Recently I bought a router with WPA3 support and decided to investigate
wireless dump with WPA3 config, during the process I've found a small
bug in tcpdump - it doesn't print all akms, also the printing logic is
flawed if more than one akm or pairwise cipher is presented - there is
extra addition to the data index.
Tested with multiple akms, can't test with multiple ciphers, since my
router doesn't support such configuration.
diff --git usr.sbin/tcpdump/print-802_11.c usr.sbin/tcpdump/print-802_11.c
index b0641a29279..14ecbdc6cfc 100644
--- usr.sbin/tcpdump/print-802_11.c
+++ usr.sbin/tcpdump/print-802_11.c
@@ -860,6 +860,9 @@ ieee80211_print_akm(uint8_t selector[4])
case 6:
printf("SHA256-PSK");
break;
+ case 8:
+ printf("SAE");
+ break;
default:
printf("%d", selector[3]);
break;
@@ -910,7 +913,7 @@ ieee80211_print_rsn(u_int8_t *data, u_int len)
printf(",cipher%s ", nciphers > 1 ? "s" : "");
for (i = 0; i < nciphers; i++) {
for (j = 0; j < 4; j++)
- selector[j] = data[i + j];
+ selector[j] = data[j];
ieee80211_print_rsncipher(selector);
if (i < nciphers - 1)
printf(" ");
@@ -931,11 +934,11 @@ ieee80211_print_rsn(u_int8_t *data, u_int len)
}
printf(",akm%s ", nakms > 1 ? "s" : "");
- for (i = 0; i < nciphers; i++) {
+ for (i = 0; i < nakms; i++) {
for (j = 0; j < 4; j++)
- selector[j] = data[i + j];
+ selector[j] = data[j];
ieee80211_print_akm(selector);
- if (i < nciphers - 1)
+ if (i < nakms - 1)
printf(" ");
data += 4;
}
