1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
|
/*
* Copyright (c) 1998-2007 The TCPDUMP project
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that: (1) source code
* distributions retain the above copyright notice and this paragraph
* in its entirety, and (2) distributions including binary code include
* the above copyright notice and this paragraph in its entirety in
* the documentation or other materials provided with the distribution.
* THIS SOFTWARE IS PROVIDED ``AS IS'' AND
* WITHOUT ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT
* LIMITATION, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
* FOR A PARTICULAR PURPOSE.
*
* Support for the Light Weight Access Point Protocol as per RFC 5412
*
* Original code by Carles Kishimoto <carles.kishimoto@gmail.com>
*/
#ifdef HAVE_CONFIG_H
#include "config.h"
#endif
#include <netdissect-stdinc.h>
#include "netdissect.h"
#include "extract.h"
#include "addrtoname.h"
/*
* LWAPP transport (common) header
* 0 1 2 3
* 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* |VER| RID |C|F|L| Frag ID | Length |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* | Status/WLANs | Payload... |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
*
*/
struct lwapp_transport_header {
uint8_t version;
uint8_t frag_id;
uint8_t length[2];
uint16_t status;
};
/*
* LWAPP control header
* 0 1 2 3
* 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* | Message Type | Seq Num | Msg Element Length |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* | Session ID |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* | Msg Element [0..N] |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
*/
struct lwapp_control_header {
uint8_t msg_type;
uint8_t seq_num;
uint8_t len[2];
uint8_t session_id[4];
};
#define LWAPP_VERSION 0
#define LWAPP_EXTRACT_VERSION(x) (((x)&0xC0)>>6)
#define LWAPP_EXTRACT_RID(x) (((x)&0x38)>>3)
#define LWAPP_EXTRACT_CONTROL_BIT(x) (((x)&0x04)>>2)
static const struct tok lwapp_header_bits_values[] = {
{ 0x01, "Last Fragment Bit"},
{ 0x02, "Fragment Bit"},
{ 0x04, "Control Bit"},
{ 0, NULL}
};
#define LWAPP_MSGTYPE_DISCOVERY_REQUEST 1
#define LWAPP_MSGTYPE_DISCOVERY_RESPONSE 2
#define LWAPP_MSGTYPE_JOIN_REQUEST 3
#define LWAPP_MSGTYPE_JOIN_RESPONSE 4
#define LWAPP_MSGTYPE_JOIN_ACK 5
#define LWAPP_MSGTYPE_JOIN_CONFIRM 6
#define LWAPP_MSGTYPE_CONFIGURE_REQUEST 10
#define LWAPP_MSGTYPE_CONFIGURE_RESPONSE 11
#define LWAPP_MSGTYPE_CONF_UPDATE_REQUEST 12
#define LWAPP_MSGTYPE_CONF_UPDATE_RESPONSE 13
#define LWAPP_MSGTYPE_WTP_EVENT_REQUEST 14
#define LWAPP_MSGTYPE_WTP_EVENT_RESPONSE 15
#define LWAPP_MSGTYPE_CHANGE_STATE_EVENT_REQUEST 16
#define LWAPP_MSGTYPE_CHANGE_STATE_EVENT_RESPONSE 17
#define LWAPP_MSGTYPE_ECHO_REQUEST 22
#define LWAPP_MSGTYPE_ECHO_RESPONSE 23
#define LWAPP_MSGTYPE_IMAGE_DATA_REQUEST 24
#define LWAPP_MSGTYPE_IMAGE_DATA_RESPONSE 25
#define LWAPP_MSGTYPE_RESET_REQUEST 26
#define LWAPP_MSGTYPE_RESET_RESPONSE 27
#define LWAPP_MSGTYPE_KEY_UPDATE_REQUEST 30
#define LWAPP_MSGTYPE_KEY_UPDATE_RESPONSE 31
#define LWAPP_MSGTYPE_PRIMARY_DISCOVERY_REQUEST 32
#define LWAPP_MSGTYPE_PRIMARY_DISCOVERY_RESPONSE 33
#define LWAPP_MSGTYPE_DATA_TRANSFER_REQUEST 34
#define LWAPP_MSGTYPE_DATA_TRANSFER_RESPONSE 35
#define LWAPP_MSGTYPE_CLEAR_CONFIG_INDICATION 36
#define LWAPP_MSGTYPE_WLAN_CONFIG_REQUEST 37
#define LWAPP_MSGTYPE_WLAN_CONFIG_RESPONSE 38
#define LWAPP_MSGTYPE_MOBILE_CONFIG_REQUEST 39
#define LWAPP_MSGTYPE_MOBILE_CONFIG_RESPONSE 40
static const struct tok lwapp_msg_type_values[] = {
{ LWAPP_MSGTYPE_DISCOVERY_REQUEST, "Discovery req"},
{ LWAPP_MSGTYPE_DISCOVERY_RESPONSE, "Discovery resp"},
{ LWAPP_MSGTYPE_JOIN_REQUEST, "Join req"},
{ LWAPP_MSGTYPE_JOIN_RESPONSE, "Join resp"},
{ LWAPP_MSGTYPE_JOIN_ACK, "Join ack"},
{ LWAPP_MSGTYPE_JOIN_CONFIRM, "Join confirm"},
{ LWAPP_MSGTYPE_CONFIGURE_REQUEST, "Configure req"},
{ LWAPP_MSGTYPE_CONFIGURE_RESPONSE, "Configure resp"},
{ LWAPP_MSGTYPE_CONF_UPDATE_REQUEST, "Update req"},
{ LWAPP_MSGTYPE_CONF_UPDATE_RESPONSE, "Update resp"},
{ LWAPP_MSGTYPE_WTP_EVENT_REQUEST, "WTP event req"},
{ LWAPP_MSGTYPE_WTP_EVENT_RESPONSE, "WTP event resp"},
{ LWAPP_MSGTYPE_CHANGE_STATE_EVENT_REQUEST, "Change state event req"},
{ LWAPP_MSGTYPE_CHANGE_STATE_EVENT_RESPONSE, "Change state event resp"},
{ LWAPP_MSGTYPE_ECHO_REQUEST, "Echo req"},
{ LWAPP_MSGTYPE_ECHO_RESPONSE, "Echo resp"},
{ LWAPP_MSGTYPE_IMAGE_DATA_REQUEST, "Image data req"},
{ LWAPP_MSGTYPE_IMAGE_DATA_RESPONSE, "Image data resp"},
{ LWAPP_MSGTYPE_RESET_REQUEST, "Channel status req"},
{ LWAPP_MSGTYPE_RESET_RESPONSE, "Channel status resp"},
{ LWAPP_MSGTYPE_KEY_UPDATE_REQUEST, "Key update req"},
{ LWAPP_MSGTYPE_KEY_UPDATE_RESPONSE, "Key update resp"},
{ LWAPP_MSGTYPE_PRIMARY_DISCOVERY_REQUEST, "Primary discovery req"},
{ LWAPP_MSGTYPE_PRIMARY_DISCOVERY_RESPONSE, "Primary discovery resp"},
{ LWAPP_MSGTYPE_DATA_TRANSFER_REQUEST, "Data transfer req"},
{ LWAPP_MSGTYPE_DATA_TRANSFER_RESPONSE, "Data transfer resp"},
{ LWAPP_MSGTYPE_CLEAR_CONFIG_INDICATION, "Clear config ind"},
{ LWAPP_MSGTYPE_WLAN_CONFIG_REQUEST, "Wlan config req"},
{ LWAPP_MSGTYPE_WLAN_CONFIG_RESPONSE, "Wlan config resp"},
{ LWAPP_MSGTYPE_MOBILE_CONFIG_REQUEST, "Mobile config req"},
{ LWAPP_MSGTYPE_MOBILE_CONFIG_RESPONSE, "Mobile config resp"},
{ 0, NULL}
};
/*
* LWAPP message elements
*
* 0 1 2 3
* 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
* | Type | Length | Value ... |
* +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
*/
struct lwapp_message_header {
uint8_t type;
uint8_t length[2];
};
void
lwapp_control_print(netdissect_options *ndo,
const u_char *pptr, u_int len, int has_ap_ident)
{
const struct lwapp_transport_header *lwapp_trans_header;
const struct lwapp_control_header *lwapp_control_header;
const u_char *tptr;
int tlen;
int msg_tlen;
tptr=pptr;
if (has_ap_ident) {
/* check if enough bytes for AP identity */
ND_TCHECK2(*tptr, 6);
lwapp_trans_header = (const struct lwapp_transport_header *)(pptr+6);
} else {
lwapp_trans_header = (const struct lwapp_transport_header *)pptr;
}
ND_TCHECK(*lwapp_trans_header);
/*
* Sanity checking of the header.
*/
if (LWAPP_EXTRACT_VERSION(lwapp_trans_header->version) != LWAPP_VERSION) {
ND_PRINT((ndo, "LWAPP version %u packet not supported",
LWAPP_EXTRACT_VERSION(lwapp_trans_header->version)));
return;
}
/* non-verbose */
if (ndo->ndo_vflag < 1) {
ND_PRINT((ndo, "LWAPPv%u, %s frame, Flags [%s], length %u",
LWAPP_EXTRACT_VERSION(lwapp_trans_header->version),
LWAPP_EXTRACT_CONTROL_BIT(lwapp_trans_header->version) ? "Control" : "Data",
bittok2str(lwapp_header_bits_values,"none",(lwapp_trans_header->version)&0x07),
len));
return;
}
/* ok they seem to want to know everything - lets fully decode it */
tlen=EXTRACT_16BITS(lwapp_trans_header->length);
ND_PRINT((ndo, "LWAPPv%u, %s frame, Radio-id %u, Flags [%s], Frag-id %u, length %u",
LWAPP_EXTRACT_VERSION(lwapp_trans_header->version),
LWAPP_EXTRACT_CONTROL_BIT(lwapp_trans_header->version) ? "Control" : "Data",
LWAPP_EXTRACT_RID(lwapp_trans_header->version),
bittok2str(lwapp_header_bits_values,"none",(lwapp_trans_header->version)&0x07),
lwapp_trans_header->frag_id,
tlen));
if (has_ap_ident) {
ND_PRINT((ndo, "\n\tAP identity: %s", etheraddr_string(ndo, tptr)));
tptr+=sizeof(const struct lwapp_transport_header)+6;
} else {
tptr+=sizeof(const struct lwapp_transport_header);
}
while(tlen>0) {
/* did we capture enough for fully decoding the object header ? */
ND_TCHECK2(*tptr, sizeof(struct lwapp_control_header));
lwapp_control_header = (const struct lwapp_control_header *)tptr;
msg_tlen = EXTRACT_16BITS(lwapp_control_header->len);
/* print message header */
ND_PRINT((ndo, "\n\t Msg type: %s (%u), Seqnum: %u, Msg len: %d, Session: 0x%08x",
tok2str(lwapp_msg_type_values,"Unknown",lwapp_control_header->msg_type),
lwapp_control_header->msg_type,
lwapp_control_header->seq_num,
msg_tlen,
EXTRACT_32BITS(lwapp_control_header->session_id)));
/* did we capture enough for fully decoding the message */
ND_TCHECK2(*tptr, msg_tlen);
/* XXX - Decode sub messages for each message */
switch(lwapp_control_header->msg_type) {
case LWAPP_MSGTYPE_DISCOVERY_REQUEST:
case LWAPP_MSGTYPE_DISCOVERY_RESPONSE:
case LWAPP_MSGTYPE_JOIN_REQUEST:
case LWAPP_MSGTYPE_JOIN_RESPONSE:
case LWAPP_MSGTYPE_JOIN_ACK:
case LWAPP_MSGTYPE_JOIN_CONFIRM:
case LWAPP_MSGTYPE_CONFIGURE_REQUEST:
case LWAPP_MSGTYPE_CONFIGURE_RESPONSE:
case LWAPP_MSGTYPE_CONF_UPDATE_REQUEST:
case LWAPP_MSGTYPE_CONF_UPDATE_RESPONSE:
case LWAPP_MSGTYPE_WTP_EVENT_REQUEST:
case LWAPP_MSGTYPE_WTP_EVENT_RESPONSE:
case LWAPP_MSGTYPE_CHANGE_STATE_EVENT_REQUEST:
case LWAPP_MSGTYPE_CHANGE_STATE_EVENT_RESPONSE:
case LWAPP_MSGTYPE_ECHO_REQUEST:
case LWAPP_MSGTYPE_ECHO_RESPONSE:
