static int handle_probe_response(const u_char *p) { struct mgmt_body_t pbody; int offset = 0; memset(&pbody, 0, sizeof(pbody)); if (!TTEST2(*p, IEEE802_11_TSTAMP_LEN + IEEE802_11_BCNINT_LEN + IEEE802_11_CAPINFO_LEN)) return 0; memcpy(&pbody.timestamp, p, IEEE802_11_TSTAMP_LEN); offset += IEEE802_11_TSTAMP_LEN; pbody.beacon_interval = EXTRACT_LE_16BITS(p+offset); offset += IEEE802_11_BCNINT_LEN; pbody.capability_info = EXTRACT_LE_16BITS(p+offset); offset += IEEE802_11_CAPINFO_LEN; parse_elements(&pbody, p, offset); PRINT_SSID(pbody); PRINT_RATES(pbody); PRINT_DS_CHANNEL(pbody); return 1; }
static int handle_assoc_response(const u_char *p) { struct mgmt_body_t pbody; int offset = 0; memset(&pbody, 0, sizeof(pbody)); if (!TTEST2(*p, IEEE802_11_CAPINFO_LEN + IEEE802_11_STATUS_LEN + IEEE802_11_AID_LEN)) return 0; pbody.capability_info = EXTRACT_LE_16BITS(p); offset += IEEE802_11_CAPINFO_LEN; pbody.status_code = EXTRACT_LE_16BITS(p+offset); offset += IEEE802_11_STATUS_LEN; pbody.aid = EXTRACT_LE_16BITS(p+offset); offset += IEEE802_11_AID_LEN; parse_elements(&pbody, p, offset); printf(" AID(%x) :%s: %s", ((u_int16_t)(pbody.aid << 2 )) >> 2 , CAPABILITY_PRIVACY(pbody.capability_info) ? " PRIVACY " : "", (pbody.status_code < NUM_STATUSES ? status_text[pbody.status_code] : "n/a")); return 1; }
static int handle_reassoc_request(const u_char *p) { struct mgmt_body_t pbody; int offset = 0; memset(&pbody, 0, sizeof(pbody)); if (!TTEST2(*p, IEEE802_11_CAPINFO_LEN + IEEE802_11_LISTENINT_LEN + IEEE802_11_AP_LEN)) return 0; pbody.capability_info = EXTRACT_LE_16BITS(p); offset += IEEE802_11_CAPINFO_LEN; pbody.listen_interval = EXTRACT_LE_16BITS(p+offset); offset += IEEE802_11_LISTENINT_LEN; memcpy(&pbody.ap, p+offset, IEEE802_11_AP_LEN); offset += IEEE802_11_AP_LEN; parse_elements(&pbody, p, offset); PRINT_SSID(pbody); printf(" AP : %s", etheraddr_string( pbody.ap )); return 1; }
static int handle_probe_response(const u_char *p) { struct mgmt_body_t pbody; int offset = 0; memset(&pbody, 0, sizeof(pbody)); if (!TTEST2(*p, IEEE802_11_TSTAMP_LEN + IEEE802_11_BCNINT_LEN + IEEE802_11_CAPINFO_LEN)) return 0; memcpy(&pbody.timestamp, p, IEEE802_11_TSTAMP_LEN); offset += IEEE802_11_TSTAMP_LEN; pbody.beacon_interval = EXTRACT_LE_16BITS(p+offset); offset += IEEE802_11_BCNINT_LEN; pbody.capability_info = EXTRACT_LE_16BITS(p+offset); offset += IEEE802_11_CAPINFO_LEN; if (!parse_elements(&pbody, p, offset)) return 0; printf(" ("); fn_print(pbody.ssid.ssid, NULL); printf(") "); PRINT_RATES(pbody); printf(" CH: %u%s", pbody.ds.channel, CAPABILITY_PRIVACY(pbody.capability_info) ? ", PRIVACY" : "" ); return 1; }
static int handle_assoc_request(const u_char *p, u_int length) { struct mgmt_body_t pbody; int offset = 0; int ret; memset(&pbody, 0, sizeof(pbody)); if (!TTEST2(*p, IEEE802_11_CAPINFO_LEN + IEEE802_11_LISTENINT_LEN)) return 0; if (length < IEEE802_11_CAPINFO_LEN + IEEE802_11_LISTENINT_LEN) return 0; pbody.capability_info = EXTRACT_LE_16BITS(p); offset += IEEE802_11_CAPINFO_LEN; length -= IEEE802_11_CAPINFO_LEN; pbody.listen_interval = EXTRACT_LE_16BITS(p+offset); offset += IEEE802_11_LISTENINT_LEN; length -= IEEE802_11_LISTENINT_LEN; ret = parse_elements(&pbody, p, offset, length); PRINT_SSID(pbody); PRINT_RATES(pbody); return ret; }
static int print_l2_routes(const char *rp, u_int len) { int count; int area; int info; /* The last short is a checksum */ while (len > (3 * sizeof(short))) { TCHECK2(*rp, 3 * sizeof(short)); count = EXTRACT_LE_16BITS(rp); if (count > 1024) return (1); /* seems to be bogus from here on */ rp += sizeof(short); len -= sizeof(short); area = EXTRACT_LE_16BITS(rp); rp += sizeof(short); len -= sizeof(short); info = EXTRACT_LE_16BITS(rp); rp += sizeof(short); len -= sizeof(short); (void)printf("{areas %d-%d cost %d hops %d} ", area, area + count, RI_COST(info), RI_HOPS(info)); } return (1); trunc: return (0); }
static int handle_beacon(const u_char *p, u_int length) { struct mgmt_body_t pbody; int offset = 0; int ret; memset(&pbody, 0, sizeof(pbody)); if (!TTEST2(*p, IEEE802_11_TSTAMP_LEN + IEEE802_11_BCNINT_LEN + IEEE802_11_CAPINFO_LEN)) return 0; if (length < IEEE802_11_TSTAMP_LEN + IEEE802_11_BCNINT_LEN + IEEE802_11_CAPINFO_LEN) return 0; memcpy(&pbody.timestamp, p, IEEE802_11_TSTAMP_LEN); offset += IEEE802_11_TSTAMP_LEN; length -= IEEE802_11_TSTAMP_LEN; pbody.beacon_interval = EXTRACT_LE_16BITS(p+offset); offset += IEEE802_11_BCNINT_LEN; length -= IEEE802_11_BCNINT_LEN; pbody.capability_info = EXTRACT_LE_16BITS(p+offset); offset += IEEE802_11_CAPINFO_LEN; length -= IEEE802_11_CAPINFO_LEN; ret = parse_elements(&pbody, p, offset, length); PRINT_SSID(pbody); PRINT_RATES(pbody); printf(" %s", CAPABILITY_ESS(pbody.capability_info) ? "ESS" : "IBSS"); PRINT_DS_CHANNEL(pbody); return ret; }
static int print_l1_routes(netdissect_options *ndo, const char *rp, u_int len) { int count; int id; int info; /* The last short is a checksum */ while (len > (3 * sizeof(short))) { ND_TCHECK2(*rp, 3 * sizeof(short)); count = EXTRACT_LE_16BITS(rp); if (count > 1024) return (1); /* seems to be bogus from here on */ rp += sizeof(short); len -= sizeof(short); id = EXTRACT_LE_16BITS(rp); rp += sizeof(short); len -= sizeof(short); info = EXTRACT_LE_16BITS(rp); rp += sizeof(short); len -= sizeof(short); ND_PRINT((ndo, "{ids %d-%d cost %d hops %d} ", id, id + count, RI_COST(info), RI_HOPS(info))); } return (1); trunc: return (0); }
static void ctrl_header_print(u_int16_t fc, const u_char *p, const u_int8_t **srcp, const u_int8_t **dstp) { if (srcp != NULL) *srcp = NULL; if (dstp != NULL) *dstp = NULL; if (!eflag) return; switch (FC_SUBTYPE(fc)) { case CTRL_BAR: printf(" RA:%s TA:%s CTL(%x) SEQ(%u) ", etheraddr_string(((const struct ctrl_bar_t *)p)->ra), etheraddr_string(((const struct ctrl_bar_t *)p)->ta), EXTRACT_LE_16BITS(&(((const struct ctrl_bar_t *)p)->ctl)), EXTRACT_LE_16BITS(&(((const struct ctrl_bar_t *)p)->seq))); break; case CTRL_BA: printf("RA:%s ", etheraddr_string(((const struct ctrl_ba_t *)p)->ra)); break; case CTRL_PS_POLL: printf("BSSID:%s TA:%s ", etheraddr_string(((const struct ctrl_ps_poll_t *)p)->bssid), etheraddr_string(((const struct ctrl_ps_poll_t *)p)->ta)); break; case CTRL_RTS: printf("RA:%s TA:%s ", etheraddr_string(((const struct ctrl_rts_t *)p)->ra), etheraddr_string(((const struct ctrl_rts_t *)p)->ta)); break; case CTRL_CTS: printf("RA:%s ", etheraddr_string(((const struct ctrl_cts_t *)p)->ra)); break; case CTRL_ACK: printf("RA:%s ", etheraddr_string(((const struct ctrl_ack_t *)p)->ra)); break; case CTRL_CF_END: printf("RA:%s BSSID:%s ", etheraddr_string(((const struct ctrl_end_t *)p)->ra), etheraddr_string(((const struct ctrl_end_t *)p)->bssid)); break; case CTRL_END_ACK: printf("RA:%s BSSID:%s ", etheraddr_string(((const struct ctrl_end_ack_t *)p)->ra), etheraddr_string(((const struct ctrl_end_ack_t *)p)->bssid)); break; default: printf("(H) Unknown Ctrl Subtype"); break; } }
static void print_trans(netdissect_options *ndo, const u_char *words, const u_char *data1, const u_char *buf, const u_char *maxbuf) { u_int bcc; const char *f1, *f2, *f3, *f4; const u_char *data, *param; const u_char *w = words + 1; int datalen, paramlen; if (request) { ND_TCHECK2(w[12 * 2], 2); paramlen = EXTRACT_LE_16BITS(w + 9 * 2); param = buf + EXTRACT_LE_16BITS(w + 10 * 2); datalen = EXTRACT_LE_16BITS(w + 11 * 2); data = buf + EXTRACT_LE_16BITS(w + 12 * 2); f1 = "TotParamCnt=[d] \nTotDataCnt=[d] \nMaxParmCnt=[d] \nMaxDataCnt=[d]\nMaxSCnt=[d] \nTransFlags=[w] \nRes1=[w] \nRes2=[w] \nRes3=[w]\nParamCnt=[d] \nParamOff=[d] \nDataCnt=[d] \nDataOff=[d] \nSUCnt=[d]\n"; f2 = "|Name=[S]\n"; f3 = "|Param "; f4 = "|Data "; } else { ND_TCHECK2(w[7 * 2], 2); paramlen = EXTRACT_LE_16BITS(w + 3 * 2); param = buf + EXTRACT_LE_16BITS(w + 4 * 2); datalen = EXTRACT_LE_16BITS(w + 6 * 2); data = buf + EXTRACT_LE_16BITS(w + 7 * 2); f1 = "TotParamCnt=[d] \nTotDataCnt=[d] \nRes1=[d]\nParamCnt=[d] \nParamOff=[d] \nRes2=[d] \nDataCnt=[d] \nDataOff=[d] \nRes3=[d]\nLsetup=[d]\n"; f2 = "|Unknown "; f3 = "|Param "; f4 = "|Data "; } smb_fdata(ndo, words + 1, f1, min(words + 1 + 2 * words[0], maxbuf), unicodestr); ND_TCHECK2(*data1, 2); bcc = EXTRACT_LE_16BITS(data1); ND_PRINT((ndo, "smb_bcc=%u\n", bcc)); if (bcc > 0) { smb_fdata(ndo, data1 + 2, f2, maxbuf - (paramlen + datalen), unicodestr); if (strcmp((const char *)(data1 + 2), "\\MAILSLOT\\BROWSE") == 0) { print_browse(ndo, param, paramlen, data, datalen); return; } if (strcmp((const char *)(data1 + 2), "\\PIPE\\LANMAN") == 0) { print_ipc(ndo, param, paramlen, data, datalen); return; } if (paramlen) smb_fdata(ndo, param, f3, min(param + paramlen, maxbuf), unicodestr); if (datalen) smb_fdata(ndo, data, f4, min(data + datalen, maxbuf), unicodestr); } return; trunc: ND_PRINT((ndo, "%s", tstr)); }
static int handle_auth(const u_char *p, u_int length) { struct mgmt_body_t pbody; int offset = 0; int ret; memset(&pbody, 0, sizeof(pbody)); if (!TTEST2(*p, 6)) return 0; if (length < 6) return 0; pbody.auth_alg = EXTRACT_LE_16BITS(p); offset += 2; length -= 2; pbody.auth_trans_seq_num = EXTRACT_LE_16BITS(p + offset); offset += 2; length -= 2; pbody.status_code = EXTRACT_LE_16BITS(p + offset); offset += 2; length -= 2; ret = parse_elements(&pbody, p, offset, length); if ((pbody.auth_alg == 1) && ((pbody.auth_trans_seq_num == 2) || (pbody.auth_trans_seq_num == 3))) { printf(" (%s)-%x [Challenge Text] %s", (pbody.auth_alg < NUM_AUTH_ALGS) ? auth_alg_text[pbody.auth_alg] : "Reserved", pbody.auth_trans_seq_num, ((pbody.auth_trans_seq_num % 2) ? ((pbody.status_code < NUM_STATUSES) ? status_text[pbody.status_code] : "n/a") : "")); return ret; } printf(" (%s)-%x: %s", (pbody.auth_alg < NUM_AUTH_ALGS) ? auth_alg_text[pbody.auth_alg] : "Reserved", pbody.auth_trans_seq_num, (pbody.auth_trans_seq_num % 2) ? ((pbody.status_code < NUM_STATUSES) ? status_text[pbody.status_code] : "n/a") : ""); return ret; }
static void loopback_message_print(netdissect_options *ndo, const u_char *cp, const u_int len) { const u_char *ep = cp + len; uint16_t function; if (len < 2) goto corrupt; /* function */ ND_TCHECK2(*cp, 2); function = EXTRACT_LE_16BITS(cp); cp += 2; ND_PRINT((ndo, ", %s", tok2str(fcode_str, " invalid (%u)", function))); switch (function) { case LOOPBACK_REPLY: if (len < 4) goto corrupt; /* receipt number */ ND_TCHECK2(*cp, 2); ND_PRINT((ndo, ", receipt number %u", EXTRACT_LE_16BITS(cp))); cp += 2; /* data */ ND_PRINT((ndo, ", data (%u octets)", len - 4)); ND_TCHECK2(*cp, len - 4); break; case LOOPBACK_FWDDATA: if (len < 8) goto corrupt; /* forwarding address */ ND_TCHECK2(*cp, ETHER_ADDR_LEN); ND_PRINT((ndo, ", forwarding address %s", etheraddr_string(cp))); cp += ETHER_ADDR_LEN; /* data */ ND_PRINT((ndo, ", data (%u octets)", len - 8)); ND_TCHECK2(*cp, len - 8); break; default: ND_TCHECK2(*cp, len - 2); break; } return; corrupt: ND_PRINT((ndo, "%s", cstr)); ND_TCHECK2(*cp, ep - cp); return; trunc: ND_PRINT((ndo, "%s", tstr)); }
void loopback_print(netdissect_options *ndo, const u_char *cp, const u_int len) { const u_char *ep = cp + len; uint16_t skipCount; ND_PRINT((ndo, "Loopback")); if (len < 2) goto corrupt; /* skipCount */ ND_TCHECK2(*cp, 2); skipCount = EXTRACT_LE_16BITS(cp); cp += 2; ND_PRINT((ndo, ", skipCount %u", skipCount)); if (skipCount % 8) ND_PRINT((ndo, " (bogus)")); if (skipCount > len - 2) goto corrupt; loopback_message_print(ndo, cp + skipCount, len - 2 - skipCount); return; corrupt: ND_PRINT((ndo, "%s", cstr)); ND_TCHECK2(*cp, ep - cp); return; trunc: ND_PRINT((ndo, "%s", tstr)); }
static int handle_deauth(const struct mgmt_header_t *pmh, const u_char *p) { struct mgmt_body_t pbody; int offset = 0; const char *reason = NULL; memset(&pbody, 0, sizeof(pbody)); if (!TTEST2(*p, IEEE802_11_REASON_LEN)) return 0; pbody.reason_code = EXTRACT_LE_16BITS(p); offset += IEEE802_11_REASON_LEN; reason = (pbody.reason_code < NUM_REASONS) ? reason_text[pbody.reason_code] : "Reserved"; if (eflag) { printf(": %s", reason); } else { printf(" (%s): %s", etheraddr_string(pmh->sa), reason); } return 1; }
/* * Print RRCP requests */ void rrcp_print(netdissect_options *ndo, register const u_char *cp, u_int length _U_) { const u_char *rrcp; uint8_t rrcp_proto; uint8_t rrcp_opcode; register const struct ether_header *ep; char proto_str[16]; char opcode_str[32]; ep = (const struct ether_header *)cp; rrcp = cp + ETHER_HDRLEN; ND_TCHECK(*(rrcp + RRCP_PROTO_OFFSET)); rrcp_proto = *(rrcp + RRCP_PROTO_OFFSET); ND_TCHECK(*(rrcp + RRCP_OPCODE_ISREPLY_OFFSET)); rrcp_opcode = (*(rrcp + RRCP_OPCODE_ISREPLY_OFFSET)) & RRCP_OPCODE_MASK; ND_PRINT((ndo, "%s > %s, %s %s", etheraddr_string(ndo, ESRC(ep)), etheraddr_string(ndo, EDST(ep)), tok2strbuf(proto_values,"RRCP-0x%02x",rrcp_proto,proto_str,sizeof(proto_str)), ((*(rrcp + RRCP_OPCODE_ISREPLY_OFFSET)) & RRCP_ISREPLY) ? "reply" : "query")); if (rrcp_proto==1){ ND_PRINT((ndo, ": %s", tok2strbuf(opcode_values,"unknown opcode (0x%02x)",rrcp_opcode,opcode_str,sizeof(opcode_str)))); } if (rrcp_opcode==1 || rrcp_opcode==2){ ND_TCHECK2(*(rrcp + RRCP_REG_ADDR_OFFSET), 6); ND_PRINT((ndo, " addr=0x%04x, data=0x%08x", EXTRACT_LE_16BITS(rrcp + RRCP_REG_ADDR_OFFSET), EXTRACT_LE_32BITS(rrcp + RRCP_REG_DATA_OFFSET))); } if (rrcp_proto==1){ ND_TCHECK2(*(rrcp + RRCP_AUTHKEY_OFFSET), 2); ND_PRINT((ndo, ", auth=0x%04x", EXTRACT_16BITS(rrcp + RRCP_AUTHKEY_OFFSET))); } if (rrcp_proto==1 && rrcp_opcode==0 && ((*(rrcp + RRCP_OPCODE_ISREPLY_OFFSET)) & RRCP_ISREPLY)){ ND_TCHECK2(*(rrcp + RRCP_VENDOR_ID_OFFSET), 4); ND_PRINT((ndo, " downlink_port=%d, uplink_port=%d, uplink_mac=%s, vendor_id=%08x ,chip_id=%04x ", *(rrcp + RRCP_DOWNLINK_PORT_OFFSET), *(rrcp + RRCP_UPLINK_PORT_OFFSET), etheraddr_string(ndo, rrcp + RRCP_UPLINK_MAC_OFFSET), EXTRACT_32BITS(rrcp + RRCP_VENDOR_ID_OFFSET), EXTRACT_16BITS(rrcp + RRCP_CHIP_ID_OFFSET))); }else if (rrcp_opcode==1 || rrcp_opcode==2 || rrcp_proto==2){ ND_TCHECK2(*(rrcp + RRCP_COOKIE2_OFFSET), 4); ND_PRINT((ndo, ", cookie=0x%08x%08x ", EXTRACT_32BITS(rrcp + RRCP_COOKIE2_OFFSET), EXTRACT_32BITS(rrcp + RRCP_COOKIE1_OFFSET))); } return; trunc: ND_PRINT((ndo, "[|rrcp]")); }
/* * Print RRCP requests */ void rrcp_print(netdissect_options *ndo, register const u_char *cp, u_int length _U_, const struct lladdr_info *src, const struct lladdr_info *dst) { uint8_t rrcp_proto; uint8_t rrcp_opcode; ND_TCHECK(*(cp + RRCP_PROTO_OFFSET)); rrcp_proto = *(cp + RRCP_PROTO_OFFSET); ND_TCHECK(*(cp + RRCP_OPCODE_ISREPLY_OFFSET)); rrcp_opcode = (*(cp + RRCP_OPCODE_ISREPLY_OFFSET)) & RRCP_OPCODE_MASK; if (src != NULL && dst != NULL) { ND_PRINT((ndo, "%s > %s, ", (src->addr_string)(ndo, src->addr), (dst->addr_string)(ndo, dst->addr))); } ND_PRINT((ndo, "%s %s", tok2str(proto_values,"RRCP-0x%02x",rrcp_proto), ((*(cp + RRCP_OPCODE_ISREPLY_OFFSET)) & RRCP_ISREPLY) ? "reply" : "query")); if (rrcp_proto==1){ ND_PRINT((ndo, ": %s", tok2str(opcode_values,"unknown opcode (0x%02x)",rrcp_opcode))); } if (rrcp_opcode==1 || rrcp_opcode==2){ ND_TCHECK2(*(cp + RRCP_REG_ADDR_OFFSET), 6); ND_PRINT((ndo, " addr=0x%04x, data=0x%08x", EXTRACT_LE_16BITS(cp + RRCP_REG_ADDR_OFFSET), EXTRACT_LE_32BITS(cp + RRCP_REG_DATA_OFFSET))); } if (rrcp_proto==1){ ND_TCHECK2(*(cp + RRCP_AUTHKEY_OFFSET), 2); ND_PRINT((ndo, ", auth=0x%04x", EXTRACT_16BITS(cp + RRCP_AUTHKEY_OFFSET))); } if (rrcp_proto==1 && rrcp_opcode==0 && ((*(cp + RRCP_OPCODE_ISREPLY_OFFSET)) & RRCP_ISREPLY)){ ND_TCHECK2(*(cp + RRCP_VENDOR_ID_OFFSET), 4); ND_PRINT((ndo, " downlink_port=%d, uplink_port=%d, uplink_mac=%s, vendor_id=%08x ,chip_id=%04x ", *(cp + RRCP_DOWNLINK_PORT_OFFSET), *(cp + RRCP_UPLINK_PORT_OFFSET), etheraddr_string(ndo, cp + RRCP_UPLINK_MAC_OFFSET), EXTRACT_32BITS(cp + RRCP_VENDOR_ID_OFFSET), EXTRACT_16BITS(cp + RRCP_CHIP_ID_OFFSET))); }else if (rrcp_opcode==1 || rrcp_opcode==2 || rrcp_proto==2){ ND_TCHECK2(*(cp + RRCP_COOKIE2_OFFSET), 4); ND_PRINT((ndo, ", cookie=0x%08x%08x ", EXTRACT_32BITS(cp + RRCP_COOKIE2_OFFSET), EXTRACT_32BITS(cp + RRCP_COOKIE1_OFFSET))); } return; trunc: ND_PRINT((ndo, "[|rrcp]")); }
int handle_beacon(const uchar *p, u_int length, struct rcv_pkt * paket) { struct mgmt_body_t pbody; int offset = 0; int ret; memset(&pbody, 0, sizeof(pbody)); if (!TTEST2(*p, IEEE802_11_TSTAMP_LEN + IEEE802_11_BCNINT_LEN + IEEE802_11_CAPINFO_LEN)) return 0; if (length < IEEE802_11_TSTAMP_LEN + IEEE802_11_BCNINT_LEN + IEEE802_11_CAPINFO_LEN) return 0; memcpy(&pbody.timestamp, p, IEEE802_11_TSTAMP_LEN); offset += IEEE802_11_TSTAMP_LEN; length -= IEEE802_11_TSTAMP_LEN; pbody.beacon_interval = EXTRACT_LE_16BITS(p+offset); offset += IEEE802_11_BCNINT_LEN; length -= IEEE802_11_BCNINT_LEN; pbody.capability_info = EXTRACT_LE_16BITS(p+offset); offset += IEEE802_11_CAPINFO_LEN; length -= IEEE802_11_CAPINFO_LEN; ret = parse_elements(&pbody, p, offset, length,paket); if (pbody.ssid_present) { fn_print(pbody.ssid.ssid, NULL,paket); } if (pbody.ds_present) { paket->p.mgmt_pkt.channel=pbody.ds.channel; // printf("packet channel = %d\n",pbody.ds.channel); } paket->p.mgmt_pkt.cap_privacy= CAPABILITY_PRIVACY(pbody.capability_info) ? 