From: Guy Harris Date: Tue, 13 Nov 2018 06:03:49 +0000 (-0800) Subject: Fix printing of Linux cooked captures with monitor-mode packets. X-Git-Tag: tcpdump-4.99-bp~962 X-Git-Url: https://git.tcpdump.org/tcpdump/commitdiff_plain/83e419c6289a395a0443f2dac24bb004e839f202 Fix printing of Linux cooked captures with monitor-mode packets. Apparently, if you have an interface in monitor mode, capturing on the "any" device can get packets that have a SLL hatype of 803, which is the ARPHRD_ value for radiotap, and with the payload containing a radiotap header, followed by an 802.11 header, followed by the 802.11 payload. Handle that. --- diff --git a/netdissect.h b/netdissect.h index b9743e0b..0bacbfc7 100644 --- a/netdissect.h +++ b/netdissect.h @@ -538,6 +538,7 @@ extern void hsrp_print(netdissect_options *, const u_char *, u_int); extern void http_print(netdissect_options *, const u_char *, u_int); extern void icmp6_print(netdissect_options *, const u_char *, u_int, const u_char *, int); extern void icmp_print(netdissect_options *, const u_char *, u_int, const u_char *, int); +extern u_int ieee802_11_radio_print(netdissect_options *, const u_char *, u_int, u_int); extern void igmp_print(netdissect_options *, const u_char *, u_int); extern void igrp_print(netdissect_options *, const u_char *, u_int); extern void ip6_print(netdissect_options *, const u_char *, u_int); diff --git a/print-802_11.c b/print-802_11.c index 548893f5..4db7ab6b 100644 --- a/print-802_11.c +++ b/print-802_11.c @@ -3058,7 +3058,7 @@ print_in_radiotap_namespace(netdissect_options *ndo, return 0; } -static u_int +u_int ieee802_11_radio_print(netdissect_options *ndo, const u_char *p, u_int length, u_int caplen) { diff --git a/print-sll.c b/print-sll.c index 4d8b1bd4..1ce25259 100644 --- a/print-sll.c +++ b/print-sll.c @@ -216,6 +216,7 @@ sll_if_print(netdissect_options *ndo, const struct pcap_pkthdr *h, const u_char u_int caplen = h->caplen; u_int length = h->len; const struct sll_header *sllp; + u_short hatype; u_short ether_type; int llc_hdrlen; u_int hdrlen; @@ -244,6 +245,16 @@ sll_if_print(netdissect_options *ndo, const struct pcap_pkthdr *h, const u_char p += SLL_HDR_LEN; hdrlen = SLL_HDR_LEN; + hatype = EXTRACT_BE_U_2(sllp->sll_hatype); + switch (hatype) { + + case 803: + /* + * This is an packet with a radiotap header; + * just dissect the payload as such. + */ + return (SLL_HDR_LEN + ieee802_11_radio_print(ndo, p, length, caplen)); + } ether_type = EXTRACT_BE_U_2(sllp->sll_protocol); recurse: