On Tue, 5 Jun 2001, Guy Harris wrote:
> > Yes. The most common length is 24 bytes. If there aren't any bridges in
> > the network, all data (not control) frames should be that length.
>
> OK, so that'd make off_linktype be 24, along the lines of what's done
> for FDDI (DLT_FDDI) and Token Ring (DLT_IEEE802), both of which have a
> link-layer header and an 802.2 header.
>
> For FDDI and Token Ring, off_nl is off_linktype+8, where 8 is the length
> of an LLC+SNAP header, so off_nl would be 32.
>
> > After
> > that there is a 802.2 LLC header, where may be a link type (this is usually
> > the case). Should I set off_nl = 24; off_linktype = -1; ?
>
> Nope, see above.
>
> > Anyway, if WEP
> > (encryption) is being used, the 802.2 header won't be visible.
>
> It looks as if the Ethereal dissector doesn't bother dissecting the LLC
> header, or anything else, on WEP-encrypted packets, so perhaps the
> code generator should, for 802.11, add in a test of "not WEP" before any
> tests of stuff in the 802.2 header or beyond are done (just as it should
> check for data frames before testing those).
Ok. Attached is an updated patch. I'm trying to figure out how to do the
data/WEP checks (it's just checking some bits in the 802.11 header).
Another issue is to support the src/dst checks. The problem with that is
that in 802.11 there is src/dst and transmitter/receiver addresses (most
access points are bridges between the wired and wireless nets) and the
src/dst addresses don't have a fixed place in the header.
Javier Achirica
diff -cr ./gencode.c NEW/gencode.c
*** ./gencode.c Wed May 30 03:27:21 2001
--- NEW/gencode.c Wed Jun 6 11:43:14 2001
***************
*** 654,659 ****
--- 654,672 ----
off_nl = 22;
return;
+ case DLT_IEEE802_11:
+ /*
+ * 802.11 doesn't really have a link-level type field.
+ * We set "off_linktype" to the offset of the LLC header.
+ *
+ * To check for Ethernet types, we assume that SSAP = SNAP
+ * is being used and pick out the encapsulated Ethernet type.
+ * XXX - should we generate code to check for SNAP?
+ */
+ off_linktype = 24;
+ off_nl = 30;
+ return;
+
case DLT_ATM_RFC1483:
/*
* assume routed, non-ISO PDUs
***************
*** 901,906 ****
--- 914,920 ----
}
break;
+ case DLT_IEEE802_11:
case DLT_FDDI:
case DLT_IEEE802:
case DLT_ATM_RFC1483:
diff -cr ./pcap-linux.c NEW/pcap-linux.c
*** ./pcap-linux.c Mon Apr 9 07:55:40 2001
--- NEW/pcap-linux.c Wed Jun 6 11:13:02 2001
***************
*** 656,661 ****
--- 656,668 ----
handle->linktype = DLT_ATM_CLIP;
break;
+ #ifndef ARPHRD_IEEE80211 /* From Linux 2.4.6 */
+ #define ARPHRD_IEEE80211 801
+ #endif
+ case ARPHRD_IEEE80211:
+ handle->linktype = DLT_IEEE802_11;
+ break;
+
case ARPHRD_PPP:
/*
* Some PPP code in the kernel supplies no link-layer
