epan/dissectors/pidl/ C99 drsuapi
[wireshark-sm.git] / epan / dissectors / packet-ieee80211-wlancap.c
blob1a4a9fc59de5fa52824b3c0bee569bcab5a93a8d
1 /* packet-ieee80211-wlancap.c
2 * Routines for AVS linux-wlan monitoring mode header dissection
4 * Wireshark - Network traffic analyzer
5 * By Gerald Combs <gerald@wireshark.org>
6 * Copyright 1998 Gerald Combs
8 * Copied from README.developer
10 * SPDX-License-Identifier: GPL-2.0-or-later
13 #include "config.h"
15 #include <epan/packet.h>
16 #include <epan/capture_dissectors.h>
17 #include <wsutil/pint.h>
18 #include <wsutil/802_11-utils.h>
20 #include "packet-ieee80211.h"
23 * See
25 * https://web.archive.org/web/20040803232023/http://www.shaftnet.org/~pizza/software/capturefrm.txt
27 * for the format of the header.
29 void proto_register_ieee80211_wlancap(void);
30 void proto_reg_handoff_ieee80211_wlancap(void);
32 static dissector_handle_t ieee80211_radio_handle;
34 static int proto_wlancap;
36 /* AVS WLANCAP radio header */
37 static int hf_wlancap_magic;
38 static int hf_wlancap_version;
39 static int hf_wlancap_length;
40 static int hf_wlancap_mactime;
41 static int hf_wlancap_hosttime;
42 static int hf_wlancap_phytype;
43 static int hf_wlancap_hop_set;
44 static int hf_wlancap_hop_pattern;
45 static int hf_wlancap_hop_index;
46 static int hf_wlancap_channel;
47 static int hf_wlancap_channel_frequency;
48 static int hf_wlancap_data_rate;
49 static int hf_wlancap_antenna;
50 static int hf_wlancap_priority;
51 static int hf_wlancap_ssi_type;
52 static int hf_wlancap_normrssi_antsignal;
53 static int hf_wlancap_dbm_antsignal;
54 static int hf_wlancap_rawrssi_antsignal;
55 static int hf_wlancap_normrssi_antnoise;
56 static int hf_wlancap_dbm_antnoise;
57 static int hf_wlancap_rawrssi_antnoise;
58 static int hf_wlancap_preamble;
59 static int hf_wlancap_encoding;
60 static int hf_wlancap_sequence;
61 static int hf_wlancap_drops;
62 static int hf_wlancap_receiver_addr;
63 static int hf_wlancap_padding;
65 static int ett_wlancap;
67 static dissector_handle_t wlancap_handle;
68 static capture_dissector_handle_t wlancap_cap_handle;
69 static capture_dissector_handle_t ieee80211_cap_handle;
71 static bool
72 capture_wlancap(const unsigned char *pd, int offset, int len, capture_packet_info_t *cpinfo, const union wtap_pseudo_header *pseudo_header _U_)
74 uint32_t length;
76 if (!BYTES_ARE_IN_FRAME(offset, len, sizeof(uint32_t)*2))
77 return false;
79 length = pntoh32(pd+sizeof(uint32_t));
81 if (!BYTES_ARE_IN_FRAME(offset, len, length))
82 return false;
84 offset += length;
86 /* 802.11 header follows */
87 return call_capture_dissector(ieee80211_cap_handle, pd, offset, len, cpinfo, pseudo_header);
91 * AVS linux-wlan-based products use a new sniff header to replace the
92 * old Prism header. This one has additional fields, is designed to be
93 * non-hardware-specific, and more importantly, version and length fields
94 * so it can be extended later without breaking anything.
96 * Support by Solomon Peachy
98 * Description, from the capturefrm.txt file in the linux-wlan-ng 0.2.9
99 * release (linux-wlan-ng-0.2.9/doc/capturefrm.txt):
101 AVS Capture Frame Format
102 Version 2.1.1
104 1. Introduction
105 The original header format for "monitor mode" or capturing frames was
106 a considerable hack. The document covers a redesign of that format.
108 Any questions, corrections, or proposed changes go to info@linux-wlan.com
110 2. Frame Format
111 All sniff frames follow the same format:
113 Offset Name Size Description
114 --------------------------------------------------------------------
115 0 CaptureHeader AVS capture metadata header
116 64 802.11Header [10-30] 802.11 frame header
117 ?? 802.11Payload [0-2312] 802.11 frame payload
118 ?? 802.11FCS 4 802.11 frame check sequence
120 Note that the header and payload are variable length and the payload
121 may be empty.
