tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Missing packet fields in big endian with ath9k

From: Luis Correia <lfpcorreia () gmail com>
Date: Sat, 27 Apr 2013 23:26:17 +0100

Hi Harris, thnks for your help.



On Apr 27, 2013, at 2:03 AM, Guy Harris <guy () alum mit edu> wrote:



On Apr 26, 2013, at 11:50 AM, Luis Correia <lfpcorreia () gmail com> wrote:


I check for link type this way:
(pcap_datalink(dev_handler) ==DLT_IEEE802_11) ,
So i'm pretty sure its the right data link.


DLT_IEEE802_11 is the *wrong* data link if you're getting a radiotap header in your packets, as you seem to indicate 
below!  If you're getting a radiotap header, and pcap_datalink(dev_handler) == DLT_IEEE802_11, the driver for your 
network adapter is buggy - it's returning ARPHRD_IEEE80211 when it should be returning ARPHRD_IEEE80211_RADIOTAP.



Im getting DLT_IEEE802_11_RADIO. Is this ok?




Meanwhile I've media some progress by looking at iwcap 
(https://dev.openwrt.org/browser/trunk/package/iwcap/src/iwcap.c?rev=30747)


What happens if you try to run iwcap on that interface?


I'll run iwcap to see what happens.




However I still can't access the RSSI value of the packet..



About the rssi values I managed to get them by teaching myself little endian vs big endian and redefining my struct's  
fields.

I'm now getting correct rssi values almost every time. (Negative, distance coherent..)

However sometimes I see packets with positive values!!

I'm debugging that..


PS: If I'm not mistaken aren't you the guy that wrote libpcap?!

If so, Congrats on you're work!



If you're getting packets without a radio header (which is what DLT_IEEE802_11 would imply), there's no place to get 
the RSSI from.

If you're getting packets with a radiotap header (which is what DLT_IEEE802_11_RADIO would imply), the only way to 
get the RSSI is if the driver is violating the radiotap spec, because the only mention of RSSI at

      http://www.radiotap.org

is

      http://www.radiotap.org/suggested-fields/RSSI

and, as they say, the presence-bit value picked by OpenBSD clashes with an officially assigned value for a different 
field.

You might, however, be able to get signal and noise levels, *if* the driver supplies them (just because a given value 
*can* be supplied in a radiotap header doesn't mean that a given driver *will* supply it):

      http://www.radiotap.org/defined-fields/Antenna%20signal

      http://www.radiotap.org/defined-fields/Antenna%20noise

      http://www.radiotap.org/defined-fields/dB%20antenna%20signal

      http://www.radiotap.org/defined-fields/dB%20antenna%20noise


_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
Previous By Date Next
Previous By Thread Next

Current thread: