Re: Missing packet fields in big endian with ath9k

[Luís Correia <lfpcorreia () gmail com>]

On Apr 27, 2013 11:59 PM, "Guy Harris" <guy () alum mit edu> wrote:
> On Apr 27, 2013, at 3:26 PM, Luis Correia <lfpcorreia () gmail com> wrote:
>
> > Im getting DLT_IEEE802_11_RADIO. Is this ok?
>
> Yes.  That means you have a Radiotap header.
>
> > About the rssi values I managed to get them by teaching myself little
endian vs big endian and redefining my struct's  fields.
> > I'm now getting correct rssi values almost every time. (Negative,
distance coherent..)
> Note that, as I said, unless you're running on OpenBSD, what you're
getting is either "RF signal power at the antenna" as "a single signed
8-bit value, which indicates the RF signal power at the antenna, in
decibels difference from 1mW":
>         http://www.radiotap.org/defined-fields/Antenna%20signal
>
> or "RF signal power at the antenna, decibel difference from an arbitrary,
fixed reference" as "a single unsigned 8-bit value":
>         http://www.radiotap.org/defined-fields/dB%20antenna%20signal
>
> Note also that parsing radiotap headers should not be done by assuming
the radiotap header is a fixed-format structure; all values in a radiotap
header are optional, so you should scan through the "presence bits" looking
for one of the two "antenna signal" values and, *depending on which one you
find*, treating it as "signed dB from 1mW" or "unsigned dB from some
unspecified reference point".

Hi guy.

Indeed I've seen a radiotap_iterator function in radiotap headers. But the
function "logic" was a little heavy for a 400mhz MIPS CPU. No?

> From what I have read the parse packet function should be as fast as
possible.. what's your opinion on that?  Do you think I should copy each
packet for latter processing or do I have "room" for in-flight processing?

Can't I just bit test the it_present field for one of the two rssi readings
and access the struct field?

> > However sometimes I see packets with positive values!!
>
> If it's dBm (decibels from 1 mW) the value is signed, which could be
positive (meaning "stronger than 1mW").  If it's dB from an arbitrary fixed
reference point, the value is unsigned, which is *always* positive.
> > PS: If I'm not mistaken aren't you the guy that wrote libpcap?!
>
> You're mistaken.  It was written by Steve McCanne and Van Jacobson:
http://sharkfest.wireshark.org/sharkfest.11/presentations/McCanne-Sharkfest'11_Keynote_Address.pdf
> I've been a significant contributor, but that's just building upon a
strong base they created.

None the less congrats ;)
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers () lists tcpdump org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers