * even though IEEE Std 802.11-2007 doesn't
780 * seem to indicate that a zero-length rates
781 * IE is valid.
782 */
783 if (!pbody->rates_present && rates.length != 0) {
784 pbody->rates = rates;
785 pbody->rates_present = 1;
786 }
787 break;
788 case E_DS:
789 if (!TTEST2(*(p + offset), 3))
790 return 0;
791 if (length < 3)
792 return 0;
793 memcpy(&ds, p + offset, 3);
794 offset += 3;
795 length -= 3;
796 /*
797 * Present and not truncated.
798 *
799 * If we haven't already seen a DS IE,
800 * copy this one, otherwise ignore this one,
801 * so we later report the first one we saw.
802 */
803 if (!pbody->ds_present) {
804 pbody->ds = ds;
805 pbody->ds_present = 1;
806 }
807 break;
808 case E_CF:
809 if (!TTEST2(*(p + offset), 8))
810 return 0;
811 if (length < 8)
812 return 0;
813 memcpy(&cf, p + offset, 8);
814 offset += 8;
815 length -= 8;
816 /*
817 * Present and not truncated.
818 *
819 * If we haven't already seen a CF IE,
820 * copy this one, otherwise ignore this one,
821 * so we later report the first one we saw.
822 */
823 if (!pbody->cf_present) {
824 pbody->cf = cf;
825 pbody->cf_present = 1;
826 }
827 break;
828 case E_TIM:
829 if (!TTEST2(*(p + offset), 2))
830 return 0;
831 if (length < 2)
832 return 0;
833 memcpy(&tim, p + offset, 2);
834 offset += 2;
835 length -= 2;
836 if (!TTEST2(*(p + offset), 3))
837 return 0;
838 if (length < 3)
839 return 0;
840 memcpy(&tim.count, p + offset, 3);
841 offset += 3;
842 length -= 3;
843
844 if (tim.length <= 3)
845 break;
846 if (tim.length - 3 > (int)sizeof tim.bitmap)
847 return 0;
848 if (!TTEST2(*(p + offset), tim.length - 3))
849 return 0;
850 if (length < (u_int)(tim.length - 3))
851 return 0;
852 memcpy(tim.bitmap, p + (tim.length - 3),
853 (tim.length - 3));
854 offset += tim.length - 3;
855 length -= tim.length - 3;
856 /*
857 * Present and not truncated.
858 *
859 * If we haven't already seen a TIM IE,
860 * copy this one, otherwise ignore this one,
861 * so we later report the first one we saw.
862 */
863 if (!pbody->tim_present) {
864 pbody->tim = tim;
865 pbody->tim_present = 1;
866 }
867 break;
868 default:
869 #if 0
870 printf("(1) unhandled element_id (%d) ",
871 *(p + offset));
872 #endif
873 if (!TTEST2(*(p + offset), 2))
874 return 0;
875 if (length < 2)
876 return 0;
877 elementlen = *(p + offset + 1);
878 if (!TTEST2(*(p + offset + 2), elementlen))
879 return 0;
880 if (length < elementlen + 2)
881 return 0;
882 offset += elementlen + 2;
883 length -= elementlen + 2;
884 break;
885 }
886 }
887
888 /* No problems found. */
889 return 1;
890 }
891
892 /*********************************************************************************
893 * Print Handle functions for the management frame types
894 *********************************************************************************/
895
896 static int
handle_beacon(const u_char * p,u_int length)897 handle_beacon(const u_char *p, u_int length)
898 {
899 struct mgmt_body_t pbody;
900 int offset = 0;
901 int ret;
902
903 memset(&pbody, 0, sizeof(pbody));
904
905 if (!TTEST2(*p, IEEE802_11_TSTAMP_LEN + IEEE802_11_BCNINT_LEN +
906 IEEE802_11_CAPINFO_LEN))
907 return 0;
908 if (length < IEEE802_11_TSTAMP_LEN + IEEE802_11_BCNINT_LEN +
909 IEEE802_11_CAPINFO_LEN)
910 return 0;
911 memcpy(&pbody.timestamp, p, IEEE802_11_TSTAMP_LEN);
912 offset += IEEE802_11_TSTAMP_LEN;
913 length -= IEEE802_11_TSTAMP_LEN;
914 pbody.beacon_interval = EXTRACT_LE_16BITS(p+offset);
915 offset += IEEE802_11_BCNINT_LEN;
916 length -= IEEE802_11_BCNINT_LEN;
917 pbody.capability_info = EXTRACT_LE_16BITS(p+offset);
918 offset += IEEE802_11_CAPINFO_LEN;
919 length -= IEEE802_11_CAPINFO_LEN;
920
921 ret = parse_elements(&pbody, p, offset, length);
922
923 PRINT_SSID(pbody);
924 PRINT_RATES(pbody);
925 printf(" %s",
926 CAPABILITY_ESS(pbody.capability_info) ? "ESS" : "IBSS");
927 PRINT_DS_CHANNEL(pbody);
928
929 return ret;
930 }
931
932 static int
handle_assoc_request(const u_char * p,u_int length)933 handle_assoc_request(const u_char *p, u_int length)
934 {
935 struct mgmt_body_t pbody;
936 int offset = 0;
937 int ret;
938
939 memset(&pbody, 0, sizeof(pbody));
940
941 if (!TTEST2(*p, IEEE802_11_CAPINFO_LEN + IEEE802_11_LISTENINT_LEN))
942 return 0;
943 if (length < IEEE802_11_CAPINFO_LEN + IEEE802_11_LISTENINT_LEN)
944 return 0;
945 pbody.capability_info = EXTRACT_LE_16BITS(p);
946 offset += IEEE802_11_CAPINFO_LEN;
947 length -= IEEE802_11_CAPINFO_LEN;
948 pbody.listen_interval = EXTRACT_LE_16BITS(p+offset);
949 offset += IEEE802_11_LISTENINT_LEN;
950 length -= IEEE802_11_LISTENINT_LEN;
951
952 ret = parse_elements(&pbody, p, offset, length);
953
954 PRINT_SSID(pbody);
955 PRINT_RATES(pbody);
956 return ret;
957 }
958
959 static int
handle_assoc_response(const u_char * p,u_int length)960 handle_assoc_response(const u_char *p, u_int length)
961 {
962 struct mgmt_body_t pbody;
963 int offset = 0;
964 int ret;
965
966 memset(&pbody, 0, sizeof(pbody));
967
968 if (!TTEST2(*p, IEEE802_11_CAPINFO_LEN + IEEE802_11_STATUS_LEN +
969 IEEE802_11_AID_LEN))
970 return 0;
971 if (length < IEEE802_11_CAPINFO_LEN + IEEE802_11_STATUS_LEN +
972 IEEE802_11_AID_LEN)
973 return 0;
974 pbody.capability_info = EXTRACT_LE_16BITS(p);
975 offset += IEEE802_11_CAPINFO_LEN;
976 length -= IEEE802_11_CAPINFO_LEN;
977 pbody.status_code = EXTRACT_LE_16BITS(p+offset);
978 offset += IEEE802_11_STATUS_LEN;
979 length -= IEEE802_11_STATUS_LEN;
980 pbody.aid = EXTRACT_LE_16BITS(p+offset);
981 offset += IEEE802_11_AID_LEN;
982 length -= IEEE802_11_AID_LEN;
983
984 ret = parse_elements(&pbody, p, offset, length);
985
986 printf(" AID(%x) :%s: %s", ((u_int16_t)(pbody.aid << 2 )) >> 2 ,
987 CAPABILITY_PRIVACY(pbody.capability_info) ? " PRIVACY " : "",
988 (pbody.status_code < NUM_STATUSES
989 ? status_text[pbody.status_code]
990 : "n/a"));
991
992 return ret;
993 }
994
995 static int
handle_reassoc_request(const u_char * p,u_int length)996 handle_reassoc_request(const u_char *p, u_int length)
997 {
998 struct mgmt_body_t pbody;
999 int offset = 0;
1000 int ret;
1001
1002 memset(&pbody, 0, sizeof(pbody));
1003
1004 if (!TTEST2(*p, IEEE802_11_CAPINFO_LEN + IEEE802_11_LISTENINT_LEN +
1005 IEEE802_11_AP_LEN))
1006 return 0;
1007 if (length < IEEE802_11_CAPINFO_LEN + IEEE802_11_LISTENINT_LEN +
1008 IEEE802_11_AP_LEN)
