Google Git
Sign in
fuchsia / third_party / syzkaller / refs/heads/upstream/android-land-coverage / . / sys / linux / net_80211.txt
blob: 37b5e20ba8eabda13073ea72fc71c9becb54b0a7 [file] [log] [blame] [edit]
# Copyright 2020 syzkaller project authors. All rights reserved.
# Use of this source code is governed by Apache 2 LICENSE that can be found in the LICENSE file.
# This file contains descriptions of fields, structs and frames that are necessary to generate and inject 802.11 frames.
# Descriptions specified here follow the IEEE 802.11-2016 standard. It can be accessed here: https://ieeexplore.ieee.org/document/7786995 (the document is freely available through the IEEE GET programâ„¢).
include <linux/ieee80211.h>
# Mac addresses of virtual wifi devices created during executor initialization.
type ieee80211_fixed_mac_addr[LAST] {
byte0 const[0x8, int8]
byte1 const[0x2, int8]
byte2 const[0x11, int8]
byte3 const[0x0, int8]
byte4 const[0x0, int8]
byte5 LAST
} [packed]
ieee80211_mac_addr [
device_a ieee80211_fixed_mac_addr[const[0x0, int8]]
device_b ieee80211_fixed_mac_addr[const[0x1, int8]]
broadcast array[const[0xff, int8], 6]
]
ieee80211_ssid [
random array[int8, 0:IEEE80211_MAX_SSID_LEN]
default_ibss_ssid array[const[0x1, int8], 6]
default_ap_ssid array[const[0x2, int8], 6]
] [varlen]
ieee80211_mesh_id [
default array[const[0x3, int8], 6]
] [varlen]
ieee80211_frame [
data_frame ieee80211_data_frame
mgmt_frame ieee80211_mgmt_frame
ctrl_frame ieee80211_ctrl_frame
] [varlen]
ieee80211_bssid [
initial array[const[0x50, int8], 6]
from_mac ieee80211_mac_addr
random array[int8, 6]
]
# Inject an 802.11 frame.
# mac_addr -- mac address of the device that will receive the message (actually it determines
# the network interface that will receive this message).
# buf -- raw 802.11 frame. It should neither include an FCS, nor leave space for it at the end of the frame.
syz_80211_inject_frame(mac_addr ptr[in, ieee80211_mac_addr], buf ptr[in, ieee80211_frame], buf_len len[buf])
# Pseudo system call that puts a specific interface into IBSS state and joins an IBSS network.
# Although it is done for all interfaces at executor initialization and the nl80211 commands that it executes
# are present in syzkaller descriptions of nl80211, experiments demonstrated that addition of this pseudo
# syscall provokes a much bigger number of issues.
# Also, this pseudo call makes it possible to put interfaces generated by sendmsg$NL80211_CMD_NEW_INTERFACE
# into an operable state at runtime.
syz_80211_join_ibss(interface ptr[in, string[nl80211_devnames]], ssid ptr[in, ieee80211_ssid], ssid_len len[ssid], join_mode flags[join_ibss_modes])
# Modes of syz_80211_join_ibss operation:
# JOIN_IBSS_NO_SCAN -- channel scan is not performed and syz_80211_join_ibss waits until the interface reaches IF_OPER_UP
# JOIN_IBSS_BG_SCAN -- channel scan is performed (takes ~ 9 seconds), syz_80211_join_ibss does not await IF_OPER_UP
# JOIN_IBSS_BG_NO_SCAN -- channel scan is not performed, syz_80211_join_ibss does not await IF_OPER_UP
define JOIN_IBSS_NO_SCAN 0x0
define JOIN_IBSS_BG_SCAN 0x1
define JOIN_IBSS_BG_NO_SCAN 0x2
join_ibss_modes = JOIN_IBSS_NO_SCAN, JOIN_IBSS_BG_SCAN, JOIN_IBSS_BG_NO_SCAN
################################################################################
# Common fields and enums.
################################################################################
# As defined in drivers/net/wireless/mac80211_hwsim.c
ieee80211_channel_freq_mhz = 2412, 2417, 2422, 2427, 2432, 2437, 2442, 2447, 2452, 2457, 2462, 2467, 2472, 2484, 5180, 5200, 5220, 5240, 5260, 5280, 5300, 5320, 5500, 5520, 5540, 5560, 5580, 5600, 5620, 5640, 5660, 5680, 5700, 5745, 5765, 5785, 5805, 5825, 5845, 5855, 5860, 5865, 5870, 5875, 5880, 5885, 5890, 5895, 5900, 5905, 5910, 5915, 5920, 5925
ieee80211_raw_rates = 10, 20, 55, 60, 90, 110, 120, 180, 240, 360, 480, 540
# Combined set of 802.11 rates for 5Mhz, 10Mhz and other channel widths.
# Only rates for drivers/net/wireless/mac80211_hwsim.c are defined.
ieee80211_rate_label = 1, 2, 3, 4, 5, 6, 9, 11, 12, 18, 22, 24, 27, 36, 48, 54, 72, 96, 108
# Rates as they are represented (see 9.4.2.3 of IEEEE 802.11-2016).
ieee80211_rate {
label flags[ieee80211_rate_label, int8:7]
mandatory int8:1
} [packed]
type ieee80211_beacon_interval[BASE_TYPE] [
default const[100, BASE_TYPE]
random BASE_TYPE
]
type ieee80211_timestamp int64
ieee80211_assoc_id [
default const[0x1, int16]
random int16
]
# Pseudo syscalls and initially created devices use the default frequency below.
type ieee80211_frequency_mhz[BASE_TYPE] [
default const[2412, BASE_TYPE]
random flags[ieee80211_channel_freq_mhz, BASE_TYPE]
]
# These are the channels supported by mac80211_hwsim.
ieee80211_channels = 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 36, 40, 44, 48, 52, 56, 60, 64, 100, 104, 108, 112, 116, 120, 124, 128, 132, 136, 140, 149, 153, 157, 161, 165, 169, 171, 172, 173, 174, 175, 176, 177, 178, 179, 180, 181, 182, 183, 184, 185
type ieee80211_channel[BASE_TYPE] flags[ieee80211_channels, BASE_TYPE]
# HT Capabilities (see 9.4.2.56 of IEEE 802.11-2016).
ieee80211_ht_cap_info = IEEE80211_HT_CAP_LDPC_CODING, IEEE80211_HT_CAP_SUP_WIDTH_20_40, IEEE80211_HT_CAP_SM_PS, IEEE80211_HT_CAP_SM_PS_SHIFT, IEEE80211_HT_CAP_GRN_FLD, IEEE80211_HT_CAP_SGI_20, IEEE80211_HT_CAP_SGI_40, IEEE80211_HT_CAP_TX_STBC, IEEE80211_HT_CAP_RX_STBC, IEEE80211_HT_CAP_RX_STBC_SHIFT, IEEE80211_HT_CAP_DELAY_BA, IEEE80211_HT_CAP_MAX_AMSDU, IEEE80211_HT_CAP_DSSSCCK40, IEEE80211_HT_CAP_RESERVED, IEEE80211_HT_CAP_40MHZ_INTOLERANT, IEEE80211_HT_CAP_LSIG_TXOP_PROT
ieee80211_ht_ext_cap_info = IEEE80211_HT_EXT_CAP_PCO, IEEE80211_HT_EXT_CAP_PCO_TIME, IEEE80211_HT_EXT_CAP_PCO_TIME_SHIFT, IEEE80211_HT_EXT_CAP_MCS_FB, IEEE80211_HT_EXT_CAP_MCS_FB_SHIFT, IEEE80211_HT_EXT_CAP_HTC_SUP, IEEE80211_HT_EXT_CAP_RD_RESPONDER
# See 9.4.2.56.4 of IEEE 802.11-2016.
ieee80211_mcs_info {
rx_bitmask_1 int64
rx_bitmask_2 int64:13
reserved const[0, int64:3]
rx_highest_dr int64:10
reserved_2 const[0, int64:6]
tx_set_defined int64:1
tx_rx_not_eq int64:1
max_spac_streams int64:2
uneq_modulation int64:1
reserved_3 const[0, int64:27]
} [packed]
# See Fig. 9-332 of IEEE 802.11-2016.
ieee80211_ht_cap {
cap_info flags[ieee80211_ht_cap_info, int16]
a_mpdu_exponent int8:2
a_mpdu_min_spacing int8:3
a_mpdu_reserved const[0, int8:3]
mcs ieee80211_mcs_info
extended_ht_cap_info flags[ieee80211_ht_ext_cap_info, int16]
tx_BF_cap_info int32
antenna_selection_info int8
} [packed]
# VHT Capabilities (see 9.4.2.56 of IEEE 802.11-2016).
ieee80211_vht_cap_info = IEEE80211_VHT_CAP_MAX_MPDU_LENGTH_3895, IEEE80211_VHT_CAP_MAX_MPDU_LENGTH_7991, IEEE80211_VHT_CAP_MAX_MPDU_LENGTH_11454, IEEE80211_VHT_CAP_MAX_MPDU_MASK, IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160MHZ, IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_160_80PLUS80MHZ, IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_MASK, IEEE80211_VHT_CAP_SUPP_CHAN_WIDTH_SHIFT, IEEE80211_VHT_CAP_RXLDPC, IEEE80211_VHT_CAP_SHORT_GI_80, IEEE80211_VHT_CAP_SHORT_GI_160, IEEE80211_VHT_CAP_TXSTBC, IEEE80211_VHT_CAP_RXSTBC_1, IEEE80211_VHT_CAP_RXSTBC_2, IEEE80211_VHT_CAP_RXSTBC_3, IEEE80211_VHT_CAP_RXSTBC_4, IEEE80211_VHT_CAP_RXSTBC_MASK, IEEE80211_VHT_CAP_RXSTBC_SHIFT, IEEE80211_VHT_CAP_SU_BEAMFORMER_CAPABLE, IEEE80211_VHT_CAP_SU_BEAMFORMEE_CAPABLE, IEEE80211_VHT_CAP_BEAMFORMEE_STS_SHIFT, IEEE80211_VHT_CAP_BEAMFORMEE_STS_MASK, IEEE80211_VHT_CAP_SOUNDING_DIMENSIONS_SHIFT, IEEE80211_VHT_CAP_SOUNDING_DIMENSIONS_MASK, IEEE80211_VHT_CAP_MU_BEAMFORMER_CAPABLE, IEEE80211_VHT_CAP_MU_BEAMFORMEE_CAPABLE, IEEE80211_VHT_CAP_VHT_TXOP_PS, IEEE80211_VHT_CAP_HTC_VHT, IEEE80211_VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_SHIFT, IEEE80211_VHT_CAP_MAX_A_MPDU_LENGTH_EXPONENT_MASK, IEEE80211_VHT_CAP_VHT_LINK_ADAPTATION_VHT_UNSOL_MFB, IEEE80211_VHT_CAP_VHT_LINK_ADAPTATION_VHT_MRQ_MFB, IEEE80211_VHT_CAP_RX_ANTENNA_PATTERN, IEEE80211_VHT_CAP_TX_ANTENNA_PATTERN, IEEE80211_VHT_CAP_EXT_NSS_BW_SHIFT, IEEE80211_VHT_CAP_EXT_NSS_BW_MASK
ieee80211_vht_mcs_info {
rx_mcs_map int16
rx_highest int16
tx_mcs_map int16
tx_highest int16
} [packed]
ieee80211_vht_cap {
vht_cap_info flags[ieee80211_vht_cap_info, int32]
supp_mcs ieee80211_vht_mcs_info
} [packed]
# As defined by Table 9-45 of IEEE 802.11-2016.
type ieee80211_reason_code[BASE_TYPE] BASE_TYPE[0:66]
# As defined by Table 9-46 of IEEE 802.11-2016.
type ieee80211_status_code[BASE_TYPE] BASE_TYPE[0:107]
# Only NAV is supported at the moment. No CPE or PS-Poll frames.
ieee80211_duration {
duration int16:15
nav_flag const[0, int16:1]
} [packed]
# As defined in sect. 9.2.4.4.1 of IEEE 802.11-2016.
ieee80211_seq_control {
frag_number int16:4
seq_number int16:12
} [packed]
ieee80211_block_ack_ssc {
fragment int16:4
ssn int16:12
} [packed]
# As defined by Table 9-342 of IEEE 802.11-2016.
ieee80211_tdls_action_codes = WLAN_TDLS_SETUP_REQUEST, WLAN_TDLS_SETUP_RESPONSE, WLAN_TDLS_SETUP_CONFIRM, WLAN_TDLS_TEARDOWN, WLAN_TDLS_PEER_TRAFFIC_INDICATION, WLAN_TDLS_CHANNEL_SWITCH_REQUEST, WLAN_TDLS_CHANNEL_SWITCH_RESPONSE, WLAN_TDLS_PEER_PSM_REQUEST, WLAN_TDLS_PEER_PSM_RESPONSE, WLAN_TDLS_PEER_TRAFFIC_RESPONSE, WLAN_TDLS_DISCOVERY_REQUEST
# As defined by Table 9-131 of IEEE 802.11-2016.
ieee80211_cipher_suites = WLAN_CIPHER_SUITE_USE_GROUP, WLAN_CIPHER_SUITE_WEP40, WLAN_CIPHER_SUITE_TKIP, WLAN_CIPHER_SUITE_CCMP, WLAN_CIPHER_SUITE_WEP104, WLAN_CIPHER_SUITE_AES_CMAC, WLAN_CIPHER_SUITE_GCMP, WLAN_CIPHER_SUITE_GCMP_256, WLAN_CIPHER_SUITE_CCMP_256, WLAN_CIPHER_SUITE_BIP_GMAC_128, WLAN_CIPHER_SUITE_BIP_GMAC_256, WLAN_CIPHER_SUITE_BIP_CMAC_256
# As defined by Table 9-133 of IEEE 802.11-2016.
ieee80211_akm_suites = WLAN_AKM_SUITE_8021X, WLAN_AKM_SUITE_PSK, WLAN_AKM_SUITE_FT_8021X, WLAN_AKM_SUITE_FT_PSK, WLAN_AKM_SUITE_8021X_SHA256, WLAN_AKM_SUITE_PSK_SHA256, WLAN_AKM_SUITE_TDLS, WLAN_AKM_SUITE_SAE, WLAN_AKM_SUITE_FT_OVER_SAE, WLAN_AKM_SUITE_AP_PEER_KEY, WLAN_AKM_SUITE_8021X_SUITE_B, WLAN_AKM_SUITE_8021X_SUITE_B_192, WLAN_AKM_SUITE_FT_8021X_SHA384, WLAN_AKM_SUITE_FILS_SHA256, WLAN_AKM_SUITE_FILS_SHA384, WLAN_AKM_SUITE_FT_FILS_SHA256, WLAN_AKM_SUITE_FT_FILS_SHA384, WLAN_AKM_SUITE_OWE, WLAN_AKM_SUITE_FT_PSK_SHA384, WLAN_AKM_SUITE_PSK_SHA384
# Capability Information field (see sect. 9.4.1.4 of IEEE 802.11-2016).
ieee80211_capabilities = WLAN_CAPABILITY_ESS, WLAN_CAPABILITY_IBSS, WLAN_CAPABILITY_CF_POLLABLE, WLAN_CAPABILITY_CF_POLL_REQUEST, WLAN_CAPABILITY_PRIVACY, WLAN_CAPABILITY_SHORT_PREAMBLE, WLAN_CAPABILITY_PBCC, WLAN_CAPABILITY_CHANNEL_AGILITY, WLAN_CAPABILITY_SPECTRUM_MGMT, WLAN_CAPABILITY_QOS, WLAN_CAPABILITY_SHORT_SLOT_TIME, WLAN_CAPABILITY_APSD, WLAN_CAPABILITY_RADIO_MEASURE, WLAN_CAPABILITY_DSSS_OFDM, WLAN_CAPABILITY_DEL_BACK, WLAN_CAPABILITY_IMM_BACK
type ieee80211_capability[TYPE] flags[ieee80211_capabilities, TYPE]
