nexmon – Blame information for rev 1

Subversion Repositories:
Rev:
Rev Author Line No. Line
1 office 1 /*
2 * Copyright (c) 2001
3 * Fortress Technologies, Inc. All rights reserved.
4 * Charlie Lenahan (clenahan@fortresstech.com)
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that: (1) source code distributions
8 * retain the above copyright notice and this paragraph in its entirety, (2)
9 * distributions including binary code include the above copyright notice and
10 * this paragraph in its entirety in the documentation or other materials
11 * provided with the distribution, and (3) all advertising materials mentioning
12 * features or use of this software display the following acknowledgement:
13 * ``This product includes software developed by the University of California,
14 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
15 * the University nor the names of its contributors may be used to endorse
16 * or promote products derived from this software without specific prior
17 * written permission.
18 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
19 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
20 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
21 */
22  
23 #define NETDISSECT_REWORKED
24 #ifdef HAVE_CONFIG_H
25 #include "config.h"
26 #endif
27  
28 #include <tcpdump-stdinc.h>
29  
30 #include <string.h>
31  
32 #include "interface.h"
33 #include "addrtoname.h"
34  
35 #include "extract.h"
36  
37 #include "cpack.h"
38  
39  
40 /* Lengths of 802.11 header components. */
41 #define IEEE802_11_FC_LEN 2
42 #define IEEE802_11_DUR_LEN 2
43 #define IEEE802_11_DA_LEN 6
44 #define IEEE802_11_SA_LEN 6
45 #define IEEE802_11_BSSID_LEN 6
46 #define IEEE802_11_RA_LEN 6
47 #define IEEE802_11_TA_LEN 6
48 #define IEEE802_11_SEQ_LEN 2
49 #define IEEE802_11_CTL_LEN 2
50 #define IEEE802_11_IV_LEN 3
51 #define IEEE802_11_KID_LEN 1
52  
53 /* Frame check sequence length. */
54 #define IEEE802_11_FCS_LEN 4
55  
56 /* Lengths of beacon components. */
57 #define IEEE802_11_TSTAMP_LEN 8
58 #define IEEE802_11_BCNINT_LEN 2
59 #define IEEE802_11_CAPINFO_LEN 2
60 #define IEEE802_11_LISTENINT_LEN 2
61  
62 #define IEEE802_11_AID_LEN 2
63 #define IEEE802_11_STATUS_LEN 2
64 #define IEEE802_11_REASON_LEN 2
65  
66 /* Length of previous AP in reassocation frame */
67 #define IEEE802_11_AP_LEN 6
68  
69 #define T_MGMT 0x0 /* management */
70 #define T_CTRL 0x1 /* control */
71 #define T_DATA 0x2 /* data */
72 #define T_RESV 0x3 /* reserved */
73  
74 #define ST_ASSOC_REQUEST 0x0
75 #define ST_ASSOC_RESPONSE 0x1
76 #define ST_REASSOC_REQUEST 0x2
77 #define ST_REASSOC_RESPONSE 0x3
78 #define ST_PROBE_REQUEST 0x4
79 #define ST_PROBE_RESPONSE 0x5
80 /* RESERVED 0x6 */
81 /* RESERVED 0x7 */
82 #define ST_BEACON 0x8
83 #define ST_ATIM 0x9
84 #define ST_DISASSOC 0xA
85 #define ST_AUTH 0xB
86 #define ST_DEAUTH 0xC
87 #define ST_ACTION 0xD
88 /* RESERVED 0xE */
89 /* RESERVED 0xF */
90  
91 static const struct tok st_str[] = {
92 { ST_ASSOC_REQUEST, "Assoc Request" },
93 { ST_ASSOC_RESPONSE, "Assoc Response" },
94 { ST_REASSOC_REQUEST, "ReAssoc Request" },
95 { ST_REASSOC_RESPONSE, "ReAssoc Response" },
96 { ST_PROBE_REQUEST, "Probe Request" },
97 { ST_PROBE_RESPONSE, "Probe Response" },
98 { ST_BEACON, "Beacon" },
99 { ST_ATIM, "ATIM" },
100 { ST_DISASSOC, "Disassociation" },
101 { ST_AUTH, "Authentication" },
102 { ST_DEAUTH, "DeAuthentication" },
103 { ST_ACTION, "Action" },
104 { 0, NULL }
105 };
106  
107 #define CTRL_CONTROL_WRAPPER 0x7
108 #define CTRL_BAR 0x8
109 #define CTRL_BA 0x9
110 #define CTRL_PS_POLL 0xA
111 #define CTRL_RTS 0xB
112 #define CTRL_CTS 0xC
113 #define CTRL_ACK 0xD
114 #define CTRL_CF_END 0xE
115 #define CTRL_END_ACK 0xF
116  
117 static const struct tok ctrl_str[] = {
118 { CTRL_CONTROL_WRAPPER, "Control Wrapper" },
119 { CTRL_BAR, "BAR" },
120 { CTRL_BA, "BA" },
121 { CTRL_PS_POLL, "Power Save-Poll" },
122 { CTRL_RTS, "Request-To-Send" },
123 { CTRL_CTS, "Clear-To-Send" },
124 { CTRL_ACK, "Acknowledgment" },
125 { CTRL_CF_END, "CF-End" },
126 { CTRL_END_ACK, "CF-End+CF-Ack" },
127 { 0, NULL }
128 };
129  
130 #define DATA_DATA 0x0
131 #define DATA_DATA_CF_ACK 0x1
132 #define DATA_DATA_CF_POLL 0x2
133 #define DATA_DATA_CF_ACK_POLL 0x3
134 #define DATA_NODATA 0x4
135 #define DATA_NODATA_CF_ACK 0x5
136 #define DATA_NODATA_CF_POLL 0x6
137 #define DATA_NODATA_CF_ACK_POLL 0x7
138  
139 #define DATA_QOS_DATA 0x8
140 #define DATA_QOS_DATA_CF_ACK 0x9
141 #define DATA_QOS_DATA_CF_POLL 0xA
142 #define DATA_QOS_DATA_CF_ACK_POLL 0xB
143 #define DATA_QOS_NODATA 0xC
144 #define DATA_QOS_CF_POLL_NODATA 0xE
145 #define DATA_QOS_CF_ACK_POLL_NODATA 0xF
146  
147 /*
148 * The subtype field of a data frame is, in effect, composed of 4 flag
149 * bits - CF-Ack, CF-Poll, Null (means the frame doesn't actually have
150 * any data), and QoS.
151 */
152 #define DATA_FRAME_IS_CF_ACK(x) ((x) & 0x01)
153 #define DATA_FRAME_IS_CF_POLL(x) ((x) & 0x02)
154 #define DATA_FRAME_IS_NULL(x) ((x) & 0x04)
155 #define DATA_FRAME_IS_QOS(x) ((x) & 0x08)
156  
157 /*
158 * Bits in the frame control field.
159 */
160 #define FC_VERSION(fc) ((fc) & 0x3)
161 #define FC_TYPE(fc) (((fc) >> 2) & 0x3)
162 #define FC_SUBTYPE(fc) (((fc) >> 4) & 0xF)
163 #define FC_TO_DS(fc) ((fc) & 0x0100)
164 #define FC_FROM_DS(fc) ((fc) & 0x0200)
165 #define FC_MORE_FLAG(fc) ((fc) & 0x0400)
166 #define FC_RETRY(fc) ((fc) & 0x0800)
167 #define FC_POWER_MGMT(fc) ((fc) & 0x1000)
168 #define FC_MORE_DATA(fc) ((fc) & 0x2000)
169 #define FC_WEP(fc) ((fc) & 0x4000)
170 #define FC_ORDER(fc) ((fc) & 0x8000)
171  
172 struct mgmt_header_t {
173 uint16_t fc;
174 uint16_t duration;
175 uint8_t da[6];
176 uint8_t sa[6];
177 uint8_t bssid[6];
178 uint16_t seq_ctrl;
179 };
180  
181 #define MGMT_HDRLEN (IEEE802_11_FC_LEN+IEEE802_11_DUR_LEN+\
182 IEEE802_11_DA_LEN+IEEE802_11_SA_LEN+\
183 IEEE802_11_BSSID_LEN+IEEE802_11_SEQ_LEN)
184  
185 #define CAPABILITY_ESS(cap) ((cap) & 0x0001)
186 #define CAPABILITY_IBSS(cap) ((cap) & 0x0002)
187 #define CAPABILITY_CFP(cap) ((cap) & 0x0004)
188 #define CAPABILITY_CFP_REQ(cap) ((cap) & 0x0008)
189 #define CAPABILITY_PRIVACY(cap) ((cap) & 0x0010)
190  
191 struct ssid_t {
192 uint8_t element_id;
193 uint8_t length;
194 u_char ssid[33]; /* 32 + 1 for null */
195 };
196  
197 struct rates_t {
198 uint8_t element_id;
199 uint8_t length;
200 uint8_t rate[16];
201 };
202  
203 struct challenge_t {
204 uint8_t element_id;
205 uint8_t length;
206 uint8_t text[254]; /* 1-253 + 1 for null */
207 };
208  
209 struct fh_t {
210 uint8_t element_id;
211 uint8_t length;
212 uint16_t dwell_time;
213 uint8_t hop_set;
214 uint8_t hop_pattern;
215 uint8_t hop_index;
216 };
217  
218 struct ds_t {
219 uint8_t element_id;
220 uint8_t length;
221 uint8_t channel;
222 };
223  
224 struct cf_t {
225 uint8_t element_id;
226 uint8_t length;
227 uint8_t count;
228 uint8_t period;
229 uint16_t max_duration;
230 uint16_t dur_remaing;
231 };
232  
233 struct tim_t {
234 uint8_t element_id;
235 uint8_t length;
236 uint8_t count;
237 uint8_t period;
238 uint8_t bitmap_control;
239 uint8_t bitmap[251];
240 };
241  
242 #define E_SSID 0
243 #define E_RATES 1
244 #define E_FH 2
245 #define E_DS 3
246 #define E_CF 4
247 #define E_TIM 5
248 #define E_IBSS 6
249 /* reserved 7 */
250 /* reserved 8 */
251 /* reserved 9 */
252 /* reserved 10 */
253 /* reserved 11 */
254 /* reserved 12 */
255 /* reserved 13 */
256 /* reserved 14 */
257 /* reserved 15 */
258 /* reserved 16 */
259  
260 #define E_CHALLENGE 16
261 /* reserved 17 */
262 /* reserved 18 */
263 /* reserved 19 */
264 /* reserved 16 */
265 /* reserved 16 */
266  
267  
268 struct mgmt_body_t {
269 uint8_t timestamp[IEEE802_11_TSTAMP_LEN];
270 uint16_t beacon_interval;
271 uint16_t listen_interval;
272 uint16_t status_code;
273 uint16_t aid;
274 u_char ap[IEEE802_11_AP_LEN];
275 uint16_t reason_code;
276 uint16_t auth_alg;
277 uint16_t auth_trans_seq_num;
278 int challenge_present;
279 struct challenge_t challenge;
280 uint16_t capability_info;
281 int ssid_present;
282 struct ssid_t ssid;
283 int rates_present;
284 struct rates_t rates;
285 int ds_present;
286 struct ds_t ds;
287 int cf_present;
288 struct cf_t cf;
289 int fh_present;
290 struct fh_t fh;
291 int tim_present;
292 struct tim_t tim;
293 };
294  
295 struct ctrl_rts_t {
296 uint16_t fc;
297 uint16_t duration;
298 uint8_t ra[6];
299 uint8_t ta[6];
300 uint8_t fcs[4];
301 };
302  
303 #define CTRL_RTS_HDRLEN (IEEE802_11_FC_LEN+IEEE802_11_DUR_LEN+\
304 IEEE802_11_RA_LEN+IEEE802_11_TA_LEN)
305  
306 struct ctrl_cts_t {
307 uint16_t fc;
308 uint16_t duration;
309 uint8_t ra[6];
310 uint8_t fcs[4];
311 };
312  
313 #define CTRL_CTS_HDRLEN (IEEE802_11_FC_LEN+IEEE802_11_DUR_LEN+IEEE802_11_RA_LEN)
314  
315 struct ctrl_ack_t {
316 uint16_t fc;
317 uint16_t duration;
318 uint8_t ra[6];
319 uint8_t fcs[4];
320 };
321  
322 #define CTRL_ACK_HDRLEN (IEEE802_11_FC_LEN+IEEE802_11_DUR_LEN+IEEE802_11_RA_LEN)
323  
324 struct ctrl_ps_poll_t {
325 uint16_t fc;
326 uint16_t aid;
327 uint8_t bssid[6];
328 uint8_t ta[6];
329 uint8_t fcs[4];
330 };
331  
332 #define CTRL_PS_POLL_HDRLEN (IEEE802_11_FC_LEN+IEEE802_11_AID_LEN+\
333 IEEE802_11_BSSID_LEN+IEEE802_11_TA_LEN)
334  
335 struct ctrl_end_t {
336 uint16_t fc;
337 uint16_t duration;
338 uint8_t ra[6];
339 uint8_t bssid[6];
340 uint8_t fcs[4];
341 };
342  
343 #define CTRL_END_HDRLEN (IEEE802_11_FC_LEN+IEEE802_11_DUR_LEN+\
344 IEEE802_11_RA_LEN+IEEE802_11_BSSID_LEN)
345  
346 struct ctrl_end_ack_t {
347 uint16_t fc;
348 uint16_t duration;
349 uint8_t ra[6];
350 uint8_t bssid[6];
351 uint8_t fcs[4];
352 };
353  
354 #define CTRL_END_ACK_HDRLEN (IEEE802_11_FC_LEN+IEEE802_11_DUR_LEN+\
355 IEEE802_11_RA_LEN+IEEE802_11_BSSID_LEN)
356  
357 struct ctrl_ba_t {
358 uint16_t fc;
359 uint16_t duration;
360 uint8_t ra[6];
361 uint8_t fcs[4];
362 };
363  
364 #define CTRL_BA_HDRLEN (IEEE802_11_FC_LEN+IEEE802_11_DUR_LEN+IEEE802_11_RA_LEN)
365  
366 struct ctrl_bar_t {
367 uint16_t fc;
368 uint16_t dur;
369 uint8_t ra[6];
370 uint8_t ta[6];
371 uint16_t ctl;
372 uint16_t seq;
373 uint8_t fcs[4];
374 };
375  
376 #define CTRL_BAR_HDRLEN (IEEE802_11_FC_LEN+IEEE802_11_DUR_LEN+\
377 IEEE802_11_RA_LEN+IEEE802_11_TA_LEN+\
378 IEEE802_11_CTL_LEN+IEEE802_11_SEQ_LEN)
379  
380 struct meshcntl_t {
381 uint8_t flags;
382 uint8_t ttl;
383 uint8_t seq[4];
384 uint8_t addr4[6];
385 uint8_t addr5[6];
386 uint8_t addr6[6];
387 };
388  
389 #define IV_IV(iv) ((iv) & 0xFFFFFF)
390 #define IV_PAD(iv) (((iv) >> 24) & 0x3F)
391 #define IV_KEYID(iv) (((iv) >> 30) & 0x03)
392  
393 /* $FreeBSD: src/sys/net80211/ieee80211_radiotap.h,v 1.5 2005/01/22 20:12:05 sam Exp $ */
394 /* NetBSD: ieee802_11_radio.h,v 1.2 2006/02/26 03:04:03 dyoung Exp */
395  
396 /*-
397 * Copyright (c) 2003, 2004 David Young. All rights reserved.
398 *
399 * Redistribution and use in source and binary forms, with or without
400 * modification, are permitted provided that the following conditions
401 * are met:
402 * 1. Redistributions of source code must retain the above copyright
403 * notice, this list of conditions and the following disclaimer.
404 * 2. Redistributions in binary form must reproduce the above copyright
405 * notice, this list of conditions and the following disclaimer in the
406 * documentation and/or other materials provided with the distribution.
407 * 3. The name of David Young may not be used to endorse or promote
408 * products derived from this software without specific prior
409 * written permission.
410 *
411 * THIS SOFTWARE IS PROVIDED BY DAVID YOUNG ``AS IS'' AND ANY
412 * EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
413 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
414 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL DAVID
415 * YOUNG BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
416 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
417 * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
418 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
419 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
420 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
421 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY
422 * OF SUCH DAMAGE.
423 */
424  
425 /* A generic radio capture format is desirable. It must be
426 * rigidly defined (e.g., units for fields should be given),
427 * and easily extensible.
428 *
429 * The following is an extensible radio capture format. It is
430 * based on a bitmap indicating which fields are present.
431 *
432 * I am trying to describe precisely what the application programmer
433 * should expect in the following, and for that reason I tell the
434 * units and origin of each measurement (where it applies), or else I
435 * use sufficiently weaselly language ("is a monotonically nondecreasing
436 * function of...") that I cannot set false expectations for lawyerly
437 * readers.
438 */
439  
440 /*
441 * The radio capture header precedes the 802.11 header.
442 *
443 * Note well: all radiotap fields are little-endian.
444 */
445 struct ieee80211_radiotap_header {
446 uint8_t it_version; /* Version 0. Only increases
447 * for drastic changes,
448 * introduction of compatible
449 * new fields does not count.
450 */
451 uint8_t it_pad;
452 uint16_t it_len; /* length of the whole
453 * header in bytes, including
454 * it_version, it_pad,
455 * it_len, and data fields.
456 */
457 uint32_t it_present; /* A bitmap telling which
458 * fields are present. Set bit 31
459 * (0x80000000) to extend the
460 * bitmap by another 32 bits.
461 * Additional extensions are made
462 * by setting bit 31.
463 */
464 };
465  
466 /* Name Data type Units
467 * ---- --------- -----
468 *
469 * IEEE80211_RADIOTAP_TSFT uint64_t microseconds
470 *
471 * Value in microseconds of the MAC's 64-bit 802.11 Time
472 * Synchronization Function timer when the first bit of the
473 * MPDU arrived at the MAC. For received frames, only.
474 *
475 * IEEE80211_RADIOTAP_CHANNEL 2 x uint16_t MHz, bitmap
476 *
477 * Tx/Rx frequency in MHz, followed by flags (see below).
478 * Note that IEEE80211_RADIOTAP_XCHANNEL must be used to
479 * represent an HT channel as there is not enough room in
480 * the flags word.
481 *
482 * IEEE80211_RADIOTAP_FHSS uint16_t see below
483 *
484 * For frequency-hopping radios, the hop set (first byte)
485 * and pattern (second byte).
486 *
487 * IEEE80211_RADIOTAP_RATE uint8_t 500kb/s or index
488 *
489 * Tx/Rx data rate. If bit 0x80 is set then it represents an
490 * an MCS index and not an IEEE rate.
491 *
492 * IEEE80211_RADIOTAP_DBM_ANTSIGNAL int8_t decibels from
493 * one milliwatt (dBm)
494 *
495 * RF signal power at the antenna, decibel difference from
496 * one milliwatt.
497 *
498 * IEEE80211_RADIOTAP_DBM_ANTNOISE int8_t decibels from
499 * one milliwatt (dBm)
500 *
501 * RF noise power at the antenna, decibel difference from one
502 * milliwatt.
503 *
504 * IEEE80211_RADIOTAP_DB_ANTSIGNAL uint8_t decibel (dB)
505 *
506 * RF signal power at the antenna, decibel difference from an
507 * arbitrary, fixed reference.
508 *
509 * IEEE80211_RADIOTAP_DB_ANTNOISE uint8_t decibel (dB)
510 *
511 * RF noise power at the antenna, decibel difference from an
512 * arbitrary, fixed reference point.
513 *
514 * IEEE80211_RADIOTAP_LOCK_QUALITY uint16_t unitless
515 *
516 * Quality of Barker code lock. Unitless. Monotonically
517 * nondecreasing with "better" lock strength. Called "Signal
518 * Quality" in datasheets. (Is there a standard way to measure
519 * this?)
520 *
521 * IEEE80211_RADIOTAP_TX_ATTENUATION uint16_t unitless
522 *
523 * Transmit power expressed as unitless distance from max
524 * power set at factory calibration. 0 is max power.
525 * Monotonically nondecreasing with lower power levels.
526 *
527 * IEEE80211_RADIOTAP_DB_TX_ATTENUATION uint16_t decibels (dB)
528 *
529 * Transmit power expressed as decibel distance from max power
530 * set at factory calibration. 0 is max power. Monotonically
531 * nondecreasing with lower power levels.
532 *
533 * IEEE80211_RADIOTAP_DBM_TX_POWER int8_t decibels from
534 * one milliwatt (dBm)
535 *
536 * Transmit power expressed as dBm (decibels from a 1 milliwatt
537 * reference). This is the absolute power level measured at
538 * the antenna port.
539 *
540 * IEEE80211_RADIOTAP_FLAGS uint8_t bitmap
541 *
542 * Properties of transmitted and received frames. See flags
543 * defined below.
544 *
545 * IEEE80211_RADIOTAP_ANTENNA uint8_t antenna index
546 *
547 * Unitless indication of the Rx/Tx antenna for this packet.
548 * The first antenna is antenna 0.
549 *
550 * IEEE80211_RADIOTAP_RX_FLAGS uint16_t bitmap
551 *
552 * Properties of received frames. See flags defined below.
553 *
554 * IEEE80211_RADIOTAP_XCHANNEL uint32_t bitmap
555 * uint16_t MHz
556 * uint8_t channel number
557 * uint8_t .5 dBm
558 *
559 * Extended channel specification: flags (see below) followed by
560 * frequency in MHz, the corresponding IEEE channel number, and
561 * finally the maximum regulatory transmit power cap in .5 dBm
562 * units. This property supersedes IEEE80211_RADIOTAP_CHANNEL
563 * and only one of the two should be present.
564 *
565 * IEEE80211_RADIOTAP_MCS uint8_t known
566 * uint8_t flags
567 * uint8_t mcs
568 *
569 * Bitset indicating which fields have known values, followed
570 * by bitset of flag values, followed by the MCS rate index as
571 * in IEEE 802.11n.
572 *
573 * IEEE80211_RADIOTAP_VENDOR_NAMESPACE
574 * uint8_t OUI[3]
575 * uint8_t subspace
576 * uint16_t length
577 *
578 * The Vendor Namespace Field contains three sub-fields. The first
579 * sub-field is 3 bytes long. It contains the vendor's IEEE 802
580 * Organizationally Unique Identifier (OUI). The fourth byte is a
581 * vendor-specific "namespace selector."
582 *
583 */
584 enum ieee80211_radiotap_type {
585 IEEE80211_RADIOTAP_TSFT = 0,
586 IEEE80211_RADIOTAP_FLAGS = 1,
587 IEEE80211_RADIOTAP_RATE = 2,
588 IEEE80211_RADIOTAP_CHANNEL = 3,
589 IEEE80211_RADIOTAP_FHSS = 4,
590 IEEE80211_RADIOTAP_DBM_ANTSIGNAL = 5,
591 IEEE80211_RADIOTAP_DBM_ANTNOISE = 6,
592 IEEE80211_RADIOTAP_LOCK_QUALITY = 7,
593 IEEE80211_RADIOTAP_TX_ATTENUATION = 8,
594 IEEE80211_RADIOTAP_DB_TX_ATTENUATION = 9,
595 IEEE80211_RADIOTAP_DBM_TX_POWER = 10,
596 IEEE80211_RADIOTAP_ANTENNA = 11,
597 IEEE80211_RADIOTAP_DB_ANTSIGNAL = 12,
598 IEEE80211_RADIOTAP_DB_ANTNOISE = 13,
599 IEEE80211_RADIOTAP_RX_FLAGS = 14,
600 /* NB: gap for netbsd definitions */
601 IEEE80211_RADIOTAP_XCHANNEL = 18,
602 IEEE80211_RADIOTAP_MCS = 19,
603 IEEE80211_RADIOTAP_NAMESPACE = 29,
604 IEEE80211_RADIOTAP_VENDOR_NAMESPACE = 30,
605 IEEE80211_RADIOTAP_EXT = 31
606 };
607  
608 /* channel attributes */
609 #define IEEE80211_CHAN_TURBO 0x00010 /* Turbo channel */
610 #define IEEE80211_CHAN_CCK 0x00020 /* CCK channel */
611 #define IEEE80211_CHAN_OFDM 0x00040 /* OFDM channel */
612 #define IEEE80211_CHAN_2GHZ 0x00080 /* 2 GHz spectrum channel. */
613 #define IEEE80211_CHAN_5GHZ 0x00100 /* 5 GHz spectrum channel */
614 #define IEEE80211_CHAN_PASSIVE 0x00200 /* Only passive scan allowed */
615 #define IEEE80211_CHAN_DYN 0x00400 /* Dynamic CCK-OFDM channel */
616 #define IEEE80211_CHAN_GFSK 0x00800 /* GFSK channel (FHSS PHY) */
617 #define IEEE80211_CHAN_GSM 0x01000 /* 900 MHz spectrum channel */
618 #define IEEE80211_CHAN_STURBO 0x02000 /* 11a static turbo channel only */
619 #define IEEE80211_CHAN_HALF 0x04000 /* Half rate channel */
620 #define IEEE80211_CHAN_QUARTER 0x08000 /* Quarter rate channel */
621 #define IEEE80211_CHAN_HT20 0x10000 /* HT 20 channel */
622 #define IEEE80211_CHAN_HT40U 0x20000 /* HT 40 channel w/ ext above */
623 #define IEEE80211_CHAN_HT40D 0x40000 /* HT 40 channel w/ ext below */
624  
625 /* Useful combinations of channel characteristics, borrowed from Ethereal */
626 #define IEEE80211_CHAN_A \
627 (IEEE80211_CHAN_5GHZ | IEEE80211_CHAN_OFDM)
628 #define IEEE80211_CHAN_B \
629 (IEEE80211_CHAN_2GHZ | IEEE80211_CHAN_CCK)
630 #define IEEE80211_CHAN_G \
631 (IEEE80211_CHAN_2GHZ | IEEE80211_CHAN_DYN)
632 #define IEEE80211_CHAN_TA \
633 (IEEE80211_CHAN_5GHZ | IEEE80211_CHAN_OFDM | IEEE80211_CHAN_TURBO)
634 #define IEEE80211_CHAN_TG \
635 (IEEE80211_CHAN_2GHZ | IEEE80211_CHAN_DYN | IEEE80211_CHAN_TURBO)
636  
637  
638 /* For IEEE80211_RADIOTAP_FLAGS */
639 #define IEEE80211_RADIOTAP_F_CFP 0x01 /* sent/received
640 * during CFP
641 */
642 #define IEEE80211_RADIOTAP_F_SHORTPRE 0x02 /* sent/received
643 * with short
644 * preamble
645 */
646 #define IEEE80211_RADIOTAP_F_WEP 0x04 /* sent/received
647 * with WEP encryption
648 */
649 #define IEEE80211_RADIOTAP_F_FRAG 0x08 /* sent/received
650 * with fragmentation
651 */
652 #define IEEE80211_RADIOTAP_F_FCS 0x10 /* frame includes FCS */
653 #define IEEE80211_RADIOTAP_F_DATAPAD 0x20 /* frame has padding between
654 * 802.11 header and payload
655 * (to 32-bit boundary)
656 */
657 #define IEEE80211_RADIOTAP_F_BADFCS 0x40 /* does not pass FCS check */
658  
659 /* For IEEE80211_RADIOTAP_RX_FLAGS */
660 #define IEEE80211_RADIOTAP_F_RX_BADFCS 0x0001 /* frame failed crc check */
661 #define IEEE80211_RADIOTAP_F_RX_PLCP_CRC 0x0002 /* frame failed PLCP CRC check */
662  
663 /* For IEEE80211_RADIOTAP_MCS known */
664 #define IEEE80211_RADIOTAP_MCS_BANDWIDTH_KNOWN 0x01
665 #define IEEE80211_RADIOTAP_MCS_MCS_INDEX_KNOWN 0x02 /* MCS index field */
666 #define IEEE80211_RADIOTAP_MCS_GUARD_INTERVAL_KNOWN 0x04
667 #define IEEE80211_RADIOTAP_MCS_HT_FORMAT_KNOWN 0x08
668 #define IEEE80211_RADIOTAP_MCS_FEC_TYPE_KNOWN 0x10
669 #define IEEE80211_RADIOTAP_MCS_STBC_KNOWN 0x20
670  
671 /* For IEEE80211_RADIOTAP_MCS flags */
672 #define IEEE80211_RADIOTAP_MCS_BANDWIDTH_MASK 0x03
673 #define IEEE80211_RADIOTAP_MCS_BANDWIDTH_20 0
674 #define IEEE80211_RADIOTAP_MCS_BANDWIDTH_40 1
675 #define IEEE80211_RADIOTAP_MCS_BANDWIDTH_20L 2
676 #define IEEE80211_RADIOTAP_MCS_BANDWIDTH_20U 3
677 #define IEEE80211_RADIOTAP_MCS_SHORT_GI 0x04 /* short guard interval */
678 #define IEEE80211_RADIOTAP_MCS_HT_GREENFIELD 0x08
679 #define IEEE80211_RADIOTAP_MCS_FEC_LDPC 0x10
680 #define IEEE80211_RADIOTAP_MCS_STBC_MASK 0x60
681 #define IEEE80211_RADIOTAP_MCS_STBC_1 1
682 #define IEEE80211_RADIOTAP_MCS_STBC_2 2
683 #define IEEE80211_RADIOTAP_MCS_STBC_3 3
684 #define IEEE80211_RADIOTAP_MCS_STBC_SHIFT 5
685  
686 static const char tstr[] = "[|802.11]";
687  
688 /* Radiotap state */
689 /* This is used to save state when parsing/processing parameters */
690 struct radiotap_state
691 {
692 uint32_t present;
693  
694 uint8_t rate;
695 };
696  
697 #define PRINT_SSID(p) \
698 if (p.ssid_present) { \
699 ND_PRINT((ndo, " (")); \
700 fn_print(ndo, p.ssid.ssid, NULL); \
701 ND_PRINT((ndo, ")")); \
702 }
703  
704 #define PRINT_RATE(_sep, _r, _suf) \
705 ND_PRINT((ndo, "%s%2.1f%s", _sep, (.5 * ((_r) & 0x7f)), _suf))
706 #define PRINT_RATES(p) \
707 if (p.rates_present) { \
708 int z; \
709 const char *sep = " ["; \
710 for (z = 0; z < p.rates.length ; z++) { \
711 PRINT_RATE(sep, p.rates.rate[z], \
712 (p.rates.rate[z] & 0x80 ? "*" : "")); \
713 sep = " "; \
714 } \
715 if (p.rates.length != 0) \
716 ND_PRINT((ndo, " Mbit]")); \
717 }
718  
719 #define PRINT_DS_CHANNEL(p) \
720 if (p.ds_present) \
721 ND_PRINT((ndo, " CH: %u", p.ds.channel)); \
722 ND_PRINT((ndo, "%s", \
723 CAPABILITY_PRIVACY(p.capability_info) ? ", PRIVACY" : ""));
724  
725 #define MAX_MCS_INDEX 76
726  
727 /*
728 * Indices are:
729 *
730 * the MCS index (0-76);
731 *
732 * 0 for 20 MHz, 1 for 40 MHz;
733 *
734 * 0 for a long guard interval, 1 for a short guard interval.
