1 /* 2 * Copyright (c) 2001 3 * Fortress Technologies, Inc. All rights reserved. 4 * Charlie Lenahan (clenahan@fortresstech.com) 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that: (1) source code distributions 8 * retain the above copyright notice and this paragraph in its entirety, (2) 9 * distributions including binary code include the above copyright notice and 10 * this paragraph in its entirety in the documentation or other materials 11 * provided with the distribution, and (3) all advertising materials mentioning 12 * features or use of this software display the following acknowledgement: 13 * ``This product includes software developed by the University of California, 14 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of 15 * the University nor the names of its contributors may be used to endorse 16 * or promote products derived from this software without specific prior 17 * written permission. 18 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED 19 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF 20 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. 21 */ 22 23 #ifndef lint 24 static const char rcsid[] _U_ = 25 "@(#) $Header: /tcpdump/master/tcpdump/print-802_11.c,v 1.49 2007-12-29 23:25:02 guy Exp $ (LBL)"; 26 #endif 27 28 #ifdef HAVE_CONFIG_H 29 #include "config.h" 30 #endif 31 32 #include <tcpdump-stdinc.h> 33 34 #include <stdio.h> 35 #include <pcap.h> 36 #include <string.h> 37 38 #include "interface.h" 39 #include "addrtoname.h" 40 #include "ethertype.h" 41 42 #include "extract.h" 43 44 #include "cpack.h" 45 46 #include "ieee802_11.h" 47 #include "ieee802_11_radio.h" 48 49 #define PRINT_SSID(p) \ 50 if (p.ssid_present) { \ 51 printf(" ("); \ 52 fn_print(p.ssid.ssid, NULL); \ 53 printf(")"); \ 54 } 55 56 #define PRINT_RATE(_sep, _r, _suf) \ 57 printf("%s%2.1f%s", _sep, (.5 * ((_r) & 0x7f)), _suf) 58 #define PRINT_RATES(p) \ 59 if (p.rates_present) { \ 60 int z; \ 61 const char *sep = " ["; \ 62 for (z = 0; z < p.rates.length ; z++) { \ 63 PRINT_RATE(sep, p.rates.rate[z], \ 64 (p.rates.rate[z] & 0x80 ? "*" : "")); \ 65 sep = " "; \ 66 } \ 67 if (p.rates.length != 0) \ 68 printf(" Mbit]"); \ 69 } 70 71 #define PRINT_DS_CHANNEL(p) \ 72 if (p.ds_present) \ 73 printf(" CH: %u", p.ds.channel); \ 74 printf("%s", \ 75 CAPABILITY_PRIVACY(p.capability_info) ? ", PRIVACY" : "" ); 76 77 static const int ieee80211_htrates[16] = { 78 13, /* IFM_IEEE80211_MCS0 */ 79 26, /* IFM_IEEE80211_MCS1 */ 80 39, /* IFM_IEEE80211_MCS2 */ 81 52, /* IFM_IEEE80211_MCS3 */ 82 78, /* IFM_IEEE80211_MCS4 */ 83 104, /* IFM_IEEE80211_MCS5 */ 84 117, /* IFM_IEEE80211_MCS6 */ 85 130, /* IFM_IEEE80211_MCS7 */ 86 26, /* IFM_IEEE80211_MCS8 */ 87 52, /* IFM_IEEE80211_MCS9 */ 88 78, /* IFM_IEEE80211_MCS10 */ 89 104, /* IFM_IEEE80211_MCS11 */ 90 156, /* IFM_IEEE80211_MCS12 */ 91 208, /* IFM_IEEE80211_MCS13 */ 92 234, /* IFM_IEEE80211_MCS14 */ 93 260, /* IFM_IEEE80211_MCS15 */ 94 }; 95 #define PRINT_HT_RATE(_sep, _r, _suf) \ 96 printf("%s%.1f%s", _sep, (.5 * ieee80211_htrates[(_r) & 0xf]), _suf) 97 98 static const char *auth_alg_text[]={"Open System","Shared Key","EAP"}; 99 #define NUM_AUTH_ALGS (sizeof auth_alg_text / sizeof auth_alg_text[0]) 100 101 static const char *status_text[] = { 102 "Succesful", /* 0 */ 103 "Unspecified failure", /* 1 */ 104 "Reserved", /* 2 */ 105 "Reserved", /* 3 */ 106 "Reserved", /* 4 */ 107 "Reserved", /* 5 */ 108 "Reserved", /* 6 */ 109 "Reserved", /* 7 */ 110 "Reserved", /* 8 */ 111 "Reserved", /* 9 */ 112 "Cannot Support all requested capabilities in the Capability " 113 "Information field", /* 10 */ 114 "Reassociation denied due to inability to confirm that association " 115 "exists", /* 11 */ 116 "Association denied due to reason outside the scope of the " 117 "standard", /* 12 */ 118 "Responding station does not support the specified authentication " 119 "algorithm ", /* 13 */ 120 "Received an Authentication frame with authentication transaction " 121 "sequence number out of expected sequence", /* 14 */ 122 "Authentication rejected because of challenge failure", /* 15 */ 123 "Authentication rejected due to timeout waiting for next frame in " 124 "sequence", /* 16 */ 125 "Association denied because AP is unable to handle additional" 126 "associated stations", /* 17 */ 127 "Association denied due to requesting station not supporting all of " 128 "the data rates in BSSBasicRateSet parameter", /* 18 */ 129 "Association denied due to requesting station not supporting " 130 "short preamble operation", /* 19 */ 131 "Association denied due to requesting station not supporting " 132 "PBCC encoding", /* 20 */ 133 "Association denied due to requesting station not supporting " 134 "channel agility", /* 21 */ 135 "Association request rejected because Spectrum Management " 136 "capability is required", /* 22 */ 137 "Association request rejected because the information in the " 138 "Power Capability element is unacceptable", /* 23 */ 139 "Association request rejected because the information in the " 140 "Supported Channels element is unacceptable", /* 24 */ 141 "Association denied due to requesting station not supporting " 142 "short slot operation", /* 25 */ 143 "Association denied due to requesting station not supporting " 144 "DSSS-OFDM operation", /* 26 */ 145 "Association denied because the requested STA does not support HT " 146 "features", /* 27 */ 147 "Reserved", /* 28 */ 148 "Association denied because the requested STA does not support " 149 "the PCO transition time required by the AP", /* 29 */ 150 "Reserved", /* 30 */ 151 "Reserved", /* 31 */ 152 "Unspecified, QoS-related failure", /* 32 */ 153 "Association denied due to QAP having insufficient bandwidth " 154 "to handle another QSTA", /* 33 */ 155 "Association denied due to excessive frame loss rates and/or " 156 "poor conditions on current operating channel", /* 34 */ 157 "Association (with QBSS) denied due to requesting station not " 158 "supporting the QoS facility", /* 35 */ 159 "Association denied due to requesting station not supporting " 160 "Block Ack", /* 36 */ 161 "The request has been declined", /* 37 */ 162 "The request has not been successful as one or more parameters " 163 "have invalid values", /* 38 */ 164 "The TS has not been created because the request cannot be honored. " 165 "However, a suggested TSPEC is provided so that the initiating QSTA" 166 "may attempt to set another TS with the suggested changes to the " 167 "TSPEC", /* 39 */ 168 "Invalid Information Element", /* 40 */ 169 "Group Cipher is not valid", /* 41 */ 