netsniff-ng: Consider radiotap header of monitor dev

netsniff-ng does not check if monitor device includes radiotap
header which leads to the wrong 802.11 frame parsing.

Tested if the .pcap file is understandable by wireshark and if
dump info is basically correct, but did not test the case when xmit
packets from .pcap file to the output device and from the input device
to the output device.

Signed-off-by: Vadim Kochan <vadim4j@gmail.com>
[tklauser: whitespace changes]
Signed-off-by: Tobias Klauser <tklauser@distanz.ch>

1 files changed, 18 insertions, 2 deletions

diff --git a/proto_80211_mac_hdr.c b/proto_80211_mac_hdr.c
index 0be749f..9bd6ee1 100644
--- a/proto_80211_mac_hdr.c
+++ b/proto_80211_mac_hdr.c
@@ -22,6 +22,7 @@
 #include "built_in.h"
 #include "pkt_buff.h"
 #include "oui.h"
+#include "linktype.h"
 
 #define	TU		0.001024
 
@@ -772,6 +773,13 @@ struct element_vend_spec {
 	u8 specific[0];
 } __packed;
 
+struct ieee80211_radiotap_header {
+	u8 version;	/* set to 0 */
+	u8 pad;
+	u16 len;	/* entire length */
+	u32 present;	/* fields present */
+} __packed;
+
 static int8_t len_neq_error(u8 len, u8 intended)
 {
 	if(intended != len) {
@@ -3141,8 +3149,16 @@ static void ieee80211(struct pkt_buff *pkt)
 	const char *subtype = NULL;
 	struct ieee80211_frm_ctrl *frm_ctrl;
 
-	frm_ctrl = (struct ieee80211_frm_ctrl *)
-			pkt_pull(pkt, sizeof(*frm_ctrl));
+	if (pkt->link_type == LINKTYPE_IEEE802_11_RADIOTAP) {
+		struct ieee80211_radiotap_header *rtap;
+
+		rtap = (struct ieee80211_radiotap_header *)pkt_pull(pkt,
+				sizeof(*rtap));
+
+		pkt_pull(pkt, le16_to_cpu(rtap->len) - sizeof(*rtap));
+	}
+
+	frm_ctrl = (struct ieee80211_frm_ctrl *)pkt_pull(pkt, sizeof(*frm_ctrl));
 	if (frm_ctrl == NULL)
 		return;