diff options
| author | Anders Broman <anders.broman@ericsson.com> | 2011-10-12 05:08:51 +0000 |
|---|---|---|
| committer | Anders Broman <anders.broman@ericsson.com> | 2011-10-12 05:08:51 +0000 |
| commit | 3e9d852a1b46a50a96c04fd25427c10e9b90a12c (patch) | |
| tree | 8f8e3a1b084b14e02762b2b9d3ca6b781ef4d823 | |
| parent | 9ef1758adffe973469308d1690280cc305ff3d50 (diff) | |
From Jouni Malinen:
Move sniffer meta data parsing to separate files
packet-ieee80211.c includes dissectors for three different styles
of IEEE 802.11 sniffer meta data (like signal strength). Move these
to separate files in the same style as a fourth format (radiotap)
was already handled, so that packet-ieee80211.c focuses on the
actual IEEE 802.11 frame dissecting.
This reverts
http://anonsvn.wireshark.org/viewvc?revision=23911&view=revision
Objections?
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6443
svn path=/trunk/; revision=39379
| -rw-r--r-- | epan/dissectors/Makefile.common | 3 | ||||
| -rw-r--r-- | epan/dissectors/packet-ieee80211-prism.c | 479 | ||||
| -rw-r--r-- | epan/dissectors/packet-ieee80211-radio.c | 140 | ||||
| -rw-r--r-- | epan/dissectors/packet-ieee80211-wlancap.c | 678 | ||||
| -rw-r--r-- | epan/dissectors/packet-ieee80211.c | 1099 | ||||
| -rw-r--r-- | epan/dissectors/packet-ieee80211.h | 4 |
6 files changed, 1304 insertions, 1099 deletions
diff --git a/epan/dissectors/Makefile.common b/epan/dissectors/Makefile.common index 3591e23a37..f0444e5770 100644 --- a/epan/dissectors/Makefile.common +++ b/epan/dissectors/Makefile.common @@ -569,6 +569,9 @@ DISSECTOR_SRC = \ packet-iec104.c \ packet-ieee1722.c \ packet-ieee80211.c \ + packet-ieee80211-prism.c \ + packet-ieee80211-radio.c \ + packet-ieee80211-wlancap.c \ packet-ieee802154.c \ packet-ieee8021ah.c \ packet-ieee8023.c \ diff --git a/epan/dissectors/packet-ieee80211-prism.c b/epan/dissectors/packet-ieee80211-prism.c new file mode 100644 index 0000000000..2ef51788b2 --- /dev/null +++ b/epan/dissectors/packet-ieee80211-prism.c @@ -0,0 +1,479 @@ +/* packet-ieee80211-prism.c + * Routines for Prism monitoring mode header dissection + * + * $Id$ + * + * Wireshark - Network traffic analyzer + * By Gerald Combs <gerald@wireshark.org> + * Copyright 1998 Gerald Combs + * + * Copied from README.developer + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + +#include <epan/packet.h> +#include "packet-ieee80211.h" + +#define SHORT_STR 256 + +static dissector_handle_t wlancap_handle; +static dissector_handle_t ieee80211_handle; + +static int proto_prism = -1; + +/* Prism radio header */ + +static int hf_ieee80211_prism_msgcode = -1; +static int hf_ieee80211_prism_msglen = -1; +static int hf_ieee80211_prism_devname = -1; +static int hf_ieee80211_prism_did = -1; +static int hf_ieee80211_prism_did_type = -1; +static int hf_ieee80211_prism_did_status = -1; +static int hf_ieee80211_prism_did_length = -1; +static int hf_ieee80211_prism_did_hosttime = -1; +static int hf_ieee80211_prism_did_mactime = -1; +static int hf_ieee80211_prism_did_channel = -1; +static int hf_ieee80211_prism_did_rssi = -1; +static int hf_ieee80211_prism_did_sq = -1; +static int hf_ieee80211_prism_did_signal = -1; +static int hf_ieee80211_prism_did_noise = -1; +static int hf_ieee80211_prism_did_rate = -1; +static int hf_ieee80211_prism_did_istx = -1; +static int hf_ieee80211_prism_did_frmlen = -1; +static int hf_ieee80211_prism_did_unknown = -1; + +static gint ett_prism = -1; +static gint ett_prism_did = -1; + +/* + * Prism II-based wlan devices have a monitoring mode that sticks + * a proprietary header on each packet with lots of good + * information. This file is responsible for decoding that + * data. + * + * Support by Tim Newsham + * + * A value from the header. + * + * It appears from looking at the linux-wlan-ng and Prism II HostAP + * drivers, and various patches to the orinoco_cs drivers to add + * Prism headers, that: + * + * the "did" identifies what the value is (i.e., what it's the value + * of); + * + * "status" is 0 if the value is present or 1 if it's absent; + * + * "len" is the length of the value (always 4, in that code); + * + * "data" is the value of the data (or 0 if not present). + * + * Note: all of those values are in the *host* byte order of the machine + * on which the capture was written. + */ + + +/* + * Header attached during Prism monitor mode. + * + * At least according to one paper I've seen, the Prism 2.5 chip set + * provides: + * + * RSSI (receive signal strength indication) is "the total power + * received by the radio hardware while receiving the frame, + * including signal, interfereence, and background noise"; + * + * "silence value" is "the total power observed just before the + * start of the frame". + * + * None of the drivers I looked at supply the "rssi" or "sq" value, + * but they do supply "signal" and "noise" values, along with a "rate" + * value that's 1/5 of the raw value from what is presumably a raw + * HFA384x frame descriptor, with the comment "set to 802.11 units", + * which presumably means the units are 500 Kb/s. + * + * I infer from the current NetBSD "wi" driver that "signal" and "noise" + * are adjusted dBm values, with the dBm value having 100 added to it + * for the Prism II cards (although the NetBSD code has an XXX comment + * for the #define for WI_PRISM_DBM_OFFSET) and 149 (with no XXX comment) + * for the Orinoco cards. + * + * XXX - what about other drivers that supply Prism headers, such as + * old versions of the MadWifi driver? + */ + +#define PRISM_HEADER_LENGTH 144 /* Default Prism Header Length */ +#define PRISM_DID_HOSTTIME 0x00010044 /* Host time element */ +#define PRISM_DID_MACTIME 0x00020044 /* Mac time element */ +#define PRISM_DID_CHANNEL 0x00030044 /* Channel element */ +#define PRISM_DID_RSSI 0x00040044 /* RSSI element */ +#define PRISM_DID_SQ 0x00050044 /* SQ element */ +#define PRISM_DID_SIGNAL 0x00060044 /* Signal element */ +#define PRISM_DID_NOISE 0x00070044 /* Noise element */ +#define PRISM_DID_RATE 0x00080044 /* Rate element */ +#define PRISM_DID_ISTX 0x00090044 /* Is Tx frame */ +#define PRISM_DID_FRMLEN 0x000A0044 /* Frame length */ + +static const value_string prism_did_vals[] = +{ + { PRISM_DID_HOSTTIME, "Host Time" }, + { PRISM_DID_MACTIME, "Mac Time" }, + { PRISM_DID_CHANNEL, "Channel" }, + { PRISM_DID_RSSI, "RSSI" }, + { PRISM_DID_SQ, "SQ" }, + { PRISM_DID_SIGNAL, "Signal" }, + { PRISM_DID_NOISE, "Noise" }, + { PRISM_DID_RATE, "Rate" }, + { PRISM_DID_ISTX, "Is Tx" }, + { PRISM_DID_FRMLEN, "Frame Length" }, + { 0, NULL} +}; + +static const value_string prism_status_vals[] = +{ + { 0, "Not Supplied" }, + { 1, "Supplied" }, + { 0, NULL} +}; + +static const value_string prism_istx_vals[] = +{ + { 0, "Rx Packet" }, + { 1, "Tx Packet" }, + { 0, NULL} +}; + +static void +prism_rate_base_custom(gchar *result, guint32 rate) +{ + g_snprintf(result, ITEM_LABEL_LENGTH, "%u.%u", rate /2, rate & 1 ? 5 : 0); +} + +static gchar * +prism_rate_return(guint32 rate) +{ + gchar *result=NULL; + result = ep_alloc(SHORT_STR); + result[0] = '\0'; + prism_rate_base_custom(result, rate); + + return result; +} + + +void +capture_prism(const guchar *pd, int offset, int len, packet_counts *ld) +{ + guint32 cookie; + + if (!BYTES_ARE_IN_FRAME(offset, len, 4)) { + ld->other++; + return; + } + + /* Some captures with DLT_PRISM have the AVS WLAN header */ + cookie = pntohl(pd); + if ((cookie == WLANCAP_MAGIC_COOKIE_V1) || + (cookie == WLANCAP_MAGIC_COOKIE_V2)) { + capture_wlancap(pd, offset, len, ld); + return; + } + + /* Prism header */ + if (!BYTES_ARE_IN_FRAME(offset, len, PRISM_HEADER_LENGTH)) { + ld->other++; + return; + } + offset += PRISM_HEADER_LENGTH; + + /* 802.11 header follows */ + capture_ieee80211(pd, offset, len, ld); +} + +static void +dissect_prism(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) +{ + proto_tree *prism_tree = NULL, *prism_did_tree = NULL; + proto_item *ti = NULL, *ti_did = NULL; + tvbuff_t *next_tvb; + int offset; + guint32 msgcode, msglen, did; + guint8 *devname; + + offset = 0; + did = 0; + + /* handle the new capture type. */ + msgcode = tvb_get_ntohl(tvb, offset); + if ((msgcode == WLANCAP_MAGIC_COOKIE_V1) || + (msgcode == WLANCAP_MAGIC_COOKIE_V2)) { + call_dissector(wlancap_handle, tvb, pinfo, tree); + return; + } + + col_set_str(pinfo->cinfo, COL_PROTOCOL, "Prism"); + col_clear(pinfo->cinfo, COL_INFO); + + if(tree) { + ti = proto_tree_add_item(tree, proto_prism, tvb, 0, 144, ENC_BIG_ENDIAN); + prism_tree = proto_item_add_subtree(ti, ett_prism); + } + + /* Message Code */ + if(tree) { + proto_tree_add_item(prism_tree, hf_ieee80211_prism_msgcode, tvb, offset, 4, ENC_LITTLE_ENDIAN); + } + msgcode = tvb_get_letohl(tvb, offset); + offset += 4; + + /* Message Length */ + if(tree) { + proto_tree_add_item(prism_tree, hf_ieee80211_prism_msglen, tvb, offset, 4, ENC_LITTLE_ENDIAN); + } + msglen = tvb_get_letohl(tvb, offset); + offset += 4; + + /* Device Name */ + if(tree) { + proto_tree_add_item(prism_tree, hf_ieee80211_prism_devname, tvb, offset, 16, ENC_LITTLE_ENDIAN); + } + devname = tvb_get_ephemeral_string(tvb, offset, 16); + offset += 16; + + col_add_fstr(pinfo->cinfo, COL_INFO, "Device: %s, Message 0x%x, Length %d", devname, msgcode, msglen); + + + while(offset < PRISM_HEADER_LENGTH) + { + /* DID */ + if(tree) { + ti_did = proto_tree_add_item(prism_tree, hf_ieee80211_prism_did, tvb, offset, 12, ENC_NA); + prism_did_tree = proto_item_add_subtree(ti_did, ett_prism_did); + + proto_tree_add_item(prism_did_tree, hf_ieee80211_prism_did_type, tvb, offset, 4, ENC_LITTLE_ENDIAN); + did = tvb_get_letohl(tvb, offset); + proto_item_append_text(ti_did, " %s", val_to_str(did, prism_did_vals, "Unknown %x") ); + } + offset += 4; + + + /* Status */ + if(tree) { + proto_tree_add_item(prism_did_tree, hf_ieee80211_prism_did_status, tvb, offset, 2, ENC_LITTLE_ENDIAN); + } + offset += 2; + + /* Length */ + if(tree) { + proto_tree_add_item(prism_did_tree, hf_ieee80211_prism_did_length, tvb, offset, 2, ENC_LITTLE_ENDIAN); + } + offset += 2; + + /* Data... */ + switch(did){ + case PRISM_DID_HOSTTIME: + if(tree){ + proto_tree_add_item(prism_did_tree, hf_ieee80211_prism_did_hosttime, tvb, offset, 4, ENC_LITTLE_ENDIAN); + proto_item_append_text(ti_did, " %d", tvb_get_letohl(tvb, offset) ); + } + break; + case PRISM_DID_MACTIME: + if(tree){ + proto_tree_add_item(prism_did_tree, hf_ieee80211_prism_did_mactime, tvb, offset, 4, ENC_LITTLE_ENDIAN); + proto_item_append_text(ti_did, " %d", tvb_get_letohl(tvb, offset) ); + } + break; + case PRISM_DID_CHANNEL: + if(tree){ + proto_tree_add_item(prism_did_tree, hf_ieee80211_prism_did_channel, tvb, offset, 4, ENC_LITTLE_ENDIAN); + proto_item_append_text(ti_did, " %d", tvb_get_letohl(tvb, offset) ); + } + col_add_fstr(pinfo->cinfo, COL_FREQ_CHAN, "%u", tvb_get_letohl(tvb, offset)); + break; + case PRISM_DID_RSSI: + if(tree){ + proto_tree_add_item(prism_did_tree, hf_ieee80211_prism_did_rssi, tvb, offset, 4, ENC_LITTLE_ENDIAN); + proto_item_append_text(ti_did, " 0x%x", tvb_get_letohl(tvb, offset) ); + } + col_add_fstr(pinfo->cinfo, COL_RSSI, "%d", tvb_get_letohl(tvb, offset)); + break; + case PRISM_DID_SQ: + if(tree){ + proto_tree_add_item(prism_did_tree, hf_ieee80211_prism_did_sq, tvb, offset, 4, ENC_LITTLE_ENDIAN); + proto_item_append_text(ti_did, " 0x%x", tvb_get_letohl(tvb, offset) ); + } + break; + case PRISM_DID_SIGNAL: + if(tree){ + proto_tree_add_item(prism_did_tree, hf_ieee80211_prism_did_signal, tvb, offset, 4, ENC_LITTLE_ENDIAN); + proto_item_append_text(ti_did, " 0x%x", tvb_get_letohl(tvb, offset) ); + } + break; + case PRISM_DID_NOISE: + if(tree){ + proto_tree_add_item(prism_did_tree, hf_ieee80211_prism_did_noise, tvb, offset, 4, ENC_LITTLE_ENDIAN); + proto_item_append_text(ti_did, " 0x%x", tvb_get_letohl(tvb, offset) ); + } + break; + case PRISM_DID_RATE: + if(tree){ + proto_tree_add_item(prism_did_tree, hf_ieee80211_prism_did_rate, tvb, offset, 4, ENC_LITTLE_ENDIAN); + proto_item_append_text(ti_did, " %s Mb/s", prism_rate_return(tvb_get_letohl(tvb, offset)) ); + } + col_add_fstr(pinfo->cinfo, COL_TX_RATE, "%s", prism_rate_return(tvb_get_letohl(tvb, offset)) ); + + break; + case PRISM_DID_ISTX: + if(tree){ + proto_tree_add_item(prism_did_tree, hf_ieee80211_prism_did_istx, tvb, offset, 4, ENC_LITTLE_ENDIAN); + proto_item_append_text(ti_did, " 0x%x", tvb_get_letohl(tvb, offset) ); + } + break; + case PRISM_DID_FRMLEN: + if(tree){ + proto_tree_add_item(prism_did_tree, hf_ieee80211_prism_did_frmlen, tvb, offset, 4, ENC_LITTLE_ENDIAN); + proto_item_append_text(ti_did, " %d", tvb_get_letohl(tvb, offset) ); + } + break; + default: + if(tree){ + proto_tree_add_item(prism_did_tree, hf_ieee80211_prism_did_unknown, tvb, offset, 4, ENC_LITTLE_ENDIAN); + } + break; + } + offset += 4; + } + + /* dissect the 802.11 header next */ + next_tvb = tvb_new_subset_remaining(tvb, offset); + call_dissector(ieee80211_handle, next_tvb, pinfo, tree); +} + +static hf_register_info hf_prism[] = { + /* Prism-specific header fields + XXX - make as many of these generic as possible. */ + { &hf_ieee80211_prism_msgcode, + {"Message Code", "prism.msgcode", FT_UINT32, BASE_DEC, NULL, 0x0, + NULL, HFILL }}, + + { &hf_ieee80211_prism_msglen, + {"Message Length", "prism.msglen", FT_UINT32, BASE_DEC, NULL, 0x0, + NULL, HFILL }}, + + { &hf_ieee80211_prism_devname, + {"Device Name", "prism.devname", FT_STRING, BASE_NONE, NULL, 0x0, + NULL, HFILL }}, + + { &hf_ieee80211_prism_did, + {"DID", "prism.did.type", FT_NONE, BASE_NONE, NULL, 0x0, + NULL, HFILL }}, + + { &hf_ieee80211_prism_did_type, + {"DID", "prism.did.type", FT_UINT32, BASE_HEX, VALS(prism_did_vals), 0x0, + "Different ID for each parameter", HFILL }}, + + { &hf_ieee80211_prism_did_status, + {"Status", "prism.did.status", FT_UINT16, BASE_DEC, VALS(prism_status_vals), 0x0, + "Supplied by the driver or not", HFILL }}, + + { &hf_ieee80211_prism_did_length, + {"Length", "prism.did.length", FT_UINT16, BASE_DEC, NULL, 0x0, + "Length of data", HFILL }}, + + { &hf_ieee80211_prism_did_hosttime, + {"Host Time", "prism.did.hosttime", FT_UINT32, BASE_DEC, NULL, 0x0, + "In jiffies - for our system this is in 10ms units", HFILL }}, + + { &hf_ieee80211_prism_did_mactime, + {"Mac Time", "prism.did.hosttime", FT_UINT32, BASE_DEC, NULL, 0x0, + "In micro-seconds", HFILL }}, + + { &hf_ieee80211_prism_did_channel, + {"Channel", "prism.did.hosttime", FT_UINT32, BASE_DEC, NULL, 0x0, + NULL, HFILL }}, + + { &hf_ieee80211_prism_did_rssi, + {"RSSI", "prism.did.rssi", FT_UINT32, BASE_HEX, NULL, 0x0, + NULL, HFILL }}, + + { &hf_ieee80211_prism_did_sq, + {"SQ", "prism.did.sq", FT_UINT32, BASE_HEX, NULL, 0x0, + NULL, HFILL }}, + + { &hf_ieee80211_prism_did_signal, + {"Signal", "prism.did.signal", FT_UINT32, BASE_HEX, NULL, 0x0, + NULL, HFILL }}, + + { &hf_ieee80211_prism_did_noise, + {"Noise", "prism.did.noise", FT_UINT32, BASE_HEX, NULL, 0x0, + NULL, HFILL }}, + + { &hf_ieee80211_prism_did_rate, + {"Rate (In Mb/s)", "prism.did.rate", FT_UINT32, BASE_CUSTOM, prism_rate_base_custom, 0x0, + "In Mb/s", HFILL }}, + + { &hf_ieee80211_prism_did_istx, + {"IsTX", "prism.did.istx", FT_UINT32, BASE_HEX, VALS(prism_istx_vals), 0x0, + "Type of packet (RX or TX ?)", HFILL }}, + + { &hf_ieee80211_prism_did_frmlen, + {"Frame Length", "prism.did.frmlen", FT_UINT32, BASE_HEX_DEC, NULL, 0x0, + "Length of the following frame in bytes", HFILL }}, + + { &hf_ieee80211_prism_did_unknown, + {"Unknown DID Field", "prism.did.unknown", FT_UINT32, BASE_HEX_DEC, NULL, 0x0, + NULL, HFILL }} +}; + +static gint *tree_array[] = { + &ett_prism, + &ett_prism_did +}; + +void proto_register_ieee80211_prism(void) +{ + proto_prism = proto_register_protocol("Prism capture header", "Prism", + "prism"); + proto_register_field_array(proto_prism, hf_prism, array_length(hf_prism)); + proto_register_subtree_array(tree_array, array_length(tree_array)); +} + +void proto_reg_handoff_ieee80211_prism(void) +{ + dissector_handle_t prism_handle; + + prism_handle = create_dissector_handle(dissect_prism, proto_prism); + dissector_add_uint("wtap_encap", WTAP_ENCAP_PRISM_HEADER, prism_handle); + ieee80211_handle = find_dissector("wlan"); + wlancap_handle = find_dissector("wlancap"); +} + +/* + * Editor modelines + * + * Local Variables: + * c-basic-offset: 2 + * tab-width: 8 + * indent-tabs-mode: nil + * End: + * + * ex: set shiftwidth=2 tabstop=8 expandtab: + * :indentSize=2:tabSize=8:noTabs=true: + */ diff --git a/epan/dissectors/packet-ieee80211-radio.c b/epan/dissectors/packet-ieee80211-radio.c new file mode 100644 index 0000000000..a5f47f09b0 --- /dev/null +++ b/epan/dissectors/packet-ieee80211-radio.c @@ -0,0 +1,140 @@ +/* packet-ieee80211-radio.c + * Routines for pseudo 802.11 header dissection + * + * $Id$ + * + * Wireshark - Network traffic analyzer + * By Gerald Combs <gerald@wireshark.org> + * Copyright 1998 Gerald Combs + * + * Copied from README.developer + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + +#include <epan/packet.h> +#include "packet-ieee80211.h" + +static dissector_handle_t ieee80211_handle; + +static int proto_radio = -1; + +/* ************************************************************************* */ +/* Header field info values for radio information */ +/* ************************************************************************* */ +static int hf_data_rate = -1; +static int hf_channel = -1; +static int hf_signal_strength = -1; + +static gint ett_radio = -1; + +/* + * Dissect 802.11 with a variable-length link-layer header and a pseudo- + * header containing radio information. + */ +static void +dissect_radio (tvbuff_t * tvb, packet_info * pinfo, proto_tree * tree) +{ + proto_item *ti = NULL; + proto_tree *radio_tree = NULL; + + col_set_str(pinfo->cinfo, COL_PROTOCOL, "Radio"); + col_clear(pinfo->cinfo, COL_INFO); + + /* Add the radio information to the column information */ + col_add_fstr(pinfo->cinfo, COL_TX_RATE, "%u.%u", + pinfo->pseudo_header->ieee_802_11.data_rate / 2, + pinfo->pseudo_header->ieee_802_11.data_rate & 1 ? 5 : 0); + /* XX - this is a percentage, not a dBm or normalized or raw RSSI */ + col_add_fstr(pinfo->cinfo, COL_RSSI, "%u", + pinfo->pseudo_header->ieee_802_11.signal_level); + + if (tree) { + ti = proto_tree_add_item(tree, proto_radio, tvb, 0, 0, ENC_BIG_ENDIAN); + radio_tree = proto_item_add_subtree (ti, ett_radio); + + proto_tree_add_uint64_format(radio_tree, hf_data_rate, tvb, 0, 0, + (guint64)pinfo->pseudo_header->ieee_802_11.data_rate * 500000, + "Data Rate: %u.%u Mb/s", + pinfo->pseudo_header->ieee_802_11.data_rate / 2, + pinfo->pseudo_header->ieee_802_11.data_rate & 1 ? 5 : 0); + + proto_tree_add_uint(radio_tree, hf_channel, tvb, 0, 0, + pinfo->pseudo_header->ieee_802_11.channel); + + proto_tree_add_uint_format(radio_tree, hf_signal_strength, tvb, 0, 0, + pinfo->pseudo_header->ieee_802_11.signal_level, + "Signal Strength: %u%%", + pinfo->pseudo_header->ieee_802_11.signal_level); + } + + /* dissect the 802.11 header next */ + pinfo->current_proto = "IEEE 802.11"; + call_dissector(ieee80211_handle, tvb, pinfo, tree); +} + +static hf_register_info hf_radio[] = { + {&hf_data_rate, + {"Data Rate", "wlan.data_rate", FT_UINT64, BASE_DEC, NULL, 0, + "Data rate (b/s)", HFILL }}, + + {&hf_channel, + {"Channel", "wlan.channel", FT_UINT8, BASE_DEC, NULL, 0, + "802.11 channel number that this frame was sent/received on", HFILL }}, + + {&hf_signal_strength, + {"Signal Strength", "wlan.signal_strength", FT_UINT8, BASE_DEC, NULL, 0, + "Signal strength (Percentage)", HFILL }} +}; + +static gint *tree_array[] = { + &ett_radio +}; + +void proto_register_ieee80211_radio(void) +{ + proto_radio = proto_register_protocol("802.11 radio information", "Radio", + "radio"); + proto_register_field_array(proto_radio, hf_radio, array_length(hf_radio)); + proto_register_subtree_array(tree_array, array_length(tree_array)); +} + +void proto_reg_handoff_ieee80211_radio(void) +{ + dissector_handle_t radio_handle; + + /* Register handoff to radio-header dissectors */ + radio_handle = create_dissector_handle(dissect_radio, proto_radio); + dissector_add_uint("wtap_encap", WTAP_ENCAP_IEEE_802_11_WITH_RADIO, + radio_handle); + ieee80211_handle = find_dissector("wlan"); +} + +/* + * Editor modelines + * + * Local Variables: + * c-basic-offset: 2 + * tab-width: 8 + * indent-tabs-mode: nil + * End: + * + * ex: set shiftwidth=2 tabstop=8 expandtab: + * :indentSize=2:tabSize=8:noTabs=true: + */ diff --git a/epan/dissectors/packet-ieee80211-wlancap.c b/epan/dissectors/packet-ieee80211-wlancap.c new file mode 100644 index 0000000000..e894638d49 --- /dev/null +++ b/epan/dissectors/packet-ieee80211-wlancap.c @@ -0,0 +1,678 @@ +/* packet-ieee80211-wlancap.c + * Routines for AVS linux-wlan monitoring mode header dissection + * + * $Id$ + * + * Wireshark - Network traffic analyzer + * By Gerald Combs <gerald@wireshark.org> + * Copyright 1998 Gerald Combs + * + * Copied from README.developer + * + * This program is free software; you can redistribute it and/or + * modify it under the terms of the GNU General Public License + * as published by the Free Software Foundation; either version 2 + * of the License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. + */ + +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif + +#include <epan/packet.h> +#include "packet-ieee80211.h" + +static dissector_handle_t ieee80211_handle; + +static int proto_wlancap = -1; + +/* AVS WLANCAP radio header */ +static int hf_wlan_magic = -1; +static int hf_wlan_version = -1; +static int hf_wlan_length = -1; +static int hf_wlan_phytype = -1; +static int hf_wlan_antenna = -1; +static int hf_wlan_priority = -1; +static int hf_wlan_ssi_type = -1; +static int hf_wlan_preamble = -1; +static int hf_wlan_encoding = -1; +static int hf_wlan_sequence = -1; +static int hf_wlan_drops = -1; +static int hf_wlan_receiver_addr = -1; +static int hf_wlan_padding = -1; + +static int hf_mactime = -1; +static int hf_hosttime = -1; +static int hf_channel_frequency = -1; +static int hf_data_rate = -1; +static int hf_channel = -1; +static int hf_dbm_antnoise = -1; +static int hf_rawrssi_antnoise = -1; +static int hf_normrssi_antnoise = -1; +static int hf_rawrssi_antsignal = -1; +static int hf_dbm_antsignal = -1; +static int hf_normrssi_antsignal = -1; + +static gint ett_radio = -1; + +static dissector_handle_t wlancap_handle; + +void +capture_wlancap(const guchar *pd, int offset, int len, packet_counts *ld) +{ + guint32 length; + + if (!BYTES_ARE_IN_FRAME(offset, len, sizeof(guint32)*2)) { + ld->other++; + return; + } + + length = pntohl(pd+sizeof(guint32)); + + if (!BYTES_ARE_IN_FRAME(offset, len, length)) { + ld->other++; + return; + } + + offset += length; + + /* 802.11 header follows */ + capture_ieee80211(pd, offset, len, ld); +} + +/* + * AVS linux-wlan-based products use a new sniff header to replace the + * old Prism header. This one has additional fields, is designed to be + * non-hardware-specific, and more importantly, version and length fields + * so it can be extended later without breaking anything. + * + * Support by Solomon Peachy + * + * Description, from the capturefrm.txt file in the linux-wlan-ng 0.2.9 + * release (linux-wlan-ng-0.2.9/doc/capturefrm.txt): + * +AVS Capture Frame Format +Version 2.1.1 + +1. Introduction +The original header format for "monitor mode" or capturing frames was +a considerable hack. The document covers a redesign of that format. + + Any questions, corrections, or proposed changes go to info@linux-wlan.com + +2. Frame Format +All sniff frames follow the same format: + + Offset Name Size Description + -------------------------------------------------------------------- + 0 CaptureHeader AVS capture metadata header + 64 802.11Header [10-30] 802.11 frame header + ?? 802.11Payload [0-2312] 802.11 frame payload + ?? 802.11FCS 4 802.11 frame check sequence + +Note that the header and payload are variable length and the payload +may be empty. + +If the hardware does not supply the FCS to the driver, then the frame shall +have a FCS of 0xFFFFFFFF. + +3. Byte Order +All multibyte fields of the capture header are in "network" byte +order. The "host to network" and "network to host" functions should +work just fine. All the remaining multibyte fields are ordered +according to their respective standards. + +4. Capture Header Format +The following fields make up the AVS capture header: + + Offset Name Type + ------------------------------ + 0 version uint32 + 4 length uint32 + 8 mactime uint64 + 16 hosttime uint64 + 24 phytype uint32 + 28 frequency uint32 + 32 datarate uint32 + 36 antenna uint32 + 40 priority uint32 + 44 ssi_type uint32 + 48 ssi_signal int32 + 52 ssi_noise int32 + 56 preamble uint32 + 60 encoding uint32 + 64 sequence uint32 + 68 drops uint32 + 72 receiver_addr uint8[6] + 78 padding uint8[2] + ------------------------------ + 80 + +The following subsections detail the fields of the capture header. + +4.1 version +The version field identifies this type of frame as a subtype of +ETH_P_802111_CAPTURE as received by an ARPHRD_IEEE80211_PRISM or +an ARPHRD_IEEE80211_CAPTURE device. The value of this field shall be +0x80211002. As new revisions of this header are necessary, we can +increment the version appropriately. + +4.2 length +The length field contains the length of the entire AVS capture header, +in bytes. + +4.3 mactime +Many WLAN devices supply a relatively high resolution frame reception +time value. This field contains the value supplied by the device. If +the device does not supply a receive time value, this field shall be +set to zero. The units for this field are microseconds. + +If possible, this time value should be absolute, representing the number +of microseconds elapsed since the UNIX epoch. + +4.4 hosttime +The hosttime field is set to the current value of the host maintained +clock variable when the frame is received by the host. + +If possible, this time value should be absolute, representing the number +of microseconds elapsed since the UNIX epoch. + +4.5 phytype +The phytype field identifies what type of PHY is employed by the WLAN +device used to capture this frame. The valid values are: + + PhyType Value + ------------------------------------- + phytype_fhss_dot11_97 1 + phytype_dsss_dot11_97 2 + phytype_irbaseband 3 + phytype_dsss_dot11_b 4 + phytype_pbcc_dot11_b 5 + phytype_ofdm_dot11_g 6 + phytype_pbcc_dot11_g 7 + phytype_ofdm_dot11_a 8 + phytype_dss_ofdm_dot11_g 9 + +4.6 frequency + +This represents the frequency or channel number of the receiver at the +time the frame was received. It is interpreted as follows: + +For frequency hopping radios, this field is broken in to the +following subfields: + + Byte Subfield + ------------------------ + Byte0 Hop Set + Byte1 Hop Pattern + Byte2 Hop Index + Byte3 reserved + +For non-hopping radios, the frequency is interpreted as follows: + + Value Meaning + ----------------------------------------- + < 256 Channel number (using externally-defined + channelization) + < 10000 Center frequency, in MHz + >= 10000 Center frequency, in KHz + +4.7 datarate +The data rate field contains the rate at which the frame was received +in units of 100kbps. + +4.8 antenna +For WLAN devices that indicate the receive antenna for each frame, the +antenna field shall contain an index value into the dot11AntennaList. +If the device does not indicate a receive antenna value, this field +shall be set to zero. + +4.9 priority +The priority field indicates the receive priority of the frame. The +value is in the range [0-15] with the value 0 reserved to indicate +contention period and the value 6 reserved to indicate contention free +period. + +4.10 ssi_type +The ssi_type field is used to indicate what type of signal strength +information is present: "None", "Normalized RSSI" or "dBm". "None" +indicates that the underlying WLAN device does not supply any signal +strength at all and the ssi_* values are unset. "Normalized RSSI" +values are integers in the range [0-1000] where higher numbers +indicate stronger signal. "dBm" values indicate an actual signal +strength measurement quantity and are usually in the range [-108 - 10]. +The following values indicate the three types: + + Value Description + --------------------------------------------- + 0 None + 1 Normalized RSSI + 2 dBm + 3 Raw RSSI + +4.11 ssi_signal +The ssi_signal field contains the signal strength value reported by +the WLAN device for this frame. Note that this is a signed quantity +and if the ssi_type value is "dBm" that the value may be negative. + +4.12 ssi_noise +The ssi_noise field contains the noise or "silence" value reported by +the WLAN device. This value is commonly defined to be the "signal +strength reported immediately prior to the baseband processor lock on +the frame preamble". If the hardware does not provide noise data, this +shall equal 0xffffffff. + +4.12 preamble +For PHYs that support variable preamble lengths, the preamble field +indicates the preamble type used for this frame. The values are: + + Value Description + --------------------------------------------- + 0 Undefined + 1 Short Preamble + 2 Long Preamble + +4.13 encoding +This specifies the encoding of the received packet. For PHYs that support +multiple encoding types, this will tell us which one was used. + + Value Description + --------------------------------------------- + 0 Unknown + 1 CCK + 2 PBCC + 3 OFDM + 4 DSSS-OFDM + 5 BPSK + 6 QPSK + 7 16QAM + 8 64QAM + +4.14 sequence +This is a receive frame sequence counter. The sniff host shall +increment this by one for every valid frame received off the medium. +By watching for gaps in the sequence numbers we can determine when +packets are lost due to unreliable transport, rather than a frame never +being received to begin with. + +4.15 drops +This is a counter of the number of known frame drops that occured. This +is particularly useful when the system or hardware cannot keep up with +the sniffer load. + +4.16 receiver_addr +This specifies the MAC address of the receiver of this frame. +It is six octets in length. This field is followed by two octets of +padding to keep the structure 32-bit word aligned. + +================================ + +Changes: v2->v2.1 + + * Added contact e-mail address to introduction + * Added sniffer_addr, drop count, and sequence fields, bringing total + length to 80 bytes + * Bumped version to 0x80211002 + * Mactime is specified in microseconds, not nanoseconds + * Added 64QAM, 16QAM, BPSK, QPSK encodings + +================================ + +Changes: v2.1->v2.1.1 + + * Renamed 'channel' to 'frequency' + * Clarified the interpretation of the frequency/channel field. + * Renamed 'sniffer address' to 'receiver address' + * Clarified timestamp fields. + */ + +/* + * Signal/noise strength type values. + */ +#define SSI_NONE 0 /* no SSI information */ +#define SSI_NORM_RSSI 1 /* normalized RSSI - 0-1000 */ +#define SSI_DBM 2 /* dBm */ +#define SSI_RAW_RSSI 3 /* raw RSSI from the hardware */ + +static void +dissect_wlancap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) +{ + proto_tree *wlan_tree = NULL; + proto_item *ti; + tvbuff_t *next_tvb; + int offset; + guint32 version; + guint32 length; + guint32 channel; + guint32 datarate; + guint32 ssi_type; + guint32 antnoise; + + col_set_str(pinfo->cinfo, COL_PROTOCOL, "WLAN"); + col_clear(pinfo->cinfo, COL_INFO); + offset = 0; + + version = tvb_get_ntohl(tvb, offset) - WLANCAP_MAGIC_COOKIE_BASE; + + length = tvb_get_ntohl(tvb, offset+4); + + col_add_fstr(pinfo->cinfo, COL_INFO, "AVS WLAN Capture v%x, Length %d",version, length); + + if (version > 2) { + goto skip; + } + + /* Dissect the AVS header */ + if (tree) { + ti = proto_tree_add_item(tree, proto_wlancap, tvb, 0, length, ENC_BIG_ENDIAN); + wlan_tree = proto_item_add_subtree(ti, ett_radio); + proto_tree_add_item(wlan_tree, hf_wlan_magic, tvb, offset, 4, ENC_BIG_ENDIAN); + proto_tree_add_item(wlan_tree, hf_wlan_version, tvb, offset, 4, ENC_BIG_ENDIAN); + } + offset+=4; + if (tree) + proto_tree_add_item(wlan_tree, hf_wlan_length, tvb, offset, 4, ENC_BIG_ENDIAN); + offset+=4; + if (tree) + proto_tree_add_item(wlan_tree, hf_mactime, tvb, offset, 8, ENC_BIG_ENDIAN); + offset+=8; + if (tree) + proto_tree_add_item(wlan_tree, hf_hosttime, tvb, offset, 8, ENC_BIG_ENDIAN); + offset+=8; + if (tree) + proto_tree_add_item(wlan_tree, hf_wlan_phytype, tvb, offset, 4, ENC_BIG_ENDIAN); + offset+=4; + + /* XXX cook channel (fh uses different numbers) */ + channel = tvb_get_ntohl(tvb, offset); + if (channel < 256) { + col_add_fstr(pinfo->cinfo, COL_FREQ_CHAN, "%u", channel); + if (tree) + proto_tree_add_uint(wlan_tree, hf_channel, tvb, offset, 4, channel); + } else if (channel < 10000) { + col_add_fstr(pinfo->cinfo, COL_FREQ_CHAN, "%u MHz", channel); + if (tree) + proto_tree_add_uint_format(wlan_tree, hf_channel_frequency, tvb, offset, + 4, channel, "Frequency: %u MHz", channel); + } else { + col_add_fstr(pinfo->cinfo, COL_FREQ_CHAN, "%u KHz", channel); + if (tree) + proto_tree_add_uint_format(wlan_tree, hf_channel_frequency, tvb, offset, + 4, channel, "Frequency: %u KHz", channel); + } + offset+=4; + datarate = tvb_get_ntohl(tvb, offset); + if (datarate < 100000) { + /* In units of 100 Kb/s; convert to b/s */ + datarate *= 100000; + } + + col_add_fstr(pinfo->cinfo, COL_TX_RATE, "%u.%u", + datarate / 1000000, + ((datarate % 1000000) > 500000) ? 5 : 0); + if (tree) { + proto_tree_add_uint64_format(wlan_tree, hf_data_rate, tvb, offset, 4, + datarate, + "Data Rate: %u.%u Mb/s", + datarate/1000000, + ((datarate % 1000000) > 500000) ? 5 : 0); + } + offset+=4; + if (tree) + proto_tree_add_item(wlan_tree, hf_wlan_antenna, tvb, offset, 4, ENC_BIG_ENDIAN); + offset+=4; + if (tree) + proto_tree_add_item(wlan_tree, hf_wlan_priority, tvb, offset, 4, ENC_BIG_ENDIAN); + offset+=4; + ssi_type = tvb_get_ntohl(tvb, offset); + if (tree) + proto_tree_add_uint(wlan_tree, hf_wlan_ssi_type, tvb, offset, 4, ssi_type); + offset+=4; + switch (ssi_type) { + + case SSI_NONE: + default: + /* either there is no SSI information, or we don't know what type it is */ + break; + + case SSI_NORM_RSSI: + /* Normalized RSSI */ + col_add_fstr(pinfo->cinfo, COL_RSSI, "%u (norm)", tvb_get_ntohl(tvb, offset)); + if (tree) + proto_tree_add_item(wlan_tree, hf_normrssi_antsignal, tvb, offset, 4, ENC_BIG_ENDIAN); + break; + + case SSI_DBM: + /* dBm */ + col_add_fstr(pinfo->cinfo, COL_RSSI, "%d dBm", tvb_get_ntohl(tvb, offset)); + if (tree) + proto_tree_add_item(wlan_tree, hf_dbm_antsignal, tvb, offset, 4, ENC_BIG_ENDIAN); + break; + + case SSI_RAW_RSSI: + /* Raw RSSI */ + col_add_fstr(pinfo->cinfo, COL_RSSI, "%u (raw)", tvb_get_ntohl(tvb, offset)); + if (tree) + proto_tree_add_item(wlan_tree, hf_rawrssi_antsignal, tvb, offset, 4, ENC_BIG_ENDIAN); + break; + } + offset+=4; + antnoise = tvb_get_ntohl(tvb, offset); + /* 0xffffffff means "hardware does not provide noise data" */ + if (antnoise != 0xffffffff) { + switch (ssi_type) { + + case SSI_NONE: + default: + /* either there is no SSI information, or we don't know what type it is */ + break; + + case SSI_NORM_RSSI: + /* Normalized RSSI */ + if (tree) + proto_tree_add_uint(wlan_tree, hf_normrssi_antnoise, tvb, offset, 4, antnoise); + break; + + case SSI_DBM: + /* dBm */ + if (tree) + proto_tree_add_int(wlan_tree, hf_dbm_antnoise, tvb, offset, 4, antnoise); + break; + + case SSI_RAW_RSSI: + /* Raw RSSI */ + if (tree) + proto_tree_add_uint(wlan_tree, hf_rawrssi_antnoise, tvb, offset, 4, antnoise); + break; + } + } + offset+=4; + if (tree) + proto_tree_add_item(wlan_tree, hf_wlan_preamble, tvb, offset, 4, ENC_BIG_ENDIAN); + offset+=4; + if (tree) + proto_tree_add_item(wlan_tree, hf_wlan_encoding, tvb, offset, 4, ENC_BIG_ENDIAN); + offset+=4; + if (version > 1) { + if (tree) + proto_tree_add_item(wlan_tree, hf_wlan_sequence, tvb, offset, 4, ENC_BIG_ENDIAN); + offset+=4; + if (tree) + proto_tree_add_item(wlan_tree, hf_wlan_drops, tvb, offset, 4, ENC_BIG_ENDIAN); + offset+=4; + if (tree) + proto_tree_add_item(wlan_tree, hf_wlan_receiver_addr, tvb, offset, 6, ENC_BIG_ENDIAN); + offset+=6; + if (tree) + proto_tree_add_item(wlan_tree, hf_wlan_padding, tvb, offset, 2, ENC_NA); + offset+=2; + } + + + skip: + offset = length; + + /* dissect the 802.11 header next */ + next_tvb = tvb_new_subset_remaining(tvb, offset); + call_dissector(ieee80211_handle, next_tvb, pinfo, tree); +} + +static const value_string phy_type[] = { + { 0, "Unknown" }, + { 1, "FHSS 802.11 '97" }, + { 2, "DSSS 802.11 '97" }, + { 3, "IR Baseband" }, + { 4, "DSSS 802.11b" }, + { 5, "PBCC 802.11b" }, + { 6, "OFDM 802.11g" }, + { 7, "PBCC 802.11g" }, + { 8, "OFDM 802.11a" }, + { 0, NULL } +}; + +static const value_string encoding_type[] = { + { 0, "Unknown" }, + { 1, "CCK" }, + { 2, "PBCC" }, + { 3, "OFDM" }, + { 4, "DSS-OFDM" }, + { 5, "BPSK" }, + { 6, "QPSK" }, + { 7, "16QAM" }, + { 8, "64QAM" }, + { 0, NULL } +}; + +static const value_string ssi_type[] = { + { SSI_NONE, "None" }, + { SSI_NORM_RSSI, "Normalized RSSI" }, + { SSI_DBM, "dBm" }, + { SSI_RAW_RSSI, "Raw RSSI" }, + { 0, NULL } +}; + +static const value_string preamble_type[] = { + { 0, "Unknown" }, + { 1, "Short" }, + { 2, "Long" }, + { 0, NULL } +}; + +static hf_register_info hf_wlancap[] = { + {&hf_mactime, + {"MAC timestamp", "wlan.mactime", FT_UINT64, BASE_DEC, NULL, 0x0, + "Value in microseconds of the MAC's Time Synchronization Function timer when the first bit of the MPDU arrived at the MAC", HFILL }}, + + {&hf_hosttime, + {"Host timestamp", "wlan.hosttime", FT_UINT64, BASE_DEC, NULL, 0x0, + NULL, HFILL }}, + + {&hf_channel_frequency, + {"Channel frequency", "wlan.channel_frequency", FT_UINT32, BASE_DEC, NULL, 0x0, + "Channel frequency in megahertz that this frame was sent/received on", HFILL }}, + + {&hf_data_rate, + {"Data Rate", "wlan.data_rate", FT_UINT64, BASE_DEC, NULL, 0, + "Data rate (b/s)", HFILL }}, + {&hf_channel, + {"Channel", "wlan.channel", FT_UINT8, BASE_DEC, NULL, 0, + "802.11 channel number that this frame was sent/received on", HFILL }}, + + {&hf_wlan_antenna, + {"Antenna", "wlan.antenna", FT_UINT32, BASE_DEC, NULL, 0x0, + "Antenna number this frame was sent/received over (starting at 0)", HFILL } }, + {&hf_rawrssi_antnoise, + {"Raw RSSI Noise", "wlan.rawrssi_antnoise", FT_UINT32, BASE_DEC, NULL, 0x0, + "RF noise power at the antenna, reported as RSSI by the adapter", HFILL }}, + {&hf_dbm_antnoise, + {"SSI Noise (dBm)", "wlan.dbm_antnoise", FT_INT32, BASE_DEC, NULL, 0x0, + "RF noise power at the antenna from a fixed, arbitrary value in decibels per one milliwatt", HFILL }}, + + {&hf_normrssi_antnoise, + {"Normalized RSSI Noise", "wlan.normrssi_antnoise", FT_UINT32, BASE_DEC, NULL, 0x0, + "RF noise power at the antenna, normalized to the range 0-1000", HFILL }}, + {&hf_rawrssi_antsignal, + {"Raw RSSI Signal", "wlan.rawrssi_antsignal", FT_UINT32, BASE_DEC, NULL, 0x0, + "RF signal power at the antenna, reported as RSSI by the adapter", HFILL }}, + {&hf_dbm_antsignal, + {"SSI Signal (dBm)", "wlan.dbm_antsignal", FT_INT32, BASE_DEC, NULL, 0x0, + "RF signal power at the antenna from a fixed, arbitrary value in decibels from one milliwatt", HFILL }}, + + {&hf_normrssi_antsignal, + {"Normalized RSSI Signal", "wlan.normrssi_antsignal", FT_UINT32, BASE_DEC, NULL, 0x0, + "RF signal power at the antenna, normalized to the range 0-1000", HFILL }}, + + /* AVS-specific header fields. + XXX - make as many of these generic as possible. */ + {&hf_wlan_magic, + {"Header magic", "wlancap.magic", FT_UINT32, BASE_HEX, NULL, 0xFFFFFFF0, NULL, HFILL } }, + { &hf_wlan_version, { "Header revision", "wlancap.version", FT_UINT32, + BASE_DEC, NULL, 0xF, NULL, HFILL } }, + { &hf_wlan_length, { "Header length", "wlancap.length", FT_UINT32, + BASE_DEC, NULL, 0x0, NULL, HFILL } }, + {&hf_wlan_phytype, + {"PHY type", "wlan.phytype", FT_UINT32, BASE_DEC, VALS(phy_type), 0x0, + NULL, HFILL } }, + + { &hf_wlan_priority, { "Priority", "wlancap.priority", FT_UINT32, BASE_DEC, + NULL, 0x0, NULL, HFILL } }, + { &hf_wlan_ssi_type, { "SSI Type", "wlancap.ssi_type", FT_UINT32, BASE_DEC, + VALS(ssi_type), 0x0, NULL, HFILL } }, + { &hf_wlan_preamble, { "Preamble", "wlancap.preamble", FT_UINT32, + BASE_DEC, VALS(preamble_type), 0x0, NULL, HFILL } }, + { &hf_wlan_encoding, { "Encoding Type", "wlancap.encoding", FT_UINT32, + BASE_DEC, VALS(encoding_type), 0x0, NULL, HFILL } }, + { &hf_wlan_sequence, { "Receive sequence", "wlancap.sequence", FT_UINT32, + BASE_DEC, NULL, 0x0, NULL, HFILL } }, + { &hf_wlan_drops, { "Known Dropped Frames", "wlancap.drops", FT_UINT32, + BASE_DEC, NULL, 0x0, NULL, HFILL } }, + { &hf_wlan_receiver_addr, { "Receiver Address", "wlancap.receiver_addr", FT_ETHER, + BASE_NONE, NULL, 0x0, "Receiver Hardware Address", HFILL } }, + { &hf_wlan_padding, { "Padding", "wlancap.padding", FT_BYTES, + BASE_NONE, NULL, 0x0, NULL, HFILL } } +}; + +static gint *tree_array[] = { + &ett_radio +}; + +void proto_register_ieee80211_wlancap(void) +{ + proto_wlancap = proto_register_protocol("AVS WLAN Capture header", + "AVS WLANCAP", "wlancap"); + proto_register_field_array(proto_wlancap, hf_wlancap, + array_length(hf_wlancap)); + register_dissector("wlancap", dissect_wlancap, proto_wlancap); + + wlancap_handle = create_dissector_handle(dissect_wlancap, proto_wlancap); + dissector_add_uint("wtap_encap", WTAP_ENCAP_IEEE_802_11_WLAN_AVS, + wlancap_handle); + proto_register_subtree_array(tree_array, array_length(tree_array)); +} + +void proto_reg_handoff_ieee80211_wlancap(void) +{ + ieee80211_handle = find_dissector("wlan"); +} + +/* + * Editor modelines + * + * Local Variables: + * c-basic-offset: 2 + * tab-width: 8 + * indent-tabs-mode: nil + * End: + * + * ex: set shiftwidth=2 tabstop=8 expandtab: + * :indentSize=2:tabSize=8:noTabs=true: + */ diff --git a/epan/dissectors/packet-ieee80211.c b/epan/dissectors/packet-ieee80211.c index a2ae8e1aab..be06e81307 100644 --- a/epan/dissectors/packet-ieee80211.c +++ b/epan/dissectors/packet-ieee80211.c @@ -1392,62 +1392,6 @@ static int proto_wlan = -1; static int proto_aggregate = -1; static packet_info * g_pinfo; -static int proto_radio = -1; -static int proto_wlancap = -1; -static int proto_prism = -1; - -/* ************************************************************************* */ -/* Header field info values for radio information */ -/* ************************************************************************* */ -static int hf_mactime = -1; -static int hf_hosttime = -1; -static int hf_data_rate = -1; -static int hf_channel = -1; -static int hf_channel_frequency = -1; -static int hf_normrssi_antsignal = -1; -static int hf_dbm_antsignal = -1; -static int hf_rawrssi_antsignal = -1; -static int hf_normrssi_antnoise = -1; -static int hf_dbm_antnoise = -1; -static int hf_rawrssi_antnoise = -1; -static int hf_signal_strength = -1; - -/* Prism radio header */ - -static int hf_ieee80211_prism_msgcode = -1; -static int hf_ieee80211_prism_msglen = -1; -static int hf_ieee80211_prism_devname = -1; -static int hf_ieee80211_prism_did = -1; -static int hf_ieee80211_prism_did_type = -1; -static int hf_ieee80211_prism_did_status = -1; -static int hf_ieee80211_prism_did_length = -1; -static int hf_ieee80211_prism_did_hosttime = -1; -static int hf_ieee80211_prism_did_mactime = -1; -static int hf_ieee80211_prism_did_channel = -1; -static int hf_ieee80211_prism_did_rssi = -1; -static int hf_ieee80211_prism_did_sq = -1; -static int hf_ieee80211_prism_did_signal = -1; -static int hf_ieee80211_prism_did_noise = -1; -static int hf_ieee80211_prism_did_rate = -1; -static int hf_ieee80211_prism_did_istx = -1; -static int hf_ieee80211_prism_did_frmlen = -1; -static int hf_ieee80211_prism_did_unknown = -1; - -/* AVS WLANCAP radio header */ -static int hf_wlan_magic = -1; -static int hf_wlan_version = -1; -static int hf_wlan_length = -1; -static int hf_wlan_phytype = -1; -static int hf_wlan_antenna = -1; -static int hf_wlan_priority = -1; -static int hf_wlan_ssi_type = -1; -static int hf_wlan_preamble = -1; -static int hf_wlan_encoding = -1; -static int hf_wlan_sequence = -1; -static int hf_wlan_drops = -1; -static int hf_wlan_receiver_addr = -1; -static int hf_wlan_padding = -1; - /* ************************************************************************* */ /* Header field info values for FC-field */ /* ************************************************************************* */ @@ -2749,10 +2693,6 @@ static gint ett_sched_tree = -1; static gint ett_fcs = -1; -static gint ett_radio = -1; -static gint ett_prism = -1; -static gint ett_prism_did = -1; - static gint ett_adv_proto = -1; static gint ett_adv_proto_tuple = -1; static gint ett_gas_query = -1; @@ -2789,7 +2729,6 @@ static dissector_handle_t llc_handle; static dissector_handle_t ipx_handle; static dissector_handle_t eth_withoutfcs_handle; static dissector_handle_t data_handle; -static dissector_handle_t wlancap_handle; static int wlan_tap = -1; @@ -3331,178 +3270,6 @@ capture_ieee80211_ht (const guchar * pd, int offset, int len, packet_counts * ld capture_ieee80211_common (pd, offset, len, ld, FALSE, FALSE, TRUE); } -#define WLANCAP_MAGIC_COOKIE_BASE 0x80211000 -#define WLANCAP_MAGIC_COOKIE_V1 0x80211001 -#define WLANCAP_MAGIC_COOKIE_V2 0x80211002 - - -/* - * Prism II-based wlan devices have a monitoring mode that sticks - * a proprietary header on each packet with lots of good - * information. This file is responsible for decoding that - * data. - * - * Support by Tim Newsham - * - * A value from the header. - * - * It appears from looking at the linux-wlan-ng and Prism II HostAP - * drivers, and various patches to the orinoco_cs drivers to add - * Prism headers, that: - * - * the "did" identifies what the value is (i.e., what it's the value - * of); - * - * "status" is 0 if the value is present or 1 if it's absent; - * - * "len" is the length of the value (always 4, in that code); - * - * "data" is the value of the data (or 0 if not present). - * - * Note: all of those values are in the *host* byte order of the machine - * on which the capture was written. - */ - - -/* - * Header attached during Prism monitor mode. - * - * At least according to one paper I've seen, the Prism 2.5 chip set - * provides: - * - * RSSI (receive signal strength indication) is "the total power - * received by the radio hardware while receiving the frame, - * including signal, interfereence, and background noise"; - * - * "silence value" is "the total power observed just before the - * start of the frame". - * - * None of the drivers I looked at supply the "rssi" or "sq" value, - * but they do supply "signal" and "noise" values, along with a "rate" - * value that's 1/5 of the raw value from what is presumably a raw - * HFA384x frame descriptor, with the comment "set to 802.11 units", - * which presumably means the units are 500 Kb/s. - * - * I infer from the current NetBSD "wi" driver that "signal" and "noise" - * are adjusted dBm values, with the dBm value having 100 added to it - * for the Prism II cards (although the NetBSD code has an XXX comment - * for the #define for WI_PRISM_DBM_OFFSET) and 149 (with no XXX comment) - * for the Orinoco cards. - * - * XXX - what about other drivers that supply Prism headers, such as - * old versions of the MadWifi driver? - */ - -#define PRISM_HEADER_LENGTH 144 /* Default Prism Header Length */ -#define PRISM_DID_HOSTTIME 0x00010044 /* Host time element */ -#define PRISM_DID_MACTIME 0x00020044 /* Mac time element */ -#define PRISM_DID_CHANNEL 0x00030044 /* Channel element */ -#define PRISM_DID_RSSI 0x00040044 /* RSSI element */ -#define PRISM_DID_SQ 0x00050044 /* SQ element */ -#define PRISM_DID_SIGNAL 0x00060044 /* Signal element */ -#define PRISM_DID_NOISE 0x00070044 /* Noise element */ -#define PRISM_DID_RATE 0x00080044 /* Rate element */ -#define PRISM_DID_ISTX 0x00090044 /* Is Tx frame */ -#define PRISM_DID_FRMLEN 0x000A0044 /* Frame length */ - -static const value_string prism_did_vals[] = -{ - { PRISM_DID_HOSTTIME, "Host Time" }, - { PRISM_DID_MACTIME, "Mac Time" }, - { PRISM_DID_CHANNEL, "Channel" }, - { PRISM_DID_RSSI, "RSSI" }, - { PRISM_DID_SQ, "SQ" }, - { PRISM_DID_SIGNAL, "Signal" }, - { PRISM_DID_NOISE, "Noise" }, - { PRISM_DID_RATE, "Rate" }, - { PRISM_DID_ISTX, "Is Tx" }, - { PRISM_DID_FRMLEN, "Frame Length" }, - { 0, NULL} -}; - -static const value_string prism_status_vals[] = -{ - { 0, "Not Supplied" }, - { 1, "Supplied" }, - { 0, NULL} -}; - -static const value_string prism_istx_vals[] = -{ - { 0, "Rx Packet" }, - { 1, "Tx Packet" }, - { 0, NULL} -}; - -static void -prism_rate_base_custom(gchar *result, guint32 rate) -{ - g_snprintf(result, ITEM_LABEL_LENGTH, "%u.%u", rate /2, rate & 1 ? 5 : 0); -} - -static gchar * -prism_rate_return(guint32 rate) -{ - gchar *result=NULL; - result = ep_alloc(SHORT_STR); - result[0] = '\0'; - prism_rate_base_custom(result, rate); - - return result; -} - - -void -capture_prism(const guchar *pd, int offset, int len, packet_counts *ld) -{ - guint32 cookie; - - if (!BYTES_ARE_IN_FRAME(offset, len, 4)) { - ld->other++; - return; - } - - /* Some captures with DLT_PRISM have the AVS WLAN header */ - cookie = pntohl(pd); - if ((cookie == WLANCAP_MAGIC_COOKIE_V1) || - (cookie == WLANCAP_MAGIC_COOKIE_V2)) { - capture_wlancap(pd, offset, len, ld); - return; - } - - /* Prism header */ - if (!BYTES_ARE_IN_FRAME(offset, len, PRISM_HEADER_LENGTH)) { - ld->other++; - return; - } - offset += PRISM_HEADER_LENGTH; - - /* 802.11 header follows */ - capture_ieee80211(pd, offset, len, ld); -} - -void -capture_wlancap(const guchar *pd, int offset, int len, packet_counts *ld) -{ - guint32 length; - - if (!BYTES_ARE_IN_FRAME(offset, len, sizeof(guint32)*2)) { - ld->other++; - return; - } - - length = pntohl(pd+sizeof(guint32)); - - if (!BYTES_ARE_IN_FRAME(offset, len, length)) { - ld->other++; - return; - } - - offset += length; - - /* 802.11 header follows */ - capture_ieee80211(pd, offset, len, ld); -} /* ************************************************************************* */ /* Add the subtree used to store the fixed parameters */ @@ -11561,51 +11328,6 @@ dissect_ieee80211_datapad (tvbuff_t * tvb, packet_info * pinfo, proto_tree * tre } /* - * Dissect 802.11 with a variable-length link-layer header and a pseudo- - * header containing radio information. - */ -static void -dissect_radio (tvbuff_t * tvb, packet_info * pinfo, proto_tree * tree) -{ - proto_item *ti = NULL; - proto_tree *radio_tree = NULL; - - col_set_str(pinfo->cinfo, COL_PROTOCOL, "Radio"); - col_clear(pinfo->cinfo, COL_INFO); - - /* Add the radio information to the column information */ - col_add_fstr(pinfo->cinfo, COL_TX_RATE, "%u.%u", - pinfo->pseudo_header->ieee_802_11.data_rate / 2, - pinfo->pseudo_header->ieee_802_11.data_rate & 1 ? 5 : 0); - /* XX - this is a percentage, not a dBm or normalized or raw RSSI */ - col_add_fstr(pinfo->cinfo, COL_RSSI, "%u", - pinfo->pseudo_header->ieee_802_11.signal_level); - - if (tree) { - ti = proto_tree_add_item(tree, proto_radio, tvb, 0, 0, ENC_BIG_ENDIAN); - radio_tree = proto_item_add_subtree (ti, ett_radio); - - proto_tree_add_uint64_format(radio_tree, hf_data_rate, tvb, 0, 0, - (guint64)pinfo->pseudo_header->ieee_802_11.data_rate * 500000, - "Data Rate: %u.%u Mb/s", - pinfo->pseudo_header->ieee_802_11.data_rate / 2, - pinfo->pseudo_header->ieee_802_11.data_rate & 1 ? 5 : 0); - - proto_tree_add_uint(radio_tree, hf_channel, tvb, 0, 0, - pinfo->pseudo_header->ieee_802_11.channel); - - proto_tree_add_uint_format(radio_tree, hf_signal_strength, tvb, 0, 0, - pinfo->pseudo_header->ieee_802_11.signal_level, - "Signal Strength: %u%%", - pinfo->pseudo_header->ieee_802_11.signal_level); - } - - pinfo->current_proto = "IEEE 802.11"; - dissect_ieee80211_common (tvb, pinfo, tree, FALSE, - pinfo->pseudo_header->ieee_802_11.fcs_len, FALSE, FALSE, FALSE); -} - -/* * Dissect 802.11 with a variable-length link-layer header and a byte-swapped * control field (some hardware sends out LWAPP-encapsulated 802.11 * packets with the control field byte swapped). @@ -11710,602 +11432,6 @@ wlan_retransmit_init(void) } -static void -dissect_prism(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) -{ - proto_tree *prism_tree = NULL, *prism_did_tree = NULL; - proto_item *ti = NULL, *ti_did = NULL; - tvbuff_t *next_tvb; - int offset; - guint32 msgcode, msglen, did; - guint8 *devname; - - offset = 0; - did = 0; - - /* handle the new capture type. */ - msgcode = tvb_get_ntohl(tvb, offset); - if ((msgcode == WLANCAP_MAGIC_COOKIE_V1) || - (msgcode == WLANCAP_MAGIC_COOKIE_V2)) { - call_dissector(wlancap_handle, tvb, pinfo, tree); - return; - } - - col_set_str(pinfo->cinfo, COL_PROTOCOL, "Prism"); - col_clear(pinfo->cinfo, COL_INFO); - - if(tree) { - ti = proto_tree_add_item(tree, proto_prism, tvb, 0, 144, ENC_BIG_ENDIAN); - prism_tree = proto_item_add_subtree(ti, ett_prism); - } - - /* Message Code */ - if(tree) { - proto_tree_add_item(prism_tree, hf_ieee80211_prism_msgcode, tvb, offset, 4, ENC_LITTLE_ENDIAN); - } - msgcode = tvb_get_letohl(tvb, offset); - offset += 4; - - /* Message Length */ - if(tree) { - proto_tree_add_item(prism_tree, hf_ieee80211_prism_msglen, tvb, offset, 4, ENC_LITTLE_ENDIAN); - } - msglen = tvb_get_letohl(tvb, offset); - offset += 4; - - /* Device Name */ - if(tree) { - proto_tree_add_item(prism_tree, hf_ieee80211_prism_devname, tvb, offset, 16, ENC_LITTLE_ENDIAN); - } - devname = tvb_get_ephemeral_string(tvb, offset, 16); - offset += 16; - - col_add_fstr(pinfo->cinfo, COL_INFO, "Device: %s, Message 0x%x, Length %d", devname, msgcode, msglen); - - - while(offset < PRISM_HEADER_LENGTH) - { - /* DID */ - if(tree) { - ti_did = proto_tree_add_item(prism_tree, hf_ieee80211_prism_did, tvb, offset, 12, ENC_NA); - prism_did_tree = proto_item_add_subtree(ti_did, ett_prism_did); - - proto_tree_add_item(prism_did_tree, hf_ieee80211_prism_did_type, tvb, offset, 4, ENC_LITTLE_ENDIAN); - did = tvb_get_letohl(tvb, offset); - proto_item_append_text(ti_did, " %s", val_to_str(did, prism_did_vals, "Unknown %x") ); - } - offset += 4; - - - /* Status */ - if(tree) { - proto_tree_add_item(prism_did_tree, hf_ieee80211_prism_did_status, tvb, offset, 2, ENC_LITTLE_ENDIAN); - } - offset += 2; - - /* Length */ - if(tree) { - proto_tree_add_item(prism_did_tree, hf_ieee80211_prism_did_length, tvb, offset, 2, ENC_LITTLE_ENDIAN); - } - offset += 2; - - /* Data... */ - switch(did){ - case PRISM_DID_HOSTTIME: - if(tree){ - proto_tree_add_item(prism_did_tree, hf_ieee80211_prism_did_hosttime, tvb, offset, 4, ENC_LITTLE_ENDIAN); - proto_item_append_text(ti_did, " %d", tvb_get_letohl(tvb, offset) ); - } - break; - case PRISM_DID_MACTIME: - if(tree){ - proto_tree_add_item(prism_did_tree, hf_ieee80211_prism_did_mactime, tvb, offset, 4, ENC_LITTLE_ENDIAN); - proto_item_append_text(ti_did, " %d", tvb_get_letohl(tvb, offset) ); - } - break; - case PRISM_DID_CHANNEL: - if(tree){ - proto_tree_add_item(prism_did_tree, hf_ieee80211_prism_did_channel, tvb, offset, 4, ENC_LITTLE_ENDIAN); - proto_item_append_text(ti_did, " %d", tvb_get_letohl(tvb, offset) ); - } - col_add_fstr(pinfo->cinfo, COL_FREQ_CHAN, "%u", tvb_get_letohl(tvb, offset)); - break; - case PRISM_DID_RSSI: - if(tree){ - proto_tree_add_item(prism_did_tree, hf_ieee80211_prism_did_rssi, tvb, offset, 4, ENC_LITTLE_ENDIAN); - proto_item_append_text(ti_did, " 0x%x", tvb_get_letohl(tvb, offset) ); - } - col_add_fstr(pinfo->cinfo, COL_RSSI, "%d", tvb_get_letohl(tvb, offset)); - break; - case PRISM_DID_SQ: - if(tree){ - proto_tree_add_item(prism_did_tree, hf_ieee80211_prism_did_sq, tvb, offset, 4, ENC_LITTLE_ENDIAN); - proto_item_append_text(ti_did, " 0x%x", tvb_get_letohl(tvb, offset) ); - } - break; - case PRISM_DID_SIGNAL: - if(tree){ - proto_tree_add_item(prism_did_tree, hf_ieee80211_prism_did_signal, tvb, offset, 4, ENC_LITTLE_ENDIAN); - proto_item_append_text(ti_did, " 0x%x", tvb_get_letohl(tvb, offset) ); - } - break; - case PRISM_DID_NOISE: - if(tree){ - proto_tree_add_item(prism_did_tree, hf_ieee80211_prism_did_noise, tvb, offset, 4, ENC_LITTLE_ENDIAN); - proto_item_append_text(ti_did, " 0x%x", tvb_get_letohl(tvb, offset) ); - } - break; - case PRISM_DID_RATE: - if(tree){ - proto_tree_add_item(prism_did_tree, hf_ieee80211_prism_did_rate, tvb, offset, 4, ENC_LITTLE_ENDIAN); - proto_item_append_text(ti_did, " %s Mb/s", prism_rate_return(tvb_get_letohl(tvb, offset)) ); - } - col_add_fstr(pinfo->cinfo, COL_TX_RATE, "%s", prism_rate_return(tvb_get_letohl(tvb, offset)) ); - - break; - case PRISM_DID_ISTX: - if(tree){ - proto_tree_add_item(prism_did_tree, hf_ieee80211_prism_did_istx, tvb, offset, 4, ENC_LITTLE_ENDIAN); - proto_item_append_text(ti_did, " 0x%x", tvb_get_letohl(tvb, offset) ); - } - break; - case PRISM_DID_FRMLEN: - if(tree){ - proto_tree_add_item(prism_did_tree, hf_ieee80211_prism_did_frmlen, tvb, offset, 4, ENC_LITTLE_ENDIAN); - proto_item_append_text(ti_did, " %d", tvb_get_letohl(tvb, offset) ); - } - break; - default: - if(tree){ - proto_tree_add_item(prism_did_tree, hf_ieee80211_prism_did_unknown, tvb, offset, 4, ENC_LITTLE_ENDIAN); - } - break; - } - offset += 4; - } - - /* dissect the 802.11 header next */ - next_tvb = tvb_new_subset_remaining(tvb, offset); - call_dissector(ieee80211_handle, next_tvb, pinfo, tree); -} - -/* - * AVS linux-wlan-based products use a new sniff header to replace the - * old Prism header. This one has additional fields, is designed to be - * non-hardware-specific, and more importantly, version and length fields - * so it can be extended later without breaking anything. - * - * Support by Solomon Peachy - * - * Description, from the capturefrm.txt file in the linux-wlan-ng 0.2.9 - * release (linux-wlan-ng-0.2.9/doc/capturefrm.txt): - * -AVS Capture Frame Format -Version 2.1.1 - -1. Introduction -The original header format for "monitor mode" or capturing frames was -a considerable hack. The document covers a redesign of that format. - - Any questions, corrections, or proposed changes go to info@linux-wlan.com - -2. Frame Format -All sniff frames follow the same format: - - Offset Name Size Description - -------------------------------------------------------------------- - 0 CaptureHeader AVS capture metadata header - 64 802.11Header [10-30] 802.11 frame header - ?? 802.11Payload [0-2312] 802.11 frame payload - ?? 802.11FCS 4 802.11 frame check sequence - -Note that the header and payload are variable length and the payload -may be empty. - -If the hardware does not supply the FCS to the driver, then the frame shall -have a FCS of 0xFFFFFFFF. - -3. Byte Order -All multibyte fields of the capture header are in "network" byte -order. The "host to network" and "network to host" functions should -work just fine. All the remaining multibyte fields are ordered -according to their respective standards. - -4. Capture Header Format -The following fields make up the AVS capture header: - - Offset Name Type - ------------------------------ - 0 version uint32 - 4 length uint32 - 8 mactime uint64 - 16 hosttime uint64 - 24 phytype uint32 - 28 frequency uint32 - 32 datarate uint32 - 36 antenna uint32 - 40 priority uint32 - 44 ssi_type uint32 - 48 ssi_signal int32 - 52 ssi_noise int32 - 56 preamble uint32 - 60 encoding uint32 - 64 sequence uint32 - 68 drops uint32 - 72 receiver_addr uint8[6] - 78 padding uint8[2] - ------------------------------ - 80 - -The following subsections detail the fields of the capture header. - -4.1 version -The version field identifies this type of frame as a subtype of -ETH_P_802111_CAPTURE as received by an ARPHRD_IEEE80211_PRISM or -an ARPHRD_IEEE80211_CAPTURE device. The value of this field shall be -0x80211002. As new revisions of this header are necessary, we can -increment the version appropriately. - -4.2 length -The length field contains the length of the entire AVS capture header, -in bytes. - -4.3 mactime -Many WLAN devices supply a relatively high resolution frame reception -time value. This field contains the value supplied by the device. If -the device does not supply a receive time value, this field shall be -set to zero. The units for this field are microseconds. - -If possible, this time value should be absolute, representing the number -of microseconds elapsed since the UNIX epoch. - -4.4 hosttime -The hosttime field is set to the current value of the host maintained -clock variable when the frame is received by the host. - -If possible, this time value should be absolute, representing the number -of microseconds elapsed since the UNIX epoch. - -4.5 phytype -The phytype field identifies what type of PHY is employed by the WLAN -device used to capture this frame. The valid values are: - - PhyType Value - ------------------------------------- - phytype_fhss_dot11_97 1 - phytype_dsss_dot11_97 2 - phytype_irbaseband 3 - phytype_dsss_dot11_b 4 - phytype_pbcc_dot11_b 5 - phytype_ofdm_dot11_g 6 - phytype_pbcc_dot11_g 7 - phytype_ofdm_dot11_a 8 - phytype_dss_ofdm_dot11_g 9 - -4.6 frequency - -This represents the frequency or channel number of the receiver at the -time the frame was received. It is interpreted as follows: - -For frequency hopping radios, this field is broken in to the -following subfields: - - Byte Subfield - ------------------------ - Byte0 Hop Set - Byte1 Hop Pattern - Byte2 Hop Index - Byte3 reserved - -For non-hopping radios, the frequency is interpreted as follows: - - Value Meaning - ----------------------------------------- - < 256 Channel number (using externally-defined - channelization) - < 10000 Center frequency, in MHz - >= 10000 Center frequency, in KHz - -4.7 datarate -The data rate field contains the rate at which the frame was received -in units of 100kbps. - -4.8 antenna -For WLAN devices that indicate the receive antenna for each frame, the -antenna field shall contain an index value into the dot11AntennaList. -If the device does not indicate a receive antenna value, this field -shall be set to zero. - -4.9 priority -The priority field indicates the receive priority of the frame. The -value is in the range [0-15] with the value 0 reserved to indicate -contention period and the value 6 reserved to indicate contention free -period. - -4.10 ssi_type -The ssi_type field is used to indicate what type of signal strength -information is present: "None", "Normalized RSSI" or "dBm". "None" -indicates that the underlying WLAN device does not supply any signal -strength at all and the ssi_* values are unset. "Normalized RSSI" -values are integers in the range [0-1000] where higher numbers -indicate stronger signal. "dBm" values indicate an actual signal -strength measurement quantity and are usually in the range [-108 - 10]. -The following values indicate the three types: - - Value Description - --------------------------------------------- - 0 None - 1 Normalized RSSI - 2 dBm - 3 Raw RSSI - -4.11 ssi_signal -The ssi_signal field contains the signal strength value reported by -the WLAN device for this frame. Note that this is a signed quantity -and if the ssi_type value is "dBm" that the value may be negative. - -4.12 ssi_noise -The ssi_noise field contains the noise or "silence" value reported by -the WLAN device. This value is commonly defined to be the "signal -strength reported immediately prior to the baseband processor lock on -the frame preamble". If the hardware does not provide noise data, this -shall equal 0xffffffff. - -4.12 preamble -For PHYs that support variable preamble lengths, the preamble field -indicates the preamble type used for this frame. The values are: - - Value Description - --------------------------------------------- - 0 Undefined - 1 Short Preamble - 2 Long Preamble - -4.13 encoding -This specifies the encoding of the received packet. For PHYs that support -multiple encoding types, this will tell us which one was used. - - Value Description - --------------------------------------------- - 0 Unknown - 1 CCK - 2 PBCC - 3 OFDM - 4 DSSS-OFDM - 5 BPSK - 6 QPSK - 7 16QAM - 8 64QAM - -4.14 sequence -This is a receive frame sequence counter. The sniff host shall -increment this by one for every valid frame received off the medium. -By watching for gaps in the sequence numbers we can determine when -packets are lost due to unreliable transport, rather than a frame never -being received to begin with. - -4.15 drops -This is a counter of the number of known frame drops that occured. This -is particularly useful when the system or hardware cannot keep up with -the sniffer load. - -4.16 receiver_addr -This specifies the MAC address of the receiver of this frame. -It is six octets in length. This field is followed by two octets of -padding to keep the structure 32-bit word aligned. - -================================ - -Changes: v2->v2.1 - - * Added contact e-mail address to introduction - * Added sniffer_addr, drop count, and sequence fields, bringing total - length to 80 bytes - * Bumped version to 0x80211002 - * Mactime is specified in microseconds, not nanoseconds - * Added 64QAM, 16QAM, BPSK, QPSK encodings - -================================ - -Changes: v2.1->v2.1.1 - - * Renamed 'channel' to 'frequency' - * Clarified the interpretation of the frequency/channel field. - * Renamed 'sniffer address' to 'receiver address' - * Clarified timestamp fields. - */ - -/* - * Signal/noise strength type values. - */ -#define SSI_NONE 0 /* no SSI information */ -#define SSI_NORM_RSSI 1 /* normalized RSSI - 0-1000 */ -#define SSI_DBM 2 /* dBm */ -#define SSI_RAW_RSSI 3 /* raw RSSI from the hardware */ - -static void -dissect_wlancap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) -{ - proto_tree *wlan_tree = NULL; - proto_item *ti; - tvbuff_t *next_tvb; - int offset; - guint32 version; - guint32 length; - guint32 channel; - guint32 datarate; - guint32 ssi_type; - guint32 antnoise; - - col_set_str(pinfo->cinfo, COL_PROTOCOL, "WLAN"); - col_clear(pinfo->cinfo, COL_INFO); - offset = 0; - - version = tvb_get_ntohl(tvb, offset) - WLANCAP_MAGIC_COOKIE_BASE; - - length = tvb_get_ntohl(tvb, offset+4); - - col_add_fstr(pinfo->cinfo, COL_INFO, "AVS WLAN Capture v%x, Length %d",version, length); - - if (version > 2) { - goto skip; - } - - /* Dissect the AVS header */ - if (tree) { - ti = proto_tree_add_item(tree, proto_wlancap, tvb, 0, length, ENC_BIG_ENDIAN); - wlan_tree = proto_item_add_subtree(ti, ett_radio); - proto_tree_add_item(wlan_tree, hf_wlan_magic, tvb, offset, 4, ENC_BIG_ENDIAN); - proto_tree_add_item(wlan_tree, hf_wlan_version, tvb, offset, 4, ENC_BIG_ENDIAN); - } - offset+=4; - if (tree) - proto_tree_add_item(wlan_tree, hf_wlan_length, tvb, offset, 4, ENC_BIG_ENDIAN); - offset+=4; - if (tree) - proto_tree_add_item(wlan_tree, hf_mactime, tvb, offset, 8, ENC_BIG_ENDIAN); - offset+=8; - if (tree) - proto_tree_add_item(wlan_tree, hf_hosttime, tvb, offset, 8, ENC_BIG_ENDIAN); - offset+=8; - if (tree) - proto_tree_add_item(wlan_tree, hf_wlan_phytype, tvb, offset, 4, ENC_BIG_ENDIAN); - offset+=4; - - /* XXX cook channel (fh uses different numbers) */ - channel = tvb_get_ntohl(tvb, offset); - if (channel < 256) { - col_add_fstr(pinfo->cinfo, COL_FREQ_CHAN, "%u", channel); - if (tree) - proto_tree_add_uint(wlan_tree, hf_channel, tvb, offset, 4, channel); - } else if (channel < 10000) { - col_add_fstr(pinfo->cinfo, COL_FREQ_CHAN, "%u MHz", channel); - if (tree) - proto_tree_add_uint_format(wlan_tree, hf_channel_frequency, tvb, offset, - 4, channel, "Frequency: %u MHz", channel); - } else { - col_add_fstr(pinfo->cinfo, COL_FREQ_CHAN, "%u KHz", channel); - if (tree) - proto_tree_add_uint_format(wlan_tree, hf_channel_frequency, tvb, offset, - 4, channel, "Frequency: %u KHz", channel); - } - offset+=4; - datarate = tvb_get_ntohl(tvb, offset); - if (datarate < 100000) { - /* In units of 100 Kb/s; convert to b/s */ - datarate *= 100000; - } - - col_add_fstr(pinfo->cinfo, COL_TX_RATE, "%u.%u", - datarate / 1000000, - ((datarate % 1000000) > 500000) ? 5 : 0); - if (tree) { - proto_tree_add_uint64_format(wlan_tree, hf_data_rate, tvb, offset, 4, - datarate, - "Data Rate: %u.%u Mb/s", - datarate/1000000, - ((datarate % 1000000) > 500000) ? 5 : 0); - } - offset+=4; - if (tree) - proto_tree_add_item(wlan_tree, hf_wlan_antenna, tvb, offset, 4, ENC_BIG_ENDIAN); - offset+=4; - if (tree) - proto_tree_add_item(wlan_tree, hf_wlan_priority, tvb, offset, 4, ENC_BIG_ENDIAN); - offset+=4; - ssi_type = tvb_get_ntohl(tvb, offset); - if (tree) - proto_tree_add_uint(wlan_tree, hf_wlan_ssi_type, tvb, offset, 4, ssi_type); - offset+=4; - switch (ssi_type) { - - case SSI_NONE: - default: - /* either there is no SSI information, or we don't know what type it is */ - break; - - case SSI_NORM_RSSI: - /* Normalized RSSI */ - col_add_fstr(pinfo->cinfo, COL_RSSI, "%u (norm)", tvb_get_ntohl(tvb, offset)); - if (tree) - proto_tree_add_item(wlan_tree, hf_normrssi_antsignal, tvb, offset, 4, ENC_BIG_ENDIAN); - break; - - case SSI_DBM: - /* dBm */ - col_add_fstr(pinfo->cinfo, COL_RSSI, "%d dBm", tvb_get_ntohl(tvb, offset)); - if (tree) - proto_tree_add_item(wlan_tree, hf_dbm_antsignal, tvb, offset, 4, ENC_BIG_ENDIAN); - break; - - case SSI_RAW_RSSI: - /* Raw RSSI */ - col_add_fstr(pinfo->cinfo, COL_RSSI, "%u (raw)", tvb_get_ntohl(tvb, offset)); - if (tree) - proto_tree_add_item(wlan_tree, hf_rawrssi_antsignal, tvb, offset, 4, ENC_BIG_ENDIAN); - break; - } - offset+=4; - antnoise = tvb_get_ntohl(tvb, offset); - /* 0xffffffff means "hardware does not provide noise data" */ - if (antnoise != 0xffffffff) { - switch (ssi_type) { - - case SSI_NONE: - default: - /* either there is no SSI information, or we don't know what type it is */ - break; - - case SSI_NORM_RSSI: - /* Normalized RSSI */ - if (tree) - proto_tree_add_uint(wlan_tree, hf_normrssi_antnoise, tvb, offset, 4, antnoise); - break; - - case SSI_DBM: - /* dBm */ - if (tree) - proto_tree_add_int(wlan_tree, hf_dbm_antnoise, tvb, offset, 4, antnoise); - break; - - case SSI_RAW_RSSI: - /* Raw RSSI */ - if (tree) - proto_tree_add_uint(wlan_tree, hf_rawrssi_antnoise, tvb, offset, 4, antnoise); - break; - } - } - offset+=4; - if (tree) - proto_tree_add_item(wlan_tree, hf_wlan_preamble, tvb, offset, 4, ENC_BIG_ENDIAN); - offset+=4; - if (tree) - proto_tree_add_item(wlan_tree, hf_wlan_encoding, tvb, offset, 4, ENC_BIG_ENDIAN); - offset+=4; - if (version > 1) { - if (tree) - proto_tree_add_item(wlan_tree, hf_wlan_sequence, tvb, offset, 4, ENC_BIG_ENDIAN); - offset+=4; - if (tree) - proto_tree_add_item(wlan_tree, hf_wlan_drops, tvb, offset, 4, ENC_BIG_ENDIAN); - offset+=4; - if (tree) - proto_tree_add_item(wlan_tree, hf_wlan_receiver_addr, tvb, offset, 6, ENC_BIG_ENDIAN); - offset+=6; - if (tree) - proto_tree_add_item(wlan_tree, hf_wlan_padding, tvb, offset, 2, ENC_NA); - offset+=2; - } - - - skip: - offset = length; - - /* dissect the 802.11 header next */ - next_tvb = tvb_new_subset_remaining(tvb, offset); - call_dissector(ieee80211_handle, next_tvb, pinfo, tree); -} - void proto_register_ieee80211 (void) { @@ -12864,47 +11990,6 @@ proto_register_ieee80211 (void) {0x00, NULL} }; - static const value_string phy_type[] = { - { 0, "Unknown" }, - { 1, "FHSS 802.11 '97" }, - { 2, "DSSS 802.11 '97" }, - { 3, "IR Baseband" }, - { 4, "DSSS 802.11b" }, - { 5, "PBCC 802.11b" }, - { 6, "OFDM 