tcpdump mailing list archives

Re: Missing packet fields in big endian with ath9k

From: Guy Harris <guy () alum mit edu>
Date: Fri, 26 Apr 2013 18:03:07 -0700


On Apr 26, 2013, at 11:50 AM, Luis Correia <lfpcorreia () gmail com> wrote:

I check for link type this way:
(pcap_datalink(dev_handler) ==DLT_IEEE802_11) ,
So i'm pretty sure its the right data link.


DLT_IEEE802_11 is the *wrong* data link if you're getting a radiotap header in your packets, as you seem to indicate 
below!  If you're getting a radiotap header, and pcap_datalink(dev_handler) == DLT_IEEE802_11, the driver for your 
network adapter is buggy - it's returning ARPHRD_IEEE80211 when it should be returning ARPHRD_IEEE80211_RADIOTAP.

Meanwhile I've media some progress by looking at iwcap 
(https://dev.openwrt.org/browser/trunk/package/iwcap/src/iwcap.c?rev=30747)


What happens if you try to run iwcap on that interface?

However I still can't access the RSSI value of the packet..


If you're getting packets without a radio header (which is what DLT_IEEE802_11 would imply), there's no place to get 
the RSSI from.

If you're getting packets with a radiotap header (which is what DLT_IEEE802_11_RADIO would imply), the only way to get 
the RSSI is if the driver is violating the radiotap spec, because the only mention of RSSI at

        http://www.radiotap.org

is

        http://www.radiotap.org/suggested-fields/RSSI

and, as they say, the presence-bit value picked by OpenBSD clashes with an officially assigned value for a different 
field.

You might, however, be able to get signal and noise levels, *if* the driver supplies them (just because a given value 
*can* be supplied in a radiotap header doesn't mean that a given driver *will* supply it):

        http://www.radiotap.org/defined-fields/Antenna%20signal

        http://www.radiotap.org/defined-fields/Antenna%20noise

        http://www.radiotap.org/defined-fields/dB%20antenna%20signal

        http://www.radiotap.org/defined-fields/dB%20antenna%20noise
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers

Current thread:

Missing packet fields in big endian with ath9k Luis Correia (Apr 26)
- Re: Missing packet fields in big endian with ath9k Michael Richardson (Apr 26)
  - Re: Missing packet fields in big endian with ath9k Luis Correia (Apr 26)
    - Re: Missing packet fields in big endian with ath9k Guy Harris (Apr 26)
    - Re: Missing packet fields in big endian with ath9k Luis Correia (Apr 27)
    - Re: Missing packet fields in big endian with ath9k Guy Harris (Apr 27)
    - Re: Missing packet fields in big endian with ath9k Luís Correia (Apr 28)
    - Re: Missing packet fields in big endian with ath9k Guy Harris (Apr 28)
    - Re: Missing packet fields in big endian with ath9k Mike Kershaw / Dragorn (Apr 28)
    - Re: Missing packet fields in big endian with ath9k Guy Harris (Apr 28)
    - Re: Missing packet fields in big endian with ath9k Guy Harris (Apr 28)
    - Re: Missing packet fields in big endian with ath9k Guy Harris (Apr 28)
    - Re: Missing packet fields in big endian with ath9k Michael Richardson (May 01)
    - Re: Missing packet fields in big endian with ath9k Denis Ovsienko (Apr 27)

(Thread continues...)