tcpdump mailing list archives
Re: Missing packet fields in big endian with ath9k
From: Luis Correia <lfpcorreia () gmail com>
Date: Sat, 27 Apr 2013 23:26:17 +0100
Hi Harris, thnks for your help. On Apr 27, 2013, at 2:03 AM, Guy Harris <guy () alum mit edu> wrote:
On Apr 26, 2013, at 11:50 AM, Luis Correia <lfpcorreia () gmail com> wrote:I check for link type this way: (pcap_datalink(dev_handler) ==DLT_IEEE802_11) , So i'm pretty sure its the right data link.DLT_IEEE802_11 is the *wrong* data link if you're getting a radiotap header in your packets, as you seem to indicate below! If you're getting a radiotap header, and pcap_datalink(dev_handler) == DLT_IEEE802_11, the driver for your network adapter is buggy - it's returning ARPHRD_IEEE80211 when it should be returning ARPHRD_IEEE80211_RADIOTAP.
Im getting DLT_IEEE802_11_RADIO. Is this ok?
Meanwhile I've media some progress by looking at iwcap (https://dev.openwrt.org/browser/trunk/package/iwcap/src/iwcap.c?rev=30747)What happens if you try to run iwcap on that interface?
I'll run iwcap to see what happens.
However I still can't access the RSSI value of the packet..
About the rssi values I managed to get them by teaching myself little endian vs big endian and redefining my struct's fields. I'm now getting correct rssi values almost every time. (Negative, distance coherent..) However sometimes I see packets with positive values!! I'm debugging that.. PS: If I'm not mistaken aren't you the guy that wrote libpcap?! If so, Congrats on you're work!
If you're getting packets without a radio header (which is what DLT_IEEE802_11 would imply), there's no place to get the RSSI from. If you're getting packets with a radiotap header (which is what DLT_IEEE802_11_RADIO would imply), the only way to get the RSSI is if the driver is violating the radiotap spec, because the only mention of RSSI at http://www.radiotap.org is http://www.radiotap.org/suggested-fields/RSSI and, as they say, the presence-bit value picked by OpenBSD clashes with an officially assigned value for a different field. You might, however, be able to get signal and noise levels, *if* the driver supplies them (just because a given value *can* be supplied in a radiotap header doesn't mean that a given driver *will* supply it): http://www.radiotap.org/defined-fields/Antenna%20signal http://www.radiotap.org/defined-fields/Antenna%20noise http://www.radiotap.org/defined-fields/dB%20antenna%20signal http://www.radiotap.org/defined-fields/dB%20antenna%20noise
_______________________________________________ tcpdump-workers mailing list tcpdump-workers () lists tcpdump org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Current thread:
- Missing packet fields in big endian with ath9k Luis Correia (Apr 26)
- Re: Missing packet fields in big endian with ath9k Michael Richardson (Apr 26)
- Re: Missing packet fields in big endian with ath9k Luis Correia (Apr 26)
- Re: Missing packet fields in big endian with ath9k Guy Harris (Apr 26)
- Re: Missing packet fields in big endian with ath9k Luis Correia (Apr 27)
- Re: Missing packet fields in big endian with ath9k Guy Harris (Apr 27)
- Re: Missing packet fields in big endian with ath9k Luís Correia (Apr 28)
- Re: Missing packet fields in big endian with ath9k Guy Harris (Apr 28)
- Re: Missing packet fields in big endian with ath9k Mike Kershaw / Dragorn (Apr 28)
- Re: Missing packet fields in big endian with ath9k Guy Harris (Apr 28)
- Re: Missing packet fields in big endian with ath9k Guy Harris (Apr 28)
- Re: Missing packet fields in big endian with ath9k Guy Harris (Apr 28)
- Re: Missing packet fields in big endian with ath9k Luis Correia (Apr 26)
- Re: Missing packet fields in big endian with ath9k Michael Richardson (Apr 26)
- Re: Missing packet fields in big endian with ath9k Michael Richardson (May 01)
- Re: Missing packet fields in big endian with ath9k Denis Ovsienko (Apr 27)
- Re: Missing packet fields in big endian with ath9k Luís Correia (Apr 28)