Radiotap header parsing
330 views
Skip to first unread message
piotr...@sens.us
Apr 16, 2013, 11:22:25 AM4/16/13
to lib...@googlegroups.com
Hi,
first of all thanks for an excellent library.
But I think I found a bug on radiotap header parsing - although according to spec it is 8 bytes long, in my capture (included sample) it is padded to 34.
I am on 64bit machine, maybe that is the reason or maybe it is something else (mac8011 padding?)
Anyway it_len field is set correctly so it can be used during parsing and calculating length of data after it.
Here is a patch for that, checked it against v0.3 because current version in git does not build for me (some make problems)
BTW. the capture file contains another one problematic packet (#157) with QoS Null function, parsing fails on it as well, not sure if it is fixed in latest due to problems stated.
Kind regards
Piotr
first of all thanks for an excellent library.
But I think I found a bug on radiotap header parsing - although according to spec it is 8 bytes long, in my capture (included sample) it is padded to 34.
I am on 64bit machine, maybe that is the reason or maybe it is something else (mac8011 padding?)
Anyway it_len field is set correctly so it can be used during parsing and calculating length of data after it.
Here is a patch for that, checked it against v0.3 because current version in git does not build for me (some make problems)
BTW. the capture file contains another one problematic packet (#157) with QoS Null function, parsing fails on it as well, not sure if it is fixed in latest due to problems stated.
Kind regards
Piotr
Matias Fontanini
Apr 16, 2013, 11:38:40 AM4/16/13
to piotr...@sens.us, lib...@googlegroups.com
Hi Piotr,
Thanks a lot for the patch! I'll be applying it in a while, and will have a look at the QoS Null function packet bug. RadioTap has not been tested enough so as to ensure every packet is parsed right. I'm going to search for more packet samples and add some test cases soon.
Thanks a lot for the patch! I'll be applying it in a while, and will have a look at the QoS Null function packet bug. RadioTap has not been tested enough so as to ensure every packet is parsed right. I'm going to search for more packet samples and add some test cases soon.
As for the make problem when using the current version of the library, found in the git repository, yes, yesterday I modified something and it seems like it's somehow broken. I'll put my hands on that later today.
Thanks again for the patch, I'll let you know when the QoS Null function packet is parsed correctly.
Cheers,
Matias
Matias
--
You received this message because you are subscribed to the Google Groups "libtins" group.
To unsubscribe from this group and stop receiving emails from it, send an email to libtins+u...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
Matias Fontanini
Apr 16, 2013, 2:15:21 PM4/16/13
to piotr...@sens.us, lib...@googlegroups.com
Hello again,
I've applied the patch, and fixed an issue that it introduced when the packet used a FCS. Moreover, it looks like the Makefile is fixed. I'd appreciate it if you could pull the repository and tried to compile the library though. Finally, the issue when parsing the QoS Null function packet is fixed. Note that that packet will contain a Dot11QoSData object.
Thanks again for your report and patch.
Matias
Piotr Haber
Apr 16, 2013, 3:35:36 PM4/16/13
to Matias Fontanini, lib...@googlegroups.com
Hi,
thanks for the fixes and sorry for extra work about the FCS,
radiotap is not the best documented format i've seen...
i did compile the library ok, will continue tomorrow
BTW. there is this other flag
0x20 : frame has padding between 802.11 header and payload (to 32-bit boundary)
but i did not see it used anywhere
Cheers.
Matias Fontanini
Apr 16, 2013, 8:35:13 PM4/16/13
to Piotr Haber, lib...@googlegroups.com
No problem, the test cases made the error easy to spot. Thanks for
compiling it, I'm glad it finally works.
I'll put my hands on those radiotap fields that are missing in the
library soon.
Cheers.
compiling it, I'm glad it finally works.
I'll put my hands on those radiotap fields that are missing in the
library soon.
Cheers.
Reply all
Reply to author
Forward
0 new messages