802.11g" }, - { 7, "PBCC 802.11g" }, - { 8, "OFDM 802.11a" }, - { 0, NULL } - }; - - static const value_string encoding_type[] = { - { 0, "Unknown" }, - { 1, "CCK" }, - { 2, "PBCC" }, - { 3, "OFDM" }, - { 4, "DSS-OFDM" }, - { 5, "BPSK" }, - { 6, "QPSK" }, - { 7, "16QAM" }, - { 8, "64QAM" }, - { 0, NULL } - }; - - static const value_string ssi_type[] = { - { SSI_NONE, "None" }, - { SSI_NORM_RSSI, "Normalized RSSI" }, - { SSI_DBM, "dBm" }, - { SSI_RAW_RSSI, "Raw RSSI" }, - { 0, NULL } - }; - - static const value_string preamble_type[] = { - { 0, "Unknown" }, - { 1, "Short" }, - { 2, "Long" }, - { 0, NULL } - }; - static const value_string ft_action_codes[] ={ {FT_ACTION_REQUEST, "FT Request"}, {FT_ACTION_RESPONSE, "FT Response"}, @@ -12926,58 +12011,6 @@ proto_register_ieee80211 (void) }; static hf_register_info hf[] = { - {&hf_mactime, - {"MAC timestamp", "wlan.mactime", FT_UINT64, BASE_DEC, NULL, 0x0, - "Value in microseconds of the MAC's Time Synchronization Function timer when the first bit of the MPDU arrived at the MAC", HFILL }}, - - {&hf_hosttime, - {"Host timestamp", "wlan.hosttime", FT_UINT64, BASE_DEC, NULL, 0x0, - NULL, HFILL }}, - - {&hf_data_rate, - {"Data Rate", "wlan.data_rate", FT_UINT64, BASE_DEC, NULL, 0, - "Data rate (b/s)", HFILL }}, - - {&hf_channel, - {"Channel", "wlan.channel", FT_UINT8, BASE_DEC, NULL, 0, - "802.11 channel number that this frame was sent/received on", HFILL }}, - - {&hf_channel_frequency, - {"Channel frequency", "wlan.channel_frequency", FT_UINT32, BASE_DEC, NULL, 0x0, - "Channel frequency in megahertz that this frame was sent/received on", HFILL }}, - - {&hf_wlan_antenna, - {"Antenna", "wlan.antenna", FT_UINT32, BASE_DEC, NULL, 0x0, - "Antenna number this frame was sent/received over (starting at 0)", HFILL } }, - - {&hf_normrssi_antsignal, - {"Normalized RSSI Signal", "wlan.normrssi_antsignal", FT_UINT32, BASE_DEC, NULL, 0x0, - "RF signal power at the antenna, normalized to the range 0-1000", HFILL }}, - - {&hf_dbm_antsignal, - {"SSI Signal (dBm)", "wlan.dbm_antsignal", FT_INT32, BASE_DEC, NULL, 0x0, - "RF signal power at the antenna from a fixed, arbitrary value in decibels from one milliwatt", HFILL }}, - - {&hf_rawrssi_antsignal, - {"Raw RSSI Signal", "wlan.rawrssi_antsignal", FT_UINT32, BASE_DEC, NULL, 0x0, - "RF signal power at the antenna, reported as RSSI by the adapter", HFILL }}, - - {&hf_normrssi_antnoise, - {"Normalized RSSI Noise", "wlan.normrssi_antnoise", FT_UINT32, BASE_DEC, NULL, 0x0, - "RF noise power at the antenna, normalized to the range 0-1000", HFILL }}, - - {&hf_dbm_antnoise, - {"SSI Noise (dBm)", "wlan.dbm_antnoise", FT_INT32, BASE_DEC, NULL, 0x0, - "RF noise power at the antenna from a fixed, arbitrary value in decibels per one milliwatt", HFILL }}, - - {&hf_rawrssi_antnoise, - {"Raw RSSI Noise", "wlan.rawrssi_antnoise", FT_UINT32, BASE_DEC, NULL, 0x0, - "RF noise power at the antenna, reported as RSSI by the adapter", HFILL }}, - - {&hf_signal_strength, - {"Signal Strength", "wlan.signal_strength", FT_UINT8, BASE_DEC, NULL, 0, - "Signal strength (Percentage)", HFILL }}, - {&hf_ieee80211_fc_field, {"Frame Control Field", "wlan.fc", FT_UINT16, BASE_HEX, NULL, 0, "MAC Frame control", HFILL }}, @@ -13358,113 +12391,6 @@ proto_register_ieee80211 (void) FT_STRING, BASE_NONE, NULL, 0, NULL, HFILL }}, }; - static hf_register_info hf_prism[] = { - /* Prism-specific header fields - XXX - make as many of these generic as possible. */ - { &hf_ieee80211_prism_msgcode, - {"Message Code", "prism.msgcode", FT_UINT32, BASE_DEC, NULL, 0x0, - NULL, HFILL }}, - - { &hf_ieee80211_prism_msglen, - {"Message Length", "prism.msglen", FT_UINT32, BASE_DEC, NULL, 0x0, - NULL, HFILL }}, - - { &hf_ieee80211_prism_devname, - {"Device Name", "prism.devname", FT_STRING, BASE_NONE, NULL, 0x0, - NULL, HFILL }}, - - { &hf_ieee80211_prism_did, - {"DID", "prism.did.type", FT_NONE, BASE_NONE, NULL, 0x0, - NULL, HFILL }}, - - { &hf_ieee80211_prism_did_type, - {"DID", "prism.did.type", FT_UINT32, BASE_HEX, VALS(prism_did_vals), 0x0, - "Different ID for each parameter", HFILL }}, - - { &hf_ieee80211_prism_did_status, - {"Status", "prism.did.status", FT_UINT16, BASE_DEC, VALS(prism_status_vals), 0x0, - "Supplied by the driver or not", HFILL }}, - - { &hf_ieee80211_prism_did_length, - {"Length", "prism.did.length", FT_UINT16, BASE_DEC, NULL, 0x0, - "Length of data", HFILL }}, - - { &hf_ieee80211_prism_did_hosttime, - {"Host Time", "prism.did.hosttime", FT_UINT32, BASE_DEC, NULL, 0x0, - "In jiffies - for our system this is in 10ms units", HFILL }}, - - { &hf_ieee80211_prism_did_mactime, - {"Mac Time", "prism.did.hosttime", FT_UINT32, BASE_DEC, NULL, 0x0, - "In micro-seconds", HFILL }}, - - { &hf_ieee80211_prism_did_channel, - {"Channel", "prism.did.hosttime", FT_UINT32, BASE_DEC, NULL, 0x0, - NULL, HFILL }}, - - { &hf_ieee80211_prism_did_rssi, - {"RSSI", "prism.did.rssi", FT_UINT32, BASE_HEX, NULL, 0x0, - NULL, HFILL }}, - - { &hf_ieee80211_prism_did_sq, - {"SQ", "prism.did.sq", FT_UINT32, BASE_HEX, NULL, 0x0, - NULL, HFILL }}, - - { &hf_ieee80211_prism_did_signal, - {"Signal", "prism.did.signal", FT_UINT32, BASE_HEX, NULL, 0x0, - NULL, HFILL }}, - - { &hf_ieee80211_prism_did_noise, - {"Noise", "prism.did.noise", FT_UINT32, BASE_HEX, NULL, 0x0, - NULL, HFILL }}, - - { &hf_ieee80211_prism_did_rate, - {"Rate (In Mb/s)", "prism.did.rate", FT_UINT32, BASE_CUSTOM, prism_rate_base_custom, 0x0, - "In Mb/s", HFILL }}, - - { &hf_ieee80211_prism_did_istx, - {"IsTX", "prism.did.istx", FT_UINT32, BASE_HEX, VALS(prism_istx_vals), 0x0, - "Type of packet (RX or TX ?)", HFILL }}, - - { &hf_ieee80211_prism_did_frmlen, - {"Frame Length", "prism.did.frmlen", FT_UINT32, BASE_HEX_DEC, NULL, 0x0, - "Length of the following frame in bytes", HFILL }}, - - { &hf_ieee80211_prism_did_unknown, - {"Unknown DID Field", "prism.did.unknown", FT_UINT32, BASE_HEX_DEC, NULL, 0x0, - NULL, HFILL }} - }; - - static hf_register_info hf_wlancap[] = { - /* AVS-specific header fields. - XXX - make as many of these generic as possible. */ - {&hf_wlan_magic, - {"Header magic", "wlancap.magic", FT_UINT32, BASE_HEX, NULL, 0xFFFFFFF0, NULL, HFILL } }, - { &hf_wlan_version, { "Header revision", "wlancap.version", FT_UINT32, - BASE_DEC, NULL, 0xF, NULL, HFILL } }, - { &hf_wlan_length, { "Header length", "wlancap.length", FT_UINT32, - BASE_DEC, NULL, 0x0, NULL, HFILL } }, - {&hf_wlan_phytype, - {"PHY type", "wlan.phytype", FT_UINT32, BASE_DEC, VALS(phy_type), 0x0, - NULL, HFILL } }, - - { &hf_wlan_priority, { "Priority", "wlancap.priority", FT_UINT32, BASE_DEC, - NULL, 0x0, NULL, HFILL } }, - { &hf_wlan_ssi_type, { "SSI Type", "wlancap.ssi_type", FT_UINT32, BASE_DEC, - VALS(ssi_type), 0x0, NULL, HFILL } }, - { &hf_wlan_preamble, { "Preamble", "wlancap.preamble", FT_UINT32, - BASE_DEC, VALS(preamble_type), 0x0, NULL, HFILL } }, - { &hf_wlan_encoding, { "Encoding Type", "wlancap.encoding", FT_UINT32, - BASE_DEC, VALS(encoding_type), 0x0, NULL, HFILL } }, - { &hf_wlan_sequence, { "Receive sequence", "wlancap.sequence", FT_UINT32, - BASE_DEC, NULL, 0x0, NULL, HFILL } }, - { &hf_wlan_drops, { "Known Dropped Frames", "wlancap.drops", FT_UINT32, - BASE_DEC, NULL, 0x0, NULL, HFILL } }, - { &hf_wlan_receiver_addr, { "Receiver Address", "wlancap.receiver_addr", FT_ETHER, - BASE_NONE, NULL, 0x0, "Receiver Hardware Address", HFILL } }, - { &hf_wlan_padding, { "Padding", "wlancap.padding", FT_BYTES, - BASE_NONE, NULL, 0x0, NULL, HFILL } } - }; - static const true_false_string qos_info_field_qack_flags = { "STAs/APs MIB attribute dot11QAckOptionImplemented is true", "STAs/APs MIB attribute dot11QAckOptionImplemented is false" @@ -17432,9 +16358,6 @@ proto_register_ieee80211 (void) &ett_tsinfo_tree, &ett_sched_tree, &ett_fcs, - &ett_radio, - &ett_prism, - &ett_prism_did, &ett_tag_time_adv_tree, &ett_adv_proto, &ett_adv_proto_tuple, @@ -17467,16 +16390,6 @@ proto_register_ieee80211 (void) register_init_routine(wlan_defragment_init); register_init_routine(wlan_retransmit_init); - proto_radio = proto_register_protocol("802.11 radio information", "Radio", "radio"); - - proto_prism = proto_register_protocol("Prism capture header", "Prism", "prism"); - proto_register_field_array(proto_prism, hf_prism, array_length(hf_prism)); - - proto_wlancap = proto_register_protocol("AVS WLAN Capture header", - "AVS WLANCAP", "wlancap"); - proto_register_field_array(proto_wlancap, hf_wlancap, array_length(hf_wlancap)); - register_dissector("wlancap", dissect_wlancap, proto_wlancap); - wlan_tap = register_tap("wlan"); /* Register configuration options */ @@ -17582,8 +16495,6 @@ dissect_data_encap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) void proto_reg_handoff_ieee80211(void) { - dissector_handle_t radio_handle; - dissector_handle_t prism_handle; dissector_handle_t data_encap_handle; /* @@ -17598,16 +16509,6 @@ proto_reg_handoff_ieee80211(void) dissector_add_uint("wtap_encap", WTAP_ENCAP_IEEE_802_11, ieee80211_handle); dissector_add_uint("ethertype", ETHERTYPE_CENTRINO_PROMISC, ieee80211_handle); - /* Register handoff to radio-header dissectors */ - radio_handle = create_dissector_handle(dissect_radio, proto_radio); - dissector_add_uint("wtap_encap", WTAP_ENCAP_IEEE_802_11_WITH_RADIO, radio_handle); - - prism_handle = create_dissector_handle(dissect_prism, proto_prism); - dissector_add_uint("wtap_encap", WTAP_ENCAP_PRISM_HEADER, prism_handle); - - wlancap_handle = create_dissector_handle(dissect_wlancap, proto_wlancap); - dissector_add_uint("wtap_encap", WTAP_ENCAP_IEEE_802_11_WLAN_AVS, wlancap_handle); - /* Register handoff to Aruba GRE */ dissector_add_uint("gre.proto", GRE_ARUBA_8200, ieee80211_handle); dissector_add_uint("gre.proto", GRE_ARUBA_8210, ieee80211_handle); diff --git a/epan/dissectors/packet-ieee80211.h b/epan/dissectors/packet-ieee80211.h index 1cf3fbb749..58b8432949 100644 --- a/epan/dissectors/packet-ieee80211.h +++ b/epan/dissectors/packet-ieee80211.h @@ -55,3 +55,7 @@ typedef struct _wlan_hdr { guint16 type; struct _wlan_stats stats; } wlan_hdr; + +#define WLANCAP_MAGIC_COOKIE_BASE 0x80211000 +#define WLANCAP_MAGIC_COOKIE_V1 0x80211001 +#define WLANCAP_MAGIC_COOKIE_V2 0x80211002 |