1.\" $OpenBSD: ieee80211_radiotap.9,v 1.14 2016/12/11 21:45:06 stsp Exp $ 2.\" 3.\" Copyright (c) 2004 Bruce M. Simpson <bms@spc.org>, 4.\" Darron Broad <darron@kewl.org>, 5.\" David Young <dyoung@pobox.com>. 6.\" All rights reserved. 7.\" 8.\" Redistribution and use in source and binary forms, with or without 9.\" modification, are permitted provided that the following conditions 10.\" are met: 11.\" 1. Redistributions of source code must retain the above copyright 12.\" notice, this list of conditions and the following disclaimer. 13.\" 2. Redistributions in binary form must reproduce the above copyright 14.\" notice, this list of conditions and the following disclaimer in the 15.\" documentation and/or other materials provided with the distribution. 16.\" 17.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 18.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 21.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27.\" SUCH DAMAGE. 28.\" 29.\" $FreeBSD: src/share/man/man9/ieee80211_radiotap.9,v 1.3 2004/07/07 12:59:39 ru Exp $ 30.\" $Id: ieee80211_radiotap.9,v 1.14 2016/12/11 21:45:06 stsp Exp $ 31.\" 32.Dd $Mdocdate: December 11 2016 $ 33.Dt IEEE80211_RADIOTAP 9 34.Os 35.Sh NAME 36.Nm ieee80211_radiotap 37.Nd software 802.11 stack packet capture definitions 38.Sh SYNOPSIS 39.In net80211/ieee80211_var.h 40.In net80211/ieee80211_ioctl.h 41.In net80211/ieee80211_radiotap.h 42.In net/bpf.h 43.\" 44.Sh DESCRIPTION 45The 46.Nm 47definitions provide a device-independent 48.Xr bpf 4 49attachment for the 50capture of information about 802.11 traffic which is not part of 51the 802.11 frame structure. 52.Pp 53Radiotap was designed to balance the desire for a capture format 54that conserved CPU and memory bandwidth on embedded systems, 55with the desire for a hardware-independent, extensible format 56that would support the diverse capabilities of virtually all 57802.11 58radios. 59.Pp 60These considerations led radiotap to settle on a format consisting of 61a standard preamble followed by an extensible bitmap indicating the 62presence of optional capture fields. 63.Pp 64The capture fields were packed into the header as compactly as possible, 65modulo the requirements that they had to be packed swiftly, 66with suitable alignment, in the same order as the bits indicating 67their presence. 68.Pp 69This typically includes information such as signal quality and 70timestamps. 71This information may be used by a variety of user agents, including 72.Xr tcpdump 8 . 73It is requested by using the 74.Xr bpf 4 75data-link type 76.Dv DLT_IEEE802_11_RADIO . 77.Pp 78.\" 79Each frame using this attachment has the following header prepended to it: 80.Bd -literal -offset indent 81struct ieee80211_radiotap_header { 82 u_int8_t it_version; /* set to 0 */ 83 u_int8_t it_pad; 84 u_int16_t it_len; /* entire length */ 85 u_int32_t it_present; /* fields present */ 86} __packed; 87.Ed 88.Pp 89.\" 90A device driver implementing 91.Vt radiotap 92typically defines a packed structure embedding an instance of 93.Vt "struct ieee80211_radiotap_header" 94at the beginning, 95with subsequent fields in the appropriate order, 96and a macro to set the bits of the 97.Va it_present 98bitmap to indicate which fields exist and are filled in by the driver. 99.\" 100.Pp 101Radiotap headers are copied to userland via a separate bpf attachment. 102It is necessary for the driver to create this attachment after calling 103.Xr ieee80211_ifattach 9 104by calling 105.Fn bpfattach2 106with the data-link type set to 107.Dv DLT_IEEE802_11_RADIO . 108.Pp 109.\" 110When the information is available, 111usually immediately before a link-layer transmission or after a receive, 112the driver copies it to the bpf layer using the 113.Fn bpf_mtap2 114function. 115.Pp 116.\" 117The following extension fields are defined for 118.Vt radiotap , 119in the order in which they should appear in the buffer copied to userland: 120.Bl -tag -width indent 121.It Dv IEEE80211_RADIOTAP_TSFT 122This field contains the unsigned 64-bit value, in microseconds, 123of the MAC's 802.11 Time Synchronization Function timer, 124when the first bit of the MPDU arrived at the MAC. 125This field should be present for received frames only. 126.It Dv IEEE80211_RADIOTAP_FLAGS 127This field contains a single unsigned 8-bit value, containing a bitmap 128of flags specifying properties of the frame being transmitted or received. 129.It Dv IEEE80211_RADIOTAP_RATE 130This field contains a single unsigned 8-bit value, which is the data rate in 131use in units of 500Kbps. 132If the most significant bit is set, the remaining bits contain an MCS index 133instead of a data rate. 134.It Dv IEEE80211_RADIOTAP_CHANNEL 135This field contains two unsigned 16-bit values. 136The first value is the frequency upon which this PDU was transmitted 137or received. 138The second value is a bitmap containing flags which specify properties of 139the channel in use. 140These are documented within the header file 141.In net80211/ieee80211_radiotap.h . 142.It Dv IEEE80211_RADIOTAP_FHSS 143This field contains two 8-bit values. 144This field should be present for frequency-hopping radios only. 145The first byte is the hop set. 146The second byte is the pattern in use. 147.It Dv IEEE80211_RADIOTAP_DBM_ANTSIGNAL 148This field contains a single signed 8-bit value, which indicates the 149RF signal power at the antenna, in decibels difference from 1mW. 150.It Dv IEEE80211_RADIOTAP_DBM_ANTNOISE 151This field contains a single signed 8-bit value, which indicates the 152RF noise power at the antenna, in decibels difference from 1mW. 153.It Dv IEEE80211_RADIOTAP_LOCK_QUALITY 154This field contains a single unsigned 16-bit value, indicating the 155quality of the Barker Code lock. 156No unit is specified for this field. 157There does not appear to be a standard way of measuring this at this time; 158this quantity is often referred to as 159.Dq "Signal Quality" 160in some datasheets. 161.It Dv IEEE80211_RADIOTAP_TX_ATTENUATION 162This field contains a single unsigned 16-bit value, expressing transmit 163power as unitless distance from maximum power set at factory calibration. 1640 indicates maximum transmit power. 165Monotonically nondecreasing with lower power levels. 166.It Dv IEEE80211_RADIOTAP_DB_TX_ATTENUATION 167This field contains a single unsigned 16-bit value, expressing transmit 168power as decibel distance from maximum power set at factory calibration. 1690 indicates maximum transmit power. 170Monotonically nondecreasing with lower power levels. 171.It Dv IEEE80211_RADIOTAP_DBM_TX_POWER 172Transmit power expressed as decibels from a 1mW reference. 173This field is a single signed 8-bit value. 174This is the absolute power level measured at the antenna port. 175.It Dv IEEE80211_RADIOTAP_ANTENNA 176For radios which support antenna diversity, this field contains a single 177unsigned 8-bit value specifying which antenna is being used to transmit 178or receive this frame. 179The first antenna is antenna 0. 180.It Dv IEEE80211_RADIOTAP_DB_ANTSIGNAL 181This field contains a single unsigned 8-bit value, which indicates the 182RF signal power at the antenna, in decibels difference from an 183arbitrary, fixed reference. 184.It Dv IEEE80211_RADIOTAP_DB_ANTNOISE 185This field contains a single unsigned 8-bit value, which indicates the 186RF noise power at the antenna, in decibels difference from an 187arbitrary, fixed reference. 188.It Dv IEEE80211_RADIOTAP_HWQUEUE 189This field contains a single unsigned 8-bit value specifying which 190hardware queue is being used to transmit the frame. 191.It Dv IEEE80211_RADIOTAP_RSSI 192This field contains two unsigned 8-bit values. 193The first value is the received signal strength index (RSSI) 194which indicates the RF signal power at the antenna. 195The second value is the relative maximum RSSI value of the RF 196interface. 197.It Dv IEEE80211_RADIOTAP_EXT 198This bit is reserved for any future extensions to the 199.Vt radiotap 200structure. 201A driver can set 202.Dv IEEE80211_RADIOTAP_EXT 203to extend the it_present bitmap by another 64 bits. 204The bitmap can be extended by multiples of 32 bits to 96, 128, 160 bits, 205or longer, by setting 206.Dv IEEE80211_RADIOTAP_EXT 207in the extensions. 208The bitmap ends at the first extension field where 209.Dv IEEE80211_RADIOTAP_EXT 210is not set. 211.El 212.Sh EXAMPLES 213Radiotap header for the Realtek RTL8180L driver 214.Xr rtw 4 : 215.Bd -literal -offset indent 216struct rtw_rx_radiotap_header { 217 struct ieee80211_radiotap_header rr_ihdr; 218 u_int64_t rr_tsft; 219 u_int8_t rr_flags; 220 u_int8_t rr_rate; 221 u_int16_t rr_chan_freq; 222 u_int16_t rr_chan_flags; 223 u_int16_t rr_barker_lock; 224 u_int8_t rr_antsignal; 225} __packed; 226.Ed 227.Pp 228Bitmap indicating which fields are present in the above structure: 229.Bd -literal -offset indent 230#define RTW_RX_RADIOTAP_PRESENT \e 231 ((1 << IEEE80211_RADIOTAP_TSFT) | \e 232 (1 << IEEE80211_RADIOTAP_FLAGS) | \e 233 (1 << IEEE80211_RADIOTAP_RATE) | \e 234 (1 << IEEE80211_RADIOTAP_CHANNEL) | \e 235 (1 << IEEE80211_RADIOTAP_LOCK_QUALITY) | \e 236 (1 << IEEE80211_RADIOTAP_DB_ANTSIGNAL) | \e 237 0) 238.Ed 239.Sh SEE ALSO 240.Xr bpf 4 , 241.Xr ieee80211 9 242.Sh HISTORY 243The 244.Nm 245definitions first appeared in 246.Nx 1.5 , 247and were later ported to 248.Fx 4.6 249and 250.Ox 3.6 . 251.\" 252.Sh AUTHORS 253.An -nosplit 254The 255.Nm 256interface was designed and implemented by 257.An David Young Aq Mt dyoung@pobox.com . 258.Pp 259This manual page was written by 260.An Bruce M. Simpson Aq Mt bms@FreeBSD.org 261and 262.An Darron Broad Aq Mt darron@kewl.org . 263