170 "Pairwise Cipher is not valid", /* 42 */ 171 "AKMP is not valid", /* 43 */ 172 "Unsupported RSN IE version", /* 44 */ 173 "Invalid RSN IE Capabilities", /* 45 */ 174 "Cipher suite is rejected per security policy", /* 46 */ 175 "The TS has not been created. However, the HC may be capable of " 176 "creating a TS, in response to a request, after the time indicated " 177 "in the TS Delay element", /* 47 */ 178 "Direct Link is not allowed in the BSS by policy", /* 48 */ 179 "Destination STA is not present within this QBSS.", /* 49 */ 180 "The Destination STA is not a QSTA.", /* 50 */ 181 182 }; 183 #define NUM_STATUSES (sizeof status_text / sizeof status_text[0]) 184 185 static const char *reason_text[] = { 186 "Reserved", /* 0 */ 187 "Unspecified reason", /* 1 */ 188 "Previous authentication no longer valid", /* 2 */ 189 "Deauthenticated because sending station is leaving (or has left) " 190 "IBSS or ESS", /* 3 */ 191 "Disassociated due to inactivity", /* 4 */ 192 "Disassociated because AP is unable to handle all currently " 193 " associated stations", /* 5 */ 194 "Class 2 frame received from nonauthenticated station", /* 6 */ 195 "Class 3 frame received from nonassociated station", /* 7 */ 196 "Disassociated because sending station is leaving " 197 "(or has left) BSS", /* 8 */ 198 "Station requesting (re)association is not authenticated with " 199 "responding station", /* 9 */ 200 "Disassociated because the information in the Power Capability " 201 "element is unacceptable", /* 10 */ 202 "Disassociated because the information in the SupportedChannels " 203 "element is unacceptable", /* 11 */ 204 "Invalid Information Element", /* 12 */ 205 "Reserved", /* 13 */ 206 "Michael MIC failure", /* 14 */ 207 "4-Way Handshake timeout", /* 15 */ 208 "Group key update timeout", /* 16 */ 209 "Information element in 4-Way Handshake different from (Re)Association" 210 "Request/Probe Response/Beacon", /* 17 */ 211 "Group Cipher is not valid", /* 18 */ 212 "AKMP is not valid", /* 20 */ 213 "Unsupported RSN IE version", /* 21 */ 214 "Invalid RSN IE Capabilities", /* 22 */ 215 "IEEE 802.1X Authentication failed", /* 23 */ 216 "Cipher suite is rejected per security policy", /* 24 */ 217 "Reserved", /* 25 */ 218 "Reserved", /* 26 */ 219 "Reserved", /* 27 */ 220 "Reserved", /* 28 */ 221 "Reserved", /* 29 */ 222 "Reserved", /* 30 */ 223 "TS deleted because QoS AP lacks sufficient bandwidth for this " 224 "QoS STA due to a change in BSS service characteristics or " 225 "operational mode (e.g. an HT BSS change from 40 MHz channel " 226 "to 20 MHz channel)", /* 31 */ 227 "Disassociated for unspecified, QoS-related reason", /* 32 */ 228 "Disassociated because QoS AP lacks sufficient bandwidth for this " 229 "QoS STA", /* 33 */ 230 "Disassociated because of excessive number of frames that need to be " 231 "acknowledged, but are not acknowledged for AP transmissions " 232 "and/or poor channel conditions", /* 34 */ 233 "Disassociated because STA is transmitting outside the limits " 234 "of its TXOPs", /* 35 */ 235 "Requested from peer STA as the STA is leaving the BSS " 236 "(or resetting)", /* 36 */ 237 "Requested from peer STA as it does not want to use the " 238 "mechanism", /* 37 */ 239 "Requested from peer STA as the STA received frames using the " 240 "mechanism for which a set up is required", /* 38 */ 241 "Requested from peer STA due to time out", /* 39 */ 242 "Reserved", /* 40 */ 243 "Reserved", /* 41 */ 244 "Reserved", /* 42 */ 245 "Reserved", /* 43 */ 246 "Reserved", /* 44 */ 247 "Peer STA does not support the requested cipher suite", /* 45 */ 248 "Association denied due to requesting STA not supporting HT " 249 "features", /* 46 */ 250 }; 251 #define NUM_REASONS (sizeof reason_text / sizeof reason_text[0]) 252 253 static int 254 wep_print(const u_char *p) 255 { 256 u_int32_t iv; 257 258 if (!TTEST2(*p, IEEE802_11_IV_LEN + IEEE802_11_KID_LEN)) 259 return 0; 260 iv = EXTRACT_LE_32BITS(p); 261 262 printf("Data IV:%3x Pad %x KeyID %x", IV_IV(iv), IV_PAD(iv), 263 IV_KEYID(iv)); 264 265 return 1; 266 } 267 268 static int 269 parse_elements(struct mgmt_body_t *pbody, const u_char *p, int offset, 270 u_int length) 271 { 272 struct ssid_t ssid; 273 struct challenge_t challenge; 274 struct rates_t rates; 275 struct ds_t ds; 276 struct cf_t cf; 277 struct tim_t tim; 278 279 /* 280 * We haven't seen any elements yet. 281 */ 282 pbody->challenge_present = 0; 283 pbody->ssid_present = 0; 284 pbody->rates_present = 0; 285 pbody->ds_present = 0; 286 pbody->cf_present = 0; 287 pbody->tim_present = 0; 288 289 while (length != 0) { 290 if (!TTEST2(*(p + offset), 1)) 291 return 0; 292 if (length < 1) 293 return 0; 294 switch (*(p + offset)) { 295 case E_SSID: 296 if (!TTEST2(*(p + offset), 2)) 297 return 0; 298 if (length < 2) 299 return 0; 300 memcpy(&ssid, p + offset, 2); 301 offset += 2; 302 length -= 2; 303 if (ssid.length != 0) { 304 if (ssid.length > sizeof(ssid.ssid) - 1) 305 return 0; 306 if (!TTEST2(*(p + offset), ssid.length)) 307 return 0; 308 if (length < ssid.length) 309 return 0; 310 memcpy(&ssid.ssid, p + offset, ssid.length); 311 offset += ssid.length; 312 length -= ssid.length; 313 } 314 ssid.ssid[ssid.length] = '\0'; 315 /* 316 * Present and not truncated. 317 * 318 * If we haven't already seen an SSID IE, 319 * copy this one, otherwise ignore this one, 320 * so we later report the first one we saw. 321 */ 322 if (!pbody->ssid_present) { 323 pbody->ssid = ssid; 324 pbody->ssid_present = 1; 325 } 326 break; 327 case E_CHALLENGE: 328 if (!TTEST2(*(p + offset), 2)) 329 return 0; 330 if (length < 2) 331 return 0; 332 memcpy(&challenge, p + offset, 2); 333 offset += 2; 334 length -= 2; 335 if (challenge.length != 0) { 336 if (challenge.length > 337 sizeof(challenge.text) - 1) 338 return 0; 339 if (!TTEST2(*(p + offset), challenge.length)) 340 return 0; 341 if (length < challenge.length) 342 return 0; 343 memcpy(&challenge.text, p + offset, 344 challenge.length); 345 offset += challenge.length; 346 length -= challenge.length; 347 } 348 challenge.text[challenge.length] = '\0'; 349 /* 350 * Present and not truncated. 351 * 352 * If we haven't already seen a challenge IE, 353 * copy this one, otherwise ignore this one, 354 * so we later report the first one we saw. 355 */ 356 if (!pbody->challenge_present) { 357 pbody->challenge = challenge; 358 pbody->challenge_present = 1; 359 } 360 break; 361 case E_RATES: 362 if (!TTEST2(*(p + offset), 2)) 363 return 0; 364 if (length < 2) 365 return 0; 366 memcpy(&rates, p + offset, 2); 367 offset += 2; 368 length -= 2; 369 if (rates.length != 0) { 370 if (rates.length > sizeof rates.rate) 371 return 0; 372 if (!TTEST2(*(p + offset), rates.length)) 373 return 0; 374 if (length < rates.length) 375 return 0; 376 memcpy(&rates.rate, p + offset, rates.length); 377 offset += rates.length; 378 length -= rates.length; 379 } 380 /* 381 * Present and not truncated. 