735 */
736 static const float ieee80211_float_htrates[MAX_MCS_INDEX+1][2][2] = {
737 /* MCS 0 */
738 { /* 20 Mhz */ { 6.5, /* SGI */ 7.2, },
739 /* 40 Mhz */ { 13.5, /* SGI */ 15.0, },
740 },
741  
742 /* MCS 1 */
743 { /* 20 Mhz */ { 13.0, /* SGI */ 14.4, },
744 /* 40 Mhz */ { 27.0, /* SGI */ 30.0, },
745 },
746  
747 /* MCS 2 */
748 { /* 20 Mhz */ { 19.5, /* SGI */ 21.7, },
749 /* 40 Mhz */ { 40.5, /* SGI */ 45.0, },
750 },
751  
752 /* MCS 3 */
753 { /* 20 Mhz */ { 26.0, /* SGI */ 28.9, },
754 /* 40 Mhz */ { 54.0, /* SGI */ 60.0, },
755 },
756  
757 /* MCS 4 */
758 { /* 20 Mhz */ { 39.0, /* SGI */ 43.3, },
759 /* 40 Mhz */ { 81.0, /* SGI */ 90.0, },
760 },
761  
762 /* MCS 5 */
763 { /* 20 Mhz */ { 52.0, /* SGI */ 57.8, },
764 /* 40 Mhz */ { 108.0, /* SGI */ 120.0, },
765 },
766  
767 /* MCS 6 */
768 { /* 20 Mhz */ { 58.5, /* SGI */ 65.0, },
769 /* 40 Mhz */ { 121.5, /* SGI */ 135.0, },
770 },
771  
772 /* MCS 7 */
773 { /* 20 Mhz */ { 65.0, /* SGI */ 72.2, },
774 /* 40 Mhz */ { 135.0, /* SGI */ 150.0, },
775 },
776  
777 /* MCS 8 */
778 { /* 20 Mhz */ { 13.0, /* SGI */ 14.4, },
779 /* 40 Mhz */ { 27.0, /* SGI */ 30.0, },
780 },
781  
782 /* MCS 9 */
783 { /* 20 Mhz */ { 26.0, /* SGI */ 28.9, },
784 /* 40 Mhz */ { 54.0, /* SGI */ 60.0, },
785 },
786  
787 /* MCS 10 */
788 { /* 20 Mhz */ { 39.0, /* SGI */ 43.3, },
789 /* 40 Mhz */ { 81.0, /* SGI */ 90.0, },
790 },
791  
792 /* MCS 11 */
793 { /* 20 Mhz */ { 52.0, /* SGI */ 57.8, },
794 /* 40 Mhz */ { 108.0, /* SGI */ 120.0, },
795 },
796  
797 /* MCS 12 */
798 { /* 20 Mhz */ { 78.0, /* SGI */ 86.7, },
799 /* 40 Mhz */ { 162.0, /* SGI */ 180.0, },
800 },
801  
802 /* MCS 13 */
803 { /* 20 Mhz */ { 104.0, /* SGI */ 115.6, },
804 /* 40 Mhz */ { 216.0, /* SGI */ 240.0, },
805 },
806  
807 /* MCS 14 */
808 { /* 20 Mhz */ { 117.0, /* SGI */ 130.0, },
809 /* 40 Mhz */ { 243.0, /* SGI */ 270.0, },
810 },
811  
812 /* MCS 15 */
813 { /* 20 Mhz */ { 130.0, /* SGI */ 144.4, },
814 /* 40 Mhz */ { 270.0, /* SGI */ 300.0, },
815 },
816  
817 /* MCS 16 */
818 { /* 20 Mhz */ { 19.5, /* SGI */ 21.7, },
819 /* 40 Mhz */ { 40.5, /* SGI */ 45.0, },
820 },
821  
822 /* MCS 17 */
823 { /* 20 Mhz */ { 39.0, /* SGI */ 43.3, },
824 /* 40 Mhz */ { 81.0, /* SGI */ 90.0, },
825 },
826  
827 /* MCS 18 */
828 { /* 20 Mhz */ { 58.5, /* SGI */ 65.0, },
829 /* 40 Mhz */ { 121.5, /* SGI */ 135.0, },
830 },
831  
832 /* MCS 19 */
833 { /* 20 Mhz */ { 78.0, /* SGI */ 86.7, },
834 /* 40 Mhz */ { 162.0, /* SGI */ 180.0, },
835 },
836  
837 /* MCS 20 */
838 { /* 20 Mhz */ { 117.0, /* SGI */ 130.0, },
839 /* 40 Mhz */ { 243.0, /* SGI */ 270.0, },
840 },
841  
842 /* MCS 21 */
843 { /* 20 Mhz */ { 156.0, /* SGI */ 173.3, },
844 /* 40 Mhz */ { 324.0, /* SGI */ 360.0, },
845 },
846  
847 /* MCS 22 */
848 { /* 20 Mhz */ { 175.5, /* SGI */ 195.0, },
849 /* 40 Mhz */ { 364.5, /* SGI */ 405.0, },
850 },
851  
852 /* MCS 23 */
853 { /* 20 Mhz */ { 195.0, /* SGI */ 216.7, },
854 /* 40 Mhz */ { 405.0, /* SGI */ 450.0, },
855 },
856  
857 /* MCS 24 */
858 { /* 20 Mhz */ { 26.0, /* SGI */ 28.9, },
859 /* 40 Mhz */ { 54.0, /* SGI */ 60.0, },
860 },
861  
862 /* MCS 25 */
863 { /* 20 Mhz */ { 52.0, /* SGI */ 57.8, },
864 /* 40 Mhz */ { 108.0, /* SGI */ 120.0, },
865 },
866  
867 /* MCS 26 */
868 { /* 20 Mhz */ { 78.0, /* SGI */ 86.7, },
869 /* 40 Mhz */ { 162.0, /* SGI */ 180.0, },
870 },
871  
872 /* MCS 27 */
873 { /* 20 Mhz */ { 104.0, /* SGI */ 115.6, },
874 /* 40 Mhz */ { 216.0, /* SGI */ 240.0, },
875 },
876  
877 /* MCS 28 */
878 { /* 20 Mhz */ { 156.0, /* SGI */ 173.3, },
879 /* 40 Mhz */ { 324.0, /* SGI */ 360.0, },
880 },
881  
882 /* MCS 29 */
883 { /* 20 Mhz */ { 208.0, /* SGI */ 231.1, },
884 /* 40 Mhz */ { 432.0, /* SGI */ 480.0, },
885 },
886  
887 /* MCS 30 */
888 { /* 20 Mhz */ { 234.0, /* SGI */ 260.0, },
889 /* 40 Mhz */ { 486.0, /* SGI */ 540.0, },
890 },
891  
892 /* MCS 31 */
893 { /* 20 Mhz */ { 260.0, /* SGI */ 288.9, },
894 /* 40 Mhz */ { 540.0, /* SGI */ 600.0, },
895 },
896  
897 /* MCS 32 */
898 { /* 20 Mhz */ { 0.0, /* SGI */ 0.0, }, /* not valid */
899 /* 40 Mhz */ { 6.0, /* SGI */ 6.7, },
900 },
901  
902 /* MCS 33 */
903 { /* 20 Mhz */ { 39.0, /* SGI */ 43.3, },
904 /* 40 Mhz */ { 81.0, /* SGI */ 90.0, },
905 },
906  
907 /* MCS 34 */
908 { /* 20 Mhz */ { 52.0, /* SGI */ 57.8, },
909 /* 40 Mhz */ { 108.0, /* SGI */ 120.0, },
910 },
911  
912 /* MCS 35 */
913 { /* 20 Mhz */ { 65.0, /* SGI */ 72.2, },
914 /* 40 Mhz */ { 135.0, /* SGI */ 150.0, },
915 },
916  
917 /* MCS 36 */
918 { /* 20 Mhz */ { 58.5, /* SGI */ 65.0, },
919 /* 40 Mhz */ { 121.5, /* SGI */ 135.0, },
920 },
921  
922 /* MCS 37 */
923 { /* 20 Mhz */ { 78.0, /* SGI */ 86.7, },
924 /* 40 Mhz */ { 162.0, /* SGI */ 180.0, },
925 },
926  
927 /* MCS 38 */
928 { /* 20 Mhz */ { 97.5, /* SGI */ 108.3, },
929 /* 40 Mhz */ { 202.5, /* SGI */ 225.0, },
930 },
931  
932 /* MCS 39 */
933 { /* 20 Mhz */ { 52.0, /* SGI */ 57.8, },
934 /* 40 Mhz */ { 108.0, /* SGI */ 120.0, },
935 },
936  
937 /* MCS 40 */
938 { /* 20 Mhz */ { 65.0, /* SGI */ 72.2, },
939 /* 40 Mhz */ { 135.0, /* SGI */ 150.0, },
940 },
941  
942 /* MCS 41 */
943 { /* 20 Mhz */ { 65.0, /* SGI */ 72.2, },
944 /* 40 Mhz */ { 135.0, /* SGI */ 150.0, },
945 },
946  
947 /* MCS 42 */
948 { /* 20 Mhz */ { 78.0, /* SGI */ 86.7, },
949 /* 40 Mhz */ { 162.0, /* SGI */ 180.0, },
950 },
951  
952 /* MCS 43 */
953 { /* 20 Mhz */ { 91.0, /* SGI */ 101.1, },
954 /* 40 Mhz */ { 189.0, /* SGI */ 210.0, },
955 },
956  
957 /* MCS 44 */
958 { /* 20 Mhz */ { 91.0, /* SGI */ 101.1, },
959 /* 40 Mhz */ { 189.0, /* SGI */ 210.0, },
960 },
961  
962 /* MCS 45 */
963 { /* 20 Mhz */ { 104.0, /* SGI */ 115.6, },
964 /* 40 Mhz */ { 216.0, /* SGI */ 240.0, },
965 },
966  
967 /* MCS 46 */
968 { /* 20 Mhz */ { 78.0, /* SGI */ 86.7, },
969 /* 40 Mhz */ { 162.0, /* SGI */ 180.0, },
970 },
971  
972 /* MCS 47 */
973 { /* 20 Mhz */ { 97.5, /* SGI */ 108.3, },
974 /* 40 Mhz */ { 202.5, /* SGI */ 225.0, },
975 },
976  
977 /* MCS 48 */
978 { /* 20 Mhz */ { 97.5, /* SGI */ 108.3, },
979 /* 40 Mhz */ { 202.5, /* SGI */ 225.0, },
980 },
981  
982 /* MCS 49 */
983 { /* 20 Mhz */ { 117.0, /* SGI */ 130.0, },
984 /* 40 Mhz */ { 243.0, /* SGI */ 270.0, },
985 },
986  
987 /* MCS 50 */
988 { /* 20 Mhz */ { 136.5, /* SGI */ 151.7, },
989 /* 40 Mhz */ { 283.5, /* SGI */ 315.0, },
990 },
991  
992 /* MCS 51 */
993 { /* 20 Mhz */ { 136.5, /* SGI */ 151.7, },
994 /* 40 Mhz */ { 283.5, /* SGI */ 315.0, },
995 },
996  
997 /* MCS 52 */
998 { /* 20 Mhz */ { 156.0, /* SGI */ 173.3, },
999 /* 40 Mhz */ { 324.0, /* SGI */ 360.0, },
1000 },
1001  
1002 /* MCS 53 */
1003 { /* 20 Mhz */ { 65.0, /* SGI */ 72.2, },
1004 /* 40 Mhz */ { 135.0, /* SGI */ 150.0, },
1005 },
1006  
1007 /* MCS 54 */
1008 { /* 20 Mhz */ { 78.0, /* SGI */ 86.7, },
1009 /* 40 Mhz */ { 162.0, /* SGI */ 180.0, },
1010 },
1011  
1012 /* MCS 55 */
1013 { /* 20 Mhz */ { 91.0, /* SGI */ 101.1, },
1014 /* 40 Mhz */ { 189.0, /* SGI */ 210.0, },
1015 },
1016  
1017 /* MCS 56 */
1018 { /* 20 Mhz */ { 78.0, /* SGI */ 86.7, },
1019 /* 40 Mhz */ { 162.0, /* SGI */ 180.0, },
1020 },
1021  
1022 /* MCS 57 */
1023 { /* 20 Mhz */ { 91.0, /* SGI */ 101.1, },
1024 /* 40 Mhz */ { 189.0, /* SGI */ 210.0, },
1025 },
1026  
1027 /* MCS 58 */
1028 { /* 20 Mhz */ { 104.0, /* SGI */ 115.6, },
1029 /* 40 Mhz */ { 216.0, /* SGI */ 240.0, },
1030 },
1031  
1032 /* MCS 59 */
1033 { /* 20 Mhz */ { 117.0, /* SGI */ 130.0, },
1034 /* 40 Mhz */ { 243.0, /* SGI */ 270.0, },
1035 },
1036  
1037 /* MCS 60 */
1038 { /* 20 Mhz */ { 104.0, /* SGI */ 115.6, },
1039 /* 40 Mhz */ { 216.0, /* SGI */ 240.0, },
1040 },
1041  
1042 /* MCS 61 */
1043 { /* 20 Mhz */ { 117.0, /* SGI */ 130.0, },
1044 /* 40 Mhz */ { 243.0, /* SGI */ 270.0, },
1045 },
1046  
1047 /* MCS 62 */
1048 { /* 20 Mhz */ { 130.0, /* SGI */ 144.4, },
1049 /* 40 Mhz */ { 270.0, /* SGI */ 300.0, },
1050 },
1051  
1052 /* MCS 63 */
1053 { /* 20 Mhz */ { 130.0, /* SGI */ 144.4, },
1054 /* 40 Mhz */ { 270.0, /* SGI */ 300.0, },
1055 },
1056  
1057 /* MCS 64 */
1058 { /* 20 Mhz */ { 143.0, /* SGI */ 158.9, },
1059 /* 40 Mhz */ { 297.0, /* SGI */ 330.0, },
1060 },
1061  
1062 /* MCS 65 */
1063 { /* 20 Mhz */ { 97.5, /* SGI */ 108.3, },
1064 /* 40 Mhz */ { 202.5, /* SGI */ 225.0, },
1065 },
1066  
1067 /* MCS 66 */
1068 { /* 20 Mhz */ { 117.0, /* SGI */ 130.0, },
1069 /* 40 Mhz */ { 243.0, /* SGI */ 270.0, },
1070 },
1071  
1072 /* MCS 67 */
1073 { /* 20 Mhz */ { 136.5, /* SGI */ 151.7, },
1074 /* 40 Mhz */ { 283.5, /* SGI */ 315.0, },
1075 },
1076  
1077 /* MCS 68 */
1078 { /* 20 Mhz */ { 117.0, /* SGI */ 130.0, },
1079 /* 40 Mhz */ { 243.0, /* SGI */ 270.0, },
1080 },
1081  
1082 /* MCS 69 */
1083 { /* 20 Mhz */ { 136.5, /* SGI */ 151.7, },
1084 /* 40 Mhz */ { 283.5, /* SGI */ 315.0, },
1085 },
1086  
1087 /* MCS 70 */
1088 { /* 20 Mhz */ { 156.0, /* SGI */ 173.3, },
1089 /* 40 Mhz */ { 324.0, /* SGI */ 360.0, },
1090 },
1091  
1092 /* MCS 71 */
1093 { /* 20 Mhz */ { 175.5, /* SGI */ 195.0, },
1094 /* 40 Mhz */ { 364.5, /* SGI */ 405.0, },
1095 },
1096  
1097 /* MCS 72 */
1098 { /* 20 Mhz */ { 156.0, /* SGI */ 173.3, },
1099 /* 40 Mhz */ { 324.0, /* SGI */ 360.0, },
1100 },
1101  
1102 /* MCS 73 */
1103 { /* 20 Mhz */ { 175.5, /* SGI */ 195.0, },
1104 /* 40 Mhz */ { 364.5, /* SGI */ 405.0, },
1105 },
1106  
1107 /* MCS 74 */
1108 { /* 20 Mhz */ { 195.0, /* SGI */ 216.7, },
1109 /* 40 Mhz */ { 405.0, /* SGI */ 450.0, },
1110 },
1111  
1112 /* MCS 75 */
1113 { /* 20 Mhz */ { 195.0, /* SGI */ 216.7, },
1114 /* 40 Mhz */ { 405.0, /* SGI */ 450.0, },
1115 },
1116  
1117 /* MCS 76 */
1118 { /* 20 Mhz */ { 214.5, /* SGI */ 238.3, },
1119 /* 40 Mhz */ { 445.5, /* SGI */ 495.0, },
1120 },
1121 };
1122  
1123 static const char *auth_alg_text[]={"Open System","Shared Key","EAP"};
1124 #define NUM_AUTH_ALGS (sizeof auth_alg_text / sizeof auth_alg_text[0])
1125  
1126 static const char *status_text[] = {
1127 "Successful", /* 0 */
1128 "Unspecified failure", /* 1 */
1129 "Reserved", /* 2 */
1130 "Reserved", /* 3 */
1131 "Reserved", /* 4 */
1132 "Reserved", /* 5 */
1133 "Reserved", /* 6 */
1134 "Reserved", /* 7 */
1135 "Reserved", /* 8 */
1136 "Reserved", /* 9 */
1137 "Cannot Support all requested capabilities in the Capability "
1138 "Information field", /* 10 */
1139 "Reassociation denied due to inability to confirm that association "
1140 "exists", /* 11 */
1141 "Association denied due to reason outside the scope of the "
1142 "standard", /* 12 */
1143 "Responding station does not support the specified authentication "
1144 "algorithm ", /* 13 */
1145 "Received an Authentication frame with authentication transaction "
1146 "sequence number out of expected sequence", /* 14 */
1147 "Authentication rejected because of challenge failure", /* 15 */
1148 "Authentication rejected due to timeout waiting for next frame in "
1149 "sequence", /* 16 */
1150 "Association denied because AP is unable to handle additional"
1151 "associated stations", /* 17 */
1152 "Association denied due to requesting station not supporting all of "
1153 "the data rates in BSSBasicRateSet parameter", /* 18 */
1154 "Association denied due to requesting station not supporting "
1155 "short preamble operation", /* 19 */
1156 "Association denied due to requesting station not supporting "
1157 "PBCC encoding", /* 20 */
1158 "Association denied due to requesting station not supporting "
1159 "channel agility", /* 21 */
1160 "Association request rejected because Spectrum Management "
1161 "capability is required", /* 22 */
1162 "Association request rejected because the information in the "
1163 "Power Capability element is unacceptable", /* 23 */
1164 "Association request rejected because the information in the "
1165 "Supported Channels element is unacceptable", /* 24 */
1166 "Association denied due to requesting station not supporting "
1167 "short slot operation", /* 25 */
1168 "Association denied due to requesting station not supporting "
1169 "DSSS-OFDM operation", /* 26 */
1170 "Association denied because the requested STA does not support HT "
1171 "features", /* 27 */
1172 "Reserved", /* 28 */
1173 "Association denied because the requested STA does not support "
1174 "the PCO transition time required by the AP", /* 29 */
1175 "Reserved", /* 30 */
1176 "Reserved", /* 31 */
1177 "Unspecified, QoS-related failure", /* 32 */
1178 "Association denied due to QAP having insufficient bandwidth "
1179 "to handle another QSTA", /* 33 */
1180 "Association denied due to excessive frame loss rates and/or "
1181 "poor conditions on current operating channel", /* 34 */
1182 "Association (with QBSS) denied due to requesting station not "
1183 "supporting the QoS facility", /* 35 */
1184 "Association denied due to requesting station not supporting "
1185 "Block Ack", /* 36 */
1186 "The request has been declined", /* 37 */
1187 "The request has not been successful as one or more parameters "
1188 "have invalid values", /* 38 */
1189 "The TS has not been created because the request cannot be honored. "
1190 "Try again with the suggested changes to the TSPEC", /* 39 */
1191 "Invalid Information Element", /* 40 */
1192 "Group Cipher is not valid", /* 41 */
1193 "Pairwise Cipher is not valid", /* 42 */
1194 "AKMP is not valid", /* 43 */
1195 "Unsupported RSN IE version", /* 44 */
1196 "Invalid RSN IE Capabilities", /* 45 */
1197 "Cipher suite is rejected per security policy", /* 46 */
1198 "The TS has not been created. However, the HC may be capable of "
1199 "creating a TS, in response to a request, after the time indicated "
1200 "in the TS Delay element", /* 47 */
1201 "Direct Link is not allowed in the BSS by policy", /* 48 */
1202 "Destination STA is not present within this QBSS.", /* 49 */
1203 "The Destination STA is not a QSTA.", /* 50 */
1204  
1205 };
1206 #define NUM_STATUSES (sizeof status_text / sizeof status_text[0])
1207  
1208 static const char *reason_text[] = {
1209 "Reserved", /* 0 */
1210 "Unspecified reason", /* 1 */
1211 "Previous authentication no longer valid", /* 2 */
1212 "Deauthenticated because sending station is leaving (or has left) "
1213 "IBSS or ESS", /* 3 */
1214 "Disassociated due to inactivity", /* 4 */
1215 "Disassociated because AP is unable to handle all currently "
1216 " associated stations", /* 5 */
1217 "Class 2 frame received from nonauthenticated station", /* 6 */
1218 "Class 3 frame received from nonassociated station", /* 7 */
1219 "Disassociated because sending station is leaving "
1220 "(or has left) BSS", /* 8 */
1221 "Station requesting (re)association is not authenticated with "
1222 "responding station", /* 9 */
1223 "Disassociated because the information in the Power Capability "
1224 "element is unacceptable", /* 10 */
1225 "Disassociated because the information in the SupportedChannels "
1226 "element is unacceptable", /* 11 */
1227 "Invalid Information Element", /* 12 */
1228 "Reserved", /* 13 */
1229 "Michael MIC failure", /* 14 */
1230 "4-Way Handshake timeout", /* 15 */
1231 "Group key update timeout", /* 16 */
1232 "Information element in 4-Way Handshake different from (Re)Association"
1233 "Request/Probe Response/Beacon", /* 17 */
1234 "Group Cipher is not valid", /* 18 */
1235 "AKMP is not valid", /* 20 */
1236 "Unsupported RSN IE version", /* 21 */
1237 "Invalid RSN IE Capabilities", /* 22 */
1238 "IEEE 802.1X Authentication failed", /* 23 */
1239 "Cipher suite is rejected per security policy", /* 24 */
1240 "Reserved", /* 25 */
1241 "Reserved", /* 26 */
1242 "Reserved", /* 27 */
1243 "Reserved", /* 28 */
1244 "Reserved", /* 29 */
1245 "Reserved", /* 30 */
1246 "TS deleted because QoS AP lacks sufficient bandwidth for this "
1247 "QoS STA due to a change in BSS service characteristics or "
1248 "operational mode (e.g. an HT BSS change from 40 MHz channel "
1249 "to 20 MHz channel)", /* 31 */
1250 "Disassociated for unspecified, QoS-related reason", /* 32 */
1251 "Disassociated because QoS AP lacks sufficient bandwidth for this "
1252 "QoS STA", /* 33 */
1253 "Disassociated because of excessive number of frames that need to be "
1254 "acknowledged, but are not acknowledged for AP transmissions "
1255 "and/or poor channel conditions", /* 34 */
1256 "Disassociated because STA is transmitting outside the limits "
1257 "of its TXOPs", /* 35 */
1258 "Requested from peer STA as the STA is leaving the BSS "
1259 "(or resetting)", /* 36 */
1260 "Requested from peer STA as it does not want to use the "
1261 "mechanism", /* 37 */
1262 "Requested from peer STA as the STA received frames using the "
1263 "mechanism for which a set up is required", /* 38 */
1264 "Requested from peer STA due to time out", /* 39 */
1265 "Reserved", /* 40 */
1266 "Reserved", /* 41 */
1267 "Reserved", /* 42 */
1268 "Reserved", /* 43 */
1269 "Reserved", /* 44 */
1270 "Peer STA does not support the requested cipher suite", /* 45 */
1271 "Association denied due to requesting STA not supporting HT "
1272 "features", /* 46 */
1273 };
1274 #define NUM_REASONS (sizeof reason_text / sizeof reason_text[0])
1275  
1276 static int
1277 wep_print(netdissect_options *ndo,
1278 const u_char *p)
1279 {
1280 uint32_t iv;
1281  
1282 if (!ND_TTEST2(*p, IEEE802_11_IV_LEN + IEEE802_11_KID_LEN))
1283 return 0;
1284 iv = EXTRACT_LE_32BITS(p);
1285  
1286 ND_PRINT((ndo, "Data IV:%3x Pad %x KeyID %x", IV_IV(iv), IV_PAD(iv),
1287 IV_KEYID(iv)));
1288  
1289 return 1;
1290 }
1291  
1292 static int
1293 parse_elements(netdissect_options *ndo,
1294 struct mgmt_body_t *pbody, const u_char *p, int offset,
1295 u_int length)
1296 {
1297 u_int elementlen;
1298 struct ssid_t ssid;
1299 struct challenge_t challenge;
1300 struct rates_t rates;
1301 struct ds_t ds;
1302 struct cf_t cf;
1303 struct tim_t tim;
1304  
1305 /*
1306 * We haven't seen any elements yet.
1307 */
1308 pbody->challenge_present = 0;
1309 pbody->ssid_present = 0;
1310 pbody->rates_present = 0;
1311 pbody->ds_present = 0;
1312 pbody->cf_present = 0;
1313 pbody->tim_present = 0;
1314  
1315 while (length != 0) {
1316 /* Make sure we at least have the element ID and length. */
1317 if (!ND_TTEST2(*(p + offset), 2))
1318 return 0;
1319 if (length < 2)
1320 return 0;
1321 elementlen = *(p + offset + 1);
1322  
1323 /* Make sure we have the entire element. */
1324 if (!ND_TTEST2(*(p + offset + 2), elementlen))
1325 return 0;
1326 if (length < elementlen + 2)
1327 return 0;
1328  
1329 switch (*(p + offset)) {
1330 case E_SSID:
1331 memcpy(&ssid, p + offset, 2);
1332 offset += 2;
1333 length -= 2;
1334 if (ssid.length != 0) {
1335 if (ssid.length > sizeof(ssid.ssid) - 1)
1336 return 0;
1337 if (!ND_TTEST2(*(p + offset), ssid.length))
1338 return 0;
1339 if (length < ssid.length)
1340 return 0;
1341 memcpy(&ssid.ssid, p + offset, ssid.length);
1342 offset += ssid.length;
1343 length -= ssid.length;
1344 }
1345 ssid.ssid[ssid.length] = '\0';
1346 /*
1347 * Present and not truncated.
1348 *
1349 * If we haven't already seen an SSID IE,
1350 * copy this one, otherwise ignore this one,
1351 * so we later report the first one we saw.
1352 */
1353 if (!pbody->ssid_present) {
1354 pbody->ssid = ssid;
1355 pbody->ssid_present = 1;
1356 }
1357 break;
1358 case E_CHALLENGE:
1359 memcpy(&challenge, p + offset, 2);
1360 offset += 2;
1361 length -= 2;
1362 if (challenge.length != 0) {
1363 if (challenge.length >
1364 sizeof(challenge.text) - 1)
1365 return 0;
1366 if (!ND_TTEST2(*(p + offset), challenge.length))
1367 return 0;
1368 if (length < challenge.length)
1369 return 0;
1370 memcpy(&challenge.text, p + offset,
1371 challenge.length);
1372 offset += challenge.length;
1373 length -= challenge.length;
1374 }
1375 challenge.text[challenge.length] = '\0';
1376 /*
1377 * Present and not truncated.
1378 *
1379 * If we haven't already seen a challenge IE,
1380 * copy this one, otherwise ignore this one,
1381 * so we later report the first one we saw.
1382 */
1383 if (!pbody->challenge_present) {
1384 pbody->challenge = challenge;
1385 pbody->challenge_present = 1;
1386 }
1387 break;
1388 case E_RATES:
1389 memcpy(&rates, p + offset, 2);
1390 offset += 2;
1391 length -= 2;
1392 if (rates.length != 0) {
1393 if (rates.length > sizeof rates.rate)
1394 return 0;
1395 if (!ND_TTEST2(*(p + offset), rates.length))
1396 return 0;
1397 if (length < rates.length)
1398 return 0;
1399 memcpy(&rates.rate, p + offset, rates.length);
1400 offset += rates.length;
1401 length -= rates.length;
1402 }
1403 /*
1404 * Present and not truncated.
1405 *
1406 * If we haven't already seen a rates IE,
1407 * copy this one if it's not zero-length,
1408 * otherwise ignore this one, so we later
1409 * report the first one we saw.
1410 *
1411 * We ignore zero-length rates IEs as some
1412 * devices seem to put a zero-length rates
1413 * IE, followed by an SSID IE, followed by
1414 * a non-zero-length rates IE into frames,
1415 * even though IEEE Std 802.11-2007 doesn't
1416 * seem to indicate that a zero-length rates
1417 * IE is valid.
1418 */
1419 if (!pbody->rates_present && rates.length != 0) {
1420 pbody->rates = rates;
1421 pbody->rates_present = 1;
1422 }
1423 break;
1424 case E_DS:
1425 memcpy(&ds, p + offset, 2);
1426 offset += 2;
1427 length -= 2;
1428 if (ds.length != 1) {
1429 offset += ds.length;
1430 length -= ds.length;
1431 break;
1432 }
1433 ds.channel = *(p + offset);
1434 offset += 1;
1435 length -= 1;
1436 /*
1437 * Present and not truncated.
1438 *
1439 * If we haven't already seen a DS IE,
1440 * copy this one, otherwise ignore this one,
1441 * so we later report the first one we saw.
1442 */
1443 if (!pbody->ds_present) {
1444 pbody->ds = ds;
1445 pbody->ds_present = 1;
1446 }
1447 break;
1448 case E_CF:
1449 memcpy(&cf, p + offset, 2);
1450 offset += 2;
1451 length -= 2;
1452 if (cf.length != 6) {
1453 offset += cf.length;
1454 length -= cf.length;
1455 break;
1456 }
1457 memcpy(&cf.count, p + offset, 6);
1458 offset += 6;
1459 length -= 6;
1460 /*
1461 * Present and not truncated.
1462 *
1463 * If we haven't already seen a CF IE,
1464 * copy this one, otherwise ignore this one,
1465 * so we later report the first one we saw.
1466 */
1467 if (!pbody->cf_present) {
1468 pbody->cf = cf;
1469 pbody->cf_present = 1;
1470 }
1471 break;
1472 case E_TIM:
1473 memcpy(&tim, p + offset, 2);
1474 offset += 2;
1475 length -= 2;
1476 if (tim.length <= 3) {
1477 offset += tim.length;
1478 length -= tim.length;
1479 break;
1480 }
1481 if (tim.length - 3 > (int)sizeof tim.bitmap)
1482 return 0;
1483 memcpy(&tim.count, p + offset, 3);
1484 offset += 3;
1485 length -= 3;
1486  
1487 memcpy(tim.bitmap, p + (tim.length - 3),
1488 (tim.length - 3));
1489 offset += tim.length - 3;
1490 length -= tim.length - 3;
1491 /*
1492 * Present and not truncated.
1493 *
1494 * If we haven't already seen a TIM IE,
1495 * copy this one, otherwise ignore this one,
1496 * so we later report the first one we saw.
1497 */
1498 if (!pbody->tim_present) {
1499 pbody->tim = tim;
1500 pbody->tim_present = 1;
1501 }
1502 break;
1503 default:
1504 #if 0
1505 ND_PRINT((ndo, "(1) unhandled element_id (%d) ",
1506 *(p + offset)));
1507 #endif
1508 offset += 2 + elementlen;
1509 length -= 2 + elementlen;
1510 break;
1511 }
1512 }
1513  
1514 /* No problems found. */
1515 return 1;
1516 }
1517  
1518 /*********************************************************************************
1519 * Print Handle functions for the management frame types
1520 *********************************************************************************/
1521  
1522 static int
1523 handle_beacon(netdissect_options *ndo,
1524 const u_char *p, u_int length)
1525 {
1526 struct mgmt_body_t pbody;
1527 int offset = 0;
1528 int ret;
1529  
1530 memset(&pbody, 0, sizeof(pbody));
1531  
1532 if (!ND_TTEST2(*p, IEEE802_11_TSTAMP_LEN + IEEE802_11_BCNINT_LEN +
1533 IEEE802_11_CAPINFO_LEN))
1534 return 0;
1535 if (length < IEEE802_11_TSTAMP_LEN + IEEE802_11_BCNINT_LEN +
1536 IEEE802_11_CAPINFO_LEN)
1537 return 0;
1538 memcpy(&pbody.timestamp, p, IEEE802_11_TSTAMP_LEN);
1539 offset += IEEE802_11_TSTAMP_LEN;
1540 length -= IEEE802_11_TSTAMP_LEN;
1541 pbody.beacon_interval = EXTRACT_LE_16BITS(p+offset);
1542 offset += IEEE802_11_BCNINT_LEN;
1543 length -= IEEE802_11_BCNINT_LEN;
1544 pbody.capability_info = EXTRACT_LE_16BITS(p+offset);
1545 offset += IEEE802_11_CAPINFO_LEN;
1546 length -= IEEE802_11_CAPINFO_LEN;
1547  
1548 ret = parse_elements(ndo, &pbody, p, offset, length);
1549  
1550 PRINT_SSID(pbody);
1551 PRINT_RATES(pbody);
1552 ND_PRINT((ndo, " %s",
1553 CAPABILITY_ESS(pbody.capability_info) ? "ESS" : "IBSS"));
1554 PRINT_DS_CHANNEL(pbody);
1555  
1556 return ret;
1557 }
1558  
1559 static int
1560 handle_assoc_request(netdissect_options *ndo,
1561 const u_char *p, u_int length)
1562 {
1563 struct mgmt_body_t pbody;
1564 int offset = 0;
1565 int ret;
1566  
1567 memset(&pbody, 0, sizeof(pbody));
1568  
1569 if (!ND_TTEST2(*p, IEEE802_11_CAPINFO_LEN + IEEE802_11_LISTENINT_LEN))
1570 return 0;
1571 if (length < IEEE802_11_CAPINFO_LEN + IEEE802_11_LISTENINT_LEN)
1572 return 0;
1573 pbody.capability_info = EXTRACT_LE_16BITS(p);
1574 offset += IEEE802_11_CAPINFO_LEN;
1575 length -= IEEE802_11_CAPINFO_LEN;
1576 pbody.listen_interval = EXTRACT_LE_16BITS(p+offset);
1577 offset += IEEE802_11_LISTENINT_LEN;
1578 length -= IEEE802_11_LISTENINT_LEN;
1579  
1580 ret = parse_elements(ndo, &pbody, p, offset, length);
1581  
1582 PRINT_SSID(pbody);
1583 PRINT_RATES(pbody);
1584 return ret;
1585 }
1586  
1587 static int
1588 handle_assoc_response(netdissect_options *ndo,
1589 const u_char *p, u_int length)
1590 {
1591 struct mgmt_body_t pbody;
1592 int offset = 0;
1593 int ret;
1594  
1595 memset(&pbody, 0, sizeof(pbody));
1596  
1597 if (!ND_TTEST2(*p, IEEE802_11_CAPINFO_LEN + IEEE802_11_STATUS_LEN +
1598 IEEE802_11_AID_LEN))
1599 return 0;
1600 if (length < IEEE802_11_CAPINFO_LEN + IEEE802_11_STATUS_LEN +
1601 IEEE802_11_AID_LEN)
1602 return 0;
1603 pbody.capability_info = EXTRACT_LE_16BITS(p);
1604 offset += IEEE802_11_CAPINFO_LEN;
1605 length -= IEEE802_11_CAPINFO_LEN;
1606 pbody.status_code = EXTRACT_LE_16BITS(p+offset);
1607 offset += IEEE802_11_STATUS_LEN;
1608 length -= IEEE802_11_STATUS_LEN;
1609 pbody.aid = EXTRACT_LE_16BITS(p+offset);
1610 offset += IEEE802_11_AID_LEN;
1611 length -= IEEE802_11_AID_LEN;
1612  
1613 ret = parse_elements(ndo, &pbody, p, offset, length);
1614  
1615 ND_PRINT((ndo, " AID(%x) :%s: %s", ((uint16_t)(pbody.aid << 2 )) >> 2 ,
1616 CAPABILITY_PRIVACY(pbody.capability_info) ? " PRIVACY " : "",
1617 (pbody.status_code < NUM_STATUSES
1618 ? status_text[pbody.status_code]
1619 : "n/a")));
1620  
1621 return ret;
1622 }
1623  
1624 static int
1625 handle_reassoc_request(netdissect_options *ndo,
1626 const u_char *p, u_int length)
1627 {
1628 struct mgmt_body_t pbody;
1629 int offset = 0;
1630 int ret;
1631  
1632 memset(&pbody, 0, sizeof(pbody));
1633  
1634 if (!ND_TTEST2(*p, IEEE802_11_CAPINFO_LEN + IEEE802_11_LISTENINT_LEN +
1635 IEEE802_11_AP_LEN))
1636 return 0;
1637 if (length < IEEE802_11_CAPINFO_LEN + IEEE802_11_LISTENINT_LEN +
1638 IEEE802_11_AP_LEN)
1639 return 0;
1640 pbody.capability_info = EXTRACT_LE_16BITS(p);
1641 offset += IEEE802_11_CAPINFO_LEN;
1642 length -= IEEE802_11_CAPINFO_LEN;
1643 pbody.listen_interval = EXTRACT_LE_16BITS(p+offset);
1644 offset += IEEE802_11_LISTENINT_LEN;
1645 length -= IEEE802_11_LISTENINT_LEN;
1646 memcpy(&pbody.ap, p+offset, IEEE802_11_AP_LEN);
1647 offset += IEEE802_11_AP_LEN;
1648 length -= IEEE802_11_AP_LEN;
1649  
1650 ret = parse_elements(ndo, &pbody, p, offset, length);
1651  
1652 PRINT_SSID(pbody);
1653 ND_PRINT((ndo, " AP : %s", etheraddr_string(ndo, pbody.ap )));
1654  
1655 return ret;
1656 }
1657  
1658 static int
1659 handle_reassoc_response(netdissect_options *ndo,
1660 const u_char *p, u_int length)
1661 {
1662 /* Same as a Association Reponse */
1663 return handle_assoc_response(ndo, p, length);
1664 }
1665  
1666 static int
1667 handle_probe_request(netdissect_options *ndo,
1668 const u_char *p, u_int length)
1669 {
1670 struct mgmt_body_t pbody;
1671 int offset = 0;
1672 int ret;
1673  
1674 memset(&pbody, 0, sizeof(pbody));
1675  
1676 ret = parse_elements(ndo, &pbody, p, offset, length);
1677  
1678 PRINT_SSID(pbody);
1679 PRINT_RATES(pbody);
1680  
1681 return ret;
1682 }
1683  
1684 static int
1685 handle_probe_response(netdissect_options *ndo,
1686 const u_char *p, u_int length)
1687 {
1688 struct mgmt_body_t pbody;
1689 int offset = 0;
1690 int ret;
1691  
1692 memset(&pbody, 0, sizeof(pbody));
1693  
1694 if (!ND_TTEST2(*p, IEEE802_11_TSTAMP_LEN + IEEE802_11_BCNINT_LEN +
1695 IEEE802_11_CAPINFO_LEN))
1696 return 0;
1697 if (length < IEEE802_11_TSTAMP_LEN + IEEE802_11_BCNINT_LEN +
1698 IEEE802_11_CAPINFO_LEN)
1699 return 0;
1700 memcpy(&pbody.timestamp, p, IEEE802_11_TSTAMP_LEN);
1701 offset += IEEE802_11_TSTAMP_LEN;
1702 length -= IEEE802_11_TSTAMP_LEN;
1703 pbody.beacon_interval = EXTRACT_LE_16BITS(p+offset);
1704 offset += IEEE802_11_BCNINT_LEN;
1705 length -= IEEE802_11_BCNINT_LEN;
1706 pbody.capability_info = EXTRACT_LE_16BITS(p+offset);
1707 offset += IEEE802_11_CAPINFO_LEN;
1708 length -= IEEE802_11_CAPINFO_LEN;
1709  
1710 ret = parse_elements(ndo, &pbody, p, offset, length);
1711  
1712 PRINT_SSID(pbody);
1713 PRINT_RATES(pbody);
1714 PRINT_DS_CHANNEL(pbody);
1715  
1716 return ret;
1717 }
1718  
1719 static int
1720 handle_atim(void)
1721 {
1722 /* the frame body for ATIM is null. */
1723 return 1;
1724 }
1725  
1726 static int
1727 handle_disassoc(netdissect_options *ndo,
1728 const u_char *p, u_int length)
1729 {
1730 struct mgmt_body_t pbody;
1731  
1732 memset(&pbody, 0, sizeof(pbody));
1733  
1734 if (!ND_TTEST2(*p, IEEE802_11_REASON_LEN))
1735 return 0;
1736 if (length < IEEE802_11_REASON_LEN)
1737 return 0;
1738 pbody.reason_code = EXTRACT_LE_16BITS(p);
1739  
1740 ND_PRINT((ndo, ": %s",
1741 (pbody.reason_code < NUM_REASONS)
1742 ? reason_text[pbody.reason_code]
1743 : "Reserved"));
1744  
1745 return 1;
1746 }
1747  
1748 static int
1749 handle_auth(netdissect_options *ndo,
1750 const u_char *p, u_int length)
1751 {
1752 struct mgmt_body_t pbody;
1753 int offset = 0;
1754 int ret;
1755  
1756 memset(&pbody, 0, sizeof(pbody));
1757  
1758 if (!ND_TTEST2(*p, 6))
1759 return 0;
1760 if (length < 6)
1761 return 0;
1762 pbody.auth_alg = EXTRACT_LE_16BITS(p);
1763 offset += 2;
1764 length -= 2;
1765 pbody.auth_trans_seq_num = EXTRACT_LE_16BITS(p + offset);
1766 offset += 2;
1767 length -= 2;
1768 pbody.status_code = EXTRACT_LE_16BITS(p + offset);
1769 offset += 2;
1770 length -= 2;
1771  
1772 ret = parse_elements(ndo, &pbody, p, offset, length);
1773  
1774 if ((pbody.auth_alg == 1) &&
1775 ((pbody.auth_trans_seq_num == 2) ||
1776 (pbody.auth_trans_seq_num == 3))) {
1777 ND_PRINT((ndo, " (%s)-%x [Challenge Text] %s",
1778 (pbody.auth_alg < NUM_AUTH_ALGS)
1779 ? auth_alg_text[pbody.auth_alg]
1780 : "Reserved",
1781 pbody.auth_trans_seq_num,
1782 ((pbody.auth_trans_seq_num % 2)
1783 ? ((pbody.status_code < NUM_STATUSES)
1784 ? status_text[pbody.status_code]
1785 : "n/a") : "")));
1786 return ret;
1787 }
1788 ND_PRINT((ndo, " (%s)-%x: %s",
1789 (pbody.auth_alg < NUM_AUTH_ALGS)
1790 ? auth_alg_text[pbody.auth_alg]
1791 : "Reserved",
1792 pbody.auth_trans_seq_num,
1793 (pbody.auth_trans_seq_num % 2)
1794 ? ((pbody.status_code < NUM_STATUSES)
1795 ? status_text[pbody.status_code]
1796 : "n/a")
1797 : ""));
1798  
1799 return ret;
1800 }
1801  
1802 static int
1803 handle_deauth(netdissect_options *ndo,
1804 const struct mgmt_header_t *pmh, const u_char *p, u_int length)
1805 {
1806 struct mgmt_body_t pbody;
1807 const char *reason = NULL;
1808  
1809 memset(&pbody, 0, sizeof(pbody));
1810  
1811 if (!ND_TTEST2(*p, IEEE802_11_REASON_LEN))
1812 return 0;
1813 if (length < IEEE802_11_REASON_LEN)
1814 return 0;
1815 pbody.reason_code = EXTRACT_LE_16BITS(p);
1816  
1817 reason = (pbody.reason_code < NUM_REASONS)
1818 ? reason_text[pbody.reason_code]
1819 : "Reserved";
1820  
1821 if (ndo->ndo_eflag) {
1822 ND_PRINT((ndo, ": %s", reason));
1823 } else {
1824 ND_PRINT((ndo, " (%s): %s", etheraddr_string(ndo, pmh->sa), reason));
1825 }
1826 return 1;
1827 }
1828  
1829 #define PRINT_HT_ACTION(v) (\
1830 (v) == 0 ? ND_PRINT((ndo, "TxChWidth")) : \
1831 (v) == 1 ? ND_PRINT((ndo, "MIMOPwrSave")) : \
1832 ND_PRINT((ndo, "Act#%d", (v))) \
1833 )
1834 #define PRINT_BA_ACTION(v) (\
1835 (v) == 0 ? ND_PRINT((ndo, "ADDBA Request")) : \
1836 (v) == 1 ? ND_PRINT((ndo, "ADDBA Response")) : \
1837 (v) == 2 ? ND_PRINT((ndo, "DELBA")) : \
1838 ND_PRINT((ndo, "Act#%d", (v))) \
1839 )
1840 #define PRINT_MESHLINK_ACTION(v) (\
1841 (v) == 0 ? ND_PRINT((ndo, "Request")) : \
1842 (v) == 1 ? ND_PRINT((ndo, "Report")) : \
1843 ND_PRINT((ndo, "Act#%d", (v))) \
1844 )
1845 #define PRINT_MESHPEERING_ACTION(v) (\
1846 (v) == 0 ? ND_PRINT((ndo, "Open")) : \
1847 (v) == 1 ? ND_PRINT((ndo, "Confirm")) : \
1848 (v) == 2 ? ND_PRINT((ndo, "Close")) : \
1849 ND_PRINT((ndo, "Act#%d", (v))) \
1850 )
1851 #define PRINT_MESHPATH_ACTION(v) (\
1852 (v) == 0 ? ND_PRINT((ndo, "Request")) : \
1853 (v) == 1 ? ND_PRINT((ndo, "Report")) : \
1854 (v) == 2 ? ND_PRINT((ndo, "Error")) : \
1855 (v) == 3 ? ND_PRINT((ndo, "RootAnnouncement")) : \
1856 ND_PRINT((ndo, "Act#%d", (v))) \
1857 )
1858  
1859 #define PRINT_MESH_ACTION(v) (\
1860 (v) == 0 ? ND_PRINT((ndo, "MeshLink")) : \
1861 (v) == 1 ? ND_PRINT((ndo, "HWMP")) : \
1862 (v) == 2 ? ND_PRINT((ndo, "Gate Announcement")) : \
1863 (v) == 3 ? ND_PRINT((ndo, "Congestion Control")) : \
1864 (v) == 4 ? ND_PRINT((ndo, "MCCA Setup Request")) : \
1865 (v) == 5 ? ND_PRINT((ndo, "MCCA Setup Reply")) : \
1866 (v) == 6 ? ND_PRINT((ndo, "MCCA Advertisement Request")) : \
1867 (v) == 7 ? ND_PRINT((ndo, "MCCA Advertisement")) : \
1868 (v) == 8 ? ND_PRINT((ndo, "MCCA Teardown")) : \
1869 (v) == 9 ? ND_PRINT((ndo, "TBTT Adjustment Request")) : \
1870 (v) == 10 ? ND_PRINT((ndo, "TBTT Adjustment Response")) : \
1871 ND_PRINT((ndo, "Act#%d", (v))) \
1872 )
1873 #define PRINT_MULTIHOP_ACTION(v) (\
1874 (v) == 0 ? ND_PRINT((ndo, "Proxy Update")) : \
1875 (v) == 1 ? ND_PRINT((ndo, "Proxy Update Confirmation")) : \
1876 ND_PRINT((ndo, "Act#%d", (v))) \
1877 )
1878 #define PRINT_SELFPROT_ACTION(v) (\
1879 (v) == 1 ? ND_PRINT((ndo, "Peering Open")) : \
1880 (v) == 2 ? ND_PRINT((ndo, "Peering Confirm")) : \
1881 (v) == 3 ? ND_PRINT((ndo, "Peering Close")) : \
1882 (v) == 4 ? ND_PRINT((ndo, "Group Key Inform")) : \
1883 (v) == 5 ? ND_PRINT((ndo, "Group Key Acknowledge")) : \