# QoS Control field is quite complicated (see Table 9-6 of IEEE 802.11-2016), but
# for fuzzing purposes we don't really care about most of its bits.
type ieee80211_qos_control[A_MSDU] {
tid int8:4
eosp int8:1
ack_policy int8:2
a_msdu const[A_MSDU, int8:1]
rest int8
} [packed]
type ieee80211_append_qos_control[PAYLOAD, A_MSDU] {
payload PAYLOAD
qos_control ieee80211_qos_control[A_MSDU]
} [packed]
# Operating Mode field (see sect. 9.4.1.53 of IEEE 802.11-2016).
ieee80211_operating_mode {
channel_width int8:2
supp_160_80_80 int8:1
no_ldpc int8:1
rx_nss int8:3
rx_nss_type int8:1
} [packed]
# SM Power Control field (see sect. 9.4.1.23 of IEEE 802.11-2016).
ieee80211_sm_power_control {
smps_enabled int8:1
sm_mode int8:1
reserver const[0, int8:6]
} [packed]
#############################################
# Basic 802.11 frame structures.
#############################################
ieee80211_ht_control_80211n {
vht const[0, int16:1]
link_adaptation_ctrl int16:15
calibration_pos int8:2
calibration_seq int8:2
reserved_1 const[0, int8:2]
csi_steering int8:2
ndp int8:1
reserved_2 const[0, int8:5]
ac int8:1
rdg int8:1
} [packed]
# 802.11ac introduced another version of this struct, but it is omitted because HT header is not supported by mac80211 anyway
ieee80211_ht_control [
ver_80211n ieee80211_ht_control_80211n
]
type ieee80211_append_ht_control[FRAME] {
prefix FRAME
ht_control ieee80211_ht_control
} [packed]
# Generic Frame Control field.
type ieee80211_fc[TO_DS, FROM_DS, TYPE, SUBTYPE, ORDER] {
version const[0, int8:2]
type TYPE
subtype SUBTYPE
to_ds const[TO_DS, int8:1]
from_ds const[FROM_DS, int8:1]
more int8:1
retry int8:1
power_mgmt int8:1
more_data int8:1
protected const[0, int8:1]
order ORDER
} [packed]
# Control packets use a simpler version of Frame Control.
type ieee80211_control_fc[SUBTYPE_CONST] {
version const[0, int8:2]
type const[0x1, int8:2]
subtype const[SUBTYPE_CONST, int8:4]
rest const[0, int8:6]
} [packed]
define IEEE80211_MGMT_FRAME_TYPE (IEEE80211_FTYPE_MGMT >> 2)
define IEEE80211_DATA_FRAME_TYPE (IEEE80211_FTYPE_DATA >> 2)
define IEEE80211_CTL_FRAME_TYPE (IEEE80211_FTYPE_CTL >> 2)
############################################
# Information Elements.
############################################
# Information Element structure (see 9.4.2.1 of IEEE 802.11-2016).
type ieee80211_generic_ie[ID_TYPE, DATA_TYPE] {
id ID_TYPE
len len[data, int8]
data DATA_TYPE
} [packed]
type ieee80211_generic_ie_const[ID_VAL, DATA_TYPE] ieee80211_generic_ie[const[ID_VAL, int8], DATA_TYPE]
type ieee80211_random_vendor_ie ieee80211_generic_ie_const[WLAN_EID_VENDOR_SPECIFIC, array[int8, 6:255]]
# SSID Information Element (see 9.4.2.2 of IEEE 802.11-2016).
type ieee80211_ie_ssid ieee80211_generic_ie_const[WLAN_EID_SSID, ieee80211_ssid]
# SSID Information Element (see 9.4.2.3 of IEEE 802.11-2016).
type ieee80211_ie_supported_rates ieee80211_generic_ie_const[WLAN_EID_SUPP_RATES, array[ieee80211_rate, 0:8]]
# DS Parameter Set / DSSS Information Element (see 9.4.2.4 of IEEE 802.11-2016).
type ieee80211_ie_dsss ieee80211_generic_ie_const[WLAN_EID_DS_PARAMS, ieee80211_channel[int8]]
# CF Parameter Set Information Element (see 9.4.2.5 of IEEE 802.11-2016).
ieee80211_ie_cf_payload {
count int8
period int8
max_duration int16
dur_remaining int16
} [packed]
type ieee80211_ie_cf ieee80211_generic_ie_const[WLAN_EID_CF_PARAMS, ieee80211_ie_cf_payload]
# Traffic Indication Map (TIM) Information Element (see 9.4.2.6 of IEEE 802.11-2016).
ieee80211_ie_tim_payload {
dtim_count int8
dtim_period int8[1:255]
bitmap_control int8
partial_bitmap array[int8, 0:251]
} [packed]
type ieee80211_ie_tim ieee80211_generic_ie_const[WLAN_EID_TIM, ieee80211_ie_tim_payload]
# IBSS Parameter Set Information Element (see 9.4.2.7 of IEEE 802.11-2016).
type ieee80211_ie_ibss ieee80211_generic_ie_const[WLAN_EID_IBSS_PARAMS, int16]
# Challenge Text Information Element (see 9.4.2.8 of IEEE 802.11-2016).
type ieee80211_ie_challenge ieee80211_generic_ie_const[WLAN_EID_CHALLENGE, int8[1:253]]
# Extended Rate PHY (ERP) Information Element (see 9.4.2.12 of IEEE 802.11-2016).
ieee80211_ie_erp_payload {
non_erp_present int8:1
use_protection int8:1
barker_preamble_mode int8:1
reserved const[0, int8:5]
} [packed]
type ieee80211_ie_erp ieee80211_generic_ie_const[WLAN_EID_ERP_INFO, ieee80211_ie_erp_payload]
# Channel Switch Announcement Information Element (see 9.4.2.19 of IEEE 802.11-2016).
ieee80211_ie_channel_switch_annce_payload {
switch_mode int8[0:1]
new_channel ieee80211_channel[int8]
switch_count int8
} [packed]
type ieee80211_ie_channel_switch ieee80211_generic_ie_const[WLAN_EID_CHANNEL_SWITCH, ieee80211_ie_channel_switch_annce_payload]
# Secondary Channel Offset Information Element (see 9.4.2.20 of IEEE 802.11-2016).
type ieee80211_ie_sec_chan_ofs ieee80211_generic_ie_const[WLAN_EID_SECONDARY_CHANNEL_OFFSET, int8[0:3]]
# Measurement Request Information Element (see 9.4.2.21 of IEEE 802.11-2016).
ieee80211_ie_measure_req_payload {
token int8
mode int8
type int8
req_details array[int8]
} [packed]
type ieee80211_ie_measure_req ieee80211_generic_ie_const[WLAN_EID_MEASURE_REQUEST, ieee80211_ie_measure_req_payload]
# Fast BSS Transition element (FTE) (see 9.4.2.48 of IEEE 802.11-2016).
ieee80211_ie_fast_bss_trans_payload {
mic_control_reserved int8
mic_element_count len[params, int8]
mic array[int8, 16]
a_nonce array[int8, 32]
s_nonce array[int8, 32]
params array[ieee80211_generic_ie[int8[1:4], array[int8, 0:40]]]
} [packed]
type ieee80211_ie_fast_bss_trans ieee80211_generic_ie_const[WLAN_EID_FAST_BSS_TRANSITION, ieee80211_ie_fast_bss_trans_payload]
# Extended Channel Switch Announcement Information Element (see 9.4.2.53 of IEEE 802.11-2016).
ieee80211_ie_ext_channel_switch_annce_payload {
switch_mode int8[0:1]
new_class int8
new_channel ieee80211_channel[int8]
switch_count int8
} [packed]
type ieee80211_ie_ext_channel_switch ieee80211_generic_ie_const[WLAN_EID_EXT_CHANSWITCH_ANN, ieee80211_ie_ext_channel_switch_annce_payload]
# Management MIC Information Element (see 9.4.2.55 of IEEE 802.11-2016).
type ieee80211_ie_mic ieee80211_generic_ie_const[WLAN_EID_MIC, ieee80211_ie_mic_payload]
ieee80211_ie_mic_code [
short array[int8, 8]
long array[int8, 16]
] [varlen]
ieee80211_ie_mic_payload {
key_id int16[0:4095]
ipn array[int8, 6]
mic ieee80211_ie_mic_code
} [packed]
# HT Capabilities Information Element (see 9.4.2.56 of IEEE 802.11-2016).
type ieee80211_ie_ht ieee80211_generic_ie_const[WLAN_EID_HT_CAPABILITY, ieee80211_ht_cap]
# Link Identifier Information Element (see 9.4.2.62 of IEEE 802.11-2016).
ieee80211_ie_link_id_payload {
bssid ieee80211_bssid
initiator ieee80211_mac_addr
responder ieee80211_mac_addr
} [packed]
type ieee80211_ie_link_id ieee80211_generic_ie_const[WLAN_EID_LINK_ID, ieee80211_ie_link_id_payload]
# Channel Switch Timing Information Element (see 9.4.2.64 of IEEE 802.11-2016).
ieee80211_ie_channel_switch_timing_payload {
switch_time int16
switch_timeout int16
} [packed]
type ieee80211_ie_channel_switch_timing ieee80211_generic_ie_const[WLAN_EID_CHAN_SWITCH_TIMING, ieee80211_ie_channel_switch_timing_payload]
# Mesh Configuration Information Element (see 9.4.2.98 of IEEE 802.11-2016).
type ieee80211_ie_mesh_config ieee80211_generic_ie_const[WLAN_EID_MESH_CONFIG, ieee80211_ie_mesh_config_payload]
ieee80211_ie_mesh_config_payload {
psel_proto int8[-1:1]
psel_metric int8[-1:1]
cmode_id int8[-1:1]
syncm_id int8[-1:1]
auth_proto int8[-1:2]
mesh_info int8
mesh_cap flags[mesh_config_capab_flags, int8]
} [packed]
mesh_config_capab_flags = IEEE80211_MESHCONF_CAPAB_ACCEPT_PLINKS, IEEE80211_MESHCONF_CAPAB_FORWARDING, IEEE80211_MESHCONF_CAPAB_TBTT_ADJUSTING, IEEE80211_MESHCONF_CAPAB_POWER_SAVE_LEVEL
# Mesh Channel Switch Information Element (see 9.4.2.103 of IEEE 802.11-2016).
ieee80211_ie_mesh_channel_switch_payload {
mesh_ttl int8
mesh_flags int8
mesh_reason ieee80211_reason_code[int16]
meash_pre_value int16
} [packed]
type ieee80211_ie_mesh_channel_switch ieee80211_generic_ie_const[WLAN_EID_CHAN_SWITCH_PARAM, ieee80211_ie_mesh_channel_switch_payload]
# GCR Group Address Information Element (see 9.4.2.126 of IEEE 802.11-2016).
type ieee80211_ie_gcr_ga ieee80211_generic_ie_const[WLAN_EID_GCR_GROUP_ADDR, ieee80211_mac_addr]
# PREQ Information Element (see 9.4.2.113 of IEEE 802.11.2016).
type ieee80211_ie_preq ieee80211_generic_ie_const[WLAN_EID_PREQ, ieee80211_ie_preq_payload]
# See Figure 9-478 of IEEE 802.11-2016.
type ieee80211_preq_flags[AE_CONST] {
gate_anncement int8:1
addr_mode int8:1
proactive_prep int8:1
reserved const[0, int8:3]
ae const[AE_CONST, int8:1]
reserved_2 const[0, int8:1]
} [packed]
# See Figure 9-479 of IEEE 802.11-2016.
ieee80211_preq_target_flags {
target_only int8:1
reserved const[0, int8:1]
usn int8:1
reserved2 const[0, int8:5]
} [packed]
ieee80211_preq_target {
flags ieee80211_preq_target_flags
target_addr ieee80211_mac_addr
target_sn int32
} [packed]
type ieee80211_ie_preq_payload_generic[AE_CONST, ORIGINATOR_TYPE] {
flags ieee80211_preq_flags[AE_CONST]
hop_count int8
ttl int8
discovery_id int32
originator ieee80211_mac_addr
originator_sn int32
originator_ext ORIGINATOR_TYPE
lifetime int32
metric int32
target_count len[targets, int8]
targets array[ieee80211_preq_target]
} [packed]
ieee80211_ie_preq_payload [
ext ieee80211_ie_preq_payload_generic[1, ieee80211_mac_addr]
not_ext ieee80211_ie_preq_payload_generic[0, void]
] [varlen]
# PREP Information Element (see 9.4.2.113 of IEEE 802.11.2016).
type ieee80211_ie_prep ieee80211_generic_ie_const[WLAN_EID_PREP, ieee80211_ie_prep_payload]
# See Figure 9-481 and Figure 9-483 of IEEE 802.11.2016.
type ieee80211_ae_flags[AE_CONST] {
reserved const[0, int8:6]
ae const[AE_CONST, int8:1]
reserved2 const[0, int8:1]
} [packed]
type ieee80211_ie_prep_payload_generic[AE_CONST, TARGET_EXT_TYPE] {
flags ieee80211_ae_flags[AE_CONST]
hop_count int8
ttl int8
target_addr ieee80211_mac_addr
target_sn int32
target_ext TARGET_EXT_TYPE
lifetime int32
metric int32
originator ieee80211_mac_addr
originator_sn int32
} [packed]
ieee80211_ie_prep_payload [
ext ieee80211_ie_prep_payload_generic[1, ieee80211_mac_addr]
not_ext ieee80211_ie_prep_payload_generic[0, void]
] [varlen]
# PERR Information Element (see 9.4.2.115 of IEEE 802.11.2016).
type ieee80211_ie_perr ieee80211_generic_ie_const[WLAN_EID_PERR, ieee80211_ie_perr_payload]
ieee80211_ie_perr_payload {
ttl int8
dest_count len[dest_list, int8]
dest_list array[ieee80211_ie_perr_dest, 0:19]
} [packed]
type ieee80211_ie_perr_dest_generic[AE_CONST, DEST_EXT_TYPE] {
flags ieee80211_ae_flags[AE_CONST]
dest_addr ieee80211_mac_addr
dest_sn int32
dest_ext DEST_EXT_TYPE
reason ieee80211_reason_code[int16]
} [packed]
ieee80211_ie_perr_dest [
ext ieee80211_ie_perr_dest_generic[1, ieee80211_mac_addr]
not_ext ieee80211_ie_perr_dest_generic[0, void]
] [varlen]
# RANN Information Element (see 9.4.2.112 of IEEE 802.11-2016).
type ieee80211_ie_rann ieee80211_generic_ie_const[WLAN_EID_RANN, ieee80211_ie_rann_payload]
# See Figure 9-476 of IEEE 802.11-2016.
ieee80211_rann_flags {
gate_annce int8:1
reserved int8:7
} [packed]
ieee80211_ie_rann_payload {
flags ieee80211_rann_flags
hop_count int8
ttl int8
root_sta ieee80211_mac_addr
hwmp_seqno int32
interval int32
metric int32
} [packed]
# Mesh ID Information Element (see 9.4.2.99 of IEEE 802.11-2016).
type ieee80211_ie_mesh_id ieee80211_generic_ie_const[WLAN_EID_MESH_ID, ieee80211_mesh_id]
# Mesh Peering Management (see 9.4.2.102 of IEEE 802.11-2016).
type ieee80211_ie_peer_mgmt ieee80211_generic_ie_const[WLAN_EID_PEER_MGMT, ieee80211_ie_peering_mgmt_payload]
ieee80211_ie_peering_mgmt_payload {
proto_id int16[0:1]
local_link_id int16
peer_link_id optional[int16]
reason_code optional[ieee80211_reason_code[int16]]
pmk optional[array[int8, 16]]
} [packed]
# This union is not used in packet descriptions because IEs have a strictly specified order there.
# It is only needed to feed nl80211 commands that require IEs.
ieee80211_ie [
ssid ieee80211_ie_ssid
supported_rates ieee80211_ie_supported_rates
dsss ieee80211_ie_dsss
cf ieee80211_ie_cf
tim ieee80211_ie_tim
ibss ieee80211_ie_ibss
challenge ieee80211_ie_challenge
erp ieee80211_ie_erp
channel_switch ieee80211_ie_channel_switch
sec_chan_ofs ieee80211_ie_sec_chan_ofs
measure_req ieee80211_ie_measure_req
fast_bss_trans ieee80211_ie_fast_bss_trans
ext_channel_switch ieee80211_ie_ext_channel_switch
ht ieee80211_ie_ht
link_id ieee80211_ie_link_id
chsw_timing ieee80211_ie_channel_switch_timing
mesh_chsw ieee80211_ie_mesh_channel_switch
gcr_ga ieee80211_ie_gcr_ga
preq ieee80211_ie_preq
prep ieee80211_ie_prep
perr ieee80211_ie_perr
rann ieee80211_ie_rann
mesh_id ieee80211_ie_mesh_id
mesh_config ieee80211_ie_mesh_config
peer_mgmt ieee80211_ie_peer_mgmt
mic ieee80211_ie_mic
random_vendor ieee80211_random_vendor_ie
random ieee80211_generic_ie[int8, array[int8, 0:253]]
] [varlen]
##################################################
# 802.11 Data frames (9.3.2 of IEEE 802.11-2016)
##################################################
# Specific 802.11 data frame headers determined by to_ds and from_ds values.
# See Table 26 of IEEE 802.11-2016.
type ieee80211_data_gen_hdr[TO, FROM, SUBTYPE, ORDER, ADDR_1, ADDR_2, ADDR_3, ADDR_4] {
fc ieee80211_fc[TO, FROM, const[IEEE80211_DATA_FRAME_TYPE, int8:2], SUBTYPE, ORDER]
duration ieee80211_duration
addr_1 ADDR_1
addr_2 ADDR_2
addr_3 ADDR_3
seqno ieee80211_seq_control
addr_4 ADDR_4
} [packed]
type ieee80211_msdu_header[SUBTYPE, ORDER] [
# 00: RA = DA, TA = SA, BSSID
type00 ieee80211_data_gen_hdr[0, 0, SUBTYPE, ORDER, ieee80211_mac_addr, ieee80211_mac_addr, ieee80211_bssid, void]
# 01: RA = DA, TA = BSSID, SA
type01 ieee80211_data_gen_hdr[0, 1, SUBTYPE, ORDER, ieee80211_mac_addr, ieee80211_bssid, ieee80211_mac_addr, void]
# 10: RA = BSSID, TA = SA, DA
type10 ieee80211_data_gen_hdr[1, 0, SUBTYPE, ORDER, ieee80211_bssid, ieee80211_mac_addr, ieee80211_mac_addr, void]
# 11: RA, TA, DA, SA
type11 ieee80211_data_gen_hdr[1, 1, SUBTYPE, ORDER, ieee80211_mac_addr, ieee80211_mac_addr, ieee80211_mac_addr, ieee80211_mac_addr]
] [varlen]
type ieee80211_a_msdu_header[SUBTYPE, ORDER] [
# 00: RA = DA, TA = SA, BSSID
type00 ieee80211_data_gen_hdr[0, 0, SUBTYPE, ORDER, ieee80211_mac_addr, ieee80211_mac_addr, ieee80211_bssid, void]
# 01: RA = DA, TA = BSSID, BSSID
type01 ieee80211_data_gen_hdr[0, 1, SUBTYPE, ORDER, ieee80211_mac_addr, ieee80211_bssid, ieee80211_bssid, void]
# 10: RA = BSSID, TA = SA, BSSID
type10 ieee80211_data_gen_hdr[1, 0, SUBTYPE, ORDER, ieee80211_bssid, ieee80211_mac_addr, ieee80211_bssid, void]
# 11: RA, TA, BSSID, SA
type11 ieee80211_data_gen_hdr[1, 1, SUBTYPE, ORDER, ieee80211_mac_addr, ieee80211_mac_addr, ieee80211_bssid, ieee80211_mac_addr]
] [varlen]
type ieee80211_data_frame_no_qos_hdr ieee80211_msdu_header[int8:4[0x0:0x7], int8:1]
type ieee80211_data_frame_qos_hdr[ORDER] {
msdu ieee80211_append_qos_control[ieee80211_msdu_header[int8:4[0x8:0xf], ORDER], 0x0]
a_msdu ieee80211_append_qos_control[ieee80211_a_msdu_header[int8:4[0x8:0xf], ORDER], 0x1]
} [packed]
ieee80211_data_frame_hdr [
no_qos ieee80211_data_frame_no_qos_hdr
qos_no_ht ieee80211_data_frame_qos_hdr[const[0, int8:1]]
qos_ht ieee80211_append_ht_control[ieee80211_data_frame_qos_hdr[const[0x1, int8:1]]]
] [varlen]
ieee80211_a_msdu_subframe {
da ieee80211_mac_addr
sa ieee80211_mac_addr
len len[data, int16]
data array[int8]
} [packed, align[4]]
ieee80211_data_frame_payload [
random array[int8, 0:IEEE80211_MAX_DATA_LEN]
a_msdu array[ieee80211_a_msdu_subframe]
] [varlen]
ieee80211_data_frame {
header ieee80211_data_frame_hdr
payload ieee80211_data_frame_payload
} [packed]
###############################################
# 802.11 Management frames
###############################################
define IEEE80211_MGMT_FRAME_ASSOC_REQ (IEEE80211_STYPE_ASSOC_REQ >> 4)
define IEEE80211_MGMT_FRAME_ASSOC_RESP (IEEE80211_STYPE_ASSOC_RESP >> 4)
define IEEE80211_MGMT_FRAME_REASSOC_REQ (IEEE80211_STYPE_REASSOC_REQ >> 4)
define IEEE80211_MGMT_FRAME_REASSOC_RESP (IEEE80211_STYPE_REASSOC_RESP >> 4)
define IEEE80211_MGMT_FRAME_PROBE_REQ (IEEE80211_STYPE_PROBE_REQ >> 4)
define IEEE80211_MGMT_FRAME_PROBE_RESP (IEEE80211_STYPE_PROBE_RESP >> 4)
define IEEE80211_MGMT_FRAME_BEACON (IEEE80211_STYPE_BEACON >> 4)
define IEEE80211_MGMT_FRAME_ATIM (IEEE80211_STYPE_ATIM >> 4)
define IEEE80211_MGMT_FRAME_DISASSOC (IEEE80211_STYPE_DISASSOC >> 4)
define IEEE80211_MGMT_FRAME_AUTH (IEEE80211_STYPE_AUTH >> 4)
define IEEE80211_MGMT_FRAME_DEAUTH (IEEE80211_STYPE_DEAUTH >> 4)
define IEEE80211_MGMT_FRAME_ACTION (IEEE80211_STYPE_ACTION >> 4)
define IEEE80211_MGMT_FRAME_ACTION_NOACK ((IEEE80211_STYPE_ACTION >> 4) + 1)
type ieee80211_pre_mgmt_header[SUBTYPE_CONST, ORDER_CONST] {
fc ieee80211_fc[0, 0, const[IEEE80211_MGMT_FRAME_TYPE, int8:2], const[SUBTYPE_CONST, int8:4], const[ORDER_CONST, int8:1]]
duration ieee80211_duration
addr_1 ieee80211_mac_addr
addr_2 ieee80211_mac_addr
addr_3 ieee80211_bssid
seqno ieee80211_seq_control
} [packed]
type ieee80211_mgmt_header[SUBTYPE_CONST] [
wo_ht ieee80211_pre_mgmt_header[SUBTYPE_CONST, 0x0]
with_ht ieee80211_append_ht_control[ieee80211_pre_mgmt_header[SUBTYPE_CONST, 0x1]]
] [varlen]
# Beacon frame (see Table 9-27 of IEEE 802.11-2016).
ieee80211_mgmt_beacon {
header ieee80211_mgmt_header[IEEE80211_MGMT_FRAME_BEACON]
timestamp ieee80211_timestamp
beacon_interval ieee80211_beacon_interval[int16]
capability ieee80211_capability[int16]
ssid optional[ieee80211_ie_ssid]
supported_rates optional[ieee80211_ie_supported_rates]
dsss optional[ieee80211_ie_dsss]
cf optional[ieee80211_ie_cf]
ibss optional[ieee80211_ie_ibss]
tim optional[ieee80211_ie_tim]
chsw optional[ieee80211_ie_channel_switch]
erp optional[ieee80211_ie_erp]
expt_chsw optional[ieee80211_ie_ext_channel_switch]
ht optional[ieee80211_ie_ht]
mesh_id optional[ieee80211_ie_mesh_id]
mesh_config optional[ieee80211_ie_mesh_config]
mesh_chsw optional[ieee80211_ie_mesh_channel_switch]
vendor array[ieee80211_random_vendor_ie]
} [packed]
# Disassociation frame (see Table 9-28 of IEEE 802.11-2016).
ieee80211_mgmt_disassoc_frame {
header ieee80211_mgmt_header[IEEE80211_MGMT_FRAME_DISASSOC]
reason_code ieee80211_reason_code[int16]
mic optional[ieee80211_ie_mic]
} [packed]
# Association Request (see Table 9-29 of IEEE 802.11-2016).
ieee80211_mgmt_assoc_req_frame {
header ieee80211_mgmt_header[IEEE80211_MGMT_FRAME_ASSOC_REQ]
capabilities ieee80211_capability[int16]
listen_interval int16
ssid ieee80211_ie_ssid
supported_rates optional[ieee80211_ie_supported_rates]
ht optional[ieee80211_ie_ht]
vendor array[ieee80211_random_vendor_ie]
} [packed]
# Association Response (see Table 9-30 of IEEE 802.11-2016).
ieee80211_mgmt_assoc_resp_frame {
header ieee80211_mgmt_header[IEEE80211_MGMT_FRAME_ASSOC_RESP]
capabilities ieee80211_capability[int16]
status_code ieee80211_status_code[int16]
assoc_id ieee80211_assoc_id
supported_rates optional[ieee80211_ie_supported_rates]
ht optional[ieee80211_ie_ht]
vendor array[ieee80211_random_vendor_ie]
} [packed]
# Reassociation Request (see Table 9-31 of IEEE 802.11-2016).
ieee80211_mgmt_reassoc_req_frame {
header ieee80211_mgmt_header[IEEE80211_MGMT_FRAME_REASSOC_REQ]
capabilities ieee80211_capability[int16]
listen_interval int16
current_ap ieee80211_mac_addr
ssid ieee80211_ie_ssid
supported_rates optional[ieee80211_ie_supported_rates]
ht optional[ieee80211_ie_ht]
vendor array[ieee80211_random_vendor_ie]
} [packed]
# Reassociation Response (see Table 9-32 of IEEE 802.11-2016).
ieee80211_mgmt_reassoc_resp_frame {
header ieee80211_mgmt_header[IEEE80211_MGMT_FRAME_REASSOC_RESP]
capabilities ieee80211_capability[int16]
status_code ieee80211_status_code[int16]
assoc_id ieee80211_assoc_id
supported_rates optional[ieee80211_ie_supported_rates]
ht optional[ieee80211_ie_ht]
vendor array[ieee80211_random_vendor_ie]
} [packed]
# Probe Request (see Table 9-33 of IEEE 802.11-2016).
ieee80211_mgmt_probe_request {
header ieee80211_mgmt_header[IEEE80211_MGMT_FRAME_PROBE_REQ]
ssid optional[ieee80211_ie_ssid]
supported_rates optional[ieee80211_ie_supported_rates]
dsss optional[ieee80211_ie_dsss]
ht optional[ieee80211_ie_ht]
mesh_id optional[ieee80211_ie_mesh_id]
vendor array[ieee80211_random_vendor_ie]
} [packed]
# Probe Response (see Table 9-34 of IEEE 802.11-2016).
ieee80211_mgmt_probe_response {
header ieee80211_mgmt_header[IEEE80211_MGMT_FRAME_PROBE_RESP]
timestamp ieee80211_timestamp
beacon_interval ieee80211_beacon_interval[int16]
capabilities ieee80211_capability[int16]
ssid optional[ieee80211_ie_ssid]
supported_rates optional[ieee80211_ie_supported_rates]
dsss optional[ieee80211_ie_dsss]
cf optional[ieee80211_ie_cf]
ibss optional[ieee80211_ie_ibss]
ht optional[ieee80211_ie_ht]
mesh_id optional[ieee80211_ie_mesh_id]
mesh_config optional[ieee80211_ie_mesh_config]
vendor array[ieee80211_random_vendor_ie]
} [packed]
# Authentication (see Table 9-35 of IEEE 802.11-2016).
ieee80211_mgmt_auth_frame {
header ieee80211_mgmt_header[IEEE80211_MGMT_FRAME_AUTH]
algo int16[0:1]
trans_seq int16[0:4]
status ieee80211_status_code[int16]
challenge_tag optional[ieee80211_ie_challenge]
vendor array[ieee80211_random_vendor_ie]
} [packed]
# Deauthenticaiton (see Table 9-37 of IEEE 802.11-2016).
ieee80211_mgmt_deauth_frame {
header ieee80211_mgmt_header[IEEE80211_MGMT_FRAME_DEAUTH]
reason_code ieee80211_reason_code[int16]
mic optional[ieee80211_ie_mic]
} [packed]
ieee80211_mgmt_frame [
probe_request ieee80211_mgmt_probe_request
probe_response ieee80211_mgmt_probe_response
beacon ieee80211_mgmt_beacon
action ieee80211_mgmt_action
action_no_ack ieee80211_mgmt_action_no_ack
assoc_req ieee80211_mgmt_assoc_req_frame
assoc_resp ieee80211_mgmt_assoc_resp_frame
disassoc ieee80211_mgmt_disassoc_frame
deauth ieee80211_mgmt_deauth_frame
reassoc_req ieee80211_mgmt_reassoc_req_frame
reassoc_resp ieee80211_mgmt_reassoc_resp_frame
auth ieee80211_mgmt_auth_frame
] [varlen]
######################################################
# 802.11 Management Action frames
######################################################
# This is a large group of frames, so it is placed in a separate section.
type ieee80211_mgmt_action_raw[CATEGORY, ACTION, PAYLOAD_TYPE] {
category const[CATEGORY, int8]
action const[ACTION, int8]
payload PAYLOAD_TYPE
} [packed]
# Measurement Request (see sect. 9.6.2.2 of IEEE 802.11-2016).
ieee80211_mgmt_action_measure_req {
dialog_token int8
ie array[ieee80211_ie_measure_req]
} [packed]
# Channel Switch Announcement (see sect. 9.6.2.6 of IEEE 802.11-2016).
ieee80211_mgmt_action_channel_switch {
channel_switch ieee80211_ie_channel_switch
secondary optional[ieee80211_ie_sec_chan_ofs]
mesh optional[ieee80211_ie_mesh_channel_switch]
} [packed]
# ADDBA Request (see sect. 9.6.5.2 of IEEE 802.11-2016).
ieee80211_mgmt_action_addba_req {
dialog_token int8
block_ack_param ieee80211_block_ack_param_set
timeout_value int16
ssc ieee80211_block_ack_ssc
} [packed]
ieee80211_block_ack_param_set {
amsdu_supported int16:1
block_ack_policy int16:1
tid int16:4
buffer_size int16:10
} [packed]
# ADDBA Response (see sect. 9.6.5.3 of IEEE 802.11-2016).
ieee80211_mgmt_action_addba_resp {
dialog_token int8
status ieee80211_status_code[int16]
block_ack_param ieee80211_block_ack_param_set
timeout_value int16
} [packed]
# DELBA (see sect. 9.6.5.4 of IEEE 802.11-2016).
ieee80211_mgmt_action_delba {
delba_params ieee80211_delba_param_set
reason ieee80211_reason_code[int16]
group_addr_ie ieee80211_ie_gcr_ga
} [packed]
ieee80211_delba_param_set {
reserved const[0, int16:11]
initiator int16:1
tid int16:4
} [packed]
# Extended Channel Switch Announcement (see sect. 9.6.8.7 of IEEE 802.11-2016).
ieee80211_mgmt_action_ext_chan_switch {
annce_ie ieee80211_ie_ext_channel_switch_annce_payload
mesh_ie optional[ieee80211_ie_mesh_channel_switch]
} [packed]
# See Table 9-343 and Table 9-344 of 802.11-2016.
type ieee80211_mgmt_action_generic_tdls_setup[ACTION, STATUS] {
category const[WLAN_CATEGORY_TDLS, int8]
action const[ACTION, int8]
status STATUS
dialog_token int8
capability optional[ieee80211_capability[int16]]
supported_rates optional[ieee80211_ie_supported_rates]
ht optional[ieee80211_ie_ht]
link_id optional[ieee80211_ie_link_id]
} [packed]
# TDLS Setup Confirm (see sect. 9.6.13.4 of IEEE 802.11-2016).
ieee80211_mgmt_action_tdls_cfm {
status ieee80211_status_code[int16]
dialog_token int8
} [packed]
# TDLS Channel Switch Request (see sect. 9.6.13.7 of IEEE 802.11-2016).
ieee80211_mgmt_action_tdls_chsw_req {
target_channel ieee80211_channel[int8]
operating_class int8
secondary optional[ieee80211_ie_sec_chan_ofs]
link_id ieee80211_ie_link_id
timing ieee80211_ie_channel_switch_timing
} [packed]
# TDLS Channel Switch Response (see sect. 9.6.13.8 of IEEE 802.11-2016).
ieee80211_mgmt_action_tdls_chsw_resp {
status ieee80211_status_code[int16]
link_id ieee80211_ie_link_id
timing ieee80211_ie_channel_switch_timing
} [packed]
# TDLS Discovery Request (see sect. 9.6.13.12 of IEEE 802.11-2016).
ieee80211_mgmt_action_tdls_disc_req {
dialog_token int8
link_id ieee80211_ie_link_id
} [packed]
# TDLS Teardown (see sect. 9.6.13.5 of IEEE 802.11-2016).
ieee80211_mgmt_action_tdls_teardown {
reason ieee80211_reason_code[int16]
fte ieee80211_ie_fast_bss_trans
link_id ieee80211_ie_link_id
} [packed]
# Notify Channel Width (see sect. 9.6.12.2 of IEEE 802.11-2016).
type ieee80211_mgmt_action_notify_ch_sw int8[0:1]
# Group ID Management (see sect. 9.6.23.3 of IEEE 802.11-2016).
ieee80211_mgmt_action_group_id {
membership_status int64
user_positions array[int8, 16]
} [packed]
# Operating Mode Notification (see sect. 9.6.23.4 of IEEE 802.11-2016).
type ieee80211_mgmt_action_op_mode_ntf ieee80211_operating_mode
# HWMP Mesh Path Selection (see sect. 9.6.17.3 of IEEE 802.11-2016).
ieee80211_mgmt_action_hwmp_path_sel {
preq optional[ieee80211_ie_preq]
prep optional[ieee80211_ie_prep]
perr optional[ieee80211_ie_perr]
rann optional[ieee80211_ie_rann]
} [packed]
# Mesh Peering Open (see sect. 9.6.16.2 of IEEE 802.11-2016).
ieee80211_mgmt_action_mesh_peering_open {
capability ieee80211_capability[int16]
supported_rates ieee80211_ie_supported_rates
mesh_id optional[ieee80211_ie_mesh_id]
ht optional[ieee80211_ie_ht]
} [packed]
# Mesh Peering Confirm (see sect. 9.6.16.3 of IEEE 802.11-2016).
ieee80211_mgmt_action_mesh_peering_confirm {
capability ieee80211_capability[int16]
aid ieee80211_assoc_id
supported_rates ieee80211_ie_supported_rates
mesh_id optional[ieee80211_ie_mesh_id]
ht optional[ieee80211_ie_ht]
} [packed]
# Mesh Peering Close (see sect. 9.6.16.4 of IEEE 802.11-2016).
ieee80211_mgmt_action_mesh_peering_close {
mesh_id ieee80211_ie_mesh_id
mgmt ieee80211_ie_peer_mgmt
} [packed]
ieee80211_mgmt_action_payload [
measure_req ieee80211_mgmt_action_raw[WLAN_CATEGORY_SPECTRUM_MGMT, WLAN_ACTION_SPCT_MSR_REQ, ieee80211_mgmt_action_measure_req]
channel_switch ieee80211_mgmt_action_raw[WLAN_CATEGORY_SPECTRUM_MGMT, WLAN_ACTION_SPCT_CHL_SWITCH, ieee80211_mgmt_action_channel_switch]
addba_req ieee80211_mgmt_action_raw[WLAN_CATEGORY_BACK, WLAN_ACTION_ADDBA_REQ, ieee80211_mgmt_action_addba_req]
addba_resp ieee80211_mgmt_action_raw[WLAN_CATEGORY_BACK, WLAN_ACTION_ADDBA_RESP, ieee80211_mgmt_action_addba_resp]
delba ieee80211_mgmt_action_raw[WLAN_CATEGORY_BACK, WLAN_ACTION_DELBA, ieee80211_mgmt_action_delba]
ext_ch_sw ieee80211_mgmt_action_raw[WLAN_CATEGORY_PUBLIC, WLAN_PUB_ACTION_EXT_CHANSW_ANN, ieee80211_mgmt_action_ext_chan_switch]
ntf_ch_w ieee80211_mgmt_action_raw[WLAN_CATEGORY_HT, WLAN_HT_ACTION_NOTIFY_CHANWIDTH, ieee80211_mgmt_action_notify_ch_sw]
smps ieee80211_mgmt_action_raw[WLAN_CATEGORY_HT, WLAN_HT_ACTION_SMPS, ieee80211_sm_power_control]
sa_query_req ieee80211_mgmt_action_raw[WLAN_CATEGORY_SA_QUERY, WLAN_ACTION_SA_QUERY_REQUEST, int16]
tdls_setup_req ieee80211_mgmt_action_generic_tdls_setup[WLAN_TDLS_SETUP_REQUEST, void]
tdls_setup_resp ieee80211_mgmt_action_generic_tdls_setup[WLAN_TDLS_SETUP_RESPONSE, ieee80211_status_code[int16]]
tdls_setup_cfm ieee80211_mgmt_action_raw[WLAN_CATEGORY_TDLS, WLAN_TDLS_SETUP_CONFIRM, ieee80211_mgmt_action_tdls_cfm]
tdls_teardown ieee80211_mgmt_action_raw[WLAN_CATEGORY_TDLS, WLAN_TDLS_TEARDOWN, ieee80211_mgmt_action_tdls_teardown]
tdls_chsw_req ieee80211_mgmt_action_raw[WLAN_CATEGORY_TDLS, WLAN_TDLS_CHANNEL_SWITCH_REQUEST, ieee80211_mgmt_action_tdls_chsw_req]
tdls_chsw_resp ieee80211_mgmt_action_raw[WLAN_CATEGORY_TDLS, WLAN_TDLS_CHANNEL_SWITCH_RESPONSE, ieee80211_mgmt_action_tdls_chsw_resp]
tdls_disc_req ieee80211_mgmt_action_raw[WLAN_CATEGORY_TDLS, WLAN_TDLS_DISCOVERY_REQUEST, ieee80211_mgmt_action_tdls_disc_req]
vht_op_mode_ntf ieee80211_mgmt_action_raw[WLAN_CATEGORY_VHT, WLAN_VHT_ACTION_OPMODE_NOTIF, ieee80211_mgmt_action_op_mode_ntf]
vht_group_id ieee80211_mgmt_action_raw[WLAN_CATEGORY_VHT, WLAN_VHT_ACTION_GROUPID_MGMT, ieee80211_mgmt_action_group_id]
mesh_hwmp_psel ieee80211_mgmt_action_raw[WLAN_CATEGORY_MESH_ACTION, WLAN_MESH_ACTION_HWMP_PATH_SELECTION, ieee80211_mgmt_action_hwmp_path_sel]
sp_mp_open ieee80211_mgmt_action_raw[WLAN_CATEGORY_SELF_PROTECTED, WLAN_SP_MESH_PEERING_OPEN, ieee80211_mgmt_action_mesh_peering_open]
sp_mp_confirm ieee80211_mgmt_action_raw[WLAN_CATEGORY_SELF_PROTECTED, WLAN_SP_MESH_PEERING_CONFIRM, ieee80211_mgmt_action_mesh_peering_confirm]
sp_mp_close ieee80211_mgmt_action_raw[WLAN_CATEGORY_SELF_PROTECTED, WLAN_SP_MESH_PEERING_CLOSE, ieee80211_mgmt_action_mesh_peering_close]
] [varlen]
ieee80211_mgmt_action {
header ieee80211_mgmt_header[IEEE80211_MGMT_FRAME_ACTION]
payload ieee80211_mgmt_action_payload
} [packed]
ieee80211_mgmt_action_no_ack {
header ieee80211_mgmt_header[IEEE80211_MGMT_FRAME_ACTION_NOACK]
payload ieee80211_mgmt_action_payload
} [packed]
####################################
# Control frames.
####################################
# For details see sect. 9.3.1 of IEEE 802.11-2016.
define IEEE80211_MGMT_CTL_CTL_EXT (IEEE80211_STYPE_CTL_EXT >> 4)
define IEEE80211_MGMT_CTL_BACK_REQ (IEEE80211_STYPE_BACK_REQ >> 4)
define IEEE80211_MGMT_CTL_BACK (IEEE80211_STYPE_BACK >> 4)
define IEEE80211_MGMT_CTL_PSPOLL (IEEE80211_STYPE_PSPOLL >> 4)
define IEEE80211_MGMT_CTL_RTS (IEEE80211_STYPE_RTS >> 4)
define IEEE80211_MGMT_CTL_CTS (IEEE80211_STYPE_CTS >> 4)
define IEEE80211_MGMT_CTL_ACK (IEEE80211_STYPE_ACK >> 4)
define IEEE80211_MGMT_CTL_CFEND (IEEE80211_STYPE_CFEND >> 4)
define IEEE80211_MGMT_CTL_CFENDACK (IEEE80211_STYPE_CFENDACK >> 4)
# Request to Send (RTS) frame.
ieee80211_ctrl_rts {
header ieee80211_control_fc[IEEE80211_MGMT_CTL_RTS]
duration ieee80211_duration
receiver ieee80211_mac_addr
transmitter ieee80211_mac_addr
} [packed]
# Clear to Send (CTS) frame.
ieee80211_ctrl_cts {
header ieee80211_control_fc[IEEE80211_MGMT_CTL_CTS]
duration ieee80211_duration
receiver ieee80211_mac_addr
} [packed]
# Acknowledgement (ACK) frame.
ieee80211_ctrl_ack {
header ieee80211_control_fc[IEEE80211_MGMT_CTL_ACK]
duration ieee80211_duration
receiver ieee80211_mac_addr
} [packed]
# Contention-Free End (CF-End) frame.
ieee80211_ctrl_cf_end {
header ieee80211_control_fc[IEEE80211_MGMT_CTL_CFEND]
duration ieee80211_duration
receiver ieee80211_mac_addr
bssid ieee80211_bssid
} [packed]
# CF-End & CF-Ack frame.
ieee80211_ctrl_cf_end_cf_ack {
header ieee80211_control_fc[IEEE80211_MGMT_CTL_CFENDACK]
duration ieee80211_duration
receiver ieee80211_mac_addr
transmitter ieee80211_mac_addr
} [packed]
# Power-Save Poll (PS-Poll) frame.
ieee80211_ctrl_pspoll {
header ieee80211_control_fc[IEEE80211_MGMT_CTL_PSPOLL]
assoc_id ieee80211_assoc_id
bssid ieee80211_bssid
transmitter ieee80211_mac_addr
} [packed]
# Block Ack Request (BAR) frame (802.11n).
type ieee80211_ctrl_bar_control[MULTI_CONST, COMPRESSED_CONST, TID_INFO] {
ack_policy int8:1
multi_tid const[MULTI_CONST, int8:1]
compressed_bitmap const[COMPRESSED_CONST, int8:1]
reserved const[0, int16:9]
tid_info TID_INFO
} [packed]
type ieee80211_ctrl_bar_info[SUFFIX] {
tid_reserved const[0, int16:12]
tid_value int16:4
ssc ieee80211_block_ack_ssc
suffix SUFFIX
} [packed]
type ieee80211_ctrl_bar_simple_req[COMPRESSED] {
control_hdr ieee80211_ctrl_bar_control[0, COMPRESSED, int8:4]
ssc ieee80211_block_ack_ssc
} [packed]
ieee80211_ctrl_bar_multi {
control ieee80211_ctrl_bar_control[1, 1, len[ieee80211_ctrl_bar_multi:bar_info, int8:4]]
bar_info array[ieee80211_ctrl_bar_info[array[int8, 8]]]
} [packed]
ieee80211_ctrl_bar_any [
basic ieee80211_ctrl_bar_simple_req[0]
compressed ieee80211_ctrl_bar_simple_req[1]
multi ieee80211_ctrl_bar_multi
] [varlen]
ieee80211_ctrl_bar {
header ieee80211_control_fc[IEEE80211_MGMT_CTL_BACK_REQ]
duration ieee80211_duration
receiver ieee80211_mac_addr
transmitter ieee80211_mac_addr
payload ieee80211_ctrl_bar_any
} [packed]
# Block Ack (BA) frame (802.11n).
type ieee80211_ctrl_ba_single[COMPRESSED, LEN] {
control ieee80211_ctrl_bar_control[0, COMPRESSED, int8:4]
ssc ieee80211_block_ack_ssc
ack_bitmap array[int8, LEN]
} [packed]
ieee80211_ctrl_ba_multi {
control ieee80211_ctrl_bar_control[1, 1, len[ieee80211_ctrl_ba_multi:tid_list, int8:4]]
tid_list array[ieee80211_ctrl_bar_info[array[int8, 8]]]
# There must be TID_INFO + 1 entries, so we add an extra one.
extra_tid ieee80211_ctrl_bar_info[array[int8, 8]]
} [packed]
ieee80211_ctrl_ba_any [
basic ieee80211_ctrl_ba_single[0, 128]
compressed ieee80211_ctrl_ba_single[1, 8]
multi ieee80211_ctrl_ba_multi
] [varlen]
ieee80211_ctrl_ba {
header ieee80211_control_fc[IEEE80211_MGMT_CTL_BACK]
duration ieee80211_duration
receiver ieee80211_mac_addr
transmitter ieee80211_mac_addr
payload ieee80211_ctrl_ba_any
} [packed]
ieee80211_ctrl_frame [
rts ieee80211_ctrl_rts
cts ieee80211_ctrl_cts
ack ieee80211_ctrl_ack
pspoll ieee80211_ctrl_pspoll
bar ieee80211_ctrl_bar
ba ieee80211_ctrl_ba
cf_end ieee80211_ctrl_cf_end
cf_end_cf_ack ieee80211_ctrl_cf_end_cf_ack
] [varlen]