1 :0 ; // printf("%s \n", CAPABILITY_ESS(pbody.capability_info) ? "ESS" : "IBSS"); u_int8_t _r; if (pbody.rates_present) { _r= pbody.rates.rate[pbody.rates.length -1] ; paket->p.mgmt_pkt.rate_max=(float)((.5 * ((_r) & 0x7f))); // printf("packet rate is %f \n", paket->p.mgmt_pkt.rate_max); } else { paket->p.mgmt_pkt.rate_max=0.0; // undefined rate, because of bad fcs (might be a reason) } paket->p.mgmt_pkt.cap_ess_ibss = paket->p.mgmt_pkt.cap_ess_ibss= CAPABILITY_ESS(pbody.capability_info) ? 1:2; return ret; }
static int ctrl_body_print(u_int16_t fc, const u_char *p) { switch (FC_SUBTYPE(fc)) { case CTRL_PS_POLL: printf("Power Save-Poll"); if (!TTEST2(*p, CTRL_PS_POLL_HDRLEN)) return 0; printf(" AID(%x)", EXTRACT_LE_16BITS(&(((const struct ctrl_ps_poll_t *)p)->aid))); break; case CTRL_RTS: printf("Request-To-Send"); if (!TTEST2(*p, CTRL_RTS_HDRLEN)) return 0; if (!eflag) printf(" TA:%s ", etheraddr_string(((const struct ctrl_rts_t *)p)->ta)); break; case CTRL_CTS: printf("Clear-To-Send"); if (!TTEST2(*p, CTRL_CTS_HDRLEN)) return 0; if (!eflag) printf(" RA:%s ", etheraddr_string(((const struct ctrl_cts_t *)p)->ra)); break; case CTRL_ACK: printf("Acknowledgment"); if (!TTEST2(*p, CTRL_ACK_HDRLEN)) return 0; if (!eflag) printf(" RA:%s ", etheraddr_string(((const struct ctrl_ack_t *)p)->ra)); break; case CTRL_CF_END: printf("CF-End"); if (!TTEST2(*p, CTRL_END_HDRLEN)) return 0; if (!eflag) printf(" RA:%s ", etheraddr_string(((const struct ctrl_end_t *)p)->ra)); break; case CTRL_END_ACK: printf("CF-End+CF-Ack"); if (!TTEST2(*p, CTRL_END_ACK_HDRLEN)) return 0; if (!eflag) printf(" RA:%s ", etheraddr_string(((const struct ctrl_end_ack_t *)p)->ra)); break; default: printf("Unknown Ctrl Subtype"); } return 1; }
static u_int ppi_print(netdissect_options *ndo, const struct pcap_pkthdr *h, const u_char *p) { if_printer printer; const ppi_header_t *hdr; u_int caplen = h->caplen; u_int length = h->len; uint16_t len; uint32_t dlt; uint32_t hdrlen; struct pcap_pkthdr nhdr; if (caplen < sizeof(ppi_header_t)) { ND_PRINT((ndo, "[|ppi]")); return (caplen); } hdr = (const ppi_header_t *)p; len = EXTRACT_LE_16BITS(&hdr->ppi_len); if (caplen < len) { /* * If we don't have the entire PPI header, don't * bother. */ ND_PRINT((ndo, "[|ppi]")); return (caplen); } if (len < sizeof(ppi_header_t)) { ND_PRINT((ndo, "[|ppi]")); return (len); } dlt = EXTRACT_LE_32BITS(&hdr->ppi_dlt); if (ndo->ndo_eflag) ppi_header_print(ndo, p, length); length -= len; caplen -= len; p += len; if ((printer = lookup_printer(dlt)) != NULL) { nhdr = *h; nhdr.caplen = caplen; nhdr.len = length; hdrlen = printer(ndo, &nhdr, p); } else { if (!ndo->ndo_eflag) ppi_header_print(ndo, (const u_char *)hdr, length + len); if (!ndo->ndo_suppress_default_print) ND_DEFAULTPRINT(p, caplen); hdrlen = 0; } return (len + hdrlen); }
/* * Print the 802.11 MAC header if eflag is set, and set "*srcp" and "*dstp" * to point to the source and destination MAC addresses in any case if * "srcp" and "dstp" aren't null. */ static void ieee_802_11_hdr_print(u_int16_t fc, const u_char *p, u_int hdrlen, u_int meshdrlen, const u_int8_t **srcp, const u_int8_t **dstp) { if (vflag) { if (FC_MORE_DATA(fc)) printf("More Data "); if (FC_MORE_FLAG(fc)) printf("More Fragments "); if (FC_POWER_MGMT(fc)) printf("Pwr Mgmt "); if (FC_RETRY(fc)) printf("Retry "); if (FC_ORDER(fc)) printf("Strictly Ordered "); if (FC_WEP(fc)) printf("WEP Encrypted "); if (FC_TYPE(fc) != T_CTRL || FC_SUBTYPE(fc) != CTRL_PS_POLL) printf("%dus ", EXTRACT_LE_16BITS( &((const struct mgmt_header_t *)p)->duration)); } if (meshdrlen != 0) { const struct meshcntl_t *mc = (const struct meshcntl_t *)&p[hdrlen - meshdrlen]; int ae = mc->flags & 3; printf("MeshData (AE %d TTL %u seq %u", ae, mc->ttl, EXTRACT_LE_32BITS(mc->seq)); if (ae > 0) printf(" A4:%s", etheraddr_string(mc->addr4)); if (ae > 1) printf(" A5:%s", etheraddr_string(mc->addr5)); if (ae > 2) printf(" A6:%s", etheraddr_string(mc->addr6)); printf(") "); } switch (FC_TYPE(fc)) { case T_MGMT: mgmt_header_print(p, srcp, dstp); break; case T_CTRL: ctrl_header_print(fc, p, srcp, dstp); break; case T_DATA: data_header_print(fc, p, srcp, dstp); break; default: printf("(header) unknown IEEE802.11 frame type (%d)", FC_TYPE(fc)); *srcp = NULL; *dstp = NULL; break; } }
/* Unpack a 16-bit unsigned integer. */ int cpack_uint16(struct cpack_state *cs, u_int16_t *u) { u_int8_t *next; if ((next = cpack_align_and_reserve(cs, sizeof(*u))) == NULL) return -1; *u = EXTRACT_LE_16BITS(next); /* Move pointer past the u_int16_t. */ cs->c_next = next + sizeof(*u); return 0; }
static int handle_assoc_request(const u_char *p) { struct mgmt_body_t pbody; int offset = 0; memset(&pbody, 0, sizeof(pbody)); if (!TTEST2(*p, IEEE802_11_CAPINFO_LEN + IEEE802_11_LISTENINT_LEN)) return 0; pbody.capability_info = EXTRACT_LE_16BITS(p); offset += IEEE802_11_CAPINFO_LEN; pbody.listen_interval = EXTRACT_LE_16BITS(p+offset); offset += IEEE802_11_LISTENINT_LEN; if (!parse_elements(&pbody, p, offset)) return 0; printf(" ("); fn_print(pbody.ssid.ssid, NULL); printf(")"); PRINT_RATES(pbody); return 1; }
static void print_l1_routes(const char *rp, u_int len) { int count; int id; int info; /* The last short is a checksum */ while (len > (3 * sizeof(short))) { count = EXTRACT_LE_16BITS(rp); if (count > 1024) return; /* seems to be bogus from here on */ rp += sizeof(short); len -= sizeof(short); id = EXTRACT_LE_16BITS(rp); rp += sizeof(short); len -= sizeof(short); info = EXTRACT_LE_16BITS(rp); rp += sizeof(short); len -= sizeof(short); (void)printf("{ids %d-%d cost %d hops %d} ", id, id + count, RI_COST(info), RI_HOPS(info)); } }
int juniper_read_tlv_value(packetbody_t p, u_int tlv_type, u_int tlv_len) { int tlv_value; /* TLVs < 128 are little endian encoded */ if (tlv_type < 128) { switch (tlv_len) { case 1: tlv_value = *p; break; case 2: tlv_value = EXTRACT_LE_16BITS(p); break; case 3: tlv_value = EXTRACT_LE_24BITS(p); break; case 4: tlv_value = EXTRACT_LE_32BITS(p); break; default: tlv_value = -1; break; } } else { /* TLVs >= 128 are big endian encoded */ switch (tlv_len) { case 1: tlv_value = *p; break; case 2: tlv_value = EXTRACT_16BITS(p); break; case 3: tlv_value = EXTRACT_24BITS(p); break; case 4: tlv_value = EXTRACT_32BITS(p); break; default: tlv_value = -1; break; } } return tlv_value; }
static int handle_disassoc(const u_char *p) { struct mgmt_body_t pbody; memset(&pbody, 0, sizeof(pbody)); if (!TTEST2(*p, IEEE802_11_REASON_LEN)) return 0; pbody.reason_code = EXTRACT_LE_16BITS(p); printf(": %s", (pbody.reason_code < 10) ? reason_text[pbody.reason_code] : "Reserved" ); return 1; }