1884 ND_PRINT((ndo, "Act#%d", (v))) \
1885 )
1886  
1887 static int
1888 handle_action(netdissect_options *ndo,
1889 const struct mgmt_header_t *pmh, const u_char *p, u_int length)
1890 {
1891 if (!ND_TTEST2(*p, 2))
1892 return 0;
1893 if (length < 2)
1894 return 0;
1895 if (ndo->ndo_eflag) {
1896 ND_PRINT((ndo, ": "));
1897 } else {
1898 ND_PRINT((ndo, " (%s): ", etheraddr_string(ndo, pmh->sa)));
1899 }
1900 switch (p[0]) {
1901 case 0: ND_PRINT((ndo, "Spectrum Management Act#%d", p[1])); break;
1902 case 1: ND_PRINT((ndo, "QoS Act#%d", p[1])); break;
1903 case 2: ND_PRINT((ndo, "DLS Act#%d", p[1])); break;
1904 case 3: ND_PRINT((ndo, "BA ")); PRINT_BA_ACTION(p[1]); break;
1905 case 7: ND_PRINT((ndo, "HT ")); PRINT_HT_ACTION(p[1]); break;
1906 case 13: ND_PRINT((ndo, "MeshAction ")); PRINT_MESH_ACTION(p[1]); break;
1907 case 14:
1908 ND_PRINT((ndo, "MultiohopAction "));
1909 PRINT_MULTIHOP_ACTION(p[1]); break;
1910 case 15:
1911 ND_PRINT((ndo, "SelfprotectAction "));
1912 PRINT_SELFPROT_ACTION(p[1]); break;
1913 case 127: ND_PRINT((ndo, "Vendor Act#%d", p[1])); break;
1914 default:
1915 ND_PRINT((ndo, "Reserved(%d) Act#%d", p[0], p[1]));
1916 break;
1917 }
1918 return 1;
1919 }
1920  
1921  
1922 /*********************************************************************************
1923 * Print Body funcs
1924 *********************************************************************************/
1925  
1926  
1927 static int
1928 mgmt_body_print(netdissect_options *ndo,
1929 uint16_t fc, const struct mgmt_header_t *pmh,
1930 const u_char *p, u_int length)
1931 {
1932 ND_PRINT((ndo, "%s", tok2str(st_str, "Unhandled Management subtype(%x)", FC_SUBTYPE(fc))));
1933 switch (FC_SUBTYPE(fc)) {
1934 case ST_ASSOC_REQUEST:
1935 return handle_assoc_request(ndo, p, length);
1936 case ST_ASSOC_RESPONSE:
1937 return handle_assoc_response(ndo, p, length);
1938 case ST_REASSOC_REQUEST:
1939 return handle_reassoc_request(ndo, p, length);
1940 case ST_REASSOC_RESPONSE:
1941 return handle_reassoc_response(ndo, p, length);
1942 case ST_PROBE_REQUEST:
1943 return handle_probe_request(ndo, p, length);
1944 case ST_PROBE_RESPONSE:
1945 return handle_probe_response(ndo, p, length);
1946 case ST_BEACON:
1947 return handle_beacon(ndo, p, length);
1948 case ST_ATIM:
1949 return handle_atim();
1950 case ST_DISASSOC:
1951 return handle_disassoc(ndo, p, length);
1952 case ST_AUTH:
1953 if (!ND_TTEST2(*p, 3))
1954 return 0;
1955 if ((p[0] == 0 ) && (p[1] == 0) && (p[2] == 0)) {
1956 ND_PRINT((ndo, "Authentication (Shared-Key)-3 "));
1957 return wep_print(ndo, p);
1958 }
1959 return handle_auth(ndo, p, length);
1960 case ST_DEAUTH:
1961 return handle_deauth(ndo, pmh, p, length);
1962 case ST_ACTION:
1963 return handle_action(ndo, pmh, p, length);
1964 default:
1965 return 1;
1966 }
1967 }
1968  
1969  
1970 /*********************************************************************************
1971 * Handles printing all the control frame types
1972 *********************************************************************************/
1973  
1974 static int
1975 ctrl_body_print(netdissect_options *ndo,
1976 uint16_t fc, const u_char *p)
1977 {
1978 ND_PRINT((ndo, "%s", tok2str(ctrl_str, "Unknown Ctrl Subtype", FC_SUBTYPE(fc))));
1979 switch (FC_SUBTYPE(fc)) {
1980 case CTRL_CONTROL_WRAPPER:
1981 /* XXX - requires special handling */
1982 break;
1983 case CTRL_BAR:
1984 if (!ND_TTEST2(*p, CTRL_BAR_HDRLEN))
1985 return 0;
1986 if (!ndo->ndo_eflag)
1987 ND_PRINT((ndo, " RA:%s TA:%s CTL(%x) SEQ(%u) ",
1988 etheraddr_string(ndo, ((const struct ctrl_bar_t *)p)->ra),
1989 etheraddr_string(ndo, ((const struct ctrl_bar_t *)p)->ta),
1990 EXTRACT_LE_16BITS(&(((const struct ctrl_bar_t *)p)->ctl)),
1991 EXTRACT_LE_16BITS(&(((const struct ctrl_bar_t *)p)->seq))));
1992 break;
1993 case CTRL_BA:
1994 if (!ND_TTEST2(*p, CTRL_BA_HDRLEN))
1995 return 0;
1996 if (!ndo->ndo_eflag)
1997 ND_PRINT((ndo, " RA:%s ",
1998 etheraddr_string(ndo, ((const struct ctrl_ba_t *)p)->ra)));
1999 break;
2000 case CTRL_PS_POLL:
2001 if (!ND_TTEST2(*p, CTRL_PS_POLL_HDRLEN))
2002 return 0;
2003 ND_PRINT((ndo, " AID(%x)",
2004 EXTRACT_LE_16BITS(&(((const struct ctrl_ps_poll_t *)p)->aid))));
2005 break;
2006 case CTRL_RTS:
2007 if (!ND_TTEST2(*p, CTRL_RTS_HDRLEN))
2008 return 0;
2009 if (!ndo->ndo_eflag)
2010 ND_PRINT((ndo, " TA:%s ",
2011 etheraddr_string(ndo, ((const struct ctrl_rts_t *)p)->ta)));
2012 break;
2013 case CTRL_CTS:
2014 if (!ND_TTEST2(*p, CTRL_CTS_HDRLEN))
2015 return 0;
2016 if (!ndo->ndo_eflag)
2017 ND_PRINT((ndo, " RA:%s ",
2018 etheraddr_string(ndo, ((const struct ctrl_cts_t *)p)->ra)));
2019 break;
2020 case CTRL_ACK:
2021 if (!ND_TTEST2(*p, CTRL_ACK_HDRLEN))
2022 return 0;
2023 if (!ndo->ndo_eflag)
2024 ND_PRINT((ndo, " RA:%s ",
2025 etheraddr_string(ndo, ((const struct ctrl_ack_t *)p)->ra)));
2026 break;
2027 case CTRL_CF_END:
2028 if (!ND_TTEST2(*p, CTRL_END_HDRLEN))
2029 return 0;
2030 if (!ndo->ndo_eflag)
2031 ND_PRINT((ndo, " RA:%s ",
2032 etheraddr_string(ndo, ((const struct ctrl_end_t *)p)->ra)));
2033 break;
2034 case CTRL_END_ACK:
2035 if (!ND_TTEST2(*p, CTRL_END_ACK_HDRLEN))
2036 return 0;
2037 if (!ndo->ndo_eflag)
2038 ND_PRINT((ndo, " RA:%s ",
2039 etheraddr_string(ndo, ((const struct ctrl_end_ack_t *)p)->ra)));
2040 break;
2041 }
2042 return 1;
2043 }
2044  
2045 /*
2046 * Print Header funcs
2047 */
2048  
2049 /*
2050 * Data Frame - Address field contents
2051 *
2052 * To Ds | From DS | Addr 1 | Addr 2 | Addr 3 | Addr 4
2053 * 0 | 0 | DA | SA | BSSID | n/a
2054 * 0 | 1 | DA | BSSID | SA | n/a
2055 * 1 | 0 | BSSID | SA | DA | n/a
2056 * 1 | 1 | RA | TA | DA | SA
2057 */
2058  
2059 static void
2060 data_header_print(netdissect_options *ndo,
2061 uint16_t fc, const u_char *p, const uint8_t **srcp,
2062 const uint8_t **dstp)
2063 {
2064 u_int subtype = FC_SUBTYPE(fc);
2065  
2066 if (DATA_FRAME_IS_CF_ACK(subtype) || DATA_FRAME_IS_CF_POLL(subtype) ||
2067 DATA_FRAME_IS_QOS(subtype)) {
2068 ND_PRINT((ndo, "CF "));
2069 if (DATA_FRAME_IS_CF_ACK(subtype)) {
2070 if (DATA_FRAME_IS_CF_POLL(subtype))
2071 ND_PRINT((ndo, "Ack/Poll"));
2072 else
2073 ND_PRINT((ndo, "Ack"));
2074 } else {
2075 if (DATA_FRAME_IS_CF_POLL(subtype))
2076 ND_PRINT((ndo, "Poll"));
2077 }
2078 if (DATA_FRAME_IS_QOS(subtype))
2079 ND_PRINT((ndo, "+QoS"));
2080 ND_PRINT((ndo, " "));
2081 }
2082  
2083 #define ADDR1 (p + 4)
2084 #define ADDR2 (p + 10)
2085 #define ADDR3 (p + 16)
2086 #define ADDR4 (p + 24)
2087  
2088 if (!FC_TO_DS(fc) && !FC_FROM_DS(fc)) {
2089 if (srcp != NULL)
2090 *srcp = ADDR2;
2091 if (dstp != NULL)
2092 *dstp = ADDR1;
2093 if (!ndo->ndo_eflag)
2094 return;
2095 ND_PRINT((ndo, "DA:%s SA:%s BSSID:%s ",
2096 etheraddr_string(ndo, ADDR1), etheraddr_string(ndo, ADDR2),
2097 etheraddr_string(ndo, ADDR3)));
2098 } else if (!FC_TO_DS(fc) && FC_FROM_DS(fc)) {
2099 if (srcp != NULL)
2100 *srcp = ADDR3;
2101 if (dstp != NULL)
2102 *dstp = ADDR1;
2103 if (!ndo->ndo_eflag)
2104 return;
2105 ND_PRINT((ndo, "DA:%s BSSID:%s SA:%s ",
2106 etheraddr_string(ndo, ADDR1), etheraddr_string(ndo, ADDR2),
2107 etheraddr_string(ndo, ADDR3)));
2108 } else if (FC_TO_DS(fc) && !FC_FROM_DS(fc)) {
2109 if (srcp != NULL)
2110 *srcp = ADDR2;
2111 if (dstp != NULL)
2112 *dstp = ADDR3;
2113 if (!ndo->ndo_eflag)
2114 return;
2115 ND_PRINT((ndo, "BSSID:%s SA:%s DA:%s ",
2116 etheraddr_string(ndo, ADDR1), etheraddr_string(ndo, ADDR2),
2117 etheraddr_string(ndo, ADDR3)));
2118 } else if (FC_TO_DS(fc) && FC_FROM_DS(fc)) {
2119 if (srcp != NULL)
2120 *srcp = ADDR4;
2121 if (dstp != NULL)
2122 *dstp = ADDR3;
2123 if (!ndo->ndo_eflag)
2124 return;
2125 ND_PRINT((ndo, "RA:%s TA:%s DA:%s SA:%s ",
2126 etheraddr_string(ndo, ADDR1), etheraddr_string(ndo, ADDR2),
2127 etheraddr_string(ndo, ADDR3), etheraddr_string(ndo, ADDR4)));
2128 }
2129  
2130 #undef ADDR1
2131 #undef ADDR2
2132 #undef ADDR3
2133 #undef ADDR4
2134 }
2135  
2136 static void
2137 mgmt_header_print(netdissect_options *ndo,
2138 const u_char *p, const uint8_t **srcp, const uint8_t **dstp)
2139 {
2140 const struct mgmt_header_t *hp = (const struct mgmt_header_t *) p;
2141  
2142 if (srcp != NULL)
2143 *srcp = hp->sa;
2144 if (dstp != NULL)
2145 *dstp = hp->da;
2146 if (!ndo->ndo_eflag)
2147 return;
2148  
2149 ND_PRINT((ndo, "BSSID:%s DA:%s SA:%s ",
2150 etheraddr_string(ndo, (hp)->bssid), etheraddr_string(ndo, (hp)->da),
2151 etheraddr_string(ndo, (hp)->sa)));
2152 }
2153  
2154 static void
2155 ctrl_header_print(netdissect_options *ndo,
2156 uint16_t fc, const u_char *p, const uint8_t **srcp,
2157 const uint8_t **dstp)
2158 {
2159 if (srcp != NULL)
2160 *srcp = NULL;
2161 if (dstp != NULL)
2162 *dstp = NULL;
2163 if (!ndo->ndo_eflag)
2164 return;
2165  
2166 switch (FC_SUBTYPE(fc)) {
2167 case CTRL_BAR:
2168 ND_PRINT((ndo, " RA:%s TA:%s CTL(%x) SEQ(%u) ",
2169 etheraddr_string(ndo, ((const struct ctrl_bar_t *)p)->ra),
2170 etheraddr_string(ndo, ((const struct ctrl_bar_t *)p)->ta),
2171 EXTRACT_LE_16BITS(&(((const struct ctrl_bar_t *)p)->ctl)),
2172 EXTRACT_LE_16BITS(&(((const struct ctrl_bar_t *)p)->seq))));
2173 break;
2174 case CTRL_BA:
2175 ND_PRINT((ndo, "RA:%s ",
2176 etheraddr_string(ndo, ((const struct ctrl_ba_t *)p)->ra)));
2177 break;
2178 case CTRL_PS_POLL:
2179 ND_PRINT((ndo, "BSSID:%s TA:%s ",
2180 etheraddr_string(ndo, ((const struct ctrl_ps_poll_t *)p)->bssid),
2181 etheraddr_string(ndo, ((const struct ctrl_ps_poll_t *)p)->ta)));
2182 break;
2183 case CTRL_RTS:
2184 ND_PRINT((ndo, "RA:%s TA:%s ",
2185 etheraddr_string(ndo, ((const struct ctrl_rts_t *)p)->ra),
2186 etheraddr_string(ndo, ((const struct ctrl_rts_t *)p)->ta)));
2187 break;
2188 case CTRL_CTS:
2189 ND_PRINT((ndo, "RA:%s ",
2190 etheraddr_string(ndo, ((const struct ctrl_cts_t *)p)->ra)));
2191 break;
2192 case CTRL_ACK:
2193 ND_PRINT((ndo, "RA:%s ",
2194 etheraddr_string(ndo, ((const struct ctrl_ack_t *)p)->ra)));
2195 break;
2196 case CTRL_CF_END:
2197 ND_PRINT((ndo, "RA:%s BSSID:%s ",
2198 etheraddr_string(ndo, ((const struct ctrl_end_t *)p)->ra),
2199 etheraddr_string(ndo, ((const struct ctrl_end_t *)p)->bssid)));
2200 break;
2201 case CTRL_END_ACK:
2202 ND_PRINT((ndo, "RA:%s BSSID:%s ",
2203 etheraddr_string(ndo, ((const struct ctrl_end_ack_t *)p)->ra),
2204 etheraddr_string(ndo, ((const struct ctrl_end_ack_t *)p)->bssid)));
2205 break;
2206 default:
2207 ND_PRINT((ndo, "(H) Unknown Ctrl Subtype"));
2208 break;
2209 }
2210 }
2211  
2212 static int
2213 extract_header_length(netdissect_options *ndo,
2214 uint16_t fc)
2215 {
2216 int len;
2217  
2218 switch (FC_TYPE(fc)) {
2219 case T_MGMT:
2220 return MGMT_HDRLEN;
2221 case T_CTRL:
2222 switch (FC_SUBTYPE(fc)) {
2223 case CTRL_BAR:
2224 return CTRL_BAR_HDRLEN;
2225 case CTRL_PS_POLL:
2226 return CTRL_PS_POLL_HDRLEN;
2227 case CTRL_RTS:
2228 return CTRL_RTS_HDRLEN;
2229 case CTRL_CTS:
2230 return CTRL_CTS_HDRLEN;
2231 case CTRL_ACK:
2232 return CTRL_ACK_HDRLEN;
2233 case CTRL_CF_END:
2234 return CTRL_END_HDRLEN;
2235 case CTRL_END_ACK:
2236 return CTRL_END_ACK_HDRLEN;
2237 default:
2238 return 0;
2239 }
2240 case T_DATA:
2241 len = (FC_TO_DS(fc) && FC_FROM_DS(fc)) ? 30 : 24;
2242 if (DATA_FRAME_IS_QOS(FC_SUBTYPE(fc)))
2243 len += 2;
2244 return len;
2245 default:
2246 ND_PRINT((ndo, "unknown IEEE802.11 frame type (%d)", FC_TYPE(fc)));
2247 return 0;
2248 }
2249 }
2250  
2251 static int
2252 extract_mesh_header_length(const u_char *p)
2253 {
2254 return (p[0] &~ 3) ? 0 : 6*(1 + (p[0] & 3));
2255 }
2256  
2257 /*
2258 * Print the 802.11 MAC header if eflag is set, and set "*srcp" and "*dstp"
2259 * to point to the source and destination MAC addresses in any case if
2260 * "srcp" and "dstp" aren't null.
