Message-ID: <1045561225.3e51ff890789f@webmail.gcdsgroup.com> Date: Tue, 18 Feb 2003 01:40:25 -0800 From: devel@gcdsgroup.com Subject: tcptrace wireless patch
I wrote up a quick patch for tcptrace 6.2.0/6.3.2 to support IEEE 802.11 frames
and Prism2 pcap dump files. It currently assumes LLC/SNAP in the frame offset
as this is pretty much all I have seen. If anyone is interested I might hack up
some better code to handle pcap files and remove the static offsets.
The patch was tested with the latest CVS version of libpcap. I will not assume
that 802.11 or Prism2 frames are supported by any other version of libpcap.
Brandon Eisenmann
devel@gcdsgroup.com
<PATCH>
diff -r -u3 tcptrace-6.3.2/tcpdump.c tcptrace-6.3.2-wireless/tcpdump.c
--- tcptrace-6.3.2/tcpdump.c Fri Jun 21 05:56:27 2002
+++ tcptrace-6.3.2-wireless/tcpdump.c Tue Feb 18 03:39:05 2003
@@ -146,12 +146,31 @@
memcpy((char *)ip_buf,buf+offset,iplen);
callback_plast = ip_buf+iplen-offset-1;
break;
+ case PCAP_DLT_IEEE802_11:
+ /* just pretend it's "normal" ethernet */
+ offset = 24+8; /* 24 bytes of IEEE cruft + 8 Bytes of LLC crud*/
+ memcpy(ip_buf,buf+offset,iplen);
+ callback_plast = (char *)ip_buf+iplen-offset-1;
+ break;
+ case PCAP_DLT_IEEE802_11_RADIO:
+ /* 802.11 plus WLAN header */
+ offset = 64+24; /* 24 bytes of IEEE cruft */
+ memcpy(ð_header,buf,EH_SIZE); /* save ether header */
+ memcpy(ip_buf,buf+offset,iplen);
+ callback_plast = (char *)ip_buf+iplen-offset-1;
+ break;
case PCAP_DLT_LINUX_SLL:
/* linux cooked socket */
offset = 16;
memcpy((char *)ip_buf, buf+offset, iplen);
callback_plast = ip_buf+iplen-offset-1;
break;
+ case PCAP_DLT_PRISM_HEADER:
+ /* prism2 headers */
+ offset = 144+24+8; /* 144 Bytes of Prism Header, 24 bytes of
IEEE cruft, 8 Bytes of LLC crud */
+ memcpy(ip_buf,buf+offset,iplen);
+ callback_plast = (char *)ip_buf+iplen-offset-1;
+ break;
default:
fprintf(stderr,"Don't understand link-level format (%d)\n", type);
exit(1);
@@ -291,11 +310,23 @@
eth_header.ether_type = htons(ETHERTYPE_IP);
physname = "RAW_IP";
break;
+ case PCAP_DLT_IEEE802_11:
+ eth_header.ether_type = htons(ETHERTYPE_IP);
+ physname = "IEEE802_11";
+ break;
+ case PCAP_DLT_IEEE802_11_RADIO:
+ eth_header.ether_type = htons(ETHERTYPE_IP);
+ physname = "IEEE802_11_RADIO";
+ break;
case PCAP_DLT_LINUX_SLL:
/* linux cooked socket type */
eth_header.ether_type = htons(ETHERTYPE_IP);
physname = "Linux Cooked Socket";
break;
+ case PCAP_DLT_PRISM_HEADER:
+ eth_header.ether_type = htons(ETHERTYPE_IP);
+ physname = "PRISM_HEADER";
+ break;
default:
if (debug)
fprintf(stderr,"is_tcpdump: I think it's tcpdump, but I don't understand
link format (%d)\n", type);
diff -r -u3 tcptrace-6.3.2/tcpdump.h tcptrace-6.3.2-wireless/tcpdump.h
--- tcptrace-6.3.2/tcpdump.h Thu May 31 16:55:05 2001
+++ tcptrace-6.3.2-wireless/tcpdump.h Tue Feb 18 03:39:06 2003
@@ -82,7 +82,10 @@
#define PCAP_DLT_FDDI 10 /* FDDI */
#define PCAP_DLT_ATM_RFC1483 11 /* LLC/SNAP encapsulated atm */
#define PCAP_DLT_RAW 12 /* raw IP */
+#define PCAP_DLT_IEEE802_11 105 /* IEEE 802.11 wireless */
+#define PCAP_DLT_IEEE802_11_RADIO 127 /* 802.11 plus WLAN header */
#define PCAP_DLT_LINUX_SLL 113 /* Linux cooked socket */
+#define PCAP_DLT_PRISM_HEADER 119 /* Prism2 raw capture */
/* NOT currently supported */
/* (mostly because I don't have an example file, send me one...) */
</PATCH>
----------------------------------------------------------------------------
To unsubscribe, send a message with body containing "unsubscribe tcptrace" to
majordomo@tcptrace.org.
This archive was generated by hypermail 2b30 : 02/18/03 EST