1009 return 0;
1010 pbody.capability_info = EXTRACT_LE_16BITS(p);
1011 offset += IEEE802_11_CAPINFO_LEN;
1012 length -= IEEE802_11_CAPINFO_LEN;
1013 pbody.listen_interval = EXTRACT_LE_16BITS(p+offset);
1014 offset += IEEE802_11_LISTENINT_LEN;
1015 length -= IEEE802_11_LISTENINT_LEN;
1016 memcpy(&pbody.ap, p+offset, IEEE802_11_AP_LEN);
1017 offset += IEEE802_11_AP_LEN;
1018 length -= IEEE802_11_AP_LEN;
1019
1020 ret = parse_elements(&pbody, p, offset, length);
1021
1022 PRINT_SSID(pbody);
1023 printf(" AP : %s", etheraddr_string( pbody.ap ));
1024
1025 return ret;
1026 }
1027
1028 static int
handle_reassoc_response(const u_char * p,u_int length)1029 handle_reassoc_response(const u_char *p, u_int length)
1030 {
1031 /* Same as a Association Reponse */
1032 return handle_assoc_response(p, length);
1033 }
1034
1035 static int
handle_probe_request(const u_char * p,u_int length)1036 handle_probe_request(const u_char *p, u_int length)
1037 {
1038 struct mgmt_body_t pbody;
1039 int offset = 0;
1040 int ret;
1041
1042 memset(&pbody, 0, sizeof(pbody));
1043
1044 ret = parse_elements(&pbody, p, offset, length);
1045
1046 PRINT_SSID(pbody);
1047 PRINT_RATES(pbody);
1048
1049 return ret;
1050 }
1051
1052 static int
handle_probe_response(const u_char * p,u_int length)1053 handle_probe_response(const u_char *p, u_int length)
1054 {
1055 struct mgmt_body_t pbody;
1056 int offset = 0;
1057 int ret;
1058
1059 memset(&pbody, 0, sizeof(pbody));
1060
1061 if (!TTEST2(*p, IEEE802_11_TSTAMP_LEN + IEEE802_11_BCNINT_LEN +
1062 IEEE802_11_CAPINFO_LEN))
1063 return 0;
1064 if (length < IEEE802_11_TSTAMP_LEN + IEEE802_11_BCNINT_LEN +
1065 IEEE802_11_CAPINFO_LEN)
1066 return 0;
1067 memcpy(&pbody.timestamp, p, IEEE802_11_TSTAMP_LEN);
1068 offset += IEEE802_11_TSTAMP_LEN;
1069 length -= IEEE802_11_TSTAMP_LEN;
1070 pbody.beacon_interval = EXTRACT_LE_16BITS(p+offset);
1071 offset += IEEE802_11_BCNINT_LEN;
1072 length -= IEEE802_11_BCNINT_LEN;
1073 pbody.capability_info = EXTRACT_LE_16BITS(p+offset);
1074 offset += IEEE802_11_CAPINFO_LEN;
1075 length -= IEEE802_11_CAPINFO_LEN;
1076
1077 ret = parse_elements(&pbody, p, offset, length);
1078
1079 PRINT_SSID(pbody);
1080 PRINT_RATES(pbody);
1081 PRINT_DS_CHANNEL(pbody);
1082
1083 return ret;
1084 }
1085
1086 static int
handle_atim(void)1087 handle_atim(void)
1088 {
1089 /* the frame body for ATIM is null. */
1090 return 1;
1091 }
1092
1093 static int
handle_disassoc(const u_char * p,u_int length)1094 handle_disassoc(const u_char *p, u_int length)
1095 {
1096 struct mgmt_body_t pbody;
1097
1098 memset(&pbody, 0, sizeof(pbody));
1099
1100 if (!TTEST2(*p, IEEE802_11_REASON_LEN))
1101 return 0;
1102 if (length < IEEE802_11_REASON_LEN)
1103 return 0;
1104 pbody.reason_code = EXTRACT_LE_16BITS(p);
1105
1106 printf(": %s",
1107 (pbody.reason_code < NUM_REASONS)
1108 ? reason_text[pbody.reason_code]
1109 : "Reserved" );
1110
1111 return 1;
1112 }
1113
1114 static int
handle_auth(const u_char * p,u_int length)1115 handle_auth(const u_char *p, u_int length)
1116 {
1117 struct mgmt_body_t pbody;
1118 int offset = 0;
1119 int ret;
1120
1121 memset(&pbody, 0, sizeof(pbody));
1122
1123 if (!TTEST2(*p, 6))
1124 return 0;
1125 if (length < 6)
1126 return 0;
1127 pbody.auth_alg = EXTRACT_LE_16BITS(p);
1128 offset += 2;
1129 length -= 2;
1130 pbody.auth_trans_seq_num = EXTRACT_LE_16BITS(p + offset);
1131 offset += 2;
1132 length -= 2;
1133 pbody.status_code = EXTRACT_LE_16BITS(p + offset);
1134 offset += 2;
1135 length -= 2;
1136
1137 ret = parse_elements(&pbody, p, offset, length);
1138
1139 if ((pbody.auth_alg == 1) &&
1140 ((pbody.auth_trans_seq_num == 2) ||
1141 (pbody.auth_trans_seq_num == 3))) {
1142 printf(" (%s)-%x [Challenge Text] %s",
1143 (pbody.auth_alg < NUM_AUTH_ALGS)
1144 ? auth_alg_text[pbody.auth_alg]
1145 : "Reserved",
1146 pbody.auth_trans_seq_num,
1147 ((pbody.auth_trans_seq_num % 2)
1148 ? ((pbody.status_code < NUM_STATUSES)
1149 ? status_text[pbody.status_code]
1150 : "n/a") : ""));
1151 return ret;
1152 }
1153 printf(" (%s)-%x: %s",
1154 (pbody.auth_alg < NUM_AUTH_ALGS)
1155 ? auth_alg_text[pbody.auth_alg]
1156 : "Reserved",
1157 pbody.auth_trans_seq_num,
1158 (pbody.auth_trans_seq_num % 2)
1159 ? ((pbody.status_code < NUM_STATUSES)
1160 ? status_text[pbody.status_code]
1161 : "n/a")
1162 : "");
1163
1164 return ret;
1165 }
1166
1167 static int
handle_deauth(const struct mgmt_header_t * pmh,const u_char * p,u_int length)1168 handle_deauth(const struct mgmt_header_t *pmh, const u_char *p, u_int length)
1169 {
1170 struct mgmt_body_t pbody;
1171 int offset = 0;
1172 const char *reason = NULL;
1173
1174 memset(&pbody, 0, sizeof(pbody));
1175
1176 if (!TTEST2(*p, IEEE802_11_REASON_LEN))
1177 return 0;
1178 if (length < IEEE802_11_REASON_LEN)
1179 return 0;
1180 pbody.reason_code = EXTRACT_LE_16BITS(p);
1181 offset += IEEE802_11_REASON_LEN;
1182 length -= IEEE802_11_REASON_LEN;
1183
1184 reason = (pbody.reason_code < NUM_REASONS)
1185 ? reason_text[pbody.reason_code]
1186 : "Reserved";
1187
1188 if (eflag) {
1189 printf(": %s", reason);
1190 } else {
1191 printf(" (%s): %s", etheraddr_string(pmh->sa), reason);
1192 }
1193 return 1;
1194 }
1195
1196 #define PRINT_HT_ACTION(v) (\
1197 (v) == 0 ? printf("TxChWidth") : \
1198 (v) == 1 ? printf("MIMOPwrSave") : \
1199 printf("Act#%d", (v)) \
1200 )
1201 #define PRINT_BA_ACTION(v) (\
1202 (v) == 0 ? printf("ADDBA Request") : \
1203 (v) == 1 ? printf("ADDBA Response") : \
1204 (v) == 2 ? printf("DELBA") : \
1205 printf("Act#%d", (v)) \
1206 )
1207 #define PRINT_MESHLINK_ACTION(v) (\
1208 (v) == 0 ? printf("Request") : \
1209 (v) == 1 ? printf("Report") : \
1210 printf("Act#%d", (v)) \
1211 )
1212 #define PRINT_MESHPEERING_ACTION(v) (\
1213 (v) == 0 ? printf("Open") : \
1214 (v) == 1 ? printf("Confirm") : \
1215 (v) == 2 ? printf("Close") : \
1216 printf("Act#%d", (v)) \
1217 )
1218 #define PRINT_MESHPATH_ACTION(v) (\
1219 (v) == 0 ? printf("Request") : \
1220 (v) == 1 ? printf("Report") : \
1221 (v) == 2 ? printf("Error") : \
1222 (v) == 3 ? printf("RootAnnouncement") : \
1223 printf("Act#%d", (v)) \
1224 )
1225
1226 #define PRINT_MESH_ACTION(v) (\
1227 (v) == 0 ? printf("MeshLink") : \
1228 (v) == 1 ? printf("HWMP") : \
1229 (v) == 2 ? printf("Gate Announcement") : \
1230 (v) == 3 ? printf("Congestion Control") : \
1231 (v) == 4 ? printf("MCCA Setup Request") : \
1232 (v) == 5 ? printf("MCCA Setup Reply") : \
1233 (v) == 6 ? printf("MCCA Advertisement Request") : \
1234 (v) == 7 ? printf("MCCA Advertisement") : \
1235 (v) == 8 ? printf("MCCA Teardown") : \
1236 (v) == 9 ? printf("TBTT Adjustment Request") : \
1237 (v) == 10 ? printf("TBTT Adjustment Response") : \
1238 printf("Act#%d", (v)) \
1239 )
1240 #define PRINT_MULTIHOP_ACTION(v) (\
1241 (v) == 0 ? printf("Proxy Update") : \
1242 (v) == 1 ? printf("Proxy Update Confirmation") : \
1243 printf("Act#%d", (v)) \
1244 )
1245 #define PRINT_SELFPROT_ACTION(v) (\
1246 (v) == 1 ? printf("Peering Open") : \
1247 (v) == 2 ? printf("Peering Confirm") : \
1248 (v) == 3 ? printf("Peering Close") : \
1249 (v) == 4 ? printf("Group Key Inform") : \
1250 (v) == 5 ? printf("Group Key Acknowledge") : \
1251 printf("Act#%d", (v)) \
1252 )
1253
1254 static int
handle_action(const struct mgmt_header_t * pmh,const u_char * p,u_int length)1255 handle_action(const struct mgmt_header_t *pmh, const u_char *p, u_int length)
1256 {
1257 if (!TTEST2(*p, 2))
1258 return 0;
1259 if (length < 2)
1260 return 0;
1261 if (eflag) {
1262 printf(": ");
1263 } else {
1264 printf(" (%s): ", etheraddr_string(pmh->sa));
1265 }
1266 switch (p[0]) {
1267 case 0: printf("Spectrum Management Act#%d", p[1]); break;
1268 case 1: printf("QoS Act#%d", p[1]); break;
1269 case 2: printf("DLS Act#%d", p[1]); break;
1270 case 3: printf("BA "); PRINT_BA_ACTION(p[1]); break;
1271 case 7: printf("HT "); PRINT_HT_ACTION(p[1]); break;
1272 case 13: printf("MeshAction "); PRINT_MESH_ACTION(p[1]); break;
1273 case 14:
1274 printf("MultiohopAction ");
1275 PRINT_MULTIHOP_ACTION(p[1]); break;
1276 case 15:
1277 printf("SelfprotectAction ");
1278 PRINT_SELFPROT_ACTION(p[1]); break;
1279 case 127: printf("Vendor Act#%d", p[1]); break;
1280 default:
1281 printf("Reserved(%d) Act#%d", p[0], p[1]);
1282 break;
1283 }
1284 return 1;
1285 }
1286
1287
1288 /*********************************************************************************
1289 * Print Body funcs
1290 *********************************************************************************/
1291
1292
1293 static int
mgmt_body_print(u_int16_t fc,const struct mgmt_header_t * pmh,const u_char * p,u_int length)1294 mgmt_body_print(u_int16_t fc, const struct mgmt_header_t *pmh,
1295 const u_char *p, u_int length)
1296 {
1297 switch (FC_SUBTYPE(fc)) {
1298 case ST_ASSOC_REQUEST:
1299 printf("Assoc Request");
1300 return handle_assoc_request(p, length);
1301 case ST_ASSOC_RESPONSE:
1302 printf("Assoc Response");
1303 return handle_assoc_response(p, length);
1304 case ST_REASSOC_REQUEST:
1305 printf("ReAssoc Request");
1306 return handle_reassoc_request(p, length);
1307 case ST_REASSOC_RESPONSE:
1308 printf("ReAssoc Response");
1309 return handle_reassoc_response(p, length);
1310 case ST_PROBE_REQUEST:
1311 printf("Probe Request");
1312 return handle_probe_request(p, length);
1313 case ST_PROBE_RESPONSE:
1314 printf("Probe Response");
1315 return handle_probe_response(p, length);
1316 case ST_BEACON:
1317 printf("Beacon");
1318 return handle_beacon(p, length);
1319 case ST_ATIM:
1320 printf("ATIM");
1321 return handle_atim();
1322 case ST_DISASSOC:
1323 printf("Disassociation");
1324 return handle_disassoc(p, length);
1325 case ST_AUTH:
1326 printf("Authentication");
1327 if (!TTEST2(*p, 3))
1328 return 0;
1329 if ((p[0] == 0 ) && (p[1] == 0) && (p[2] == 0)) {
1330 printf("Authentication (Shared-Key)-3 ");
1331 return wep_print(p);
1332 }
1333 return handle_auth(p, length);
1334 case ST_DEAUTH:
1335 printf("DeAuthentication");
1336 return handle_deauth(pmh, p, length);
1337 break;
1338 case ST_ACTION:
1339 printf("Action");
1340 return handle_action(pmh, p, length);
1341 break;
1342 default:
1343 printf("Unhandled Management subtype(%x)",
1344 FC_SUBTYPE(fc));
1345 return 1;
1346 }
1347 }
1348
1349
1350 /*********************************************************************************
1351 * Handles printing all the control frame types
1352 *********************************************************************************/
1353
1354 static int
ctrl_body_print(u_int16_t fc,const u_char * p)1355 ctrl_body_print(u_int16_t fc, const u_char *p)
1356 {
1357 switch (FC_SUBTYPE(fc)) {
1358 case CTRL_CONTROL_WRAPPER:
1359 printf("Control Wrapper");
1360 /* XXX - requires special handling */
1361 break;
1362 case CTRL_BAR:
1363 printf("BAR");
1364 if (!TTEST2(*p, CTRL_BAR_HDRLEN))
1365 return 0;
1366 if (!eflag)
1367 printf(" RA:%s TA:%s CTL(%x) SEQ(%u) ",
1368 etheraddr_string(((const struct ctrl_bar_t *)p)->ra),
1369 etheraddr_string(((const struct ctrl_bar_t *)p)->ta),
1370 EXTRACT_LE_16BITS(&(((const struct ctrl_bar_t *)p)->ctl)),
1371 EXTRACT_LE_16BITS(&(((const struct ctrl_bar_t *)p)->seq)));
1372 break;
1373 case CTRL_BA:
1374 printf("BA");
1375 if (!TTEST2(*p, CTRL_BA_HDRLEN))
1376 return 0;
1377 if (!eflag)
1378 printf(" RA:%s ",
1379 etheraddr_string(((const struct ctrl_ba_t *)p)->ra));
1380 break;
1381 case CTRL_PS_POLL:
1382 printf("Power Save-Poll");
1383 if (!TTEST2(*p, CTRL_PS_POLL_HDRLEN))
1384 return 0;
1385 printf(" AID(%x)",
1386 EXTRACT_LE_16BITS(&(((const struct ctrl_ps_poll_t *)p)->aid)));
1387 break;
1388 case CTRL_RTS:
1389 printf("Request-To-Send");
1390 if (!TTEST2(*p, CTRL_RTS_HDRLEN))
1391 return 0;
1392 if (!eflag)
1393 printf(" TA:%s ",
1394 etheraddr_string(((const struct ctrl_rts_t *)p)->ta));
1395 break;
1396 case CTRL_CTS:
1397 printf("Clear-To-Send");
1398 if (!TTEST2(*p, CTRL_CTS_HDRLEN))
1399 return 0;
1400 if (!eflag)
1401 printf(" RA:%s ",
1402 etheraddr_string(((const struct ctrl_cts_t *)p)->ra));
1403 break;
1404 case CTRL_ACK:
1405 printf("Acknowledgment");
1406 if (!TTEST2(*p, CTRL_ACK_HDRLEN))
1407 return 0;
1408 if (!eflag)
1409 printf(" RA:%s ",
1410 etheraddr_string(((const struct ctrl_ack_t *)p)->ra));
1411 break;
1412 case CTRL_CF_END:
1413 printf("CF-End");
1414 if (!TTEST2(*p, CTRL_END_HDRLEN))
1415 return 0;
1416 if (!eflag)
1417 printf(" RA:%s ",
1418 etheraddr_string(((const struct ctrl_end_t *)p)->ra));
1419 break;
1420 case CTRL_END_ACK:
1421 printf("CF-End+CF-Ack");
1422 if (!TTEST2(*p, CTRL_END_ACK_HDRLEN))
1423 return 0;
1424 if (!eflag)
1425 printf(" RA:%s ",
1426 etheraddr_string(((const struct ctrl_end_ack_t *)p)->ra));
1427 break;
1428 default:
1429 printf("Unknown Ctrl Subtype");
1430 }
1431 return 1;
1432 }
1433
1434 /*
1435 * Print Header funcs
1436 */
1437
1438 /*
1439 * Data Frame - Address field contents
1440 *
1441 * To Ds | From DS | Addr 1 | Addr 2 | Addr 3 | Addr 4
1442 * 0 | 0 | DA | SA | BSSID | n/a
1443 * 0 | 1 | DA | BSSID | SA | n/a
1444 * 1 | 0 | BSSID | SA | DA | n/a
1445 * 1 | 1 | RA | TA | DA | SA
1446 */
1447
1448 static void
data_header_print(u_int16_t fc,const u_char * p,const u_int8_t ** srcp,const u_int8_t ** dstp)1449 data_header_print(u_int16_t fc, const u_char *p, const u_int8_t **srcp,
1450 const u_int8_t **dstp)
1451 {
1452 u_int subtype = FC_SUBTYPE(fc);
1453
1454 if (DATA_FRAME_IS_CF_ACK(subtype) || DATA_FRAME_IS_CF_POLL(subtype) ||
1455 DATA_FRAME_IS_QOS(subtype)) {
1456 printf("CF ");
1457 if (DATA_FRAME_IS_CF_ACK(subtype)) {
1458 if (DATA_FRAME_IS_CF_POLL(subtype))
1459 printf("Ack/Poll");
1460 else
1461 printf("Ack");
1462 } else {
1463 if (DATA_FRAME_IS_CF_POLL(subtype))
1464 printf("Poll");
1465 }
1466 if (DATA_FRAME_IS_QOS(subtype))
1467 printf("+QoS");
1468 printf(" ");
1469 }
1470
1471 #define ADDR1 (p + 4)
1472 #define ADDR2 (p + 10)
1473 #define ADDR3 (p + 16)
1474 #define ADDR4 (p + 24)
1475
1476 if (!FC_TO_DS(fc) && !FC_FROM_DS(fc)) {
1477 if (srcp != NULL)
1478 *srcp = ADDR2;
1479 if (dstp != NULL)
1480 *dstp = ADDR1;
1481 if (!eflag)
1482 return;
1483 printf("DA:%s SA:%s BSSID:%s ",
1484 etheraddr_string(ADDR1), etheraddr_string(ADDR2),
1485 etheraddr_string(ADDR3));
1486 } else if (!FC_TO_DS(fc) && FC_FROM_DS(fc)) {
1487 if (srcp != NULL)
1488 *srcp = ADDR3;
1489 if (dstp != NULL)
1490 *dstp = ADDR1;
1491 if (!eflag)
1492 return;
1493 printf("DA:%s BSSID:%s SA:%s ",
1494 etheraddr_string(ADDR1), etheraddr_string(ADDR2),
1495 etheraddr_string(ADDR3));
1496 } else if (FC_TO_DS(fc) && !FC_FROM_DS(fc)) {
1497 if (srcp != NULL)
1498 *srcp = ADDR2;
1499 if (dstp != NULL)
1500 *dstp = ADDR3;
1501 if (!eflag)
1502 return;
1503 printf("BSSID:%s SA:%s DA:%s ",
1504 etheraddr_string(ADDR1), etheraddr_string(ADDR2),
1505 etheraddr_string(ADDR3));
1506 } else if (FC_TO_DS(fc) && FC_FROM_DS(fc)) {
1507 if (srcp != NULL)
1508 *srcp = ADDR4;
1509 if (dstp != NULL)
1510 *dstp = ADDR3;
1511 if (!eflag)
1512 return;
1513 printf("RA:%s TA:%s DA:%s SA:%s ",
1514 etheraddr_string(ADDR1), etheraddr_string(ADDR2),
1515 etheraddr_string(ADDR3), etheraddr_string(ADDR4));
1516 }
1517
1518 #undef ADDR1
1519 #undef ADDR2
1520 #undef ADDR3
1521 #undef ADDR4
1522 }
1523
1524 static void
mgmt_header_print(const u_char * p,const u_int8_t ** srcp,const u_int8_t ** dstp)1525 mgmt_header_print(const u_char *p, const u_int8_t **srcp,
1526 const u_int8_t **dstp)
1527 {
1528 const struct mgmt_header_t *hp = (const struct mgmt_header_t *) p;
1529
1530 if (srcp != NULL)
1531 *srcp = hp->sa;
1532 if (dstp != NULL)
1533 *dstp = hp->da;
1534 if (!eflag)
1535 return;
1536
1537 printf("BSSID:%s DA:%s SA:%s ",
1538 etheraddr_string((hp)->bssid), etheraddr_string((hp)->da),
1539 etheraddr_string((hp)->sa));
1540 }
1541
1542 static void
ctrl_header_print(u_int16_t fc,const u_char * p,const u_int8_t ** srcp,const u_int8_t ** dstp)1543 ctrl_header_print(u_int16_t fc, const u_char *p, const u_int8_t **srcp,
1544 const u_int8_t **dstp)
1545 {
1546 if (srcp != NULL)
1547 *srcp = NULL;
1548 if (dstp != NULL)
1549 *dstp = NULL;
1550 if (!eflag)
1551 return;
1552
1553 switch (FC_SUBTYPE(fc)) {
1554 case CTRL_BAR:
1555 printf(" RA:%s TA:%s CTL(%x) SEQ(%u) ",
1556 etheraddr_string(((const struct ctrl_bar_t *)p)->ra),
1557 etheraddr_string(((const struct ctrl_bar_t *)p)->ta),
1558 EXTRACT_LE_16BITS(&(((const struct ctrl_bar_t *)p)->ctl)),
1559 EXTRACT_LE_16BITS(&(((const struct ctrl_bar_t *)p)->seq)));
1560 break;
1561 case CTRL_BA:
1562 printf("RA:%s ",
1563 etheraddr_string(((const struct ctrl_ba_t *)p)->ra));
1564 break;
1565 case CTRL_PS_POLL:
1566 printf("BSSID:%s TA:%s ",
1567 etheraddr_string(((const struct ctrl_ps_poll_t *)p)->bssid),
1568 etheraddr_string(((const struct ctrl_ps_poll_t *)p)->ta));
1569 break;
1570 case CTRL_RTS:
1571 printf("RA:%s TA:%s ",
1572 etheraddr_string(((const struct ctrl_rts_t *)p)->ra),
1573 etheraddr_string(((const struct ctrl_rts_t *)p)->ta));
1574 break;
1575 case CTRL_CTS:
1576 printf("RA:%s ",
1577 etheraddr_string(((const struct ctrl_cts_t *)p)->ra));
1578 break;
1579 case CTRL_ACK:
1580 printf("RA:%s ",
1581 etheraddr_string(((const struct ctrl_ack_t *)p)->ra));
1582 break;
1583 case CTRL_CF_END:
1584 printf("RA:%s BSSID:%s ",
1585 etheraddr_string(((const struct ctrl_end_t *)p)->ra),
1586 etheraddr_string(((const struct ctrl_end_t *)p)->bssid));
1587 break;
1588 case CTRL_END_ACK:
1589 printf("RA:%s BSSID:%s ",
1590 etheraddr_string(((const struct ctrl_end_ack_t *)p)->ra),
1591 etheraddr_string(((const struct ctrl_end_ack_t *)p)->bssid));
1592 break;
1593 default:
1594 printf("(H) Unknown Ctrl Subtype");
1595 break;
1596 }
1597 }
1598
1599 static int
extract_header_length(u_int16_t fc)1600 extract_header_length(u_int16_t fc)
1601 {
1602 int len;
1603
1604 switch (FC_TYPE(fc)) {
1605 case T_MGMT:
1606 return MGMT_HDRLEN;
1607 case T_CTRL:
1608 switch (FC_SUBTYPE(fc)) {
1609 case CTRL_BAR:
1610 return CTRL_BAR_HDRLEN;
1611 case CTRL_PS_POLL:
1612 return CTRL_PS_POLL_HDRLEN;
1613 case CTRL_RTS:
1614 return CTRL_RTS_HDRLEN;
1615 case CTRL_CTS:
1616 return CTRL_CTS_HDRLEN;
1617 case CTRL_ACK:
1618 return CTRL_ACK_HDRLEN;
1619 case CTRL_CF_END:
1620 return CTRL_END_HDRLEN;
1621 case CTRL_END_ACK:
1622 return CTRL_END_ACK_HDRLEN;
1623 default:
1624 return 0;
1625 }
1626 case T_DATA:
1627 len = (FC_TO_DS(fc) && FC_FROM_DS(fc)) ? 30 : 24;
1628 if (DATA_FRAME_IS_QOS(FC_SUBTYPE(fc)))
1629 len += 2;
1630 return len;
1631 default:
1632 printf("unknown IEEE802.11 frame type (%d)", FC_TYPE(fc));
1633 return 0;
1634 }
1635 }
1636
1637 static int
extract_mesh_header_length(const u_char * p)1638 extract_mesh_header_length(const u_char *p)
1639 {
1640 return (p[0] &~ 3) ? 0 : 6*(1 + (p[0] & 3));
1641 }
1642
1643 /*
1644 * Print the 802.11 MAC header if eflag is set, and set "*srcp" and "*dstp"
1645 * to point to the source and destination MAC addresses in any case if
1646 * "srcp" and "dstp" aren't null.