123 If the hardware does not supply the FCS to the driver, then the frame shall
124 have a FCS of 0xFFFFFFFF.
126 3. Byte Order
127 All multibyte fields of the capture header are in "network" byte
128 order. The "host to network" and "network to host" functions should
129 work just fine. All the remaining multibyte fields are ordered
130 according to their respective standards.
132 4. Capture Header Format
133 The following fields make up the AVS capture header:
135 Offset Name Type
136 ------------------------------
137 0 version uint32
138 4 length uint32
139 8 mactime uint64
140 16 hosttime uint64
141 24 phytype uint32
142 28 frequency uint32
143 32 datarate uint32
144 36 antenna uint32
145 40 priority uint32
146 44 ssi_type uint32
147 48 ssi_signal int32
148 52 ssi_noise int32
149 56 preamble uint32
150 60 encoding uint32
151 64 sequence uint32
152 68 drops uint32
153 72 receiver_addr uint8[6]
154 78 padding uint8[2]
155 ------------------------------
158 The following subsections detail the fields of the capture header.
160 4.1 version
161 The version field identifies this type of frame as a subtype of
162 ETH_P_802111_CAPTURE as received by an ARPHRD_IEEE80211_PRISM or
163 an ARPHRD_IEEE80211_CAPTURE device. The value of this field shall be
164 0x80211002. As new revisions of this header are necessary, we can
165 increment the version appropriately.
167 4.2 length
168 The length field contains the length of the entire AVS capture header,
169 in bytes.
171 4.3 mactime
172 Many WLAN devices supply a relatively high resolution frame reception
173 time value. This field contains the value supplied by the device. If
174 the device does not supply a receive time value, this field shall be
175 set to zero. The units for this field are microseconds.
177 If possible, this time value should be absolute, representing the number
178 of microseconds elapsed since the UNIX epoch.
180 4.4 hosttime
181 The hosttime field is set to the current value of the host maintained
182 clock variable when the frame is received by the host.
184 If possible, this time value should be absolute, representing the number
185 of microseconds elapsed since the UNIX epoch.
187 4.5 phytype
188 The phytype field identifies what type of PHY is employed by the WLAN
189 device used to capture this frame. The valid values are:
191 PhyType Value
192 -------------------------------------
193 phytype_fhss_dot11_97 1
194 phytype_dsss_dot11_97 2
195 phytype_irbaseband 3
196 phytype_dsss_dot11_b 4
197 phytype_pbcc_dot11_b 5
198 phytype_ofdm_dot11_g 6
199 phytype_pbcc_dot11_g 7
200 phytype_ofdm_dot11_a 8
201 phytype_dss_ofdm_dot11_g 9
203 4.6 frequency
205 This represents the frequency or channel number of the receiver at the
206 time the frame was received. It is interpreted as follows:
208 For frequency hopping radios, this field is broken in to the
209 following subfields:
211 Byte Subfield
212 ------------------------
213 Byte0 Hop Set
214 Byte1 Hop Pattern
215 Byte2 Hop Index
216 Byte3 reserved
218 For non-hopping radios, the frequency is interpreted as follows:
220 Value Meaning
221 -----------------------------------------
222 < 256 Channel number (using externally-defined
223 channelization)
224 < 10000 Center frequency, in MHz
225 >= 10000 Center frequency, in KHz
227 4.7 datarate
228 The data rate field contains the rate at which the frame was received
229 in units of 100kbps.
231 4.8 antenna
232 For WLAN devices that indicate the receive antenna for each frame, the
233 antenna field shall contain an index value into the dot11AntennaList.
234 If the device does not indicate a receive antenna value, this field
235 shall be set to zero.
237 4.9 priority
238 The priority field indicates the receive priority of the frame. The
239 value is in the range [0-15] with the value 0 reserved to indicate
240 contention period and the value 6 reserved to indicate contention free
241 period.
243 4.10 ssi_type
244 The ssi_type field is used to indicate what type of signal strength
245 information is present: "None", "Normalized RSSI" or "dBm". "None"
246 indicates that the underlying WLAN device does not supply any signal
247 strength at all and the ssi_* values are unset. "Normalized RSSI"
248 values are integers in the range [0-1000] where higher numbers
249 indicate stronger signal. "dBm" values indicate an actual signal
250 strength measurement quantity and are usually in the range [-108 - 10].
251 The following values indicate the three types:
253 Value Description
254 ---------------------------------------------
255 0 None
256 1 Normalized RSSI
257 2 dBm
258 3 Raw RSSI
260 4.11 ssi_signal
261 The ssi_signal field contains the signal strength value reported by
262 the WLAN device for this frame. Note that this is a signed quantity
263 and if the ssi_type value is "dBm" that the value may be negative.
265 4.12 ssi_noise
266 The ssi_noise field contains the noise or "silence" value reported by
267 the WLAN device. This value is commonly defined to be the "signal
268 strength reported immediately prior to the baseband processor lock on
269 the frame preamble". If the hardware does not provide noise data, this
270 shall equal 0xffffffff.
272 4.12 preamble
273 For PHYs that support variable preamble lengths, the preamble field
274 indicates the preamble type used for this frame. The values are:
276 Value Description
277 ---------------------------------------------
278 0 Undefined
279 1 Short Preamble
280 2 Long Preamble
282 4.13 encoding
283 This specifies the encoding of the received packet. For PHYs that support
284 multiple encoding types, this will tell us which one was used.
286 Value Description
287 ---------------------------------------------
288 0 Unknown
289 1 CCK
290 2 PBCC
291 3 OFDM
292 4 DSSS-OFDM
293 5 BPSK
294 6 QPSK
295 7 16QAM
296 8 64QAM
298 4.14 sequence
299 This is a receive frame sequence counter. The sniff host shall
300 increment this by one for every valid frame received off the medium.
301 By watching for gaps in the sequence numbers we can determine when
302 packets are lost due to unreliable transport, rather than a frame never
303 being received to begin with.
305 4.15 drops
306 This is a counter of the number of known frame drops that occurred. This
307 is particularly useful when the system or hardware cannot keep up with
308 the sniffer load.
310 4.16 receiver_addr
311 This specifies the MAC address of the receiver of this frame.
312 It is six octets in length. This field is followed by two octets of
313 padding to keep the structure 32-bit word aligned.
315 ================================
317 Changes: v2->v2.1
319 * Added contact e-mail address to introduction
320 * Added sniffer_addr, drop count, and sequence fields, bringing total
321 length to 80 bytes
322 * Bumped version to 0x80211002
323 * Mactime is specified in microseconds, not nanoseconds
324 * Added 64QAM, 16QAM, BPSK, QPSK encodings
326 ================================
328 Changes: v2.1->v2.1.1
330 * Renamed 'channel' to 'frequency'
331 * Clarified the interpretation of the frequency/channel field.
332 * Renamed 'sniffer address' to 'receiver address'
333 * Clarified timestamp fields.
337 * Signal/noise strength type values.
339 #define SSI_NONE 0 /* no SSI information */
340 #define SSI_NORM_RSSI 1 /* normalized RSSI - 0-1000 */
341 #define SSI_DBM 2 /* dBm */
342 #define SSI_RAW_RSSI 3 /* raw RSSI from the hardware */
344 static int
345 dissect_wlancap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
347 proto_tree *wlan_tree = NULL;
348 proto_item *ti;
349 tvbuff_t *next_tvb;
350 int offset;
351 uint32_t version;
352 uint32_t length;
353 uint32_t channel;
354 unsigned frequency;
355 int calc_channel;
356 uint32_t datarate;
357 uint32_t ssi_type;
358 int32_t dbm;
359 uint32_t antnoise;
360 struct ieee_802_11_phdr phdr;
362 /* We don't have any 802.11 metadata yet. */
363 memset(&phdr, 0, sizeof(phdr));
364 phdr.fcs_len = -1;
365 phdr.decrypted = false;
366 phdr.datapad = false;
367 phdr.phy = PHDR_802_11_PHY_UNKNOWN;
369 col_set_str(pinfo->cinfo, COL_PROTOCOL, "WLAN");
370 col_clear(pinfo->cinfo, COL_INFO);
371 offset = 0;
373 version = tvb_get_ntohl(tvb, offset) - WLANCAP_MAGIC_COOKIE_BASE;
375 length = tvb_get_ntohl(tvb, offset+4);
377 col_add_fstr(pinfo->cinfo, COL_INFO, "AVS WLAN Capture v%x, Length %d",version, length);
379 if (version > 2) {
380 goto skip;
383 /* Dissect the AVS header */
384 if (tree) {
385 ti = proto_tree_add_item(tree, proto_wlancap, tvb, 0, length, ENC_NA);
386 wlan_tree = proto_item_add_subtree(ti, ett_wlancap);
387 proto_tree_add_item(wlan_tree, hf_wlancap_magic, tvb, offset, 4, ENC_BIG_ENDIAN);
388 proto_tree_add_item(wlan_tree, hf_wlancap_version, tvb, offset, 4, ENC_BIG_ENDIAN);
390 offset+=4;
391 if (tree)
392 proto_tree_add_item(wlan_tree, hf_wlancap_length, tvb, offset, 4, ENC_BIG_ENDIAN);
393 offset+=4;
394 phdr.has_tsf_timestamp = true;
395 phdr.tsf_timestamp = tvb_get_ntoh64(tvb, offset);
396 if (tree)
397 proto_tree_add_item(wlan_tree, hf_wlancap_mactime, tvb, offset, 8, ENC_BIG_ENDIAN);
398 offset+=8;
399 if (tree)
400 proto_tree_add_item(wlan_tree, hf_wlancap_hosttime, tvb, offset, 8, ENC_BIG_ENDIAN);
401 offset+=8;
402 switch (tvb_get_ntohl(tvb, offset)) {
404 case 1:
405 phdr.phy = PHDR_802_11_PHY_11_FHSS;
406 break;
408 case 2:
409 phdr.phy = PHDR_802_11_PHY_11_DSSS;
410 break;
412 case 3:
413 phdr.phy = PHDR_802_11_PHY_11_IR;
414 break;
416 case 4:
417 phdr.phy = PHDR_802_11_PHY_11B;
418 break;
420 case 5:
421 /* 11b PBCC? */
422 phdr.phy = PHDR_802_11_PHY_11B;
423 break;
425 case 6:
426 phdr.phy = PHDR_802_11_PHY_11G; /* pure? */
427 break;
429 case 7:
430 /* 11a PBCC? */
431 phdr.phy = PHDR_802_11_PHY_11A;
432 break;
434 case 8:
435 phdr.phy = PHDR_802_11_PHY_11A;
436 break;
438 case 9:
439 phdr.phy = PHDR_802_11_PHY_11G; /* mixed? */
440 break;
442 if (tree)
443 proto_tree_add_item(wlan_tree, hf_wlancap_phytype, tvb, offset, 4, ENC_BIG_ENDIAN);
444 offset+=4;
446 if (phdr.phy == PHDR_802_11_PHY_11_FHSS) {
447 phdr.phy_info.info_11_fhss.has_hop_set = true;
448 phdr.phy_info.info_11_fhss.hop_set = tvb_get_uint8(tvb, offset);
449 if (tree)
450 proto_tree_add_item(wlan_tree, hf_wlancap_hop_set, tvb, offset, 1, ENC_NA);
451 phdr.phy_info.info_11_fhss.has_hop_pattern = true;
452 phdr.phy_info.info_11_fhss.hop_pattern = tvb_get_uint8(tvb, offset + 1);
453 if (tree)
454 proto_tree_add_item(wlan_tree, hf_wlancap_hop_pattern, tvb, offset + 1, 1, ENC_NA);
455 phdr.phy_info.info_11_fhss.has_hop_index = true;
456 phdr.phy_info.info_11_fhss.hop_index = tvb_get_uint8(tvb, offset + 2);
457 if (tree)
458 proto_tree_add_item(wlan_tree, hf_wlancap_hop_index, tvb, offset + 2, 1, ENC_NA);
459 } else {
460 channel = tvb_get_ntohl(tvb, offset);
461 if (channel < 256) {
462 col_add_fstr(pinfo->cinfo, COL_FREQ_CHAN, "%u", channel);
463 phdr.has_channel = true;
464 phdr.channel = channel;
465 if (tree)
466 proto_tree_add_uint(wlan_tree, hf_wlancap_channel, tvb, offset, 4, channel);
467 frequency = ieee80211_chan_to_mhz(channel, (phdr.phy != PHDR_802_11_PHY_11A));
468 if (frequency != 0) {
469 phdr.has_frequency = true;
470 phdr.frequency = frequency;
472 } else if (channel < 10000) {
473 col_add_fstr(pinfo->cinfo, COL_FREQ_CHAN, "%u MHz", channel);
474 phdr.has_frequency = true;
475 phdr.frequency = channel;
476 if (tree)
477 proto_tree_add_uint_format(wlan_tree, hf_wlancap_channel_frequency, tvb, offset,
478 4, channel, "Frequency: %u MHz", channel);
479 calc_channel = ieee80211_mhz_to_chan(channel);
480 if (calc_channel != -1) {
481 phdr.has_channel = true;
482 phdr.channel = calc_channel;
484 } else {
485 col_add_fstr(pinfo->cinfo, COL_FREQ_CHAN, "%u KHz", channel);
486 if (tree)
487 proto_tree_add_uint_format(wlan_tree, hf_wlancap_channel_frequency, tvb, offset,
488 4, channel, "Frequency: %u KHz", channel);
491 offset+=4;
493 datarate = tvb_get_ntohl(tvb, offset);
494 if (datarate < 100000) {
495 /* In units of 100 Kb/s; convert to b/s */
496 datarate *= 100000;
499 col_add_fstr(pinfo->cinfo, COL_TX_RATE, "%u.%u",
500 datarate / 1000000,
501 ((datarate % 1000000) > 500000) ? 5 : 0);
502 if (datarate != 0) {
503 /* 0 is obviously bogus; it may be used for "unknown" */
504 /* Can this be expressed in .5 MHz units? */
505 if ((datarate % 500000) == 0) {
506 /* Yes. */
507 phdr.has_data_rate = true;
508 phdr.data_rate = datarate / 500000;
511 if (tree) {
512 proto_tree_add_uint64_format_value(wlan_tree, hf_wlancap_data_rate, tvb, offset, 4,
513 datarate,
514 "%u.%u Mb/s",
515 datarate/1000000,
516 ((datarate % 1000000) > 500000) ? 5 : 0);
518 offset+=4;
521 * The phytype field in the header "identifies what type of PHY
522 * is employed by the WLAN device used to capture this frame";
523 * in at least one capture, it's phytype_ofdm_dot11_g for frames
524 * received using DSSS, so it may be usable to identify the
525 * type of PHY being used (except that "ofdm" isn't correct, as
526 * 11g supports both DSSS and OFDM), but it cannot be used to
527 * determine the modulation with which the packet was transmitted.
529 * The encoding field "specifies the encoding of the received packet".
530 * At least one capture using the AVS header specifies CCK for at
531 * least one frame with a 1 Mb/s data rate, which is technically
532 * incorrect (CCK is used only for 5.5 and 11 Mb/s DSSS packets) and
533 * it also specifies it for at least one frame with a 54 Mb/s data
534 * rate, which is *very* wrong (that's OFDM, not DSSS, and CCK is
535 * only used with DSSS), so that field cannot be trusted to indicate
536 * the modulation with which the packet was transmitted.
538 * We want an indication of how the frame was received, so, if we
539 * have the data rate for a purportedly 11g-OFDM packet, we use
540 * that to determine whether it's 11g-OFDM or 11g/11b-DSSS.
542 if (phdr.phy == PHDR_802_11_PHY_11G && phdr.has_data_rate) {
543 if (RATE_IS_DSSS(phdr.data_rate)) {
544 /* Presumably 11g using DSSS; we report that as 11b. */
545 phdr.phy = PHDR_802_11_PHY_11B;
549 if (tree)
550 proto_tree_add_item(wlan_tree, hf_wlancap_antenna, tvb, offset, 4, ENC_BIG_ENDIAN);
551 offset+=4;
553 if (tree)
554 proto_tree_add_item(wlan_tree, hf_wlancap_priority, tvb, offset, 4, ENC_BIG_ENDIAN);
555 offset+=4;
557 ssi_type = tvb_get_ntohl(tvb, offset);
558 if (tree)
559 proto_tree_add_uint(wlan_tree, hf_wlancap_ssi_type, tvb, offset, 4, ssi_type);
