From 47a7037955bfa7405a0a676f214c26d136b8ca9a Mon Sep 17 00:00:00 2001 From: Vadim Kochan Date: Fri, 10 Apr 2015 11:43:57 +0300 Subject: netsniff-ng: Consider radiotap header of monitor dev netsniff-ng does not check if monitor device includes radiotap header which leads to the wrong 802.11 frame parsing. Tested if the .pcap file is understandable by wireshark and if dump info is basically correct, but did not test the case when xmit packets from .pcap file to the output device and from the input device to the output device. Signed-off-by: Vadim Kochan [tklauser: whitespace changes] Signed-off-by: Tobias Klauser --- proto_80211_mac_hdr.c | 20 ++++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) (limited to 'proto_80211_mac_hdr.c') diff --git a/proto_80211_mac_hdr.c b/proto_80211_mac_hdr.c index 0be749f..9bd6ee1 100644 --- a/proto_80211_mac_hdr.c +++ b/proto_80211_mac_hdr.c @@ -22,6 +22,7 @@ #include "built_in.h" #include "pkt_buff.h" #include "oui.h" +#include "linktype.h" #define TU 0.001024 @@ -772,6 +773,13 @@ struct element_vend_spec { u8 specific[0]; } __packed; +struct ieee80211_radiotap_header { + u8 version; /* set to 0 */ + u8 pad; + u16 len; /* entire length */ + u32 present; /* fields present */ +} __packed; + static int8_t len_neq_error(u8 len, u8 intended) { if(intended != len) { @@ -3141,8 +3149,16 @@ static void ieee80211(struct pkt_buff *pkt) const char *subtype = NULL; struct ieee80211_frm_ctrl *frm_ctrl; - frm_ctrl = (struct ieee80211_frm_ctrl *) - pkt_pull(pkt, sizeof(*frm_ctrl)); + if (pkt->link_type == LINKTYPE_IEEE802_11_RADIOTAP) { + struct ieee80211_radiotap_header *rtap; + + rtap = (struct ieee80211_radiotap_header *)pkt_pull(pkt, + sizeof(*rtap)); + + pkt_pull(pkt, le16_to_cpu(rtap->len) - sizeof(*rtap)); + } + + frm_ctrl = (struct ieee80211_frm_ctrl *)pkt_pull(pkt, sizeof(*frm_ctrl)); if (frm_ctrl == NULL) return; -- cgit v1.2.3-54-g00ecf