Re: Patches for wlan filtering

["Gianluca Varenni" <gianluca.varenni () cacetech com>]

----- Original Message ----- 
From: "Guy Harris" <guy () alum mit edu>
To: <tcpdump-workers () lists tcpdump org>
Sent: Tuesday, November 06, 2007 11:14 AM
Subject: Re: [tcpdump-workers] Patches for wlan filtering


> Gianluca Varenni wrote:
>
> > I already noticed that the new BPF code doesn't check the
> > link-type in the PPI header properly: the check against the linktype 
> > should be done before checking if the frame is a data frame.
>
> Should any packets with a linktype other than DLT_IEEE802_11_RADIO pass 
> the filter?  (If so, that would significantly complicate the BPF compiler, 
> as it'd have to generate code for multiple linktypes in the same program.)

Theoretically, PPI supports multiple linktypes, so we should generate code 
for some(all?) link types. However at the moment PPI is used only for 802.11 
packets with AirPcap, so when I patched the BPF compiler I decided to 
implement support for DLT_IEEE802_11 over PPI (DLT_IEEE802_11_RADIO is 
radiotap), and have the compiler discard any packet whose PPI-linktype is 
not DLT_IEEE802_11.

Have a nice day
GV

> -
> This is the tcpdump-workers list.
> Visit https://cod.sandelman.ca/ to unsubscribe. 

-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.