2261 */
2262 static void
2263 ieee_802_11_hdr_print(netdissect_options *ndo,
2264 uint16_t fc, const u_char *p, u_int hdrlen,
2265 u_int meshdrlen, const uint8_t **srcp,
2266 const uint8_t **dstp)
2267 {
2268 if (ndo->ndo_vflag) {
2269 if (FC_MORE_DATA(fc))
2270 ND_PRINT((ndo, "More Data "));
2271 if (FC_MORE_FLAG(fc))
2272 ND_PRINT((ndo, "More Fragments "));
2273 if (FC_POWER_MGMT(fc))
2274 ND_PRINT((ndo, "Pwr Mgmt "));
2275 if (FC_RETRY(fc))
2276 ND_PRINT((ndo, "Retry "));
2277 if (FC_ORDER(fc))
2278 ND_PRINT((ndo, "Strictly Ordered "));
2279 if (FC_WEP(fc))
2280 ND_PRINT((ndo, "WEP Encrypted "));
2281 if (FC_TYPE(fc) != T_CTRL || FC_SUBTYPE(fc) != CTRL_PS_POLL)
2282 ND_PRINT((ndo, "%dus ",
2283 EXTRACT_LE_16BITS(
2284 &((const struct mgmt_header_t *)p)->duration)));
2285 }
2286 if (meshdrlen != 0) {
2287 const struct meshcntl_t *mc =
2288 (const struct meshcntl_t *)&p[hdrlen - meshdrlen];
2289 int ae = mc->flags & 3;
2290  
2291 ND_PRINT((ndo, "MeshData (AE %d TTL %u seq %u", ae, mc->ttl,
2292 EXTRACT_LE_32BITS(mc->seq)));
2293 if (ae > 0)
2294 ND_PRINT((ndo, " A4:%s", etheraddr_string(ndo, mc->addr4)));
2295 if (ae > 1)
2296 ND_PRINT((ndo, " A5:%s", etheraddr_string(ndo, mc->addr5)));
2297 if (ae > 2)
2298 ND_PRINT((ndo, " A6:%s", etheraddr_string(ndo, mc->addr6)));
2299 ND_PRINT((ndo, ") "));
2300 }
2301  
2302 switch (FC_TYPE(fc)) {
2303 case T_MGMT:
2304 mgmt_header_print(ndo, p, srcp, dstp);
2305 break;
2306 case T_CTRL:
2307 ctrl_header_print(ndo, fc, p, srcp, dstp);
2308 break;
2309 case T_DATA:
2310 data_header_print(ndo, fc, p, srcp, dstp);
2311 break;
2312 default:
2313 ND_PRINT((ndo, "(header) unknown IEEE802.11 frame type (%d)",
2314 FC_TYPE(fc)));
2315 *srcp = NULL;
2316 *dstp = NULL;
2317 break;
2318 }
2319 }
2320  
2321 #ifndef roundup2
2322 #define roundup2(x, y) (((x)+((y)-1))&(~((y)-1))) /* if y is powers of two */
2323 #endif
2324  
2325 static u_int
2326 ieee802_11_print(netdissect_options *ndo,
2327 const u_char *p, u_int length, u_int orig_caplen, int pad,
2328 u_int fcslen)
2329 {
2330 uint16_t fc;
2331 u_int caplen, hdrlen, meshdrlen;
2332 const uint8_t *src, *dst;
2333 u_short extracted_ethertype;
2334  
2335 caplen = orig_caplen;
2336 /* Remove FCS, if present */
2337 if (length < fcslen) {
2338 ND_PRINT((ndo, "%s", tstr));
2339 return caplen;
2340 }
2341 length -= fcslen;
2342 if (caplen > length) {
2343 /* Amount of FCS in actual packet data, if any */
2344 fcslen = caplen - length;
2345 caplen -= fcslen;
2346 ndo->ndo_snapend -= fcslen;
2347 }
2348  
2349 if (caplen < IEEE802_11_FC_LEN) {
2350 ND_PRINT((ndo, "%s", tstr));
2351 return orig_caplen;
2352 }
2353  
2354 fc = EXTRACT_LE_16BITS(p);
2355 hdrlen = extract_header_length(ndo, fc);
2356 if (pad)
2357 hdrlen = roundup2(hdrlen, 4);
2358 if (ndo->ndo_Hflag && FC_TYPE(fc) == T_DATA &&
2359 DATA_FRAME_IS_QOS(FC_SUBTYPE(fc))) {
2360 meshdrlen = extract_mesh_header_length(p+hdrlen);
2361 hdrlen += meshdrlen;
2362 } else
2363 meshdrlen = 0;
2364  
2365  
2366 if (caplen < hdrlen) {
2367 ND_PRINT((ndo, "%s", tstr));
2368 return hdrlen;
2369 }
2370  
2371 ieee_802_11_hdr_print(ndo, fc, p, hdrlen, meshdrlen, &src, &dst);
2372  
2373 /*
2374 * Go past the 802.11 header.
2375 */
2376 length -= hdrlen;
2377 caplen -= hdrlen;
2378 p += hdrlen;
2379  
2380 switch (FC_TYPE(fc)) {
2381 case T_MGMT:
2382 if (!mgmt_body_print(ndo, fc,
2383 (const struct mgmt_header_t *)(p - hdrlen), p, length)) {
2384 ND_PRINT((ndo, "%s", tstr));
2385 return hdrlen;
2386 }
2387 break;
2388 case T_CTRL:
2389 if (!ctrl_body_print(ndo, fc, p - hdrlen)) {
2390 ND_PRINT((ndo, "%s", tstr));
2391 return hdrlen;
2392 }
2393 break;
2394 case T_DATA:
2395 if (DATA_FRAME_IS_NULL(FC_SUBTYPE(fc)))
2396 return hdrlen; /* no-data frame */
2397 /* There may be a problem w/ AP not having this bit set */
2398 if (FC_WEP(fc)) {
2399 if (!wep_print(ndo, p)) {
2400 ND_PRINT((ndo, "%s", tstr));
2401 return hdrlen;
2402 }
2403 } else if (llc_print(ndo, p, length, caplen, dst, src,
2404 &extracted_ethertype) == 0) {
2405 /*
2406 * Some kinds of LLC packet we cannot
2407 * handle intelligently
2408 */
2409 if (!ndo->ndo_eflag)
2410 ieee_802_11_hdr_print(ndo, fc, p - hdrlen, hdrlen,
2411 meshdrlen, NULL, NULL);
2412 if (extracted_ethertype)
2413 ND_PRINT((ndo, "(LLC %s) ",
2414 etherproto_string(
2415 htons(extracted_ethertype))));
2416 if (!ndo->ndo_suppress_default_print)
2417 ND_DEFAULTPRINT(p, caplen);
2418 }
2419 break;
2420 default:
2421 ND_PRINT((ndo, "unknown 802.11 frame type (%d)", FC_TYPE(fc)));
2422 break;
2423 }
2424  
2425 return hdrlen;
2426 }
2427  
2428 /*
2429 * This is the top level routine of the printer. 'p' points
2430 * to the 802.11 header of the packet, 'h->ts' is the timestamp,
2431 * 'h->len' is the length of the packet off the wire, and 'h->caplen'
2432 * is the number of bytes actually captured.
2433 */
2434 u_int
2435 ieee802_11_if_print(netdissect_options *ndo,
2436 const struct pcap_pkthdr *h, const u_char *p)
2437 {
2438 return ieee802_11_print(ndo, p, h->len, h->caplen, 0, 0);
2439 }
2440  
2441 #define IEEE80211_CHAN_FHSS \
2442 (IEEE80211_CHAN_2GHZ | IEEE80211_CHAN_GFSK)
2443 #define IEEE80211_CHAN_A \
2444 (IEEE80211_CHAN_5GHZ | IEEE80211_CHAN_OFDM)
2445 #define IEEE80211_CHAN_B \
2446 (IEEE80211_CHAN_2GHZ | IEEE80211_CHAN_CCK)
2447 #define IEEE80211_CHAN_PUREG \
2448 (IEEE80211_CHAN_2GHZ | IEEE80211_CHAN_OFDM)
2449 #define IEEE80211_CHAN_G \
2450 (IEEE80211_CHAN_2GHZ | IEEE80211_CHAN_DYN)
2451  
2452 #define IS_CHAN_FHSS(flags) \
2453 ((flags & IEEE80211_CHAN_FHSS) == IEEE80211_CHAN_FHSS)
2454 #define IS_CHAN_A(flags) \
2455 ((flags & IEEE80211_CHAN_A) == IEEE80211_CHAN_A)
2456 #define IS_CHAN_B(flags) \
2457 ((flags & IEEE80211_CHAN_B) == IEEE80211_CHAN_B)
2458 #define IS_CHAN_PUREG(flags) \
2459 ((flags & IEEE80211_CHAN_PUREG) == IEEE80211_CHAN_PUREG)
2460 #define IS_CHAN_G(flags) \
2461 ((flags & IEEE80211_CHAN_G) == IEEE80211_CHAN_G)
2462 #define IS_CHAN_ANYG(flags) \
2463 (IS_CHAN_PUREG(flags) || IS_CHAN_G(flags))
2464  
2465 static void
2466 print_chaninfo(netdissect_options *ndo,
2467 int freq, int flags)
2468 {
2469 ND_PRINT((ndo, "%u MHz", freq));
2470 if (IS_CHAN_FHSS(flags))
2471 ND_PRINT((ndo, " FHSS"));
2472 if (IS_CHAN_A(flags)) {
2473 if (flags & IEEE80211_CHAN_HALF)
2474 ND_PRINT((ndo, " 11a/10Mhz"));
2475 else if (flags & IEEE80211_CHAN_QUARTER)
2476 ND_PRINT((ndo, " 11a/5Mhz"));
2477 else
2478 ND_PRINT((ndo, " 11a"));
2479 }
2480 if (IS_CHAN_ANYG(flags)) {
2481 if (flags & IEEE80211_CHAN_HALF)
2482 ND_PRINT((ndo, " 11g/10Mhz"));
2483 else if (flags & IEEE80211_CHAN_QUARTER)
2484 ND_PRINT((ndo, " 11g/5Mhz"));
2485 else
2486 ND_PRINT((ndo, " 11g"));
2487 } else if (IS_CHAN_B(flags))
2488 ND_PRINT((ndo, " 11b"));
2489 if (flags & IEEE80211_CHAN_TURBO)
2490 ND_PRINT((ndo, " Turbo"));
2491 if (flags & IEEE80211_CHAN_HT20)
2492 ND_PRINT((ndo, " ht/20"));
2493 else if (flags & IEEE80211_CHAN_HT40D)
2494 ND_PRINT((ndo, " ht/40-"));
2495 else if (flags & IEEE80211_CHAN_HT40U)
2496 ND_PRINT((ndo, " ht/40+"));
2497 ND_PRINT((ndo, " "));
2498 }
2499  
2500 static int
2501 print_radiotap_field(netdissect_options *ndo,
2502 struct cpack_state *s, uint32_t bit, uint8_t *flags,
2503 struct radiotap_state *state, uint32_t presentflags)
2504 {
2505 union {
2506 int8_t i8;
2507 uint8_t u8;
2508 int16_t i16;
2509 uint16_t u16;
2510 uint32_t u32;
2511 uint64_t u64;
2512 } u, u2, u3, u4;
2513 int rc;
2514  
2515 switch (bit) {
2516 case IEEE80211_RADIOTAP_FLAGS:
2517 rc = cpack_uint8(s, &u.u8);
2518 if (rc != 0)
2519 break;
2520 *flags = u.u8;
2521 break;
2522 case IEEE80211_RADIOTAP_RATE:
2523 rc = cpack_uint8(s, &u.u8);
2524 if (rc != 0)
2525 break;
2526  
2527 /* Save state rate */
2528 state->rate = u.u8;
2529 break;
2530 case IEEE80211_RADIOTAP_DB_ANTSIGNAL:
2531 case IEEE80211_RADIOTAP_DB_ANTNOISE:
2532 case IEEE80211_RADIOTAP_ANTENNA:
2533 rc = cpack_uint8(s, &u.u8);
2534 break;
2535 case IEEE80211_RADIOTAP_DBM_ANTSIGNAL:
2536 case IEEE80211_RADIOTAP_DBM_ANTNOISE:
2537 rc = cpack_int8(s, &u.i8);
2538 break;
2539 case IEEE80211_RADIOTAP_CHANNEL:
2540 rc = cpack_uint16(s, &u.u16);
2541 if (rc != 0)
2542 break;
2543 rc = cpack_uint16(s, &u2.u16);
2544 break;
2545 case IEEE80211_RADIOTAP_FHSS:
2546 case IEEE80211_RADIOTAP_LOCK_QUALITY:
2547 case IEEE80211_RADIOTAP_TX_ATTENUATION:
2548 case IEEE80211_RADIOTAP_RX_FLAGS:
2549 rc = cpack_uint16(s, &u.u16);
2550 break;
2551 case IEEE80211_RADIOTAP_DB_TX_ATTENUATION:
2552 rc = cpack_uint8(s, &u.u8);
2553 break;
2554 case IEEE80211_RADIOTAP_DBM_TX_POWER:
2555 rc = cpack_int8(s, &u.i8);
2556 break;
2557 case IEEE80211_RADIOTAP_TSFT:
2558 rc = cpack_uint64(s, &u.u64);
2559 break;
2560 case IEEE80211_RADIOTAP_XCHANNEL:
2561 rc = cpack_uint32(s, &u.u32);
2562 if (rc != 0)
2563 break;
2564 rc = cpack_uint16(s, &u2.u16);
2565 if (rc != 0)
2566 break;
2567 rc = cpack_uint8(s, &u3.u8);
2568 if (rc != 0)
2569 break;
2570 rc = cpack_uint8(s, &u4.u8);
2571 break;
2572 case IEEE80211_RADIOTAP_MCS:
2573 rc = cpack_uint8(s, &u.u8);
2574 if (rc != 0)
2575 break;
2576 rc = cpack_uint8(s, &u2.u8);
2577 if (rc != 0)
2578 break;
2579 rc = cpack_uint8(s, &u3.u8);
2580 break;
2581 case IEEE80211_RADIOTAP_VENDOR_NAMESPACE: {
2582 uint8_t vns[3];
2583 uint16_t length;
2584 uint8_t subspace;
2585  
2586 if ((cpack_align_and_reserve(s, 2)) == NULL) {
2587 rc = -1;
2588 break;
2589 }
2590  
2591 rc = cpack_uint8(s, &vns[0]);
2592 if (rc != 0)
2593 break;
2594 rc = cpack_uint8(s, &vns[1]);
2595 if (rc != 0)
2596 break;
2597 rc = cpack_uint8(s, &vns[2]);
2598 if (rc != 0)
2599 break;
2600 rc = cpack_uint8(s, &subspace);
2601 if (rc != 0)
2602 break;
2603 rc = cpack_uint16(s, &length);
2604 if (rc != 0)
2605 break;
2606  
2607 /* Skip up to length */
2608 s->c_next += length;
2609 break;
2610 }
2611 default:
2612 /* this bit indicates a field whose
2613 * size we do not know, so we cannot
2614 * proceed. Just print the bit number.
2615 */
2616 ND_PRINT((ndo, "[bit %u] ", bit));
2617 return -1;
2618 }
2619  
2620 if (rc != 0) {
2621 ND_PRINT((ndo, "%s", tstr));
2622 return rc;
2623 }
2624  
2625 /* Preserve the state present flags */
2626 state->present = presentflags;
2627  
2628 switch (bit) {
2629 case IEEE80211_RADIOTAP_CHANNEL:
2630 /*
2631 * If CHANNEL and XCHANNEL are both present, skip
2632 * CHANNEL.
2633 */
2634 if (presentflags & (1 << IEEE80211_RADIOTAP_XCHANNEL))
2635 break;
2636 print_chaninfo(ndo, u.u16, u2.u16);
2637 break;
2638 case IEEE80211_RADIOTAP_FHSS:
2639 ND_PRINT((ndo, "fhset %d fhpat %d ", u.u16 & 0xff, (u.u16 >> 8) & 0xff));
2640 break;
2641 case IEEE80211_RADIOTAP_RATE:
2642 /*
2643 * XXX On FreeBSD rate & 0x80 means we have an MCS. On
2644 * Linux and AirPcap it does not. (What about
2645 * Mac OS X, NetBSD, OpenBSD, and DragonFly BSD?)
2646 *
2647 * This is an issue either for proprietary extensions
2648 * to 11a or 11g, which do exist, or for 11n
2649 * implementations that stuff a rate value into
2650 * this field, which also appear to exist.