static u_int ieee802_11_print(struct smartconfig *sc, const u_char * p, u_int length, u_int orig_caplen, uint16_t channel) { uint16_t fc; fc = EXTRACT_LE_16BITS(p); uint32_t fcs = *(uint32_t *) (p + length - 4); uint32_t crc = getcrc32(p, length - 4); if (fcs == crc) { if (FC_TYPE(fc) == T_DATA) { data_header_print(sc, fc, p, channel); } } return 0; }
static inline void ieee_802_11_hdr_print(u_int16_t fc, const u_char *p, const u_int8_t **srcp, const u_int8_t **dstp) { if (vflag) { if (FC_MORE_DATA(fc)) printf("More Data "); if (FC_MORE_FLAG(fc)) printf("More Fragments "); if (FC_POWER_MGMT(fc)) printf("Pwr Mgmt "); if (FC_RETRY(fc)) printf("Retry "); if (FC_ORDER(fc)) printf("Strictly Ordered "); if (FC_WEP(fc)) printf("WEP Encrypted "); if (FC_TYPE(fc) != T_CTRL || FC_SUBTYPE(fc) != CTRL_PS_POLL) printf("%dus ", EXTRACT_LE_16BITS( &((const struct mgmt_header_t *)p)->duration)); } switch (FC_TYPE(fc)) { case T_MGMT: mgmt_header_print(p, srcp, dstp); break; case T_CTRL: ctrl_header_print(fc, p, srcp, dstp); break; case T_DATA: data_header_print(fc, p, srcp, dstp); break; default: printf("(header) unknown IEEE802.11 frame type (%d)", FC_TYPE(fc)); *srcp = NULL; *dstp = NULL; break; } }
static inline void ppi_header_print(netdissect_options *ndo, const u_char *bp, u_int length) { const ppi_header_t *hdr; uint16_t len; uint32_t dlt; hdr = (const ppi_header_t *)bp; len = EXTRACT_LE_16BITS(&hdr->ppi_len); dlt = EXTRACT_LE_32BITS(&hdr->ppi_dlt); if (!ndo->ndo_qflag) { ND_PRINT((ndo, "V.%d DLT %s (%d) len %d", hdr->ppi_ver, pcap_datalink_val_to_name(dlt), dlt, len)); } else { ND_PRINT((ndo, "%s", pcap_datalink_val_to_name(dlt))); } ND_PRINT((ndo, ", length %u: ", length)); }
static void trans2_qfsinfo(netdissect_options *ndo, const u_char *param, const u_char *data, int pcnt, int dcnt) { static int level = 0; const char *fmt=""; if (request) { ND_TCHECK2(*param, 2); level = EXTRACT_LE_16BITS(param); fmt = "InfoLevel=[d]\n"; smb_fdata(ndo, param, fmt, param + pcnt, unicodestr); } else { switch (level) { case 1: fmt = "idFileSystem=[W]\nSectorUnit=[D]\nUnit=[D]\nAvail=[D]\nSectorSize=[d]\n"; break; case 2: fmt = "CreationTime=[T2]VolNameLength=[lb]\nVolumeLabel=[c]\n"; break; case 0x105: fmt = "Capabilities=[W]\nMaxFileLen=[D]\nVolNameLen=[lD]\nVolume=[C]\n"; break; default: fmt = "UnknownLevel\n"; break; } smb_fdata(ndo, data, fmt, data + dcnt, unicodestr); } if (dcnt) { ND_PRINT((ndo, "data:\n")); smb_print_data(ndo, data, dcnt); } return; trunc: ND_PRINT((ndo, "%s", tstr)); }
static u_int ieee802_11_radio_print(struct smartconfig *sc, const u_char * p, u_int length, u_int caplen) { #define BIT(n) (1U << n) #define IS_EXTENDED(__p) \ (EXTRACT_LE_32BITS(__p) & BIT(IEEE80211_RADIOTAP_EXT)) != 0 struct cpack_state cpacker; const struct ieee80211_radiotap_header *hdr; uint32_t presentflags; const uint32_t *presentp; u_int len; uint16_t channel = 0; uint8_t flags; if (caplen < sizeof(*hdr)) { return caplen; } hdr = (const struct ieee80211_radiotap_header *)p; len = EXTRACT_LE_16BITS(&hdr->it_len); if (caplen < len) { return caplen; } cpack_init(&cpacker, (const uint8_t *)hdr, len); /* align against header start */ cpack_advance(&cpacker, sizeof(*hdr)); /* includes the 1st bitmap */ flags = 0; presentp = &hdr->it_present; presentflags = EXTRACT_LE_32BITS(presentp); print_in_radiotap_namespace(sc, &cpacker, &flags, presentflags, 0, &channel); return len + ieee802_11_print(sc, p + len, length - len, caplen - len, channel); }