Context Navigation

source: trunk/libpacketdump/link_4.c @ 1008

Visit:

Last change on this file since 1008 was 1008, checked in by smr26, 7 years ago
Initial version of better 802.11 frame decoding for libpacketdump. Doesn't decode management or control frames fully just yet, but gives a pretty good idea of what's going on.
Property svn:eol-style set to `native` Property svn:keywords set to `Author Date Id Revision`
File size: 6.3 KB

Line
1	/*
2	* 802.11 libpacketdump decoder
3	*
4	* Based on "wagdump" (c) 2005 Dean Armstrong
5	*/
6
7	#include <sys/types.h>
8	#include <netinet/in.h>
9	#include <stdio.h>
10	#include "libpacketdump.h"
11	#include "libtrace.h"
12
13	/* NB: this struct is just used for length */
14	struct ieee_802_11_header {
15	uint8_t protocol:2;
16	uint8_t type:2;
17	uint8_t subtype:4;
18	uint8_t to_ds:1;
19	uint8_t from_ds:1;
20	uint8_t more_frag:1;
21	uint8_t retry:1;
22	uint8_t power:1;
23	uint8_t more_data:1;
24	uint8_t wep:1;
25	uint8_t order:1;
26	uint16_t duration;
27	uint8_t mac1[6];
28	uint8_t mac2[6];
29	uint8_t mac3[6];
30	uint16_t SeqCtl;
31	uint8_t mac4[6];
32	}__attribute__ ((__packed__));
33
34	struct ieee_802_11_e_payload {
35	uint16_t qos;
36	uint16_t type;
37	uint8_t data[1];
38	}__attribute__ ((__packed__));
39
40	struct ieee_802_11_payload {
41	uint16_t type;
42	uint8_t data[1];
43	}__attribute__ ((__packed__));
44
45
46	char macaddr(uint8_t mac) {
47	static char ether_buf[18] = {0, };
48	trace_ether_ntoa(mac, ether_buf);
49	return ether_buf;
50	}
51
52	void decode(int link_type, char *pkt, int len)
53	{
54	int version, type, subtype, flags, duration, seq_ctrl;
55	bool is_wme = false;
56
57	if (len == 0) {
58	printf("Zero length packet!\n");
59	return;
60	}
61
62	version = (pkt[0] & 0x3);
63	type = (pkt[0] & 0x0c) >> 2;
64	subtype = (pkt[0] & 0xf0) >> 4;
65	flags = pkt[1];
66	seq_ctrl = (uint16_t )&pkt[22];
67
68	printf(" 802.11MAC: ");
69
70	printf("proto = %d, type = %d, subtype = %d, ", version, type, subtype);
71
72	printf("flags =");
73	if (flags == 0)
74	printf(" 0");
75	if (flags & 0x01) printf(" toDS");
76	if (flags & 0x02) printf(" fromDS");
77	if (flags & 0x04) printf(" moreFrag");
78	if (flags & 0x08) printf(" retry");
79	if (flags & 0x10) printf(" pwrMgmt");
80	if (flags & 0x20) printf(" moreData");
81	if (flags & 0x40) printf(" WEP");
82	if (flags & 0x80) printf(" order");
83
84	if (type == 2)
85	printf(", seq_ctrl = %d", seq_ctrl);
86
87	printf("\n 802.11MAC: ");
88	switch (type) {
89	case 0:
90	printf("Management frame: ");
91	switch (subtype) {
92	case 0: printf("association request"); break;
93	case 1: printf("association response"); break;
94	case 2: printf("reassociation request"); break;
95	case 3: printf("reassociation response"); break;
96	case 4: printf("probe request"); break;
97	case 5: printf("probe response"); break;
98	case 8: printf("beacon"); break;
99	case 9: printf("ATIM"); break;
100	case 10: printf("disassociation"); break;
101	case 11: printf("authentication"); break;
102	case 12: printf("deauthentication"); break;
103	case 13: printf("action"); break;
104	default: printf("RESERVED"); break;
105	}
106	break;
107	case 1:
108	printf("Control frame: ");
109	switch (subtype) {
110	case 8: printf("BlockAckReq"); break;
111	case 9: printf("BlockAck"); break;
112	case 10: printf("PS-Poll"); break;
113	case 11: printf("RTS"); break;
114	case 12: printf("CTS"); break;
115	case 13: printf("ACK"); break;
116	case 14: printf("CF-End"); break;
117	case 15: printf("CF-End + CF-Ack"); break;
118	default: printf("RESERVED"); break;
119	}
120	break;
121	case 2:
122	printf("Data frame: ");
123	/* Check to see if the frame has WME QoS bits */
124	if (subtype >= 8) is_wme = true;
125
126	switch (subtype) {
127	case 0: printf("Data"); break;
128	case 1: printf("Data + CF-Ack"); break;
129	case 2: printf("Data + CF-Poll"); break;
130	case 3: printf("Data + CF-Ack + CF-Poll"); break;
131	case 4: printf("Null (no data)"); break;
132	case 5: printf("CF-Ack (no data)"); break;
133	case 6: printf("CF-Poll (no data)"); break;
134	case 7: printf("CF-Ack + CF-Poll (no data)"); break;
135	case 8: printf("QoS Data"); break;
136	case 9: printf("QoS Data + CF-Ack"); break;
137	case 10: printf("QoS Data + CF-Poll"); break;
138	case 11: printf("QoS Data + CF-Ack + CF-Poll"); break;
139	case 12: printf("QoS Null (no data)"); break;
140	/* subtype 13 is reserved */
141	case 14: printf("QoS CF-Poll (no data)"); break;
142	case 15: printf("Qos CF-Ack + CF-Poll (no data)"); break;
143
144	default: printf("RESERVED"); break;
145	}
146	break;
147	case 3:
148	printf("BAD FRAME TYPE!");
149	break;
150	}
151
152	duration = ((uint32_t)pkt[2] << 8) + pkt[3];
153	printf(" (duration = %d)\n", duration);
154
155	switch (type) {
156	case 0:
157	printf(" 802.11MAC: DA = %s\n", macaddr(&pkt[4]));
158	printf(" 802.11MAC: SA = %s\n", macaddr(&pkt[10]));
159	printf(" 802.11MAC: BSSID = %s\n", macaddr(&pkt[16]));
160	break;
161	case 1:
162	switch (subtype) {
163	case 11:
164	printf(" 802.11MAC: SA = %s\n", macaddr(&pkt[10]));
165	case 12:
166	case 13:
167	printf(" 802.11MAC: RA = %s\n", macaddr(&pkt[4]));
168	break;
169	}
170	case 2: // Data packet
171	if (subtype == 0 \|\| subtype == 8) {
172	switch (pkt[1] & 0x3) {
173	case 0x0:
174	printf(" 802.11MAC: DA = %s\n", macaddr(&pkt[4]));
175	printf(" 802.11MAC: SA = %s\n", macaddr(&pkt[10]));
176	printf(" 802.11MAC: BSSID = %s\n", macaddr(&pkt[16]));
177	break;
178	case 0x1: // To DS
179	printf(" 802.11MAC: DA = %s\n", macaddr(&pkt[16]));
180	printf(" 802.11MAC: SA = %s\n", macaddr(&pkt[10]));
181	printf(" 802.11MAC: BSSID = %s\n", macaddr(&pkt[4]));
182	break;
183	case 0x2: // From DS
184	printf(" 802.11MAC: DA = %s\n", macaddr(&pkt[4]));
185	printf(" 802.11MAC: SA = %s\n", macaddr(&pkt[16]));
186	printf(" 802.11MAC: BSSID = %s\n", macaddr(&pkt[10]));
187	break;
188	case 0x3: // To DS + From DS
189	printf(" 802.11MAC: DA = %s\n", macaddr(&pkt[16]));
190	printf(" 802.11MAC: SA = %s\n", macaddr(&pkt[24]));
191	printf(" 802.11MAC: TA = %s\n", macaddr(&pkt[10]));
192	printf(" 802.11MAC: RA = %s\n", macaddr(&pkt[4]));
193	break;
194	}
195	}
196	break;
197	}
198
199	char *data;
200	int extra = 0;
201	uint16_t ethtype = 0;
202	if (is_wme) {
203	struct ieee_802_11_e_payload pld = (struct ieee_802_11_e_payload ) ((char*)pkt + sizeof(struct ieee_802_11_header));
204
205	printf(" 802.11e: QoS = 0x%04x\n", pld->qos);
206
207	ethtype = htons(pld->type);
208	data = (char *) pld->data;
209	extra = 2;
210	} else {
211	struct ieee_802_11_payload pld = (struct ieee_802_11_payload ) ((char *)pkt + sizeof(struct ieee_802_11_header));
212	ethtype = htons(pld->type);
213	data = (char *) pld->data;
214	}
215
216	printf(" 802.11MAC: Payload Type = %04x\n",ethtype);
217	decode_next(data,len-(sizeof(struct ieee_802_11_header))-extra,"eth",ethtype);
218
219
220	}
221
222

Note: See TracBrowser for help on using the repository browser.

Download in other formats: