Enable "[wlan] dir/type/subtype" for DLT_PPI.

For DLT_PPI "llc", which is equivalent to "wlan type data", produces a
correct filter program, so there is no reason not to support "wlan type"
and "wlan subtype" which test the same packet data using a value and a
mask.  Likewise, "wlan dir" produces a correct filter program, so enable
it too.  Add/update tests as required to cover the new code paths.

The file http_PPI.pcap is a reduced version of http_PPI.cap from the
Wireshark sample captures collection.

diff --git a/CHANGES b/CHANGES
index 2518354f498177d33199f2a977a94846bfbf6505..ef61817445f1fa5a51b07bba6ded551e2b991d01 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -51,6 +51,7 @@ DayOfTheWeek, Month DD, YYYY / The Tcpdump Group
       Require a live capture for all Linux BPF extensions.
       Have "outbound" mean Tx only for DLT_SLIP.
       Filter Linux SocketCAN frames in userland if necessary.
+      Enable "[wlan] dir/type/subtype" for DLT_PPI.
     rpcap:
       Support user names and passwords in rpcap:// and rpcaps:// URLs.
       Add a -t flag to rpcapd to specify the data channel port; from

diff --git a/gencode.c b/gencode.c
index 364e0279b9a4a04aec1fb070b4253d6e281502c1..6aeb0af33cb72e44845b09b588685e63910b4998 100644 (file)
--- a/gencode.c
+++ b/gencode.c
@@ -9001,6 +9001,7 @@ gen_p80211_type(compiler_state_t *cstate, bpf_u_int32 type, bpf_u_int32 mask)
        case DLT_PRISM_HEADER:
        case DLT_IEEE802_11_RADIO_AVS:
        case DLT_IEEE802_11_RADIO:
+       case DLT_PPI:
                b0 = gen_mcmp(cstate, OR_LINKHDR, 0, BPF_B, type, mask);
                break;
 
@@ -9030,6 +9031,7 @@ gen_p80211_fcdir(compiler_state_t *cstate, bpf_u_int32 fcdir)
        case DLT_PRISM_HEADER:
        case DLT_IEEE802_11_RADIO_AVS:
        case DLT_IEEE802_11_RADIO:
+       case DLT_PPI:
                break;
 
        default:

diff --git a/testprogs/TESTrun b/testprogs/TESTrun
index 6f0a686307e5c9c386478968d60899e2fe52fee3..b94a579902d9ca5e392ec89b6280232c6b5070ea 100755 (executable)
--- a/testprogs/TESTrun
+++ b/testprogs/TESTrun
@@ -5092,6 +5092,26 @@ my @accept_blocks = (
                        (013) ret      #0
                        ',
        }, # wlan_dir_fromds_PRISM_HEADER
+       {
+               name => 'wlan_dir_fromds_PPI',
+               DLT => 'PPI',
+               aliases => ['wlan dir fromds'],
+               opt => '
+                       (000) ld       [4]
+                       (001) jeq      #0x69000000      jt 2    jf 12
+                       (002) ldb      [3]
+                       (003) lsh      #8
+                       (004) tax
+                       (005) ldb      [2]
+                       (006) or       x
+                       (007) tax
+                       (008) ldb      [x + 1]
+                       (009) and      #0x3
+                       (010) jeq      #0x2             jt 11   jf 12
+                       (011) ret      #262144
+                       (012) ret      #0
+                       ',
+       }, # wlan_dir_fromds_PPI
 
        {
                name => 'pppoed',
@@ -5501,6 +5521,7 @@ my @accept_blocks = (
                DLT => 'PPI',
                aliases => [
                        'llc',
+                       'wlan type data',
                ],
                opt => '
                        (000) ld       [4]
@@ -10861,6 +10882,18 @@ my @apply_blocks = (
                expr => 'wlan dir fromds',
                results => [0, 0, 0, 0, 0, 0, 0, 65536, 0, 65536, 0, 65536, 0, 65536, 0, 0],
        },
+       {
+               name => 'wlan_subtype_ack_PPI',
+               savefile => 'http_PPI.pcap',
+               expr => 'wlan subtype ack',
+               results => [0, 65535, 0, 65535, 0],
+       },
+       {
+               name => 'wlan_dir_nods_PPI',
+               savefile => 'http_PPI.pcap',
+               expr => 'wlan dir nods',
+               results => [0, 65535, 0, 65535, 0],
+       },
 );
 
 # * name, DLT, expr, netmask and skip: same as in accept_blocks above

diff --git a/tests/filter/http_PPI.pcap b/tests/filter/http_PPI.pcap
new file mode 100644 (file)
index 0000000..c26688c
Binary files /dev/null and b/tests/filter/http_PPI.pcap differ