560 offset+=4;
561 switch (ssi_type) {
563 case SSI_NONE:
564 default:
565 /* either there is no SSI information, or we don't know what type it is */
566 break;
568 case SSI_NORM_RSSI:
569 /* Normalized RSSI */
570 col_add_fstr(pinfo->cinfo, COL_RSSI, "%u (norm)", tvb_get_ntohl(tvb, offset));
571 if (tree)
572 proto_tree_add_item(wlan_tree, hf_wlancap_normrssi_antsignal, tvb, offset, 4, ENC_BIG_ENDIAN);
573 break;
575 case SSI_DBM:
576 /* dBm */
577 dbm = tvb_get_ntohl(tvb, offset);
578 phdr.has_signal_dbm = true;
579 phdr.signal_dbm = dbm;
580 col_add_fstr(pinfo->cinfo, COL_RSSI, "%d dBm", dbm);
581 if (tree)
582 proto_tree_add_item(wlan_tree, hf_wlancap_dbm_antsignal, tvb, offset, 4, ENC_BIG_ENDIAN);
583 break;
585 case SSI_RAW_RSSI:
586 /* Raw RSSI */
587 col_add_fstr(pinfo->cinfo, COL_RSSI, "%u (raw)", tvb_get_ntohl(tvb, offset));
588 if (tree)
589 proto_tree_add_item(wlan_tree, hf_wlancap_rawrssi_antsignal, tvb, offset, 4, ENC_BIG_ENDIAN);
590 break;
592 offset+=4;
594 antnoise = tvb_get_ntohl(tvb, offset);
595 /* 0xffffffff means "hardware does not provide noise data" */
596 if (antnoise != 0xffffffff) {
597 switch (ssi_type) {
599 case SSI_NONE:
600 default:
601 /* either there is no SSI information, or we don't know what type it is */
602 break;
604 case SSI_NORM_RSSI:
605 /* Normalized RSSI */
606 if (tree)
607 proto_tree_add_uint(wlan_tree, hf_wlancap_normrssi_antnoise, tvb, offset, 4, antnoise);
608 break;
610 case SSI_DBM:
611 /* dBm */
612 if (antnoise != 0) {
613 /* The spec says use 0xffffffff, but some drivers appear to use 0. */
614 phdr.has_noise_dbm = true;
615 phdr.noise_dbm = antnoise;
617 if (tree)
618 proto_tree_add_int(wlan_tree, hf_wlancap_dbm_antnoise, tvb, offset, 4, antnoise);
619 break;
621 case SSI_RAW_RSSI:
622 /* Raw RSSI */
623 if (tree)
624 proto_tree_add_uint(wlan_tree, hf_wlancap_rawrssi_antnoise, tvb, offset, 4, antnoise);
625 break;
628 offset+=4;
631 * This only applies to packets received as DSSS (1b/11g-DSSS).
633 if (phdr.phy == PHDR_802_11_PHY_11B) {
634 switch (tvb_get_ntohl(tvb, offset)) {
636 case 0:
637 /* Undefined, so we don't know if there's a short preamble */
638 phdr.phy_info.info_11b.has_short_preamble = false;
639 break;
641 case 1:
642 /* Short preamble. */
643 phdr.phy_info.info_11b.has_short_preamble = true;
644 phdr.phy_info.info_11b.short_preamble = true;
645 break;
647 case 2:
648 /* Long preamble. */
649 phdr.phy_info.info_11b.has_short_preamble = true;
650 phdr.phy_info.info_11b.short_preamble = false;
651 break;
653 default:
654 /* Invalid, so we don't know if there's a short preamble. */
655 phdr.phy_info.info_11b.has_short_preamble = false;
656 break;
659 if (tree)
660 proto_tree_add_item(wlan_tree, hf_wlancap_preamble, tvb, offset, 4, ENC_BIG_ENDIAN);
661 offset+=4;
663 if (tree)
664 proto_tree_add_item(wlan_tree, hf_wlancap_encoding, tvb, offset, 4, ENC_BIG_ENDIAN);
665 offset+=4;
667 if (version > 1) {
668 if (tree)
669 proto_tree_add_item(wlan_tree, hf_wlancap_sequence, tvb, offset, 4, ENC_BIG_ENDIAN);
670 offset+=4;
672 if (tree)
673 proto_tree_add_item(wlan_tree, hf_wlancap_drops, tvb, offset, 4, ENC_BIG_ENDIAN);
674 offset+=4;
676 if (tree)
677 proto_tree_add_item(wlan_tree, hf_wlancap_receiver_addr, tvb, offset, 6, ENC_NA);
678 offset+=6;