1647 */
1648 static void
ieee_802_11_hdr_print(u_int16_t fc,const u_char * p,u_int hdrlen,u_int meshdrlen,const u_int8_t ** srcp,const u_int8_t ** dstp)1649 ieee_802_11_hdr_print(u_int16_t fc, const u_char *p, u_int hdrlen,
1650 u_int meshdrlen, const u_int8_t **srcp, const u_int8_t **dstp)
1651 {
1652 if (vflag) {
1653 if (FC_MORE_DATA(fc))
1654 printf("More Data ");
1655 if (FC_MORE_FLAG(fc))
1656 printf("More Fragments ");
1657 if (FC_POWER_MGMT(fc))
1658 printf("Pwr Mgmt ");
1659 if (FC_RETRY(fc))
1660 printf("Retry ");
1661 if (FC_ORDER(fc))
1662 printf("Strictly Ordered ");
1663 if (FC_WEP(fc))
1664 printf("WEP Encrypted ");
1665 if (FC_TYPE(fc) != T_CTRL || FC_SUBTYPE(fc) != CTRL_PS_POLL)
1666 printf("%dus ",
1667 EXTRACT_LE_16BITS(
1668 &((const struct mgmt_header_t *)p)->duration));
1669 }
1670 if (meshdrlen != 0) {
1671 const struct meshcntl_t *mc =
1672 (const struct meshcntl_t *)&p[hdrlen - meshdrlen];
1673 int ae = mc->flags & 3;
1674
1675 printf("MeshData (AE %d TTL %u seq %u", ae, mc->ttl,
1676 EXTRACT_LE_32BITS(mc->seq));
1677 if (ae > 0)
1678 printf(" A4:%s", etheraddr_string(mc->addr4));
1679 if (ae > 1)
1680 printf(" A5:%s", etheraddr_string(mc->addr5));
1681 if (ae > 2)
1682 printf(" A6:%s", etheraddr_string(mc->addr6));
1683 printf(") ");
1684 }
1685
1686 switch (FC_TYPE(fc)) {
1687 case T_MGMT:
1688 mgmt_header_print(p, srcp, dstp);
1689 break;
1690 case T_CTRL:
1691 ctrl_header_print(fc, p, srcp, dstp);
1692 break;
1693 case T_DATA:
1694 data_header_print(fc, p, srcp, dstp);
1695 break;
1696 default:
1697 printf("(header) unknown IEEE802.11 frame type (%d)",
1698 FC_TYPE(fc));
1699 *srcp = NULL;
1700 *dstp = NULL;
1701 break;
1702 }
1703 }
1704
1705 #ifndef roundup2
1706 #define roundup2(x, y) (((x)+((y)-1))&(~((y)-1))) /* if y is powers of two */
1707 #endif
1708
1709 static u_int
ieee802_11_print(const u_char * p,u_int length,u_int orig_caplen,int pad,u_int fcslen)1710 ieee802_11_print(const u_char *p, u_int length, u_int orig_caplen, int pad,
1711 u_int fcslen)
1712 {
1713 u_int16_t fc;
1714 u_int caplen, hdrlen, meshdrlen;
1715 const u_int8_t *src, *dst;
1716 u_short extracted_ethertype;
1717
1718 caplen = orig_caplen;
1719 /* Remove FCS, if present */
1720 if (length < fcslen) {
1721 printf("[|802.11]");
1722 return caplen;
1723 }
1724 length -= fcslen;
1725 if (caplen > length) {
1726 /* Amount of FCS in actual packet data, if any */
1727 fcslen = caplen - length;
1728 caplen -= fcslen;
1729 snapend -= fcslen;
1730 }
1731
1732 if (caplen < IEEE802_11_FC_LEN) {
1733 printf("[|802.11]");
1734 return orig_caplen;
1735 }
1736
1737 fc = EXTRACT_LE_16BITS(p);
1738 hdrlen = extract_header_length(fc);
1739 if (pad)
1740 hdrlen = roundup2(hdrlen, 4);
1741 if (Hflag && FC_TYPE(fc) == T_DATA &&
1742 DATA_FRAME_IS_QOS(FC_SUBTYPE(fc))) {
1743 meshdrlen = extract_mesh_header_length(p+hdrlen);
1744 hdrlen += meshdrlen;
1745 } else
1746 meshdrlen = 0;
1747
1748
1749 if (caplen < hdrlen) {
1750 printf("[|802.11]");
1751 return hdrlen;
1752 }
1753
1754 ieee_802_11_hdr_print(fc, p, hdrlen, meshdrlen, &src, &dst);
1755
1756 /*
1757 * Go past the 802.11 header.
1758 */
1759 length -= hdrlen;
1760 caplen -= hdrlen;
1761 p += hdrlen;
1762
1763 switch (FC_TYPE(fc)) {
1764 case T_MGMT:
1765 if (!mgmt_body_print(fc,
1766 (const struct mgmt_header_t *)(p - hdrlen), p, length)) {
1767 printf("[|802.11]");
1768 return hdrlen;
1769 }
1770 break;
1771 case T_CTRL:
1772 if (!ctrl_body_print(fc, p - hdrlen)) {
1773 printf("[|802.11]");
1774 return hdrlen;
1775 }
1776 break;
1777 case T_DATA:
1778 if (DATA_FRAME_IS_NULL(FC_SUBTYPE(fc)))
1779 return hdrlen; /* no-data frame */
1780 /* There may be a problem w/ AP not having this bit set */
1781 if (FC_WEP(fc)) {
1782 if (!wep_print(p)) {
1783 printf("[|802.11]");
1784 return hdrlen;
1785 }
1786 } else if (llc_print(p, length, caplen, dst, src,
1787 &extracted_ethertype) == 0) {
1788 /*
1789 * Some kinds of LLC packet we cannot
1790 * handle intelligently
1791 */
1792 if (!eflag)
1793 ieee_802_11_hdr_print(fc, p - hdrlen, hdrlen,
1794 meshdrlen, NULL, NULL);
1795 if (extracted_ethertype)
1796 printf("(LLC %s) ",
1797 etherproto_string(
1798 htons(extracted_ethertype)));
1799 if (!suppress_default_print)
1800 default_print(p, caplen);
1801 }
1802 break;
1803 default:
1804 printf("unknown 802.11 frame type (%d)", FC_TYPE(fc));
1805 break;
1806 }
1807
1808 return hdrlen;
1809 }
1810
1811 /*
1812 * This is the top level routine of the printer. 'p' points
1813 * to the 802.11 header of the packet, 'h->ts' is the timestamp,
1814 * 'h->len' is the length of the packet off the wire, and 'h->caplen'
1815 * is the number of bytes actually captured.
1816 */
1817 u_int
ieee802_11_if_print(const struct pcap_pkthdr * h,const u_char * p)1818 ieee802_11_if_print(const struct pcap_pkthdr *h, const u_char *p)
1819 {
1820 return ieee802_11_print(p, h->len, h->caplen, 0, 0);
1821 }
1822
1823 #define IEEE80211_CHAN_FHSS \
1824 (IEEE80211_CHAN_2GHZ | IEEE80211_CHAN_GFSK)
1825 #define IEEE80211_CHAN_A \
1826 (IEEE80211_CHAN_5GHZ | IEEE80211_CHAN_OFDM)
1827 #define IEEE80211_CHAN_B \
1828 (IEEE80211_CHAN_2GHZ | IEEE80211_CHAN_CCK)
1829 #define IEEE80211_CHAN_PUREG \
1830 (IEEE80211_CHAN_2GHZ | IEEE80211_CHAN_OFDM)
1831 #define IEEE80211_CHAN_G \
1832 (IEEE80211_CHAN_2GHZ | IEEE80211_CHAN_DYN)
1833
1834 #define IS_CHAN_FHSS(flags) \
1835 ((flags & IEEE80211_CHAN_FHSS) == IEEE80211_CHAN_FHSS)
1836 #define IS_CHAN_A(flags) \
1837 ((flags & IEEE80211_CHAN_A) == IEEE80211_CHAN_A)
1838 #define IS_CHAN_B(flags) \
1839 ((flags & IEEE80211_CHAN_B) == IEEE80211_CHAN_B)
1840 #define IS_CHAN_PUREG(flags) \
1841 ((flags & IEEE80211_CHAN_PUREG) == IEEE80211_CHAN_PUREG)
1842 #define IS_CHAN_G(flags) \
1843 ((flags & IEEE80211_CHAN_G) == IEEE80211_CHAN_G)
1844 #define IS_CHAN_ANYG(flags) \
1845 (IS_CHAN_PUREG(flags) || IS_CHAN_G(flags))
1846
1847 static void
print_chaninfo(int freq,int flags)1848 print_chaninfo(int freq, int flags)
1849 {
1850 printf("%u MHz", freq);
1851 if (IS_CHAN_FHSS(flags))
1852 printf(" FHSS");
1853 if (IS_CHAN_A(flags)) {
1854 if (flags & IEEE80211_CHAN_HALF)
1855 printf(" 11a/10Mhz");
1856 else if (flags & IEEE80211_CHAN_QUARTER)
1857 printf(" 11a/5Mhz");
1858 else
1859 printf(" 11a");
1860 }
1861 if (IS_CHAN_ANYG(flags)) {
1862 if (flags & IEEE80211_CHAN_HALF)
1863 printf(" 11g/10Mhz");
1864 else if (flags & IEEE80211_CHAN_QUARTER)
1865 printf(" 11g/5Mhz");
1866 else
1867 printf(" 11g");
1868 } else if (IS_CHAN_B(flags))
1869 printf(" 11b");
1870 if (flags & IEEE80211_CHAN_TURBO)
1871 printf(" Turbo");
1872 if (flags & IEEE80211_CHAN_HT20)
1873 printf(" ht/20");
1874 else if (flags & IEEE80211_CHAN_HT40D)
1875 printf(" ht/40-");
1876 else if (flags & IEEE80211_CHAN_HT40U)
1877 printf(" ht/40+");
1878 printf(" ");
1879 }
1880
1881 static int
print_radiotap_field(struct cpack_state * s,u_int32_t bit,u_int8_t * flags,struct radiotap_state * state,u_int32_t presentflags)1882 print_radiotap_field(struct cpack_state *s, u_int32_t bit, u_int8_t *flags,
1883 struct radiotap_state *state, u_int32_t presentflags)
1884 {
1885 union {
1886 int8_t i8;
1887 u_int8_t u8;
1888 int16_t i16;
1889 u_int16_t u16;
1890 u_int32_t u32;
1891 u_int64_t u64;
1892 } u, u2, u3, u4;
1893 int rc;
1894
1895 switch (bit) {
1896 case IEEE80211_RADIOTAP_FLAGS:
1897 rc = cpack_uint8(s, &u.u8);
1898 if (rc != 0)
1899 break;
1900 *flags = u.u8;
1901 break;
1902 case IEEE80211_RADIOTAP_RATE:
1903 rc = cpack_uint8(s, &u.u8);
1904 if (rc != 0)
1905 break;
1906
1907 /* Save state rate */
1908 state->rate = u.u8;
1909 break;
1910 case IEEE80211_RADIOTAP_DB_ANTSIGNAL:
1911 case IEEE80211_RADIOTAP_DB_ANTNOISE:
1912 case IEEE80211_RADIOTAP_ANTENNA:
1913 rc = cpack_uint8(s, &u.u8);
1914 break;
1915 case IEEE80211_RADIOTAP_DBM_ANTSIGNAL:
1916 case IEEE80211_RADIOTAP_DBM_ANTNOISE:
1917 rc = cpack_int8(s, &u.i8);
1918 break;
1919 case IEEE80211_RADIOTAP_CHANNEL:
1920 rc = cpack_uint16(s, &u.u16);
1921 if (rc != 0)
1922 break;
1923 rc = cpack_uint16(s, &u2.u16);
1924 break;
1925 case IEEE80211_RADIOTAP_FHSS:
1926 case IEEE80211_RADIOTAP_LOCK_QUALITY:
1927 case IEEE80211_RADIOTAP_TX_ATTENUATION:
1928 case IEEE80211_RADIOTAP_RX_FLAGS:
1929 rc = cpack_uint16(s, &u.u16);
1930 break;
1931 case IEEE80211_RADIOTAP_DB_TX_ATTENUATION:
1932 rc = cpack_uint8(s, &u.u8);
1933 break;
1934 case IEEE80211_RADIOTAP_DBM_TX_POWER:
1935 rc = cpack_int8(s, &u.i8);
1936 break;
1937 case IEEE80211_RADIOTAP_TSFT:
1938 rc = cpack_uint64(s, &u.u64);
1939 break;
1940 case IEEE80211_RADIOTAP_XCHANNEL:
1941 rc = cpack_uint32(s, &u.u32);
1942 if (rc != 0)
1943 break;
1944 rc = cpack_uint16(s, &u2.u16);
1945 if (rc != 0)
1946 break;
1947 rc = cpack_uint8(s, &u3.u8);
1948 if (rc != 0)
1949 break;
1950 rc = cpack_uint8(s, &u4.u8);
1951 break;
1952 case IEEE80211_RADIOTAP_MCS:
1953 rc = cpack_uint8(s, &u.u8);
1954 if (rc != 0)
1955 break;
1956 rc = cpack_uint8(s, &u2.u8);
1957 if (rc != 0)
1958 break;
1959 rc = cpack_uint8(s, &u3.u8);
1960 break;
1961 case IEEE80211_RADIOTAP_VENDOR_NAMESPACE: {
1962 u_int8_t vns[3];
1963 u_int16_t length;
1964 u_int8_t subspace;
1965
1966 if ((cpack_align_and_reserve(s, 2)) == NULL) {
1967 rc = -1;
1968 break;
1969 }
1970
1971 rc = cpack_uint8(s, &vns[0]);
1972 if (rc != 0)
1973 break;
1974 rc = cpack_uint8(s, &vns[1]);
1975 if (rc != 0)
1976 break;
1977 rc = cpack_uint8(s, &vns[2]);
1978 if (rc != 0)
1979 break;
1980 rc = cpack_uint8(s, &subspace);
1981 if (rc != 0)
1982 break;
1983 rc = cpack_uint16(s, &length);
1984 if (rc != 0)
1985 break;
1986
1987 /* Skip up to length */
1988 s->c_next += length;
1989 break;
1990 }
1991 default:
1992 /* this bit indicates a field whose
1993 * size we do not know, so we cannot
1994 * proceed. Just print the bit number.
1995 */
1996 printf("[bit %u] ", bit);
1997 return -1;
1998 }
1999
2000 if (rc != 0) {
2001 printf("[|802.11]");
2002 return rc;
2003 }
2004
2005 /* Preserve the state present flags */
2006 state->present = presentflags;
2007
2008 switch (bit) {
2009 case IEEE80211_RADIOTAP_CHANNEL:
2010 /*
2011 * If CHANNEL and XCHANNEL are both present, skip
2012 * CHANNEL.
2013 */
2014 if (presentflags & (1 << IEEE80211_RADIOTAP_XCHANNEL))
2015 break;
2016 print_chaninfo(u.u16, u2.u16);
2017 break;
2018 case IEEE80211_RADIOTAP_FHSS:
2019 printf("fhset %d fhpat %d ", u.u16 & 0xff, (u.u16 >> 8) & 0xff);
2020 break;
2021 case IEEE80211_RADIOTAP_RATE:
2022 /*
2023 * XXX On FreeBSD rate & 0x80 means we have an MCS. On
2024 * Linux and AirPcap it does not. (What about
2025 * Mac OS X, NetBSD, OpenBSD, and DragonFly BSD?)
2026 *
2027 * This is an issue either for proprietary extensions
2028 * to 11a or 11g, which do exist, or for 11n
2029 * implementations that stuff a rate value into
2030 * this field, which also appear to exist.
2031 *
2032 * We currently handle that by assuming that
2033 * if the 0x80 bit is set *and* the remaining
2034 * bits have a value between 0 and 15 it's
2035 * an MCS value, otherwise it's a rate. If
2036 * there are cases where systems that use
2037 * "0x80 + MCS index" for MCS indices > 15,
2038 * or stuff a rate value here between 64 and
2039 * 71.5 Mb/s in here, we'll need a preference
2040 * setting. Such rates do exist, e.g. 11n
2041 * MCS 7 at 20 MHz with a long guard interval.
2042 */
2043 if (u.u8 >= 0x80 && u.u8 <= 0x8f) {
2044 /*
2045 * XXX - we don't know the channel width
2046 * or guard interval length, so we can't
2047 * convert this to a data rate.
2048 *
2049 * If you want us to show a data rate,
2050 * use the MCS field, not the Rate field;
2051 * the MCS field includes not only the
2052 * MCS index, it also includes bandwidth
2053 * and guard interval information.
2054 *
2055 * XXX - can we get the channel width
2056 * from XChannel and the guard interval
2057 * information from Flags, at least on
2058 * FreeBSD?
2059 */
2060 printf("MCS %u ", u.u8 & 0x7f);
2061 } else
2062 printf("%2.1f Mb/s ", .5*u.u8);
2063 break;
2064 case IEEE80211_RADIOTAP_DBM_ANTSIGNAL:
2065 printf("%ddB signal ", u.i8);
2066 break;
2067 case IEEE80211_RADIOTAP_DBM_ANTNOISE:
2068 printf("%ddB noise ", u.i8);
2069 break;
2070 case IEEE80211_RADIOTAP_DB_ANTSIGNAL:
2071 printf("%ddB signal ", u.u8);
2072 break;
2073 case IEEE80211_RADIOTAP_DB_ANTNOISE:
2074 printf("%ddB noise ", u.u8);
2075 break;
2076 case IEEE80211_RADIOTAP_LOCK_QUALITY:
2077 printf("%u sq ", u.u16);
2078 break;
2079 case IEEE80211_RADIOTAP_TX_ATTENUATION:
2080 printf("%d tx power ", -(int)u.u16);
2081 break;
2082 case IEEE80211_RADIOTAP_DB_TX_ATTENUATION:
2083 printf("%ddB tx power ", -(int)u.u8);
2084 break;
2085 case IEEE80211_RADIOTAP_DBM_TX_POWER:
2086 printf("%ddBm tx power ", u.i8);
2087 break;
2088 case IEEE80211_RADIOTAP_FLAGS:
2089 if (u.u8 & IEEE80211_RADIOTAP_F_CFP)
2090 printf("cfp ");
2091 if (u.u8 & IEEE80211_RADIOTAP_F_SHORTPRE)
2092 printf("short preamble ");
2093 if (u.u8 & IEEE80211_RADIOTAP_F_WEP)
2094 printf("wep ");
2095 if (u.u8 & IEEE80211_RADIOTAP_F_FRAG)
2096 printf("fragmented ");
2097 if (u.u8 & IEEE80211_RADIOTAP_F_BADFCS)
2098 printf("bad-fcs ");
2099 break;
2100 case IEEE80211_RADIOTAP_ANTENNA:
2101 printf("antenna %d ", u.u8);
2102 break;
2103 case IEEE80211_RADIOTAP_TSFT:
2104 printf("%" PRIu64 "us tsft ", u.u64);
2105 break;
2106 case IEEE80211_RADIOTAP_RX_FLAGS:
2107 /* Do nothing for now */
2108 break;
2109 case IEEE80211_RADIOTAP_XCHANNEL:
2110 print_chaninfo(u2.u16, u.u32);
2111 break;
2112 case IEEE80211_RADIOTAP_MCS: {
2113 static const char *bandwidth[4] = {
2114 "20 MHz",
2115 "40 MHz",
2116 "20 MHz (L)",
2117 "20 MHz (U)"
2118 };
2119 float htrate;
2120
2121 if (u.u8 & IEEE80211_RADIOTAP_MCS_MCS_INDEX_KNOWN) {
2122 /*
2123 * We know the MCS index.
2124 */
2125 if (u3.u8 <= MAX_MCS_INDEX) {
2126 /*
2127 * And it's in-range.
2128 */
2129 if (u.u8 & (IEEE80211_RADIOTAP_MCS_BANDWIDTH_KNOWN|IEEE80211_RADIOTAP_MCS_GUARD_INTERVAL_KNOWN)) {
2130 /*
2131 * And we know both the bandwidth and
2132 * the guard interval, so we can look
2133 * up the rate.
2134 */
2135 htrate =
2136 ieee80211_float_htrates \
2137 [u3.u8] \
2138 [((u2.u8 & IEEE80211_RADIOTAP_MCS_BANDWIDTH_MASK) == IEEE80211_RADIOTAP_MCS_BANDWIDTH_40 ? 1 : 0)] \
2139 [((u2.u8 & IEEE80211_RADIOTAP_MCS_SHORT_GI) ? 1 : 0)];
2140 } else {
2141 /*
2142 * We don't know both the bandwidth
2143 * and the guard interval, so we can
2144 * only report the MCS index.
2145 */
2146 htrate = 0.0;
2147 }
2148 } else {
2149 /*
2150 * The MCS value is out of range.
2151 */
2152 htrate = 0.0;
2153 }
2154 if (htrate != 0.0) {
2155 /*
2156 * We have the rate.
2157 * Print it.
2158 */
2159 printf("%.1f Mb/s MCS %u ", htrate, u3.u8);
2160 } else {
2161 /*
2162 * We at least have the MCS index.
2163 * Print it.
2164 */
2165 printf("MCS %u ", u3.u8);
2166 }
2167 }
2168 if (u.u8 & IEEE80211_RADIOTAP_MCS_BANDWIDTH_KNOWN) {
2169 printf("%s ",
2170 bandwidth[u2.u8 & IEEE80211_RADIOTAP_MCS_BANDWIDTH_MASK]);
2171 }
2172 if (u.u8 & IEEE80211_RADIOTAP_MCS_GUARD_INTERVAL_KNOWN) {
2173 printf("%s GI ",
2174 (u2.u8 & IEEE80211_RADIOTAP_MCS_SHORT_GI) ?
2175 "short" : "lon");
2176 }
2177 if (u.u8 & IEEE80211_RADIOTAP_MCS_HT_FORMAT_KNOWN) {
2178 printf("%s ",
2179 (u2.u8 & IEEE80211_RADIOTAP_MCS_HT_GREENFIELD) ?
2180 "greenfield" : "mixed");
2181 }
2182 if (u.u8 & IEEE80211_RADIOTAP_MCS_FEC_TYPE_KNOWN) {
2183 printf("%s FEC ",
2184 (u2.u8 & IEEE80211_RADIOTAP_MCS_FEC_LDPC) ?