2651 *
2652 * We currently handle that by assuming that
2653 * if the 0x80 bit is set *and* the remaining
2654 * bits have a value between 0 and 15 it's
2655 * an MCS value, otherwise it's a rate. If
2656 * there are cases where systems that use
2657 * "0x80 + MCS index" for MCS indices > 15,
2658 * or stuff a rate value here between 64 and
2659 * 71.5 Mb/s in here, we'll need a preference
2660 * setting. Such rates do exist, e.g. 11n
2661 * MCS 7 at 20 MHz with a long guard interval.
2662 */
2663 if (u.u8 >= 0x80 && u.u8 <= 0x8f) {
2664 /*
2665 * XXX - we don't know the channel width
2666 * or guard interval length, so we can't
2667 * convert this to a data rate.
2668 *
2669 * If you want us to show a data rate,
2670 * use the MCS field, not the Rate field;
2671 * the MCS field includes not only the
2672 * MCS index, it also includes bandwidth
2673 * and guard interval information.
2674 *
2675 * XXX - can we get the channel width
2676 * from XChannel and the guard interval
2677 * information from Flags, at least on
2678 * FreeBSD?
2679 */
2680 ND_PRINT((ndo, "MCS %u ", u.u8 & 0x7f));
2681 } else
2682 ND_PRINT((ndo, "%2.1f Mb/s ", .5 * u.u8));
2683 break;
2684 case IEEE80211_RADIOTAP_DBM_ANTSIGNAL:
2685 ND_PRINT((ndo, "%ddB signal ", u.i8));
2686 break;
2687 case IEEE80211_RADIOTAP_DBM_ANTNOISE:
2688 ND_PRINT((ndo, "%ddB noise ", u.i8));
2689 break;
2690 case IEEE80211_RADIOTAP_DB_ANTSIGNAL:
2691 ND_PRINT((ndo, "%ddB signal ", u.u8));
2692 break;
2693 case IEEE80211_RADIOTAP_DB_ANTNOISE:
2694 ND_PRINT((ndo, "%ddB noise ", u.u8));
2695 break;
2696 case IEEE80211_RADIOTAP_LOCK_QUALITY:
2697 ND_PRINT((ndo, "%u sq ", u.u16));
2698 break;
2699 case IEEE80211_RADIOTAP_TX_ATTENUATION:
2700 ND_PRINT((ndo, "%d tx power ", -(int)u.u16));
2701 break;
2702 case IEEE80211_RADIOTAP_DB_TX_ATTENUATION:
2703 ND_PRINT((ndo, "%ddB tx power ", -(int)u.u8));
2704 break;
2705 case IEEE80211_RADIOTAP_DBM_TX_POWER:
2706 ND_PRINT((ndo, "%ddBm tx power ", u.i8));
2707 break;
2708 case IEEE80211_RADIOTAP_FLAGS:
2709 if (u.u8 & IEEE80211_RADIOTAP_F_CFP)
2710 ND_PRINT((ndo, "cfp "));
2711 if (u.u8 & IEEE80211_RADIOTAP_F_SHORTPRE)
2712 ND_PRINT((ndo, "short preamble "));
2713 if (u.u8 & IEEE80211_RADIOTAP_F_WEP)
2714 ND_PRINT((ndo, "wep "));
2715 if (u.u8 & IEEE80211_RADIOTAP_F_FRAG)
2716 ND_PRINT((ndo, "fragmented "));
2717 if (u.u8 & IEEE80211_RADIOTAP_F_BADFCS)
2718 ND_PRINT((ndo, "bad-fcs "));
2719 break;
2720 case IEEE80211_RADIOTAP_ANTENNA:
2721 ND_PRINT((ndo, "antenna %d ", u.u8));
2722 break;
2723 case IEEE80211_RADIOTAP_TSFT:
2724 ND_PRINT((ndo, "%" PRIu64 "us tsft ", u.u64));
2725 break;
2726 case IEEE80211_RADIOTAP_RX_FLAGS:
2727 /* Do nothing for now */
2728 break;
2729 case IEEE80211_RADIOTAP_XCHANNEL:
2730 print_chaninfo(ndo, u2.u16, u.u32);
2731 break;
2732 case IEEE80211_RADIOTAP_MCS: {
2733 static const char *bandwidth[4] = {
2734 "20 MHz",
2735 "40 MHz",
2736 "20 MHz (L)",
2737 "20 MHz (U)"
2738 };
2739 float htrate;
2740  
2741 if (u.u8 & IEEE80211_RADIOTAP_MCS_MCS_INDEX_KNOWN) {
2742 /*
2743 * We know the MCS index.
2744 */
2745 if (u3.u8 <= MAX_MCS_INDEX) {
2746 /*
2747 * And it's in-range.
2748 */
2749 if (u.u8 & (IEEE80211_RADIOTAP_MCS_BANDWIDTH_KNOWN|IEEE80211_RADIOTAP_MCS_GUARD_INTERVAL_KNOWN)) {
2750 /*
2751 * And we know both the bandwidth and
2752 * the guard interval, so we can look
2753 * up the rate.
2754 */
2755 htrate =
2756 ieee80211_float_htrates \
2757 [u3.u8] \
2758 [((u2.u8 & IEEE80211_RADIOTAP_MCS_BANDWIDTH_MASK) == IEEE80211_RADIOTAP_MCS_BANDWIDTH_40 ? 1 : 0)] \
2759 [((u2.u8 & IEEE80211_RADIOTAP_MCS_SHORT_GI) ? 1 : 0)];
2760 } else {
2761 /*
2762 * We don't know both the bandwidth
2763 * and the guard interval, so we can
2764 * only report the MCS index.
2765 */
2766 htrate = 0.0;
2767 }
2768 } else {
2769 /*
2770 * The MCS value is out of range.
2771 */
2772 htrate = 0.0;
2773 }
2774 if (htrate != 0.0) {
2775 /*
2776 * We have the rate.
2777 * Print it.
2778 */
2779 ND_PRINT((ndo, "%.1f Mb/s MCS %u ", htrate, u3.u8));
2780 } else {
2781 /*
2782 * We at least have the MCS index.
2783 * Print it.
2784 */
2785 ND_PRINT((ndo, "MCS %u ", u3.u8));
2786 }
2787 }
2788 if (u.u8 & IEEE80211_RADIOTAP_MCS_BANDWIDTH_KNOWN) {
2789 ND_PRINT((ndo, "%s ",
2790 bandwidth[u2.u8 & IEEE80211_RADIOTAP_MCS_BANDWIDTH_MASK]));
2791 }
2792 if (u.u8 & IEEE80211_RADIOTAP_MCS_GUARD_INTERVAL_KNOWN) {
2793 ND_PRINT((ndo, "%s GI ",
2794 (u2.u8 & IEEE80211_RADIOTAP_MCS_SHORT_GI) ?
2795 "short" : "lon"));
2796 }
2797 if (u.u8 & IEEE80211_RADIOTAP_MCS_HT_FORMAT_KNOWN) {
2798 ND_PRINT((ndo, "%s ",
2799 (u2.u8 & IEEE80211_RADIOTAP_MCS_HT_GREENFIELD) ?
2800 "greenfield" : "mixed"));
2801 }
2802 if (u.u8 & IEEE80211_RADIOTAP_MCS_FEC_TYPE_KNOWN) {
2803 ND_PRINT((ndo, "%s FEC ",
2804 (u2.u8 & IEEE80211_RADIOTAP_MCS_FEC_LDPC) ?
2805 "LDPC" : "BCC"));
2806 }
2807 if (u.u8 & IEEE80211_RADIOTAP_MCS_STBC_KNOWN) {
2808 ND_PRINT((ndo, "RX-STBC%u ",
2809 (u2.u8 & IEEE80211_RADIOTAP_MCS_STBC_MASK) >> IEEE80211_RADIOTAP_MCS_STBC_SHIFT));
2810 }
2811  
2812 break;
2813 }
2814 }
2815 return 0;
2816 }
2817  
2818 static u_int
2819 ieee802_11_radio_print(netdissect_options *ndo,
2820 const u_char *p, u_int length, u_int caplen)
2821 {
2822 #define BITNO_32(x) (((x) >> 16) ? 16 + BITNO_16((x) >> 16) : BITNO_16((x)))
2823 #define BITNO_16(x) (((x) >> 8) ? 8 + BITNO_8((x) >> 8) : BITNO_8((x)))
2824 #define BITNO_8(x) (((x) >> 4) ? 4 + BITNO_4((x) >> 4) : BITNO_4((x)))
2825 #define BITNO_4(x) (((x) >> 2) ? 2 + BITNO_2((x) >> 2) : BITNO_2((x)))
2826 #define BITNO_2(x) (((x) & 2) ? 1 : 0)
2827 #define BIT(n) (1U << n)
2828 #define IS_EXTENDED(__p) \
2829 (EXTRACT_LE_32BITS(__p) & BIT(IEEE80211_RADIOTAP_EXT)) != 0
2830  
2831 struct cpack_state cpacker;
2832 struct ieee80211_radiotap_header *hdr;
2833 uint32_t present, next_present;
2834 uint32_t presentflags = 0;
2835 uint32_t *presentp, *last_presentp;
2836 enum ieee80211_radiotap_type bit;
2837 int bit0;
2838 u_int len;
2839 uint8_t flags;
2840 int pad;
2841 u_int fcslen;
2842 struct radiotap_state state;
2843  
2844 if (caplen < sizeof(*hdr)) {
2845 ND_PRINT((ndo, "%s", tstr));
2846 return caplen;
2847 }
2848  
2849 hdr = (struct ieee80211_radiotap_header *)p;
2850  
2851 len = EXTRACT_LE_16BITS(&hdr->it_len);
2852  
2853 if (caplen < len) {
2854 ND_PRINT((ndo, "%s", tstr));
2855 return caplen;
2856 }
2857 cpack_init(&cpacker, (uint8_t *)hdr, len); /* align against header start */
2858 cpack_advance(&cpacker, sizeof(*hdr)); /* includes the 1st bitmap */
2859 for (last_presentp = &hdr->it_present;
2860 IS_EXTENDED(last_presentp) &&
2861 (u_char*)(last_presentp + 1) <= p + len;
2862 last_presentp++)
2863 cpack_advance(&cpacker, sizeof(hdr->it_present)); /* more bitmaps */
2864  
2865 /* are there more bitmap extensions than bytes in header? */
2866 if (IS_EXTENDED(last_presentp)) {
2867 ND_PRINT((ndo, "%s", tstr));
2868 return caplen;
2869 }
2870  
2871 /* Assume no flags */
2872 flags = 0;
2873 /* Assume no Atheros padding between 802.11 header and body */
2874 pad = 0;
2875 /* Assume no FCS at end of frame */
2876 fcslen = 0;
2877 for (bit0 = 0, presentp = &hdr->it_present; presentp <= last_presentp;
2878 presentp++, bit0 += 32) {
2879 presentflags = EXTRACT_LE_32BITS(presentp);
2880  
2881 /* Clear state. */
2882 memset(&state, 0, sizeof(state));
2883  
2884 for (present = EXTRACT_LE_32BITS(presentp); present;
2885 present = next_present) {
2886 /* clear the least significant bit that is set */
2887 next_present = present & (present - 1);
2888  
2889 /* extract the least significant bit that is set */
2890 bit = (enum ieee80211_radiotap_type)
2891 (bit0 + BITNO_32(present ^ next_present));
2892  
2893 if (print_radiotap_field(ndo, &cpacker, bit, &flags, &state, presentflags) != 0)
2894 goto out;
2895 }
2896 }
2897  
2898 out:
2899 if (flags & IEEE80211_RADIOTAP_F_DATAPAD)
2900 pad = 1; /* Atheros padding */
2901 if (flags & IEEE80211_RADIOTAP_F_FCS)
2902 fcslen = 4; /* FCS at end of packet */
2903 return len + ieee802_11_print(ndo, p + len, length - len, caplen - len, pad,
2904 fcslen);
2905 #undef BITNO_32
2906 #undef BITNO_16
2907 #undef BITNO_8
2908 #undef BITNO_4
2909 #undef BITNO_2
2910 #undef BIT
2911 }
2912  
2913 static u_int
2914 ieee802_11_avs_radio_print(netdissect_options *ndo,
2915 const u_char *p, u_int length, u_int caplen)
2916 {
2917 uint32_t caphdr_len;
2918  
2919 if (caplen < 8) {
2920 ND_PRINT((ndo, "%s", tstr));
2921 return caplen;
2922 }
2923  
2924 caphdr_len = EXTRACT_32BITS(p + 4);
2925 if (caphdr_len < 8) {
2926 /*
2927 * Yow! The capture header length is claimed not
2928 * to be large enough to include even the version
2929 * cookie or capture header length!
2930 */
2931 ND_PRINT((ndo, "%s", tstr));
2932 return caplen;
2933 }
2934  
2935 if (caplen < caphdr_len) {
2936 ND_PRINT((ndo, "%s", tstr));
2937 return caplen;
2938 }
2939  
2940 return caphdr_len + ieee802_11_print(ndo, p + caphdr_len,
2941 length - caphdr_len, caplen - caphdr_len, 0, 0);
2942 }
2943  
2944 #define PRISM_HDR_LEN 144
2945  
2946 #define WLANCAP_MAGIC_COOKIE_BASE 0x80211000
2947 #define WLANCAP_MAGIC_COOKIE_V1 0x80211001
2948 #define WLANCAP_MAGIC_COOKIE_V2 0x80211002
2949  
2950 /*
2951 * For DLT_PRISM_HEADER; like DLT_IEEE802_11, but with an extra header,
2952 * containing information such as radio information, which we
2953 * currently ignore.
2954 *
2955 * If, however, the packet begins with WLANCAP_MAGIC_COOKIE_V1 or
2956 * WLANCAP_MAGIC_COOKIE_V2, it's really DLT_IEEE802_11_RADIO_AVS
2957 * (currently, on Linux, there's no ARPHRD_ type for
2958 * DLT_IEEE802_11_RADIO_AVS, as there is a ARPHRD_IEEE80211_PRISM
2959 * for DLT_PRISM_HEADER, so ARPHRD_IEEE80211_PRISM is used for
2960 * the AVS header, and the first 4 bytes of the header are used to
2961 * indicate whether it's a Prism header or an AVS header).
2962 */
2963 u_int
2964 prism_if_print(netdissect_options *ndo,
2965 const struct pcap_pkthdr *h, const u_char *p)
2966 {
2967 u_int caplen = h->caplen;
2968 u_int length = h->len;
2969 uint32_t msgcode;
2970  
2971 if (caplen < 4) {
2972 ND_PRINT((ndo, "%s", tstr));
2973 return caplen;
2974 }
2975  
2976 msgcode = EXTRACT_32BITS(p);
2977 if (msgcode == WLANCAP_MAGIC_COOKIE_V1 ||
2978 msgcode == WLANCAP_MAGIC_COOKIE_V2)
2979 return ieee802_11_avs_radio_print(ndo, p, length, caplen);
2980  
2981 if (caplen < PRISM_HDR_LEN) {
2982 ND_PRINT((ndo, "%s", tstr));
2983 return caplen;
2984 }
2985  
2986 return PRISM_HDR_LEN + ieee802_11_print(ndo, p + PRISM_HDR_LEN,
2987 length - PRISM_HDR_LEN, caplen - PRISM_HDR_LEN, 0, 0);
2988 }
2989  
2990 /*
2991 * For DLT_IEEE802_11_RADIO; like DLT_IEEE802_11, but with an extra
2992 * header, containing information such as radio information.
2993 */
2994 u_int
2995 ieee802_11_radio_if_print(netdissect_options *ndo,
2996 const struct pcap_pkthdr *h, const u_char *p)
2997 {
2998 return ieee802_11_radio_print(ndo, p, h->len, h->caplen);
2999 }
3000  
3001 /*
3002 * For DLT_IEEE802_11_RADIO_AVS; like DLT_IEEE802_11, but with an
3003 * extra header, containing information such as radio information,
3004 * which we currently ignore.
3005 */
3006 u_int
3007 ieee802_11_radio_avs_if_print(netdissect_options *ndo,
3008 const struct pcap_pkthdr *h, const u_char *p)
3009 {
3010 return ieee802_11_avs_radio_print(ndo, p, h->len, h->caplen);
3011 }