382 * 383 * If we haven't already seen a rates IE, 384 * copy this one if it's not zero-length, 385 * otherwise ignore this one, so we later 386 * report the first one we saw. 387 * 388 * We ignore zero-length rates IEs as some 389 * devices seem to put a zero-length rates 390 * IE, followed by an SSID IE, followed by 391 * a non-zero-length rates IE into frames, 392 * even though IEEE Std 802.11-2007 doesn't 393 * seem to indicate that a zero-length rates 394 * IE is valid. 395 */ 396 if (!pbody->rates_present && rates.length != 0) { 397 pbody->rates = rates; 398 pbody->rates_present = 1; 399 } 400 break; 401 case E_DS: 402 if (!TTEST2(*(p + offset), 3)) 403 return 0; 404 if (length < 3) 405 return 0; 406 memcpy(&ds, p + offset, 3); 407 offset += 3; 408 length -= 3; 409 /* 410 * Present and not truncated. 411 * 412 * If we haven't already seen a DS IE, 413 * copy this one, otherwise ignore this one, 414 * so we later report the first one we saw. 415 */ 416 if (!pbody->ds_present) { 417 pbody->ds = ds; 418 pbody->ds_present = 1; 419 } 420 break; 421 case E_CF: 422 if (!TTEST2(*(p + offset), 8)) 423 return 0; 424 if (length < 8) 425 return 0; 426 memcpy(&cf, p + offset, 8); 427 offset += 8; 428 length -= 8; 429 /* 430 * Present and not truncated. 431 * 432 * If we haven't already seen a CF IE, 433 * copy this one, otherwise ignore this one, 434 * so we later report the first one we saw. 435 */ 436 if (!pbody->cf_present) { 437 pbody->cf = cf; 438 pbody->cf_present = 1; 439 } 440 break; 441 case E_TIM: 442 if (!TTEST2(*(p + offset), 2)) 443 return 0; 444 if (length < 2) 445 return 0; 446 memcpy(&tim, p + offset, 2); 447 offset += 2; 448 length -= 2; 449 if (!TTEST2(*(p + offset), 3)) 450 return 0; 451 if (length < 3) 452 return 0; 453 memcpy(&tim.count, p + offset, 3); 454 offset += 3; 455 length -= 3; 456 457 if (tim.length <= 3) 458 break; 459 if (tim.length - 3 > (int)sizeof tim.bitmap) 460 return 0; 461 if (!TTEST2(*(p + offset), tim.length - 3)) 462 return 0; 463 if (length < (u_int)(tim.length - 3)) 464 return 0; 465 memcpy(tim.bitmap, p + (tim.length - 3), 466 (tim.length - 3)); 467 offset += tim.length - 3; 468 length -= tim.length - 3; 469 /* 470 * Present and not truncated. 471 * 472 * If we haven't already seen a TIM IE, 473 * copy this one, otherwise ignore this one, 474 * so we later report the first one we saw. 475 */ 476 if (!pbody->tim_present) { 477 pbody->tim = tim; 478 pbody->tim_present = 1; 479 } 480 break; 481 default: 482 #if 0 483 printf("(1) unhandled element_id (%d) ", 484 *(p + offset)); 485 #endif 486 if (!TTEST2(*(p + offset), 2)) 487 return 0; 488 if (length < 2) 489 return 0; 490 if (!TTEST2(*(p + offset + 2), *(p + offset + 1))) 491 return 0; 492 if (length < (u_int)(*(p + offset + 1) + 2)) 493 return 0; 494 offset += *(p + offset + 1) + 2; 495 length -= *(p + offset + 1) + 2; 496 break; 497 } 498 } 499 500 /* No problems found. */ 501 return 1; 502 } 503 504 /********************************************************************************* 505 * Print Handle functions for the management frame types 506 *********************************************************************************/ 507 508 static int 509 handle_beacon(const u_char *p, u_int length) 510 { 511 struct mgmt_body_t pbody; 512 int offset = 0; 513 int ret; 514 515 memset(&pbody, 0, sizeof(pbody)); 516 517 if (!TTEST2(*p, IEEE802_11_TSTAMP_LEN + IEEE802_11_BCNINT_LEN + 518 IEEE802_11_CAPINFO_LEN)) 519 return 0; 520 if (length < IEEE802_11_TSTAMP_LEN + IEEE802_11_BCNINT_LEN + 521 IEEE802_11_CAPINFO_LEN) 522 return 0; 523 memcpy(&pbody.timestamp, p, IEEE802_11_TSTAMP_LEN); 524 offset += IEEE802_11_TSTAMP_LEN; 525 length -= IEEE802_11_TSTAMP_LEN; 526 pbody.beacon_interval = EXTRACT_LE_16BITS(p+offset); 527 offset += IEEE802_11_BCNINT_LEN; 528 length -= IEEE802_11_BCNINT_LEN; 529 pbody.capability_info = EXTRACT_LE_16BITS(p+offset); 530 offset += IEEE802_11_CAPINFO_LEN; 531 length -= IEEE802_11_CAPINFO_LEN; 532 533 ret = parse_elements(&pbody, p, offset, length); 534 535 PRINT_SSID(pbody); 536 PRINT_RATES(pbody); 537 printf(" %s", 538 CAPABILITY_ESS(pbody.capability_info) ? "ESS" : "IBSS"); 539 PRINT_DS_CHANNEL(pbody); 540 541 return ret; 542 } 543 544 static int 545 handle_assoc_request(const u_char *p, u_int length) 546 { 547 struct mgmt_body_t pbody; 548 int offset = 0; 549 int ret; 550 551 memset(&pbody, 0, sizeof(pbody)); 552 553 if (!TTEST2(*p, IEEE802_11_CAPINFO_LEN + IEEE802_11_LISTENINT_LEN)) 554 return 0; 555 if (length < IEEE802_11_CAPINFO_LEN + IEEE802_11_LISTENINT_LEN) 556 return 0; 557 pbody.capability_info = EXTRACT_LE_16BITS(p); 558 offset += IEEE802_11_CAPINFO_LEN; 559 length -= IEEE802_11_CAPINFO_LEN; 560 pbody.listen_interval = EXTRACT_LE_16BITS(p+offset); 561 offset += IEEE802_11_LISTENINT_LEN; 562 length -= IEEE802_11_LISTENINT_LEN; 563 564 ret = parse_elements(&pbody, p, offset, length); 565 566 PRINT_SSID(pbody); 567 PRINT_RATES(pbody); 568 return ret; 569 } 570 571 static int 572 handle_assoc_response(const u_char *p, u_int length) 573 { 574 struct mgmt_body_t pbody; 575 int offset = 0; 576 int ret; 577 578 memset(&pbody, 0, sizeof(pbody)); 579 580 if (!TTEST2(*p, IEEE802_11_CAPINFO_LEN + IEEE802_11_STATUS_LEN + 581 IEEE802_11_AID_LEN)) 582 return 0; 583 if (length < IEEE802_11_CAPINFO_LEN + IEEE802_11_STATUS_LEN + 584 IEEE802_11_AID_LEN) 585 return 0; 586 pbody.capability_info = EXTRACT_LE_16BITS(p); 587 offset += IEEE802_11_CAPINFO_LEN; 588 length -= IEEE802_11_CAPINFO_LEN; 589 pbody.status_code = EXTRACT_LE_16BITS(p+offset); 590 offset += IEEE802_11_STATUS_LEN; 591 length -= IEEE802_11_STATUS_LEN; 592 pbody.aid = EXTRACT_LE_16BITS(p+offset); 593 offset += IEEE802_11_AID_LEN; 594 length -= IEEE802_11_AID_LEN; 595 596 ret = parse_elements(&pbody, p, offset, length); 597 598 printf(" AID(%x) :%s: %s", ((u_int16_t)(pbody.aid << 2 )) >> 2 , 599 CAPABILITY_PRIVACY(pbody.capability_info) ? " PRIVACY " : "", 600 (pbody.status_code < NUM_STATUSES 601 ? status_text[pbody.status_code] 602 : "n/a")); 603 604 return ret; 605 } 606 607 static int 608 handle_reassoc_request(const u_char *p, u_int length) 609 { 610 struct mgmt_body_t pbody; 611 int offset = 0; 612 