2185 "LDPC" : "BCC");
2186 }
2187 if (u.u8 & IEEE80211_RADIOTAP_MCS_STBC_KNOWN) {
2188 printf("RX-STBC%u ",
2189 (u2.u8 & IEEE80211_RADIOTAP_MCS_STBC_MASK) >> IEEE80211_RADIOTAP_MCS_STBC_SHIFT);
2190 }
2191
2192 break;
2193 }
2194 }
2195 return 0;
2196 }
2197
2198 static u_int
ieee802_11_radio_print(const u_char * p,u_int length,u_int caplen)2199 ieee802_11_radio_print(const u_char *p, u_int length, u_int caplen)
2200 {
2201 #define BITNO_32(x) (((x) >> 16) ? 16 + BITNO_16((x) >> 16) : BITNO_16((x)))
2202 #define BITNO_16(x) (((x) >> 8) ? 8 + BITNO_8((x) >> 8) : BITNO_8((x)))
2203 #define BITNO_8(x) (((x) >> 4) ? 4 + BITNO_4((x) >> 4) : BITNO_4((x)))
2204 #define BITNO_4(x) (((x) >> 2) ? 2 + BITNO_2((x) >> 2) : BITNO_2((x)))
2205 #define BITNO_2(x) (((x) & 2) ? 1 : 0)
2206 #define BIT(n) (1U << n)
2207 #define IS_EXTENDED(__p) \
2208 (EXTRACT_LE_32BITS(__p) & BIT(IEEE80211_RADIOTAP_EXT)) != 0
2209
2210 struct cpack_state cpacker;
2211 struct ieee80211_radiotap_header *hdr;
2212 u_int32_t present, next_present;
2213 u_int32_t presentflags = 0;
2214 u_int32_t *presentp, *last_presentp;
2215 enum ieee80211_radiotap_type bit;
2216 int bit0;
2217 u_int len;
2218 u_int8_t flags;
2219 int pad;
2220 u_int fcslen;
2221 struct radiotap_state state;
2222
2223 if (caplen < sizeof(*hdr)) {
2224 printf("[|802.11]");
2225 return caplen;
2226 }
2227
2228 hdr = (struct ieee80211_radiotap_header *)p;
2229
2230 len = EXTRACT_LE_16BITS(&hdr->it_len);
2231
2232 if (caplen < len) {
2233 printf("[|802.11]");
2234 return caplen;
2235 }
2236 cpack_init(&cpacker, (u_int8_t *)hdr, len); /* align against header start */
2237 cpack_advance(&cpacker, sizeof(*hdr)); /* includes the 1st bitmap */
2238 for (last_presentp = &hdr->it_present;
2239 IS_EXTENDED(last_presentp) &&
2240 (u_char*)(last_presentp + 1) <= p + len;
2241 last_presentp++)
2242 cpack_advance(&cpacker, sizeof(hdr->it_present)); /* more bitmaps */
2243
2244 /* are there more bitmap extensions than bytes in header? */
2245 if (IS_EXTENDED(last_presentp)) {
2246 printf("[|802.11]");
2247 return caplen;
2248 }
2249
2250 /* Assume no flags */
2251 flags = 0;
2252 /* Assume no Atheros padding between 802.11 header and body */
2253 pad = 0;
2254 /* Assume no FCS at end of frame */
2255 fcslen = 0;
2256 for (bit0 = 0, presentp = &hdr->it_present; presentp <= last_presentp;
2257 presentp++, bit0 += 32) {
2258 presentflags = EXTRACT_LE_32BITS(presentp);
2259
2260 /* Clear state. */
2261 memset(&state, 0, sizeof(state));
2262
2263 for (present = EXTRACT_LE_32BITS(presentp); present;
2264 present = next_present) {
2265 /* clear the least significant bit that is set */
2266 next_present = present & (present - 1);
2267
2268 /* extract the least significant bit that is set */
2269 bit = (enum ieee80211_radiotap_type)
2270 (bit0 + BITNO_32(present ^ next_present));
2271
2272 if (print_radiotap_field(&cpacker, bit, &flags, &state, presentflags) != 0)
2273 goto out;
2274 }
2275 }
2276
2277 out:
2278 if (flags & IEEE80211_RADIOTAP_F_DATAPAD)
2279 pad = 1; /* Atheros padding */
2280 if (flags & IEEE80211_RADIOTAP_F_FCS)
2281 fcslen = 4; /* FCS at end of packet */
2282 return len + ieee802_11_print(p + len, length - len, caplen - len, pad,
2283 fcslen);
2284 #undef BITNO_32
2285 #undef BITNO_16
2286 #undef BITNO_8
2287 #undef BITNO_4
2288 #undef BITNO_2
2289 #undef BIT
2290 }
2291
2292 static u_int
ieee802_11_avs_radio_print(const u_char * p,u_int length,u_int caplen)2293 ieee802_11_avs_radio_print(const u_char *p, u_int length, u_int caplen)
2294 {
2295 u_int32_t caphdr_len;
2296
2297 if (caplen < 8) {
2298 printf("[|802.11]");
2299 return caplen;
2300 }
2301
2302 caphdr_len = EXTRACT_32BITS(p + 4);
2303 if (caphdr_len < 8) {
2304 /*
2305 * Yow! The capture header length is claimed not
2306 * to be large enough to include even the version
2307 * cookie or capture header length!
2308 */
2309 printf("[|802.11]");
2310 return caplen;
2311 }
2312
2313 if (caplen < caphdr_len) {
2314 printf("[|802.11]");
2315 return caplen;
2316 }
2317
2318 return caphdr_len + ieee802_11_print(p + caphdr_len,
2319 length - caphdr_len, caplen - caphdr_len, 0, 0);
2320 }
2321
2322 #define PRISM_HDR_LEN 144
2323
2324 #define WLANCAP_MAGIC_COOKIE_BASE 0x80211000
2325 #define WLANCAP_MAGIC_COOKIE_V1 0x80211001
2326 #define WLANCAP_MAGIC_COOKIE_V2 0x80211002
2327
2328 /*
2329 * For DLT_PRISM_HEADER; like DLT_IEEE802_11, but with an extra header,
2330 * containing information such as radio information, which we
2331 * currently ignore.
2332 *
2333 * If, however, the packet begins with WLANCAP_MAGIC_COOKIE_V1 or
2334 * WLANCAP_MAGIC_COOKIE_V2, it's really DLT_IEEE802_11_RADIO_AVS
2335 * (currently, on Linux, there's no ARPHRD_ type for
2336 * DLT_IEEE802_11_RADIO_AVS, as there is a ARPHRD_IEEE80211_PRISM
2337 * for DLT_PRISM_HEADER, so ARPHRD_IEEE80211_PRISM is used for
2338 * the AVS header, and the first 4 bytes of the header are used to
2339 * indicate whether it's a Prism header or an AVS header).
2340 */
2341 u_int
prism_if_print(const struct pcap_pkthdr * h,const u_char * p)2342 prism_if_print(const struct pcap_pkthdr *h, const u_char *p)
2343 {
2344 u_int caplen = h->caplen;
2345 u_int length = h->len;
2346 u_int32_t msgcode;
2347
2348 if (caplen < 4) {
2349 printf("[|802.11]");
2350 return caplen;
2351 }
2352
2353 msgcode = EXTRACT_32BITS(p);
2354 if (msgcode == WLANCAP_MAGIC_COOKIE_V1 ||
2355 msgcode == WLANCAP_MAGIC_COOKIE_V2)
2356 return ieee802_11_avs_radio_print(p, length, caplen);
2357
2358 if (caplen < PRISM_HDR_LEN) {
2359 printf("[|802.11]");
2360 return caplen;
2361 }
2362
2363 return PRISM_HDR_LEN + ieee802_11_print(p + PRISM_HDR_LEN,
2364 length - PRISM_HDR_LEN, caplen - PRISM_HDR_LEN, 0, 0);
2365 }
2366
2367 /*
2368 * For DLT_IEEE802_11_RADIO; like DLT_IEEE802_11, but with an extra
2369 * header, containing information such as radio information.
2370 */
2371 u_int
ieee802_11_radio_if_print(const struct pcap_pkthdr * h,const u_char * p)2372 ieee802_11_radio_if_print(const struct pcap_pkthdr *h, const u_char *p)
2373 {
2374 return ieee802_11_radio_print(p, h->len, h->caplen);
2375 }
2376
2377 /*
2378 * For DLT_IEEE802_11_RADIO_AVS; like DLT_IEEE802_11, but with an
2379 * extra header, containing information such as radio information,
2380 * which we currently ignore.
2381 */
2382 u_int
ieee802_11_radio_avs_if_print(const struct pcap_pkthdr * h,const u_char * p)2383 ieee802_11_radio_avs_if_print(const struct pcap_pkthdr *h, const u_char *p)
2384 {
2385 return ieee802_11_avs_radio_print(p, h->len, h->caplen);
2386 }
2387