case LWAPP_MSGTYPE_IMAGE_DATA_REQUEST:
case LWAPP_MSGTYPE_IMAGE_DATA_RESPONSE:
case LWAPP_MSGTYPE_RESET_REQUEST:
case LWAPP_MSGTYPE_RESET_RESPONSE:
case LWAPP_MSGTYPE_KEY_UPDATE_REQUEST:
case LWAPP_MSGTYPE_KEY_UPDATE_RESPONSE:
case LWAPP_MSGTYPE_PRIMARY_DISCOVERY_REQUEST:
case LWAPP_MSGTYPE_PRIMARY_DISCOVERY_RESPONSE:
case LWAPP_MSGTYPE_DATA_TRANSFER_REQUEST:
case LWAPP_MSGTYPE_DATA_TRANSFER_RESPONSE:
case LWAPP_MSGTYPE_CLEAR_CONFIG_INDICATION:
case LWAPP_MSGTYPE_WLAN_CONFIG_REQUEST:
case LWAPP_MSGTYPE_WLAN_CONFIG_RESPONSE:
case LWAPP_MSGTYPE_MOBILE_CONFIG_REQUEST:
case LWAPP_MSGTYPE_MOBILE_CONFIG_RESPONSE:
default:
break;
}
tptr += sizeof(struct lwapp_control_header) + msg_tlen;
tlen -= sizeof(struct lwapp_control_header) + msg_tlen;
}
return;
trunc:
ND_PRINT((ndo, "\n\t\t packet exceeded snapshot"));
}
void
lwapp_data_print(netdissect_options *ndo,
const u_char *pptr, u_int len)
{
const struct lwapp_transport_header *lwapp_trans_header;
const u_char *tptr;
int tlen;
tptr=pptr;
/* check if enough bytes for AP identity */
ND_TCHECK2(*tptr, 6);
lwapp_trans_header = (const struct lwapp_transport_header *)pptr;
ND_TCHECK(*lwapp_trans_header);
/*
* Sanity checking of the header.
*/
if (LWAPP_EXTRACT_VERSION(lwapp_trans_header->version) != LWAPP_VERSION) {
ND_PRINT((ndo, "LWAPP version %u packet not supported",
LWAPP_EXTRACT_VERSION(lwapp_trans_header->version)));
return;
}
/* non-verbose */
if (ndo->ndo_vflag < 1) {
ND_PRINT((ndo, "LWAPPv%u, %s frame, Flags [%s], length %u",
LWAPP_EXTRACT_VERSION(lwapp_trans_header->version),
LWAPP_EXTRACT_CONTROL_BIT(lwapp_trans_header->version) ? "Control" : "Data",
bittok2str(lwapp_header_bits_values,"none",(lwapp_trans_header->version)&0x07),
len));
return;
}
/* ok they seem to want to know everything - lets fully decode it */
tlen=EXTRACT_16BITS(lwapp_trans_header->length);
ND_PRINT((ndo, "LWAPPv%u, %s frame, Radio-id %u, Flags [%s], Frag-id %u, length %u",
LWAPP_EXTRACT_VERSION(lwapp_trans_header->version),
LWAPP_EXTRACT_CONTROL_BIT(lwapp_trans_header->version) ? "Control" : "Data",
LWAPP_EXTRACT_RID(lwapp_trans_header->version),
bittok2str(lwapp_header_bits_values,"none",(lwapp_trans_header->version)&0x07),
lwapp_trans_header->frag_id,
tlen));
tptr+=sizeof(const struct lwapp_transport_header);
tlen-=sizeof(const struct lwapp_transport_header);
/* FIX - An IEEE 802.11 frame follows - hexdump for now */
print_unknown_data(ndo, tptr, "\n\t", tlen);
return;
trunc:
ND_PRINT((ndo, "\n\t\t packet exceeded snapshot"));
}
/*
* Local Variables:
* c-style: whitesmith
* c-basic-offset: 8
* End:
*/
|