int ret; 613 614 memset(&pbody, 0, sizeof(pbody)); 615 616 if (!TTEST2(*p, IEEE802_11_CAPINFO_LEN + IEEE802_11_LISTENINT_LEN + 617 IEEE802_11_AP_LEN)) 618 return 0; 619 if (length < IEEE802_11_CAPINFO_LEN + IEEE802_11_LISTENINT_LEN + 620 IEEE802_11_AP_LEN) 621 return 0; 622 pbody.capability_info = EXTRACT_LE_16BITS(p); 623 offset += IEEE802_11_CAPINFO_LEN; 624 length -= IEEE802_11_CAPINFO_LEN; 625 pbody.listen_interval = EXTRACT_LE_16BITS(p+offset); 626 offset += IEEE802_11_LISTENINT_LEN; 627 length -= IEEE802_11_LISTENINT_LEN; 628 memcpy(&pbody.ap, p+offset, IEEE802_11_AP_LEN); 629 offset += IEEE802_11_AP_LEN; 630 length -= IEEE802_11_AP_LEN; 631 632 ret = parse_elements(&pbody, p, offset, length); 633 634 PRINT_SSID(pbody); 635 printf(" AP : %s", etheraddr_string( pbody.ap )); 636 637 return ret; 638 } 639 640 static int 641 handle_reassoc_response(const u_char *p, u_int length) 642 { 643 /* Same as a Association Reponse */ 644 return handle_assoc_response(p, length); 645 } 646 647 static int 648 handle_probe_request(const u_char *p, u_int length) 649 { 650 struct mgmt_body_t pbody; 651 int offset = 0; 652 int ret; 653 654 memset(&pbody, 0, sizeof(pbody)); 655 656 ret = parse_elements(&pbody, p, offset, length); 657 658 PRINT_SSID(pbody); 659 PRINT_RATES(pbody); 660 661 return ret; 662 } 663 664 static int 665 handle_probe_response(const u_char *p, u_int length) 666 { 667 struct mgmt_body_t pbody; 668 int offset = 0; 669 int ret; 670 671 memset(&pbody, 0, sizeof(pbody)); 672 673 if (!TTEST2(*p, IEEE802_11_TSTAMP_LEN + IEEE802_11_BCNINT_LEN + 674 IEEE802_11_CAPINFO_LEN)) 675 return 0; 676 if (length < IEEE802_11_TSTAMP_LEN + IEEE802_11_BCNINT_LEN + 677 IEEE802_11_CAPINFO_LEN) 678 return 0; 679 memcpy(&pbody.timestamp, p, IEEE802_11_TSTAMP_LEN); 680 offset += IEEE802_11_TSTAMP_LEN; 681 length -= IEEE802_11_TSTAMP_LEN; 682 pbody.beacon_interval = EXTRACT_LE_16BITS(p+offset); 683 offset += IEEE802_11_BCNINT_LEN; 684 length -= IEEE802_11_BCNINT_LEN; 685 pbody.capability_info = EXTRACT_LE_16BITS(p+offset); 686 offset += IEEE802_11_CAPINFO_LEN; 687 length -= IEEE802_11_CAPINFO_LEN; 688 689 ret = parse_elements(&pbody, p, offset, length); 690 691 PRINT_SSID(pbody); 692 PRINT_RATES(pbody); 693 PRINT_DS_CHANNEL(pbody); 694 695 return ret; 696 } 697 698 static int 699 handle_atim(void) 700 { 701 /* the frame body for ATIM is null. */ 702 return 1; 703 } 704 705 static int 706 handle_disassoc(const u_char *p, u_int length) 707 { 708 struct mgmt_body_t pbody; 709 710 memset(&pbody, 0, sizeof(pbody)); 711 712 if (!TTEST2(*p, IEEE802_11_REASON_LEN)) 713 return 0; 714 if (length < IEEE802_11_REASON_LEN) 715 return 0; 716 pbody.reason_code = EXTRACT_LE_16BITS(p); 717 718 printf(": %s", 719 (pbody.reason_code < NUM_REASONS) 720 ? reason_text[pbody.reason_code] 721 : "Reserved" ); 722 723 return 1; 724 } 725 726 static int 727 handle_auth(const u_char *p, u_int length) 728 { 729 struct mgmt_body_t pbody; 730 int offset = 0; 731 int ret; 732 733 memset(&pbody, 0, sizeof(pbody)); 734 735 if (!TTEST2(*p, 6)) 736 return 0; 737 if (length < 6) 738 return 0; 739 pbody.auth_alg = EXTRACT_LE_16BITS(p); 740 offset += 2; 741 length -= 2; 742 pbody.auth_trans_seq_num = EXTRACT_LE_16BITS(p + offset); 743 offset += 2; 744 length -= 2; 745 pbody.status_code = EXTRACT_LE_16BITS(p + offset); 746 offset += 2; 747 length -= 2; 748 749 ret = parse_elements(&pbody, p, offset, length); 750 751 if ((pbody.auth_alg == 1) && 752 ((pbody.auth_trans_seq_num == 2) || 753 (pbody.auth_trans_seq_num == 3))) { 754 printf(" (%s)-%x [Challenge Text] %s", 755 (pbody.auth_alg < NUM_AUTH_ALGS) 756 ? auth_alg_text[pbody.auth_alg] 757 : "Reserved", 758 pbody.auth_trans_seq_num, 759 ((pbody.auth_trans_seq_num % 2) 760 ? ((pbody.status_code < NUM_STATUSES) 761 ? status_text[pbody.status_code] 762 : "n/a") : "")); 763 return ret; 764 } 765 printf(" (%s)-%x: %s", 766 (pbody.auth_alg < NUM_AUTH_ALGS) 767 ? auth_alg_text[pbody.auth_alg] 768 : "Reserved", 769 pbody.auth_trans_seq_num, 770 (pbody.auth_trans_seq_num % 2) 771 ? ((pbody.status_code < NUM_STATUSES) 772 ? status_text[pbody.status_code] 773 : "n/a") 774 : ""); 775 776 return ret; 777 } 778 779 static int 780 handle_deauth(const struct mgmt_header_t *pmh, const u_char *p, u_int length) 781 { 782 struct mgmt_body_t pbody; 783 int offset = 0; 784 const char *reason = NULL; 785 786 memset(&pbody, 0, sizeof(pbody)); 787 788 if (!TTEST2(*p, IEEE802_11_REASON_LEN)) 789 return 0; 790 if (length < IEEE802_11_REASON_LEN) 791 return 0; 792 pbody.reason_code = EXTRACT_LE_16BITS(p); 793 offset += IEEE802_11_REASON_LEN; 794 length -= IEEE802_11_REASON_LEN; 795 796 reason = (pbody.reason_code < NUM_REASONS) 797 ? reason_text[pbody.reason_code] 798 : "Reserved"; 799 800 if (eflag) { 801 printf(": %s", reason); 802 } else { 803 printf(" (%s): %s", etheraddr_string(pmh->sa), reason); 804 } 805 return 1; 806 } 807 808 #define PRINT_HT_ACTION(v) (\ 809 (v) == 0 ? printf("TxChWidth") : \ 810 (v) == 1 ? printf("MIMOPwrSave") : \ 811 printf("Act#%d", (v)) \ 812 ) 813 #define PRINT_BA_ACTION(v) (\ 814 (v) == 0 ? printf("ADDBA Request") : \ 815 (v) == 1 ? printf("ADDBA Response") : \ 816 (v) == 2 ? printf("DELBA") : \ 817 printf("Act#%d", (v)) \ 818 ) 819 #define PRINT_MESHLINK_ACTION(v) (\ 820 (v) == 0 ? printf("Request") : \ 821 (v) == 1 ? printf("Report") : \ 822 printf("Act#%d", (v)) \ 823 ) 824 #define PRINT_MESHPEERING_ACTION(v) (\ 825 (v) == 0 ? printf("Open") : \ 826 (v) == 1 ? printf("Confirm") : \ 827 (v) == 2 ? printf("Close") : \ 828 printf("Act#%d", (v)) \ 829 ) 830 #define PRINT_MESHPATH_ACTION(v) (\ 831 (v) == 0 ? printf("Request") : \ 832 (v) == 1 ? printf("Report") : \ 833 (v) == 2 ? printf("Error") : \ 834 (v) == 3 ? printf("RootAnnouncement") : \ 835 printf("Act#%d", (v)) \ 836 ) 837 838 static int 839 handle_action(const struct mgmt_header_t *pmh, const u_char *p, u_int length) 840 { 841 if (!TTEST2(*p, 2)) 842 return 0; 843 if (length < 2) 844 return 0; 845 if (eflag) { 846 printf(": "); 847 } else { 848 printf(" (%s): ", etheraddr_string(pmh->sa)); 849 } 850 switch (p[0]) { 851 case 0: printf("Spectrum Management Act#%d", p[1]); break; 852 case 1: printf("QoS Act#%d", p[1]); break; 853 case 2: printf("DLS Act#%d", p[1]); break; 854 case 3: printf("BA "); PRINT_BA_ACTION(p[1]); break; 855 case 7: printf("HT "); PRINT_HT_ACTION(p[1]); break; 856 case 13: printf("MeshLMetric "); PRINT_MESHLINK_ACTION(p[1]); break; 857 case 15: printf("Interwork Act#%d", p[1]); break; 858 case 16: printf("Resource Act#%d", p[1]); break; 859 case 17: printf("Proxy Act#%d", p[1]); break; 860 case 30: printf("MeshPeering "); PRINT_MESHPEERING_ACTION(p[1]); break; 861 case 32: printf("MeshPath "); PRINT_MESHPATH_ACTION(p[1]); break; 862 case 127: printf("Vendor Act#%d", p[1]); break; 863 default: 864 printf("Reserved(%d) Act#%d", p[0], p[1]); 865 break; 866 } 867 return 1; 868 } 869 870 871 /********************************************************************************* 872 * Print Body funcs 873 *********************************************************************************/ 874 875 876 static int 877 mgmt_body_print(u_int16_t fc, const struct mgmt_header_t *pmh, 878 const u_char *p, u_int length) 879 { 880 switch (FC_SUBTYPE(fc)) { 881 case ST_ASSOC_REQUEST: 882 printf("Assoc Request"); 883 return handle_assoc_request(p, length); 884 case ST_ASSOC_RESPONSE: 885 printf("Assoc Response"); 886 return handle_assoc_response(p, length); 887 case ST_REASSOC_REQUEST: 888 printf("ReAssoc Request"); 889 return handle_reassoc_request(p, length); 890 case ST_REASSOC_RESPONSE: 891 printf("ReAssoc Response"); 892 return handle_reassoc_response(p, length); 893 case ST_PROBE_REQUEST: 894 printf("Probe Request"); 895 return handle_probe_request(p, length); 896 case ST_PROBE_RESPONSE: 897 printf("Probe Response"); 898 return handle_probe_response(p, length); 899 case ST_BEACON: 900 printf("Beacon"); 901 return handle_beacon(p, length); 902 case ST_ATIM: 903 printf("ATIM"); 904 return handle_atim(); 905 case ST_DISASSOC: 906 printf("Disassociation"); 907 return handle_disassoc(p, length); 908 case ST_AUTH: 909 printf("Authentication"); 910 if (!TTEST2(*p, 3)) 911 return 0; 912 if ((p[0] == 0 ) && (p[1] == 0) && (p[2] == 0)) { 913 printf("Authentication (Shared-Key)-3 "); 914 return wep_print(p); 915 } 916 return handle_auth(p, length); 917 case ST_DEAUTH: 918 printf("DeAuthentication"); 919 return handle_deauth(pmh, p, length); 920 break; 921 case ST_ACTION: 922 printf("Action"); 923 return handle_action(pmh, p, length); 924 break; 925 default: 926 printf("Unhandled Management subtype(%x)", 927 FC_SUBTYPE(fc)); 928 return 1; 929 } 930 } 931 932 933 /********************************************************************************* 934 * Handles printing all the control frame types 935 *********************************************************************************/ 936 937 static int 938 ctrl_body_print(u_int16_t fc, const u_char *p) 939 { 940 switch (FC_SUBTYPE(fc)) { 941 case CTRL_CONTROL_WRAPPER: 942 printf("Control Wrapper"); 943 /* XXX - requires special handling */ 944 break; 945 case CTRL_BAR: 946 printf("BAR"); 947 if (!TTEST2(*p, CTRL_BAR_HDRLEN)) 948 return 0; 949 if (!eflag) 950 printf(" RA:%s TA:%s CTL(%x) SEQ(%u) ", 951 etheraddr_string(((const struct ctrl_bar_t *)p)->ra), 952 etheraddr_string(((const struct ctrl_bar_t *)p)->ta), 953 EXTRACT_LE_16BITS(&(((const struct ctrl_bar_t *)p)->ctl)), 954 EXTRACT_LE_16BITS(&(((const struct ctrl_bar_t *)p)->seq))); 955 break; 956 case CTRL_BA: 957 printf("BA"); 958 if (!TTEST2(*p, CTRL_BA_HDRLEN)) 959 return 0; 960 if (!eflag) 961 printf(" RA:%s ", 962 etheraddr_string(((const struct ctrl_ba_t *)p)->ra)); 963 break; 964 case CTRL_PS_POLL: 965 printf("Power Save-Poll"); 966 if (!TTEST2(*p, CTRL_PS_POLL_HDRLEN)) 967 return 0; 968 printf(" AID(%x)", 969 EXTRACT_LE_16BITS(&(((const struct ctrl_ps_poll_t *)p)->aid))); 970 break; 971 case CTRL_RTS: 972 printf("Request-To-Send"); 973 if (!TTEST2(*p, CTRL_RTS_HDRLEN)) 974 return 0; 975 if (!eflag) 976 printf(" TA:%s ", 977 etheraddr_string(((const struct ctrl_rts_t *)p)->ta)); 978 break; 979 case CTRL_CTS: 980 printf("Clear-To-Send"); 981 if (!TTEST2(*p, CTRL_CTS_HDRLEN)) 982 return 0; 983 if (!eflag) 984 printf(" RA:%s ", 985 etheraddr_string(((const struct ctrl_cts_t *)p)->ra)); 986 break; 987 case CTRL_ACK: 988 printf("Acknowledgment"); 989 if (!TTEST2(*p, CTRL_ACK_HDRLEN)) 990 return 0; 991 if (!eflag) 992 printf(" RA:%s ", 993 etheraddr_string(((const struct ctrl_ack_t *)p)->ra)); 994 break; 995 case CTRL_CF_END: 996 printf("CF-End"); 997 if (!TTEST2(*p, CTRL_END_HDRLEN)) 998 return 0; 999 if (!eflag) 1000 printf(" RA:%s ", 1001 etheraddr_string(((const struct ctrl_end_t *)p)->ra)); 1002 break; 1003 case CTRL_END_ACK: 1004 printf("CF-End+CF-Ack"); 1005 if (!TTEST2(*p, CTRL_END_ACK_HDRLEN)) 1006 return 0; 1007 if (!eflag) 1008 printf(" RA:%s ", 1009 etheraddr_string(((const struct ctrl_end_ack_t *)p)->ra)); 1010 break; 1011 default: 1012 printf("Unknown Ctrl Subtype"); 1013 } 1014 return 1; 1015 } 1016 1017 /* 1018 * Print Header funcs 1019 */ 1020 1021 /* 1022 * Data Frame - Address field contents 1023 * 1024 * To Ds | From DS | Addr 1 | Addr 2 | Addr 3 | Addr 4 1025 * 0 | 0 | DA | SA | BSSID | n/a 1026 * 0 | 1 | DA | BSSID | SA | n/a 1027 * 1 | 0 | BSSID | SA | DA | n/a 1028 * 1 | 1 | RA | TA | DA | SA 1029 */ 1030 1031 static void 1032 data_header_print(u_int16_t fc, const u_char *p, const u_int8_t **srcp, 1033 const u_int8_t **dstp) 1034 { 1035 u_int subtype = FC_SUBTYPE(fc); 1036 1037 if (DATA_FRAME_IS_CF_ACK(subtype) || DATA_FRAME_IS_CF_POLL(subtype) || 1038 DATA_FRAME_IS_QOS(subtype)) { 1039 printf("CF "); 1040 if (DATA_FRAME_IS_CF_ACK(subtype)) { 1041 if (DATA_FRAME_IS_CF_POLL(subtype)) 1042 printf("Ack/Poll"); 1043 else 1044 printf("Ack"); 1045 } else { 1046 if (DATA_FRAME_IS_CF_POLL(subtype)) 1047 printf("Poll"); 1048 } 1049 if (DATA_FRAME_IS_QOS(subtype)) 1050 printf("+QoS"); 1051 printf(" "); 1052 } 1053 1054 #define ADDR1 (p + 4) 1055 #define ADDR2 (p + 10) 1056 #define ADDR3 (p + 16) 1057 #define ADDR4 (p + 24) 1058 1059 if (!FC_TO_DS(fc) && !FC_FROM_DS(fc)) { 1060 if (srcp != NULL) 1061 *srcp = ADDR2; 1062 if (dstp != NULL) 1063 *dstp = ADDR1; 1064 if (!eflag) 1065 return; 1066 printf("DA:%s SA:%s BSSID:%s ", 1067 etheraddr_string(ADDR1), etheraddr_string(ADDR2), 1068 etheraddr_string(ADDR3)); 1069 } else if (!FC_TO_DS(fc) && FC_FROM_DS(fc)) { 1070 if (srcp != NULL) 1071 *srcp = ADDR3; 1072 if (dstp != NULL) 1073 *dstp = ADDR1; 1074 if (!eflag) 1075 return; 1076 printf("DA:%s BSSID:%s SA:%s ", 1077 etheraddr_string(ADDR1), etheraddr_string(ADDR2), 1078 etheraddr_string(ADDR3)); 1079 } else if (FC_TO_DS(fc) && !FC_FROM_DS(fc)) { 1080 if (srcp != NULL) 1081 *srcp = ADDR2; 1082 if (dstp != NULL) 1083 *dstp = ADDR3; 1084 if (!eflag) 1085 return; 1086 printf("BSSID:%s SA:%s DA:%s ", 1087 etheraddr_string(ADDR1), etheraddr_string(ADDR2), 1088 etheraddr_string(ADDR3)); 1089 } else if (FC_TO_DS(fc) && FC_FROM_DS(fc)) { 1090 if (srcp != NULL) 1091 *srcp = ADDR4; 1092 if (dstp != NULL) 1093 *dstp = ADDR3; 1094 if (!eflag) 1095 return; 1096 printf("RA:%s TA:%s DA:%s SA:%s ", 1097 etheraddr_string(ADDR1), etheraddr_string(ADDR2), 1098 etheraddr_string(ADDR3), etheraddr_string(ADDR4)); 1099 } 1100 1101 #undef ADDR1 1102 #undef ADDR2 1103 #undef ADDR3 1104 #undef ADDR4 1105 } 1106 1107 static void 1108 mgmt_header_print(const u_char *p, const u_int8_t **srcp, 1109 const u_int8_t **dstp) 1110 { 1111 const struct mgmt_header_t *hp = (const struct mgmt_header_t *) p; 1112 1113 if (srcp != NULL) 1114 *srcp = hp->sa; 1115 if (dstp != NULL) 1116 *dstp = hp->da; 1117 if (!eflag) 1118 return; 1119 1120 printf("BSSID:%s DA:%s SA:%s ", 1121 etheraddr_string((hp)->bssid), etheraddr_string((hp)->da), 1122 etheraddr_string((hp)->sa)); 1123 } 1124 1125 static void 1126 ctrl_header_print(u_int16_t fc, const u_char *p, const u_int8_t **srcp, 1127 const u_int8_t **dstp) 1128 { 1129 if (srcp != NULL) 1130 *srcp = NULL; 1131 if (dstp != NULL) 1132 *dstp = NULL; 1133 if (!eflag) 1134 return; 1135 1136 switch (FC_SUBTYPE(fc)) { 1137 case CTRL_BAR: 1138 printf(" RA:%s TA:%s CTL(%x) SEQ(%u) ", 1139 etheraddr_string(((const struct ctrl_bar_t *)p)->ra), 1140 etheraddr_string(((const struct ctrl_bar_t *)p)->ta), 1141 EXTRACT_LE_16BITS(&(((const struct ctrl_bar_t *)p)->ctl)), 1142 EXTRACT_LE_16BITS(&(((const struct ctrl_bar_t *)p)->seq))); 1143 break; 1144 case CTRL_BA: 1145 printf("RA:%s ", 1146 etheraddr_string(((const struct ctrl_ba_t *)p)->ra)); 1147 break; 1148 case CTRL_PS_POLL: 1149 printf("BSSID:%s TA:%s ", 1150 etheraddr_string(((const struct ctrl_ps_poll_t *)p)->bssid), 1151 etheraddr_string(((const struct ctrl_ps_poll_t *)p)->ta)); 1152 break; 1153 case CTRL_RTS: 1154 printf("RA:%s TA:%s ", 1155 etheraddr_string(((const struct ctrl_rts_t *)p)->ra), 1156 etheraddr_string(((const struct ctrl_rts_t *)p)->ta)); 1157 break; 1158 case CTRL_CTS: 1159 printf("RA:%s ", 1160 etheraddr_string(((const struct ctrl_cts_t *)p)->ra)); 1161 break; 1162 case CTRL_ACK: 1163 printf("RA:%s ", 1164 etheraddr_string(((const struct ctrl_ack_t *)p)->ra)); 1165 break; 1166 case CTRL_CF_END: 1167 printf("RA:%s BSSID:%s ", 1168 etheraddr_string(((const struct ctrl_end_t *)p)->ra), 1169 etheraddr_string(((const struct ctrl_end_t *)p)->bssid)); 1170 break; 1171 case CTRL_END_ACK: 1172 printf("RA:%s BSSID:%s ", 1173 etheraddr_string(((const struct ctrl_end_ack_t *)p)->ra), 1174 etheraddr_string(((const struct ctrl_end_ack_t *)p)->bssid)); 1175 break; 1176 default: 1177 printf("(H) Unknown Ctrl Subtype"); 1178 break; 1179 } 1180 } 1181 1182 static int 1183 extract_header_length(u_int16_t fc) 1184 { 1185 int len; 1186 1187 switch (FC_TYPE(fc)) { 1188 case T_MGMT: 1189 return MGMT_HDRLEN; 1190 case T_CTRL: 1191 switch (FC_SUBTYPE(fc)) { 1192 case CTRL_BAR: 1193 return CTRL_BAR_HDRLEN; 1194 case CTRL_PS_POLL: 1195 return CTRL_PS_POLL_HDRLEN; 1196 case CTRL_RTS: 1197 return CTRL_RTS_HDRLEN; 1198 case CTRL_CTS: 1199 return CTRL_CTS_HDRLEN; 1200 case CTRL_ACK: 1201 return CTRL_ACK_HDRLEN; 1202 case CTRL_CF_END: 1203 return CTRL_END_HDRLEN; 1204 case CTRL_END_ACK: 1205 return CTRL_END_ACK_HDRLEN; 1206 default: 1207 return 0; 1208 } 1209 case T_DATA: 1210 len = (FC_TO_DS(fc) && FC_FROM_DS(fc)) ? 30 : 24; 1211 if (DATA_FRAME_IS_QOS(FC_SUBTYPE(fc))) 1212 len += 2; 1213 return len; 1214 default: 1215 printf("unknown IEEE802.11 frame type (%d)", FC_TYPE(fc)); 1216 return 0; 1217 } 1218 } 1219 1220 static int 1221 extract_mesh_header_length(const u_char *p) 1222 { 1223 return (p[0] &~ 3) ? 0 : 6*(1 + (p[0] & 3)); 1224 } 1225 1226 /* 1227 * Print the 802.11 MAC header if eflag is set, and set "*srcp" and "*dstp" 1228 * to point to the source and destination MAC addresses in any case if 1229 * "srcp" and "dstp" aren't null. 1230 */ 1231 static void 1232 ieee_802_11_hdr_print(u_int16_t fc, const u_char *p, u_int hdrlen, 1233 u_int meshdrlen, const u_int8_t **srcp, const u_int8_t **dstp) 1234 { 1235 if (vflag) { 1236 if (FC_MORE_DATA(fc)) 1237 printf("More Data "); 1238 if (FC_MORE_FLAG(fc)) 1239 printf("More Fragments "); 1240 if (FC_POWER_MGMT(fc)) 1241 printf("Pwr Mgmt "); 1242 if (FC_RETRY(fc)) 1243 printf("Retry "); 1244 if (FC_ORDER(fc)) 1245 printf("Strictly Ordered "); 1246 if (FC_WEP(fc)) 1247 printf("WEP Encrypted "); 1248 if (FC_TYPE(fc) != T_CTRL || FC_SUBTYPE(fc) != CTRL_PS_POLL) 1249 printf("%dus ", 1250 EXTRACT_LE_16BITS( 1251 &((const struct mgmt_header_t *)p)->duration)); 1252 } 1253 if (meshdrlen != 0) { 1254 const struct meshcntl_t *mc = 1255 (const struct meshcntl_t *)&p[hdrlen - meshdrlen]; 1256 int ae = mc->flags & 3; 1257 1258 printf("MeshData (AE %d TTL %u seq %u", ae, mc->ttl, 1259 EXTRACT_LE_32BITS(mc->seq)); 1260 if (ae > 0) 1261 printf(" A4:%s", etheraddr_string(mc->addr4)); 1262 if (ae > 1) 1263 printf(" A5:%s", etheraddr_string(mc->addr5)); 1264 if (ae > 2) 1265 printf(" A6:%s", etheraddr_string(mc->addr6)); 1266 printf(") "); 1267 } 1268 1269 switch (FC_TYPE(fc)) { 1270 case T_MGMT: 1271 mgmt_header_print(p, srcp, dstp); 1272 break; 1273 case T_CTRL: 1274 ctrl_header_print(fc, p, srcp, dstp); 1275 break; 1276 case T_DATA: 1277 data_header_print(fc, p, srcp, dstp); 1278 break; 1279 default: 1280 printf("(header) unknown IEEE802.11 frame type (%d)", 1281 FC_TYPE(fc)); 1282 *srcp = NULL; 1283 *dstp = NULL; 1284 break; 1285 } 1286 } 1287 1288 #ifndef roundup2 1289 #define roundup2(x, y) (((x)+((y)-1))&(~((y)-1))) /* if y is powers of two */ 1290 #endif 1291 1292 static u_int 1293 ieee802_11_print(const u_char *p, u_int length, u_int orig_caplen, int pad, 1294 u_int fcslen) 1295 { 1296 u_int16_t fc; 1297 u_int caplen, hdrlen, meshdrlen; 1298 const u_int8_t *src, *dst; 1299 u_short extracted_ethertype; 1300 1301 caplen = orig_caplen; 1302 /* Remove FCS, if present */ 1303 if (length < fcslen) { 1304 printf("[|802.11]"); 1305 return caplen; 1306 } 1307 length -= fcslen; 1308 if (caplen > length) { 1309 /* Amount of FCS in actual packet data, if any */ 1310 fcslen = caplen - length; 1311 caplen -= fcslen; 1312 snapend -= fcslen; 1313 } 1314 1315 if (caplen < IEEE802_11_FC_LEN) { 1316 printf("[|802.11]"); 1317 return orig_caplen; 1318 } 1319 1320 fc = EXTRACT_LE_16BITS(p); 1321 hdrlen = extract_header_length(fc); 1322 if (pad) 1323 hdrlen = roundup2(hdrlen, 4); 1324 if (FC_TYPE(fc) == T_DATA && DATA_FRAME_IS_QOS(FC_SUBTYPE(fc))) { 1325 meshdrlen = extract_mesh_header_length(p+hdrlen); 1326 hdrlen += meshdrlen; 1327 } else 1328 meshdrlen = 0; 1329 1330 1331 if (caplen < hdrlen) { 1332 printf("[|802.11]"); 1333 return hdrlen; 1334 } 1335 1336 ieee_802_11_hdr_print(fc, p, hdrlen, meshdrlen, &src, &dst); 1337 1338 /* 1339 * Go past the 802.11 header. 1340 */ 1341 length -= hdrlen; 1342 caplen -= hdrlen; 1343 p += hdrlen; 1344 1345 switch (FC_TYPE(fc)) { 1346 case T_MGMT: 1347 if (!mgmt_body_print(fc, 1348 (const struct mgmt_header_t *)(p - hdrlen), p, length)) { 1349 printf("[|802.11]"); 1350 return hdrlen; 1351 } 1352 break; 1353 case T_CTRL: 1354 if (!ctrl_body_print(fc, p - hdrlen)) { 1355 printf("[|802.11]"); 1356 return hdrlen; 1357 } 1358 break; 1359 case T_DATA: 1360 if (DATA_FRAME_IS_NULL(FC_SUBTYPE(fc))) 1361 return hdrlen; /* no-data frame */ 1362 /* There may be a problem w/ AP not having this bit set */ 1363 if (FC_WEP(fc)) { 1364 if (!wep_print(p)) { 1365 printf("[|802.11]"); 1366 return hdrlen; 1367 } 1368 } else if (llc_print(p, length, caplen, dst, src, 1369 &extracted_ethertype) == 0) { 1370 /* 1371 * Some kinds of LLC packet we cannot 1372 * handle intelligently 1373 */ 1374 if (!eflag) 1375 ieee_802_11_hdr_print(fc, p - hdrlen, hdrlen, 1376 meshdrlen, NULL, NULL); 1377 if (extracted_ethertype) 1378 printf("(LLC %s) ", 1379 etherproto_string( 1380 htons(extracted_ethertype))); 1381 if (!suppress_default_print) 1382 default_print(p, caplen); 1383 } 1384 break; 1385 default: 1386 printf("unknown 802.11 frame type (%d)", FC_TYPE(fc)); 1387 break; 1388 } 1389 1390 return hdrlen; 1391 } 1392 1393 /* 1394 * This is the top level routine of the printer. 'p' points 1395 * to the 802.11 header of the packet, 'h->ts' is the timestamp, 1396 * 'h->len' is the length of the packet off the wire, and 'h->caplen' 1397 * is the number of bytes actually captured. 1398 */ 1399 u_int 1400 ieee802_11_if_print(const struct pcap_pkthdr *h, const u_char *p) 1401 { 1402 return ieee802_11_print(p, h->len, h->caplen, 0, 0); 1403 } 1404 1405 #define IEEE80211_CHAN_FHSS \ 1406 (IEEE80211_CHAN_2GHZ | IEEE80211_CHAN_GFSK) 1407 #define IEEE80211_CHAN_A \ 1408 (IEEE80211_CHAN_5GHZ | IEEE80211_CHAN_OFDM) 1409 #define IEEE80211_CHAN_B \ 1410 (IEEE80211_CHAN_2GHZ | IEEE80211_CHAN_CCK) 1411 #define IEEE80211_CHAN_PUREG \ 1412 (IEEE80211_CHAN_2GHZ | IEEE80211_CHAN_OFDM) 1413 #define IEEE80211_CHAN_G \ 1414 (IEEE80211_CHAN_2GHZ | IEEE80211_CHAN_DYN) 1415 1416 #define IS_CHAN_FHSS(flags) \ 1417 ((flags & IEEE80211_CHAN_FHSS) == IEEE80211_CHAN_FHSS) 1418 #define IS_CHAN_A(flags) \ 1419 ((flags & IEEE80211_CHAN_A) == IEEE80211_CHAN_A) 1420 #define IS_CHAN_B(flags) \ 1421 ((flags & IEEE80211_CHAN_B) == IEEE80211_CHAN_B) 1422 #define IS_CHAN_PUREG(flags) \ 1423 ((flags & IEEE80211_CHAN_PUREG) == IEEE80211_CHAN_PUREG) 1424 #define IS_CHAN_G(flags) \ 1425 ((flags & IEEE80211_CHAN_G) == IEEE80211_CHAN_G) 1426 #define IS_CHAN_ANYG(flags) \ 1427 (IS_CHAN_PUREG(flags) || IS_CHAN_G(flags)) 1428 1429 static void 1430 print_chaninfo(int freq, int flags) 1431 { 1432 printf("%u MHz", freq); 1433 if (IS_CHAN_FHSS(flags)) 1434 printf(" FHSS"); 1435 if (IS_CHAN_A(flags)) { 1436 if (flags & IEEE80211_CHAN_HALF) 1437 printf(" 11a/10Mhz"); 1438 else if (flags & IEEE80211_CHAN_QUARTER) 1439 printf(" 11a/5Mhz"); 1440 else 1441 printf(" 11a"); 1442 } 1443 if (IS_CHAN_ANYG(flags)) { 1444 if (flags & IEEE80211_CHAN_HALF) 1445 printf(" 11g/10Mhz"); 1446 else if (flags & IEEE80211_CHAN_QUARTER) 1447 printf(" 11g/5Mhz"); 1448 else 1449 printf(" 11g"); 1450 } else if (IS_CHAN_B(flags)) 1451 printf(" 11b"); 1452 if (flags & IEEE80211_CHAN_TURBO) 1453 printf(" Turbo"); 1454 if (flags & IEEE80211_CHAN_HT20) 1455 printf(" ht/20"); 1456 else if (flags & IEEE80211_CHAN_HT40D) 1457 printf(" ht/40-"); 1458 else if (flags & IEEE80211_CHAN_HT40U) 1459 printf(" ht/40+"); 1460 printf(" "); 1461 } 1462 1463 static int 1464 print_radiotap_field(struct cpack_state *s, u_int32_t bit, u_int8_t *flags) 1465 { 1466 union { 1467 int8_t i8; 1468 u_int8_t u8; 1469 int16_t i16; 1470 u_int16_t u16; 1471 u_int32_t u32; 1472 u_int64_t u64; 1473 } u, u2, u3, u4; 1474 int rc; 1475 1476 switch (bit) { 1477 case IEEE80211_RADIOTAP_FLAGS: 1478 rc = cpack_uint8(s, &u.u8); 1479 *flags = u.u8; 1480 break; 1481 case IEEE80211_RADIOTAP_RATE: 1482 case IEEE80211_RADIOTAP_DB_ANTSIGNAL: 1483 case IEEE80211_RADIOTAP_DB_ANTNOISE: 1484 case IEEE80211_RADIOTAP_ANTENNA: 1485 rc = cpack_uint8(s, &u.u8); 1486 break; 1487 case IEEE80211_RADIOTAP_DBM_ANTSIGNAL: 1488 case IEEE80211_RADIOTAP_DBM_ANTNOISE: 1489 rc = cpack_int8(s, &u.i8); 1490 break; 1491 case IEEE80211_RADIOTAP_CHANNEL: 1492 rc = cpack_uint16(s, &u.u16); 1493 if (rc != 0) 1494 break; 1495 rc = cpack_uint16(s, &u2.u16); 1496 break; 1497 case IEEE80211_RADIOTAP_FHSS: 1498 case IEEE80211_RADIOTAP_LOCK_QUALITY: 1499 case IEEE80211_RADIOTAP_TX_ATTENUATION: 1500 rc = cpack_uint16(s, &u.u16); 1501 break; 1502 case IEEE80211_RADIOTAP_DB_TX_ATTENUATION: 1503 rc = cpack_uint8(s, &u.u8); 1504 break; 1505 case IEEE80211_RADIOTAP_DBM_TX_POWER: 1506 rc = cpack_int8(s, &u.i8); 1507 break; 1508 case IEEE80211_RADIOTAP_TSFT: 1509 rc = cpack_uint64(s, &u.u64); 1510 break; 1511 case IEEE80211_RADIOTAP_XCHANNEL: 1512 rc = cpack_uint32(s, &u.u32); 1513 if (rc != 0) 1514 break; 1515 rc = cpack_uint16(s, &u2.u16); 1516 if (rc != 0) 1517 break; 1518 rc = cpack_uint8(s, &u3.u8); 1519 if (rc != 0) 1520 break; 1521 rc = cpack_uint8(s, &u4.u8); 1522 break; 1523 default: 1524 /* this bit indicates a field whose 1525 * size we do not know, so we cannot 1526 * proceed. Just print the bit number. 1527 */ 1528 printf("[bit %u] ", bit); 1529 return -1; 1530 } 1531 1532 if (rc != 0) { 1533 printf("[|802.11]"); 1534 return rc; 1535 } 1536 1537 switch (bit) { 1538 case IEEE80211_RADIOTAP_CHANNEL: 1539 print_chaninfo(u.u16, u2.u16); 1540 break; 1541 case IEEE80211_RADIOTAP_FHSS: 1542 printf("fhset %d fhpat %d ", u.u16 & 0xff, (u.u16 >> 8) & 0xff); 1543 break; 1544 case IEEE80211_RADIOTAP_RATE: 1545 if (u.u8 & 0x80) 1546 PRINT_HT_RATE("", u.u8, " Mb/s "); 1547 else 1548 PRINT_RATE("", u.u8, " Mb/s "); 1549 break; 1550 case IEEE80211_RADIOTAP_DBM_ANTSIGNAL: 1551 printf("%ddB signal ", u.i8); 1552 break; 1553 case IEEE80211_RADIOTAP_DBM_ANTNOISE: 1554 printf("%ddB noise ", u.i8); 1555 break; 1556 case IEEE80211_RADIOTAP_DB_ANTSIGNAL: 1557 printf("%ddB signal ", u.u8); 1558 break; 1559 case IEEE80211_RADIOTAP_DB_ANTNOISE: 1560 printf("%ddB noise ", u.u8); 1561 break; 1562 case IEEE80211_RADIOTAP_LOCK_QUALITY: 1563 printf("%u sq ", u.u16); 1564 break; 1565 case IEEE80211_RADIOTAP_TX_ATTENUATION: 1566 printf("%d tx power ", -(int)u.u16); 1567 break; 1568 case IEEE80211_RADIOTAP_DB_TX_ATTENUATION: 1569 printf("%ddB tx power ", -(int)u.u8); 1570 break; 1571 case IEEE80211_RADIOTAP_DBM_TX_POWER: 1572 printf("%ddBm tx power ", u.i8); 1573 break; 1574 case IEEE80211_RADIOTAP_FLAGS: 1575 if (u.u8 & IEEE80211_RADIOTAP_F_CFP) 1576 printf("cfp "); 1577 if (u.u8 & IEEE80211_RADIOTAP_F_SHORTPRE) 1578 printf("short preamble "); 1579 if (u.u8 & IEEE80211_RADIOTAP_F_WEP) 1580 printf("wep "); 1581 if (u.u8 & IEEE80211_RADIOTAP_F_FRAG) 1582 printf("fragmented "); 1583 if (u.u8 & IEEE80211_RADIOTAP_F_BADFCS) 1584 printf("bad-fcs "); 1585 break; 1586 case IEEE80211_RADIOTAP_ANTENNA: 1587 printf("antenna %d ", u.u8); 1588 break; 1589 case IEEE80211_RADIOTAP_TSFT: 1590 printf("%" PRIu64 "us tsft ", u.u64); 1591 break; 1592 case IEEE80211_RADIOTAP_XCHANNEL: 1593 print_chaninfo(u2.u16, u.u32); 1594 break; 1595 } 1596 return 0; 1597 } 1598 1599 static u_int 1600 ieee802_11_radio_print(const u_char *p, u_int length, u_int caplen) 1601 { 1602 #define BITNO_32(x) (((x) >> 16) ? 16 + BITNO_16((x) >> 16) : BITNO_16((x))) 1603 #define BITNO_16(x) (((x) >> 8) ? 8 + BITNO_8((x) >> 8) : BITNO_8((x))) 1604 #define BITNO_8(x) (((x) >> 4) ? 4 + BITNO_4((x) >> 4) : BITNO_4((x))) 1605 #define BITNO_4(x) (((x) >> 2) ? 2 + BITNO_2((x) >> 2) : BITNO_2((x))) 1606 #define BITNO_2(x) (((x) & 2) ? 1 : 0) 1607 #define BIT(n) (1U << n) 1608 #define IS_EXTENDED(__p) \ 1609 (EXTRACT_LE_32BITS(__p) & BIT(IEEE80211_RADIOTAP_EXT)) != 0 1610 1611 struct cpack_state cpacker; 1612 struct ieee80211_radiotap_header *hdr; 1613 u_int32_t present, next_present; 1614 u_int32_t *presentp, *last_presentp; 1615 enum ieee80211_radiotap_type bit; 1616 int bit0; 1617 const u_char *iter; 1618 u_int len; 1619 u_int8_t flags; 1620 int pad; 1621 u_int fcslen; 1622 1623 if (caplen < sizeof(*hdr)) { 1624 printf("[|802.11]"); 1625 return caplen; 1626 } 1627 1628 hdr = (struct ieee80211_radiotap_header *)p; 1629 1630 len = EXTRACT_LE_16BITS(&hdr->it_len); 1631 1632 if (caplen < len) { 1633 printf("[|802.11]"); 1634 return caplen; 1635 } 1636 for (last_presentp = &hdr->it_present; 1637 IS_EXTENDED(last_presentp) && 1638 (u_char*)(last_presentp + 1) <= p + len; 1639 last_presentp++); 1640 1641 /* are there more bitmap extensions than bytes in header? */ 1642 if (IS_EXTENDED(last_presentp)) { 1643 printf("[|802.11]"); 1644 return caplen; 1645 } 1646 1647 iter = (u_char*)(last_presentp + 1); 1648 1649 if (cpack_init(&cpacker, (u_int8_t*)iter, len - (iter - p)) != 0) { 1650 /* XXX */ 1651 printf("[|802.11]"); 1652 return caplen; 1653 } 1654 1655 /* Assume no flags */ 1656 flags = 0; 1657 /* Assume no Atheros padding between 802.11 header and body */ 1658 pad = 0; 1659 /* Assume no FCS at end of frame */ 1660 fcslen = 0; 1661 for (bit0 = 0, presentp = &hdr->it_present; presentp <= last_presentp; 1662 presentp++, bit0 += 32) { 1663 for (present = EXTRACT_LE_32BITS(presentp); present; 1664 present = next_present) { 1665 /* clear the least significant bit that is set */ 1666 next_present = present & (present - 1); 1667 1668 /* extract the least significant bit that is set */ 1669 bit = (enum ieee80211_radiotap_type) 1670 (bit0 + BITNO_32(present ^ next_present)); 1671 1672 if (print_radiotap_field(&cpacker, bit, &flags) != 0) 1673 goto out; 1674 } 1675 } 1676 1677 if (flags & IEEE80211_RADIOTAP_F_DATAPAD) 1678 pad = 1; /* Atheros padding */ 1679 if (flags & IEEE80211_RADIOTAP_F_FCS) 1680 fcslen = 4; /* FCS at end of packet */ 1681 out: 1682 return len + ieee802_11_print(p + len, length - len, caplen - len, pad, 1683 fcslen); 1684 #undef BITNO_32 1685 #undef BITNO_16 1686 #undef BITNO_8 1687 #undef BITNO_4 1688 #undef BITNO_2 1689 #undef BIT 1690 } 1691 1692 static u_int 1693 ieee802_11_avs_radio_print(const u_char *p, u_int length, u_int caplen) 1694 { 1695 u_int32_t caphdr_len; 1696 1697 if (caplen < 8) { 1698 printf("[|802.11]"); 1699 return caplen; 1700 } 1701 1702 caphdr_len = EXTRACT_32BITS(p + 4); 1703 if (caphdr_len < 8) { 1704 /* 1705 * Yow! The capture header length is claimed not 1706 * to be large enough to include even the version 1707 * cookie or capture header length! 1708 */ 1709 printf("[|802.11]"); 1710 return caplen; 1711 } 1712 1713 if (caplen < caphdr_len) { 1714 printf("[|802.11]"); 1715 return caplen; 1716 } 1717 1718 return caphdr_len + ieee802_11_print(p + caphdr_len, 1719 length - caphdr_len, caplen - caphdr_len, 0, 0); 1720 } 1721 1722 #define PRISM_HDR_LEN 144 1723 1724 #define WLANCAP_MAGIC_COOKIE_BASE 0x80211000 1725 #define WLANCAP_MAGIC_COOKIE_V1 0x80211001 1726 #define WLANCAP_MAGIC_COOKIE_V2 0x80211002 1727 1728 /* 1729 * For DLT_PRISM_HEADER; like DLT_IEEE802_11, but with an extra header, 1730 * containing information such as radio information, which we 1731 * currently ignore. 1732 * 1733 * If, however, the packet begins with WLANCAP_MAGIC_COOKIE_V1 or 1734 * WLANCAP_MAGIC_COOKIE_V2, it's really DLT_IEEE802_11_RADIO_AVS 1735 * (currently, on Linux, there's no ARPHRD_ type for 1736 * DLT_IEEE802_11_RADIO_AVS, as there is a ARPHRD_IEEE80211_PRISM 1737 * for DLT_PRISM_HEADER, so ARPHRD_IEEE80211_PRISM is used for 1738 * the AVS header, and the first 4 bytes of the header are used to 1739 * indicate whether it's a Prism header or an AVS header). 1740 */ 1741 u_int 1742 prism_if_print(const struct pcap_pkthdr *h, const u_char *p) 1743 { 1744 u_int caplen = h->caplen; 1745 u_int length = h->len; 1746 u_int32_t msgcode; 1747 1748 if (caplen < 4) { 1749 printf("[|802.11]"); 1750 return caplen; 1751 } 1752 1753 msgcode = EXTRACT_32BITS(p); 1754 if (msgcode == WLANCAP_MAGIC_COOKIE_V1 || 1755 msgcode == WLANCAP_MAGIC_COOKIE_V2) 1756 return ieee802_11_avs_radio_print(p, length, caplen); 1757 1758 if (caplen < PRISM_HDR_LEN) { 1759 printf("[|802.11]"); 1760 return caplen; 1761 } 1762 1763 return PRISM_HDR_LEN + ieee802_11_print(p + PRISM_HDR_LEN, 1764 length - PRISM_HDR_LEN, caplen - PRISM_HDR_LEN, 0, 0); 1765 } 1766 1767 /* 1768 * For DLT_IEEE802_11_RADIO; like DLT_IEEE802_11, but with an extra 1769 * header, containing information such as radio information. 1770 */ 1771 u_int 1772 ieee802_11_radio_if_print(const struct pcap_pkthdr *h, const u_char *p) 1773 { 1774 return ieee802_11_radio_print(p, h->len, h->caplen); 1775 } 1776 1777 /* 1778 * For DLT_IEEE802_11_RADIO_AVS; like DLT_IEEE802_11, but with an 1779 * extra header, containing information such as radio information, 1780 * which we currently ignore. 1781 */ 1782 u_int 1783 ieee802_11_radio_avs_if_print(const struct pcap_pkthdr *h, const u_char *p) 1784 { 1785 return ieee802_11_avs_radio_print(p, h->len, h->caplen); 1786 } 1787