680 if (tree)
681 proto_tree_add_item(wlan_tree, hf_wlancap_padding, tvb, offset, 2, ENC_NA);
682 /*offset+=2;*/
686 skip:
687 offset = length;
689 /* dissect the 802.11 header next */
690 next_tvb = tvb_new_subset_remaining(tvb, offset);
691 call_dissector_with_data(ieee80211_radio_handle, next_tvb, pinfo, tree, (void *)&phdr);
692 return tvb_captured_length(tvb);
695 static const value_string phy_type[] = {
696 { 0, "Unknown" },
697 { 1, "FHSS 802.11 '97" },
698 { 2, "DSSS 802.11 '97" },
699 { 3, "IR Baseband" },
700 { 4, "DSSS 802.11b" },
701 { 5, "PBCC 802.11b" },
702 { 6, "OFDM 802.11g" },
703 { 7, "PBCC 802.11g" },
704 { 8, "OFDM 802.11a" },
705 { 0, NULL }
708 static const value_string encoding_type[] = {
709 { 0, "Unknown" },
710 { 1, "CCK" },
711 { 2, "PBCC" },
712 { 3, "OFDM" },
713 { 4, "DSS-OFDM" },
714 { 5, "BPSK" },
715 { 6, "QPSK" },
716 { 7, "16QAM" },
717 { 8, "64QAM" },
718 { 0, NULL }
721 static const value_string ssi_type[] = {
722 { SSI_NONE, "None" },
723 { SSI_NORM_RSSI, "Normalized RSSI" },
724 { SSI_DBM, "dBm" },
725 { SSI_RAW_RSSI, "Raw RSSI" },
726 { 0, NULL }
729 static const value_string preamble_type[] = {
730 { 0, "Unknown" },
731 { 1, "Short" },
732 { 2, "Long" },
733 { 0, NULL }
736 static hf_register_info hf_wlancap[] = {
737 {&hf_wlancap_magic,
738 {"Header magic", "wlancap.magic", FT_UINT32, BASE_HEX, NULL, 0xFFFFFFF0,
739 NULL, HFILL }},
741 {&hf_wlancap_version,
742 {"Header revision", "wlancap.version", FT_UINT32, BASE_DEC, NULL, 0xF,
743 NULL, HFILL }},
745 {&hf_wlancap_length,
746 {"Header length", "wlancap.length", FT_UINT32, BASE_DEC, NULL, 0x0,
747 NULL, HFILL }},
749 {&hf_wlancap_mactime,
750 {"MAC timestamp", "wlancap.mactime", FT_UINT64, BASE_DEC, NULL, 0x0,
751 "Value in microseconds of the MAC's Time Synchronization Function timer when the first bit of the MPDU arrived at the MAC", HFILL }},
753 {&hf_wlancap_hosttime,
754 {"Host timestamp", "wlancap.hosttime", FT_UINT64, BASE_DEC, NULL, 0x0,
755 NULL, HFILL }},
757 {&hf_wlancap_phytype,
758 {"PHY type", "wlancap.phytype", FT_UINT32, BASE_DEC, VALS(phy_type), 0x0,
759 NULL, HFILL }},
761 {&hf_wlancap_hop_set,
762 {"Hop set", "wlancap.fhss.hop_set", FT_UINT8, BASE_HEX, NULL, 0x0,
763 NULL, HFILL }},
765 {&hf_wlancap_hop_pattern,
766 {"Hop pattern", "wlancap.fhss.hop_pattern", FT_UINT8, BASE_HEX, NULL, 0x0,
767 NULL, HFILL }},
769 {&hf_wlancap_hop_index,
770 {"Hop index", "wlancap.fhss.hop_index", FT_UINT8, BASE_HEX, NULL, 0x0,
771 NULL, HFILL }},
773 {&hf_wlancap_channel,
774 {"Channel", "wlancap.channel", FT_UINT8, BASE_DEC, NULL, 0x0,
775 "802.11 channel number that this frame was sent/received on", HFILL }},
777 {&hf_wlancap_channel_frequency,
778 {"Channel frequency", "wlancap.channel_frequency", FT_UINT32, BASE_DEC, NULL, 0x0,
779 "Channel frequency in megahertz that this frame was sent/received on", HFILL }},
781 {&hf_wlancap_data_rate,
782 {"Data Rate", "wlancap.data_rate", FT_UINT64, BASE_DEC, NULL, 0x0,
783 "Data rate (b/s)", HFILL }},
785 {&hf_wlancap_antenna,
786 {"Antenna", "wlancap.antenna", FT_UINT32, BASE_DEC, NULL, 0x0,
787 "Antenna number this frame was sent/received over (starting at 0)", HFILL } },
789 {&hf_wlancap_priority,
790 {"Priority", "wlancap.priority", FT_UINT32, BASE_DEC, NULL, 0x0,
791 NULL, HFILL }},
793 {&hf_wlancap_ssi_type,
794 {"SSI Type", "wlancap.ssi_type", FT_UINT32, BASE_DEC, VALS(ssi_type), 0x0,
795 NULL, HFILL }},
797 {&hf_wlancap_normrssi_antsignal,
798 {"Normalized RSSI Signal", "wlancap.normrssi_antsignal", FT_UINT32, BASE_DEC, NULL, 0x0,
799 "RF signal power at the antenna, normalized to the range 0-1000", HFILL }},
801 {&hf_wlancap_dbm_antsignal,
802 {"SSI Signal (dBm)", "wlancap.dbm_antsignal", FT_INT32, BASE_DEC, NULL, 0x0,
803 "RF signal power at the antenna from a fixed, arbitrary value in decibels from one milliwatt", HFILL }},
805 {&hf_wlancap_rawrssi_antsignal,
806 {"Raw RSSI Signal", "wlancap.rawrssi_antsignal", FT_UINT32, BASE_DEC, NULL, 0x0,
807 "RF signal power at the antenna, reported as RSSI by the adapter", HFILL }},
809 {&hf_wlancap_normrssi_antnoise,
810 {"Normalized RSSI Noise", "wlancap.normrssi_antnoise", FT_UINT32, BASE_DEC, NULL, 0x0,
811 "RF noise power at the antenna, normalized to the range 0-1000", HFILL }},
813 {&hf_wlancap_dbm_antnoise,
814 {"SSI Noise (dBm)", "wlancap.dbm_antnoise", FT_INT32, BASE_DEC, NULL, 0x0,
815 "RF noise power at the antenna from a fixed, arbitrary value in decibels per one milliwatt", HFILL }},
817 {&hf_wlancap_rawrssi_antnoise,
818 {"Raw RSSI Noise", "wlancap.rawrssi_antnoise", FT_UINT32, BASE_DEC, NULL, 0x0,
819 "RF noise power at the antenna, reported as RSSI by the adapter", HFILL }},
821 {&hf_wlancap_preamble,
822 {"Preamble", "wlancap.preamble", FT_UINT32, BASE_DEC, VALS(preamble_type), 0x0,
823 NULL, HFILL }},
825 {&hf_wlancap_encoding,
826 {"Encoding Type", "wlancap.encoding", FT_UINT32, BASE_DEC, VALS(encoding_type), 0x0,
827 NULL, HFILL }},
829 {&hf_wlancap_sequence,
830 {"Receive sequence", "wlancap.sequence", FT_UINT32, BASE_DEC, NULL, 0x0,
831 NULL, HFILL }},
833 {&hf_wlancap_drops,
834 {"Known Dropped Frames", "wlancap.drops", FT_UINT32, BASE_DEC, NULL, 0x0,
835 NULL, HFILL }},
837 {&hf_wlancap_receiver_addr,
838 {"Receiver Address", "wlancap.receiver_addr", FT_ETHER, BASE_NONE, NULL, 0x0,
839 "Receiver Hardware Address", HFILL }},
841 {&hf_wlancap_padding,
842 {"Padding", "wlancap.padding", FT_BYTES, BASE_NONE, NULL, 0x0,
843 NULL, HFILL }}
846 static int *tree_array[] = {
847 &ett_wlancap
850 void proto_register_ieee80211_wlancap(void)
852 proto_wlancap = proto_register_protocol("AVS WLAN Capture header",
853 "AVS WLANCAP", "wlancap");
854 proto_register_field_array(proto_wlancap, hf_wlancap,
855 array_length(hf_wlancap));
856 wlancap_handle = register_dissector("wlancap", dissect_wlancap, proto_wlancap);
858 dissector_add_uint("wtap_encap", WTAP_ENCAP_IEEE_802_11_AVS,
859 wlancap_handle);
860 proto_register_subtree_array(tree_array, array_length(tree_array));
862 wlancap_cap_handle = register_capture_dissector("wlancap", capture_wlancap, proto_wlancap);
865 void proto_reg_handoff_ieee80211_wlancap(void)
867 ieee80211_radio_handle = find_dissector_add_dependency("wlan_radio", proto_wlancap);
868 capture_dissector_add_uint("wtap_encap", WTAP_ENCAP_IEEE_802_11_AVS, wlancap_cap_handle);
870 ieee80211_cap_handle = find_capture_dissector("ieee80211");
874 * Editor modelines
876 * Local Variables:
877 * c-basic-offset: 2
878 * tab-width: 8
879 * indent-tabs-mode: nil
880 * End:
882 * ex: set shiftwidth=2 tabstop=8 expandtab:
883 * :indentSize=2:tabSize=8:noTabs=true: