libpcap: Reading from driver

[madhuresh <madhurag () iitk ac in>]

Some information first:
Operating System - Linux (kernel - 2.6.15)
Device driver (for wireless card) hostap
-----------
Question:
I am setting a filter in the driver (say packets with signal strength > 
X) and wish that libpcap reads only these packets. Also these packets 
will have extra 802.11 mac header  so it will be dropped by kernel 
(which looks for 802.3 ethernet header in the start of packets).

What are the options to read  these filtered packets directly from the 
driver.

I am thinking on these lines:
If tcpdump doesn't ask for the extra 802.11 mac details, libpcap 
continues to read from kernel using PF_PACKET socket (as far as i know 
its not netlink socket through which libpcap reads from kernel) but if 
it asks libpcap for 802.11 details also, then libpcap will open a 
netlink socket with the hostap driver to extract the entire packet with 
all headers including 802.11. Please let me know what major changes in 
libpcap i have to do in connection with this approach.

Also in case there are some other ideas please let me know.

It kindaa urgent, so a quick reply will be highly appreciated.
Thanks

-madhuresh


-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.