1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
|
.\" $OpenBSD: ieee80211_radiotap.9,v 1.7 2006/06/27 04:18:05 jsg Exp $
.\"
.\" Copyright (c) 2004 Bruce M. Simpson <bms@spc.org>,
.\" Darron Broad <darron@kewl.org>,
.\" David Young <dyoung@pobox.com>.
.\" All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\" notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\" notice, this list of conditions and the following disclaimer in the
.\" documentation and/or other materials provided with the distribution.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\" $FreeBSD: src/share/man/man9/ieee80211_radiotap.9,v 1.3 2004/07/07 12:59:39 ru Exp $
.\" $Id: ieee80211_radiotap.9,v 1.7 2006/06/27 04:18:05 jsg Exp $
.\"
.Dd March 2, 2004
.Dt IEEE80211_RADIOTAP 9
.Os
.Sh NAME
.Nm ieee80211_radiotap
.Nd software 802.11 stack packet capture definitions
.Sh SYNOPSIS
.In net80211/ieee80211_var.h
.In net80211/ieee80211_ioctl.h
.In net80211/ieee80211_radiotap.h
.In net/bpf.h
.\"
.Sh DESCRIPTION
The
.Nm
definitions provide a device-independent
.Xr bpf 4
attachment for the
capture of information about 802.11 traffic which is not part of
the 802.11 frame structure.
.Pp
Radiotap was designed to balance the desire for a capture format
that conserved CPU and memory bandwidth on embedded systems,
with the desire for a hardware-independent, extensible format
that would support the diverse capabilities of virtually all
802.11
radios.
.Pp
These considerations led radiotap to settle on a format consisting of
a standard preamble followed by an extensible bitmap indicating the
presence of optional capture fields.
.Pp
The capture fields were packed into the header as compactly as possible,
modulo the requirements that they had to be packed swiftly,
with suitable alignment, in the same order as the bits indicating
their presence.
.Pp
This typically includes information such as signal quality and
timestamps.
This information may be used by a variety of user agents, including
.Xr tcpdump 8 .
It is requested by using the
.Xr bpf 4
data-link type
.Dv DLT_IEEE_80211_RADIO .
.Pp
.\"
Each frame using this attachment has the following header prepended to it:
.Bd -literal -offset indent
struct ieee80211_radiotap_header {
u_int8_t it_version; /* set to 0 */
u_int8_t it_pad;
u_int16_t it_len; /* entire length */
u_int32_t it_present; /* fields present */
} __packed;
.Ed
.Pp
.\"
A device driver implementing
.Vt radiotap
typically defines a packed structure embedding an instance of
.Vt "struct ieee80211_radiotap_header"
at the beginning,
with subsequent fields in the appropriate order,
and a macro to set the bits of the
.Va it_present
bitmap to indicate which fields exist and are filled in by the driver.
.\"
.Pp
Radiotap headers are copied to userland via a separate bpf attachment.
It is necessary for the driver to create this attachment after calling
.Xr ieee80211_ifattach 9
by calling
.Fn bpfattach2
with the data-link type set to
.Dv DLT_IEEE_80211_RADIO .
.Pp
.\"
When the information is available,
usually immediately before a link-layer transmission or after a receive,
the driver copies it to the bpf layer using the
.Fn bpf_mtap2
function.
.Pp
.\"
The following extension fields are defined for
.Vt radiotap ,
in the order in which they should appear in the buffer copied to userland:
.Bl -tag -width indent
.It Dv IEEE80211_RADIOTAP_TSFT
This field contains the unsigned 64-bit value, in microseconds,
of the MAC's 802.11 Time Synchronization Function timer,
when the first bit of the MPDU arrived at the MAC.
This field should be present for received frames only.
.It Dv IEEE80211_RADIOTAP_FLAGS
This field contains a single unsigned 8-bit value, containing a bitmap
of flags specifying properties of the frame being transmitted or received.
.It Dv IEEE80211_RADIOTAP_RATE
This field contains a single unsigned 8-bit value, which is the data rate in
use in units of 500Kbps.
.It Dv IEEE80211_RADIOTAP_CHANNEL
This field contains two unsigned 16-bit values.
The first value is the frequency upon which this PDU was transmitted
or received.
The second value is a bitmap containing flags which specify properties of
the channel in use.
These are documented within the header file
.Aq Pa net80211/ieee80211_radiotap.h .
.It Dv IEEE80211_RADIOTAP_FHSS
This field contains two 8-bit values.
This field should be present for frequency-hopping radios only.
The first byte is the hop set.
The second byte is the pattern in use.
.It Dv IEEE80211_RADIOTAP_DBM_ANTSIGNAL
This field contains a single signed 8-bit value, which indicates the
RF signal power at the antenna, in decibels difference from 1mW.
.It Dv IEEE80211_RADIOTAP_DBM_ANTNOISE
This field contains a single signed 8-bit value, which indicates the
RF noise power at the antenna, in decibels difference from 1mW.
.It Dv IEEE80211_RADIOTAP_LOCK_QUALITY
This field contains a single unsigned 16-bit value, indicating the
quality of the Barker Code lock.
No unit is specified for this field.
There does not appear to be a standard way of measuring this at this time;
this quantity is often referred to as
.Dq "Signal Quality"
in some datasheets.
.It Dv IEEE80211_RADIOTAP_TX_ATTENUATION
This field contains a single unsigned 16-bit value, expressing transmit
power as unitless distance from maximum power set at factory calibration.
0 indicates maximum transmit power.
Monotonically nondecreasing with lower power levels.
.It Dv IEEE80211_RADIOTAP_DB_TX_ATTENUATION
This field contains a single unsigned 16-bit value, expressing transmit
power as decibel distance from maximum power set at factory calibration.
0 indicates maximum transmit power.
Monotonically nondecreasing with lower power levels.
.It Dv IEEE80211_RADIOTAP_DBM_TX_POWER
Transmit power expressed as decibels from a 1mW reference.
This field is a single signed 8-bit value.
This is the absolute power level measured at the antenna port.
.It Dv IEEE80211_RADIOTAP_ANTENNA
For radios which support antenna diversity, this field contains a single
unsigned 8-bit value specifying which antenna is being used to transmit
or receive this frame.
The first antenna is antenna 0.
.It Dv IEEE80211_RADIOTAP_DB_ANTSIGNAL
This field contains a single unsigned 8-bit value, which indicates the
RF signal power at the antenna, in decibels difference from an
arbitrary, fixed reference.
.It Dv IEEE80211_RADIOTAP_DB_ANTNOISE
This field contains a single unsigned 8-bit value, which indicates the
RF noise power at the antenna, in decibels difference from an
arbitrary, fixed reference.
.It Dv IEEE80211_RADIOTAP_EXT
This bit is reserved for any future extensions to the
.Vt radiotap
structure.
A driver can set
.Dv IEEE80211_RADIOTAP_EXT
to extend the it_present bitmap by another 64 bits.
The bitmap can be extended by multiples of 32 bits to 96, 128, 160 bits,
or longer, by setting
.Dv IEEE80211_RADIOTAP_EXT
in the extensions.
The bitmap ends at the first extension field where
.Dv IEEE80211_RADIOTAP_EXT
is not set.
.El
.Sh EXAMPLES
Radiotap header for the Realtek RTL8180L driver
.Xr rtw 4 :
.Bd -literal -offset indent
struct rtw_rx_radiotap_header {
struct ieee80211_radiotap_header rr_ihdr;
u_int64_t rr_tsft;
u_int8_t rr_flags;
u_int8_t rr_rate;
u_int16_t rr_chan_freq;
u_int16_t rr_chan_flags;
u_int16_t rr_barker_lock;
u_int8_t rr_antsignal;
} __packed;
.Ed
.Pp
Bitmap indicating which fields are present in the above structure:
.Bd -literal -offset indent
#define RTW_RX_RADIOTAP_PRESENT \\
((1 << IEEE80211_RADIOTAP_TSFT) | \\
(1 << IEEE80211_RADIOTAP_FLAGS) | \\
(1 << IEEE80211_RADIOTAP_RATE) | \\
(1 << IEEE80211_RADIOTAP_CHANNEL) | \\
(1 << IEEE80211_RADIOTAP_LOCK_QUALITY) | \\
(1 << IEEE80211_RADIOTAP_DB_ANTSIGNAL) | \\
0)
.Ed
.Sh SEE ALSO
.Xr bpf 4 ,
.Xr ieee80211 9
.Sh HISTORY
The
.Nm
definitions first appeared in
.Nx 1.5 ,
and were later ported to
.Fx 4.6
and
.Ox 3.6 .
.\"
.Sh AUTHORS
.An -nosplit
The
.Nm
interface was designed and implemented by
.An David Young Aq dyoung@pobox.com .
.Pp
This manual page was written by
.An Bruce M. Simpson Aq bms@FreeBSD.org
and
.An Darron Broad Aq darron@kewl.org .
|