tcpdump mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Patches for wlan filtering

From: "Gianluca Varenni" <gianluca.varenni () cacetech com>
Date: Thu, 14 Jun 2007 14:32:02 -0700
The attachment got somewhat dropped.

You can find it here

http://www.winpcap.org/gianluca/wlan_filtering.patch

GV
----- Original Message ----- From: "Gianluca Varenni" <gianluca.varenni () cacetech com> 
To: <tcpdump-workers () lists tcpdump org>
Sent: Thursday, June 14, 2007 2:19 PM
Subject: [tcpdump-workers] Patches for wlan filtering



Guys,
the attached patch fixes some of the problems in the current wlan code generation of pcap_compile. 
In particular it should fix these problems:
1. the 802.11 header size of a data frame has not a fixed size. When the QoS bit is set in the subtype field (QoS DATA frame), the header is two bytes longer. You can clearly see this on 802.11n APs, that usually use QoS DATA frames. The code does not take into consideration 
  * 802.11n frames containing the HT control field
  * frames in a WDS (wireless bridges)
2. The optimizer generates buggy code when compiling filters in the form "wlan dst ...." or similar. The optimizer gets disabled in these cases. 3. Added some code that verifies that a packet is a data frame when accessing the LLC and above protocol fields.
Modifications related to 1. and 3. generate code that is not compatible with the optimizer, as gen_load_ll_XXX() generate slist*'s of instructions (where I added the code to verify if a packet is a data/QoS data frame), and not block* chunks. So optimization gets disabled.
I'm planning to commit them on the libpcap CVS as disabled patches, and also planning to enable them for the win32 build (winpcap) in the next version that is probably due within some weeks.
Any comment/test is more than welcome. Please apply the patch with "patch -p0 gencode.c < wlan_filtering.patch". The patch should work on both HEAD and the libpcap_0_9 branch (I developed it on the libpcap_0_9 branch). 

Have a nice day
GV




-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe. 

-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.
Previous By Date Next
Previous By Thread Next

Current thread: