tcpdump mailing list archives
Re: Missing packet fields in big endian with ath9k
From: Mike Kershaw / Dragorn <dragorn () kismetwireless net>
Date: Sun, 28 Apr 2013 17:07:56 -0400
Some drivers definitely change the format of the radiotap packets on the fly in the same stream. As Guy says, you need to look at the bit field in the header and parse the complex header. If all you care about is the dot11 header you can just skip the header using the length field. Also beware of the padding requirements in the radiotap headers or it will come and bite you. Guy Harris <guy () alum mit edu> wrote:
On Apr 28, 2013, at 8:54 AM, Luís Correia <lfpcorreia () gmail com> wrote:Indeed I've seen a radiotap_iterator function in radiotap headers.But the function "logic" was a little heavy for a 400mhz MIPS CPU. No? Maybe *that* iteration logic is heavy, but some iteration logic is a *requirement*, unless: you know what the driver is adding as a radiotap header, and can make sure you know when the driver changes what it adds; the driver *always* puts out the *exact* same set of fields on *every* packet; if the driver injects *transmitted* packets into the capture path, then either "*every* packet" includes *transmitted* packets (so that the received signal strength field is put into the transmitted packets!) or you can distinguish between received and transmitted packets and will not look at the radiotap header on transmitted packets. Note, by the way, that if the radiotap header length is not the same on all received packets, the header is not putting out the exact same set of fields on every packet. If you cannot be 100% certain of all of those, you *CANNOT* assume that a given field will be at the same location in the header for all packets.From what I have read the parse packet function should be as fast aspossible.. what's your opinion on that? "As possible" is the key here. To quote a line attributed to Albert Einstein, "Everything should be made as simple as possible, but no simpler." "Simpler than possible" might include "no iterator" here.Do you think I should copy each packet for latter processing or do Ihave "room" for in-flight processing? Iteration has nothing to do with copying packets. You don't need to copy the packet to use the presence bits as intended.Can't I just bit test the it_present field for one of the two rssireadings and access the struct field? Not unless you can achieve *all* of the conditions in my list above. _______________________________________________ tcpdump-workers mailing list tcpdump-workers () lists tcpdump org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
-- Sent from my Android phone with K-9 Mail. Please excuse my brevity. _______________________________________________ tcpdump-workers mailing list tcpdump-workers () lists tcpdump org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Current thread:
- Missing packet fields in big endian with ath9k Luis Correia (Apr 26)
- Re: Missing packet fields in big endian with ath9k Michael Richardson (Apr 26)
- Re: Missing packet fields in big endian with ath9k Luis Correia (Apr 26)
- Re: Missing packet fields in big endian with ath9k Guy Harris (Apr 26)
- Re: Missing packet fields in big endian with ath9k Luis Correia (Apr 27)
- Re: Missing packet fields in big endian with ath9k Guy Harris (Apr 27)
- Re: Missing packet fields in big endian with ath9k Luís Correia (Apr 28)
- Re: Missing packet fields in big endian with ath9k Guy Harris (Apr 28)
- Re: Missing packet fields in big endian with ath9k Mike Kershaw / Dragorn (Apr 28)
- Re: Missing packet fields in big endian with ath9k Guy Harris (Apr 28)
- Re: Missing packet fields in big endian with ath9k Guy Harris (Apr 28)
- Re: Missing packet fields in big endian with ath9k Guy Harris (Apr 28)
- Re: Missing packet fields in big endian with ath9k Luis Correia (Apr 26)
- Re: Missing packet fields in big endian with ath9k Michael Richardson (Apr 26)
- Re: Missing packet fields in big endian with ath9k Michael Richardson (May 01)
- Re: Missing packet fields in big endian with ath9k Denis Ovsienko (Apr 27)
- Re: Missing packet fields in big endian with ath9k Luís Correia (Apr 28)
- Re: Missing packet fields in big endian with ath9k Denis Ovsienko (Apr 28)