ToDS and FromDS flag should be tested in dlt ieee802.11.

[Sharad Chandra <sharadc () in niksun com>]

Hello,

I compiled tcpdump-4.0 with libpcap-1.0 and dumping it for "ip" with captured 
file from 
http://wiki.wireshark.org/SampleCaptures#head-8200ea41fe91ebefa1b6ea9f86d344c290241276

I have little confusion for DLT_IEEE802_11, As per my understanding, if ToDS 
and FromDS flag is on it contains 4th mac address. and network layer should 
be incremented by 6. 
http://axp1.csie.ncu.edu.tw/~cmchao/Fall_2007/WN/ch3_802_11_concise.pdf 
Slide:43. But i don't think its been tested here.

Following is the bpf dump.

[sharad@~]$ ./tcpdump-4.0.0/tcpdump -r pcap/Network_Join_Nokia_Mobile.pcap -d 
ip
reading from file pcap/Network_Join_Nokia_Mobile.pcap, link-type IEEE802_11 
(802.11)
(000) ldx      #0x0
(001) txa
(002) add      #24
(003) st       M[0]
(004) ldb      [x + 0]
(005) jset     #0x8             jt 6    jf 11
(006) jset     #0x4             jt 11   jf 7
(007) jset     #0x80            jt 8    jf 11
(008) ld       M[0]
(009) add      #2
(010) st       M[0]
(011) ldb      [0]
(012) jset     #0x4             jt 19   jf 13
(013) ldb      [0]
(014) jset     #0x8             jt 15   jf 19
(015) ldx      M[0]
(016) ldh      [x + 6]
(017) jeq      #0x800           jt 18   jf 19
(018) ret      #2344
(019) ret      #0

--
Thanks
Sharad Chandra
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.