]> The Tcpdump Group git mirrors - tcpdump/commitdiff
projects / tcpdump / commitdiff
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 185f90f)
Fix printing of Linux cooked captures with monitor-mode packets.
authorGuy Harris <[email protected]>
Tue, 13 Nov 2018 06:03:49 +0000 (22:03 -0800)
committerGuy Harris <[email protected]>
Tue, 13 Nov 2018 06:03:49 +0000 (22:03 -0800)
Apparently, if you have an interface in monitor mode, capturing on the
"any" device can get packets that have a SLL hatype of 803, which is the
ARPHRD_ value for radiotap, and with the payload containing a radiotap
header, followed by an 802.11 header, followed by the 802.11 payload.
Handle that.

netdissect.h patch | blob | history
print-802_11.c patch | blob | history
print-sll.c patch | blob | history

diff --git a/netdissect.h b/netdissect.h
index b9743e0bcbb524285979e53140147628b2f27a6f..0bacbfc7c1bb15cb1a3c88a80b281858f380aa01 100644 (file)
--- a/netdissect.h
+++ b/netdissect.h
@@ -538,6 +538,7 @@ extern void hsrp_print(netdissect_options *, const u_char *, u_int);
 extern void http_print(netdissect_options *, const u_char *, u_int);
 extern void icmp6_print(netdissect_options *, const u_char *, u_int, const u_char *, int);
 extern void icmp_print(netdissect_options *, const u_char *, u_int, const u_char *, int);
+extern u_int ieee802_11_radio_print(netdissect_options *, const u_char *, u_int, u_int);
 extern void igmp_print(netdissect_options *, const u_char *, u_int);
 extern void igrp_print(netdissect_options *, const u_char *, u_int);
 extern void ip6_print(netdissect_options *, const u_char *, u_int);
diff --git a/print-802_11.c b/print-802_11.c
index 548893f551d5bf2f65fae36449eb32d024233c1c..4db7ab6bcecb3bb45beeeeb65ee0c4adfdba81b2 100644 (file)
--- a/print-802_11.c
+++ b/print-802_11.c
@@ -3058,7 +3058,7 @@ print_in_radiotap_namespace(netdissect_options *ndo,
        return 0;
 }
 
-static u_int
+u_int
 ieee802_11_radio_print(netdissect_options *ndo,
                        const u_char *p, u_int length, u_int caplen)
 {
diff --git a/print-sll.c b/print-sll.c
index 4d8b1bd4b654634af671f0f87f7c6bd61d8d965b..1ce25259b8972d9efc5189ffe20c3f25263c4bb3 100644 (file)
--- a/print-sll.c
+++ b/print-sll.c
@@ -216,6 +216,7 @@ sll_if_print(netdissect_options *ndo, const struct pcap_pkthdr *h, const u_char
        u_int caplen = h->caplen;
        u_int length = h->len;
        const struct sll_header *sllp;
+       u_short hatype;
        u_short ether_type;
        int llc_hdrlen;
        u_int hdrlen;
@@ -244,6 +245,16 @@ sll_if_print(netdissect_options *ndo, const struct pcap_pkthdr *h, const u_char
        p += SLL_HDR_LEN;
        hdrlen = SLL_HDR_LEN;
 
+       hatype = EXTRACT_BE_U_2(sllp->sll_hatype);
+       switch (hatype) {
+
+       case 803:
+               /*
+                * This is an packet with a radiotap header;
+                * just dissect the payload as such.
+                */
+               return (SLL_HDR_LEN + ieee802_11_radio_print(ndo, p, length, caplen));
+       }
        ether_type = EXTRACT_BE_U_2(sllp->sll_protocol);
 
 recurse:
[mirror] the TCPdump network dissector