From e81b0fefd44a45e41e2070470f2176db01d78ae0 Mon Sep 17 00:00:00 2001
From: Yaro Kasear <git@kasear.net>
Date: Tue, 29 Apr 2025 14:33:45 -0500
Subject: [PATCH] Refactor Cisco client data extraction in management frame
 processing to improve clarity and add debug output for client reports

---
 enrichment/indexed_capture.py | 44 +++++++++++++++++++++--------------
 1 file changed, 26 insertions(+), 18 deletions(-)

diff --git a/enrichment/indexed_capture.py b/enrichment/indexed_capture.py
index 17a5042..5b95554 100644
--- a/enrichment/indexed_capture.py
+++ b/enrichment/indexed_capture.py
@@ -79,11 +79,16 @@ class IndexedCapture:
 
             ssid = None
             hidden_ssid = False
+            num_clients = None
+
             privacy_bit = mgt._all_fields.get('wlan_mgt.fixed.capabilities.privacy')
             is_open = (str(privacy_bit) != '1')
 
+            # First: extract SSID and Cisco client info independently
             for tag in tags:
-                if tag.get('wlan.tag.number') == '0':
+                tag_number = tag.get('wlan.tag.number')
+
+                if tag_number == '0':
                     raw_ssid = tag.get('wlan.ssid', '')
                     if not raw_ssid:
                         hidden_ssid = True
@@ -95,40 +100,43 @@ class IndexedCapture:
                         except Exception:
                             ssid = None
 
-                if tag.get('wlan.tag.number') == '133':
+                if tag_number == '133':
                     try:
                         num_clients = int(tag.get('wlan.cisco.ccx1.clients'))
-                        timestamp = float(packet.frame_info.time_epoch)
-                        if ssid:
-                            self.cisco_ssid_clients[ssid].append((timestamp, num_clients))
-                            self.cisco_reported_clients.append(num_clients)
                     except (TypeError, ValueError):
-                        pass
+                        num_clients = None
 
-            if not ssid:
-                return
+            # Now that we have them parsed, update structures
+            if ssid:
+                self.ssid_hidden_status[ssid] = hidden_ssid
+                self.ssid_encryption_status.setdefault(ssid, is_open)
+                self.ssid_packet_counts[ssid] += 1
 
-            self.ssid_hidden_status[ssid] = hidden_ssid
-            self.ssid_encryption_status.setdefault(ssid, is_open)
-            self.ssid_packet_counts[ssid] += 1
+                if num_clients is not None:
+                    timestamp = float(packet.frame_info.time_epoch)
+                    self.cisco_ssid_clients[ssid].append((timestamp, num_clients))
+                    self.cisco_reported_clients.append(num_clients)
+                    print(f"[DEBUG] Indexed {len(self.cisco_reported_clients)} Cisco client reports for SSID {ssid}.")
 
             bssid = getattr(wlan, 'bssid', '').lower()
             if not bssid or bssid == 'ff:ff:ff:ff:ff:ff':
                 return
 
-            self.bssid_to_ssid[bssid] = ssid
-            self.ssid_to_bssids[ssid].add(bssid)
+            if ssid:
+                self.bssid_to_ssid[bssid] = ssid
+                self.ssid_to_bssids[ssid].add(bssid)
 
             signal = getattr(radio, 'dbm_antsignal', None)
             if signal:
-                self.ssid_signals[ssid].append(int(signal))
+                signal = int(signal)
+                if ssid:
+                    self.ssid_signals[ssid].append(signal)
+                self.packet_signals_by_channel[channel].append(signal)
 
             self.channel_to_aps[channel].add(bssid)
-            if signal:
-                self.packet_signals_by_channel[channel].append(int(signal))
 
         except Exception as e:
-            pass
+            pass  # (silently drop malformed packets)
 
     def get_packets_in_time_range(self, start_ts, end_ts):
         # This is fast because packet timestamps were recorded at load