Ethereal-dev: [Ethereal-dev] [PATCH] New dissector, yet another 802.11 sniff header

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Solomon Peachy <solomon@xxxxxxxxxxxxxx>
Date: Fri, 1 Nov 2002 17:34:42 -0500
Seems that everyone and their cousin is kluding themselves together a
sniff header.  So I'll go for two! 

Once upon a time, the linux-wlan-ng driver had this "monitor mode' which
included a special "sniff header".  That's in ethereal as packet-prism.c.
As time went on, more people started using this header.  And it's
relatively well used now.

Unfortunately, it's rather inefficient, and time and needs move on, so
here's our second attempt at a sniff header.  It has more relevant data,
applies to 802.11a/b/g, and is more compact.

For a full writeup of the format, see:

http://www.shaftnet.org/~pizza/software/capturefrm.txt

"The original header format for 'monitor mode' or capturing frames was a
 considerable hack.  This document covers a redesign of that format."

This file will be in the next release of the linux-wlan-ng driver, as
well as support for this capture type.  

The plan is to have another DLT/ARP type for this format, but it's not
strictly necessary -- the existing DLT_PRISM format has a
"msgcode/msglen" pair, and the new format keeps these fields and reworks
the rest.    Once a new DLT/ARP type is created, I'll submit another
patch..

packet-prism.c has been modified to recognise the different msgcode, and
pass it off to the packet-wlancap dissector.

There are a couple of unimplemented bits in the dissector (marked with
XXX), but nothing crucial at the moment -- I'll be sumbitting more
patches to enhance the dissector as time goes on, but I'd like to get
this into ethereal sooner rather than later.  :)

Incidentally, proto_tree_add_uint doesn't handle uint64, nor is there a
tvb_get_ntouint64 equivalent.    Instead I had to kludge around this
with a fancy sprintf.

Also included is a slight asthetic patch to packet-ieee80211.c that
changes the register_wlan to register_ieee80211 to keep it consistent
with the filename.

 - Pizza
-- 
Solomon Peachy                        solomon@xxxxxxxxxxxxxx
AbsoluteValue Systems                 http://www.linux-wlan.com
715-D North Drive                     +1 (321) 259-0737  (office)
Melbourne, FL 32934                   +1 (321) 259-0286  (fax)

diff --new-file -aur --exclude CVS ethereal/Makefile.am ethereal-dev/Makefile.am
--- ethereal/Makefile.am	Fri Nov  1 00:29:34 2002
+++ ethereal-dev/Makefile.am	Fri Nov  1 15:59:24 2002
@@ -362,6 +362,7 @@
 	packet-wccp.c \
 	packet-wcp.c \
 	packet-who.c  \
+	packet-wlancap.c \
 	packet-wsp.c \
 	packet-wtls.c \
 	packet-wtp.c \

diff --new-file -aur --exclude CVS ethereal/packet-ieee80211.c ethereal-dev/packet-ieee80211.c
--- ethereal/packet-ieee80211.c	Thu Oct 31 15:46:00 2002
+++ ethereal-dev/packet-ieee80211.c	Fri Nov  1 15:59:24 2002
@@ -1873,7 +1873,7 @@
 }
 
 void
-proto_register_wlan (void)
+proto_register_ieee80211 (void)
 {
   static const value_string frame_type[] = {
     {MGT_FRAME,     "Management frame"},
@@ -2370,7 +2370,7 @@
 }
 
 void
-proto_reg_handoff_wlan(void)
+proto_reg_handoff_ieee80211(void)
 {
   dissector_handle_t ieee80211_handle;
   dissector_handle_t ieee80211_radio_handle;
diff --new-file -aur --exclude CVS ethereal/packet-prism.c ethereal-dev/packet-prism.c
--- ethereal/packet-prism.c	Wed Aug 28 17:00:25 2002
+++ ethereal-dev/packet-prism.c	Thu Oct 24 11:31:08 2002
@@ -41,6 +41,7 @@
 #include <epan/packet.h>
 #include "packet-ieee80211.h"
 #include "packet-prism.h"
+#include "packet-wlancap.h"
 
 /* protocol */
 static int proto_prism = -1;
@@ -84,14 +85,35 @@
 void
 capture_prism(const guchar *pd, int offset, int len, packet_counts *ld)
 {
-    if(!BYTES_ARE_IN_FRAME(offset, len, (int)sizeof(struct prism_hdr))) {
-        ld->other ++;
+    guint32 cookie = 0;
+    guint32 length = 0;
+    if (!BYTES_ARE_IN_FRAME(offset, len, sizeof(guint32) *2 )) {
+        ld->other++;
         return;
     }
-    offset += sizeof(struct prism_hdr);
+
+    cookie = pntohl(pd);
+    length = pntohl(pd+sizeof(guint32));
+
+    /* Handle the new type of capture format */
+    if (cookie == WLANCAP_MAGIC_COOKIE_V1) {
+      if(!BYTES_ARE_IN_FRAME(offset, len, length)) {
+        ld->other++;
+        return;
+      }
+      offset += length;
+    } else {
+      /* We have an old capture format */
+      if(!BYTES_ARE_IN_FRAME(offset, len, (int)sizeof(struct prism_hdr))) {
+        ld->other++;
+        return;
+      }
+      offset += sizeof(struct prism_hdr);
+    }
 
     /* 802.11 header follows */
     capture_ieee80211(pd, offset, len, ld);
+
 }
 
 /*
@@ -119,15 +141,23 @@
     proto_item *ti;
     tvbuff_t *next_tvb;
     int offset;
+    guint32 msgcode;
+
+    offset = 0;
+
+    /* handle the new capture type. */
+    msgcode = tvb_get_ntohl(tvb, offset);
+    if (msgcode == WLANCAP_MAGIC_COOKIE_V1) {
+        return dissect_wlancap(tvb, pinfo, tree);
+    }
+      
+    tvb_memcpy(tvb, (guint8 *)&hdr, offset, sizeof(hdr));
 
     if(check_col(pinfo->cinfo, COL_PROTOCOL))
         col_set_str(pinfo->cinfo, COL_PROTOCOL, "Prism");
     if(check_col(pinfo->cinfo, COL_INFO))
         col_clear(pinfo->cinfo, COL_INFO);
 
-    offset = 0;
-    tvb_memcpy(tvb, (guint8 *)&hdr, offset, sizeof hdr);
-
     if(check_col(pinfo->cinfo, COL_INFO))
         col_add_fstr(pinfo->cinfo, COL_INFO, "Device: %.16s  "
                      "Message 0x%x, Length %d", hdr.devname,
diff --new-file -aur --exclude CVS ethereal/packet-wlancap.c ethereal-dev/packet-wlancap.c
--- ethereal/packet-wlancap.c	Wed Dec 31 19:00:00 1969
+++ ethereal-dev/packet-wlancap.c	Fri Nov  1 16:44:53 2002
@@ -0,0 +1,309 @@
+/*
+ *  packet-wlan.c
+ *	Decode packets with a AVS-WLAN header
+ *
+ *  AVS linux-wlan-based products use a new sniff header to replace the 
+ *  old prism2-specific one dissected in packet-prism2.c.  This one has
+ *  additional fields, is designed to be non-hardware-specific, and more 
+ *  importantly, version and length fields so it can be extended later 
+ *  without breaking anything.
+ * 
+ * By Solomon Peachy
+ *
+ * $Id: packet-prism.c,v 1.8 2002/08/28 21:00:25 jmayer Exp $
+ *
+ * Ethereal - Network traffic analyzer
+ * By Gerald Combs <gerald@xxxxxxxxxxxx>
+ * Copyright 1998 Gerald Combs
+ *
+ * Copied from README.developer
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ */
+
+#ifdef HAVE_CONFIG_H
+# include "config.h"
+#endif
+
+#include <glib.h>
+#include <string.h>
+
+#include <epan/packet.h>
+#include "packet-ieee80211.h"
+#include "packet-wlancap.h"
+
+#define SHORT_STR 256
+
+/* protocol */
+static int proto_wlancap = -1;
+
+/* header attached during wlan monitor mode */
+struct wlan_header_v1 {
+  guint32 version;
+  guint32 length;
+  guint64 mactime;
+  guint64 hosttime;
+  guint32 phytype;
+  guint32 channel;
+  guint32 datarate;
+  guint32 antenna;
+  guint32 priority;
+  guint32 ssi_type;
+  gint32 ssi_signal;
+  gint32 ssi_noise;
+  gint32 preamble;
+  gint32 encoding;
+};
+
+static int hf_wlan_version = -1;
+static int hf_wlan_length = -1;
+static int hf_wlan_mactime = -1;
+static int hf_wlan_hosttime = -1;
+static int hf_wlan_phytype = -1;
+static int hf_wlan_channel = -1;
+static int hf_wlan_datarate = -1;
+static int hf_wlan_antenna = -1;
+static int hf_wlan_priority = -1;
+static int hf_wlan_ssi_type = -1;
+static int hf_wlan_ssi_signal = -1;
+static int hf_wlan_ssi_noise = -1;
+static int hf_wlan_preamble = -1;
+static int hf_wlan_encoding = -1;
+
+static gint ett_wlan = -1;
+
+static dissector_handle_t ieee80211_handle;
+
+void
+capture_wlancap(const guchar *pd, int offset, int len, packet_counts *ld)
+{
+    /* XXX eventually add in a version test. */
+    if(!BYTES_ARE_IN_FRAME(offset, len, (int)sizeof(struct wlan_header_v1))) {
+        ld->other ++;
+        return;
+    }
+    offset += sizeof(struct wlan_header_v1);
+
+    /* 802.11 header follows */
+    capture_ieee80211(pd, offset, len, ld);
+}
+
+void
+proto_register_wlancap(void)
+{
+
+  static const value_string phy_type[] = {
+    { 0, "Unknown" },
+    { 1, "FHSS 802.11 '97" },
+    { 2, "DSSS 802.11 '97" }, 
+    { 3, "IR Baseband" },
+    { 4, "DSSS 802.11b" },
+    { 5, "PBCC 802.11b" }, 
+    { 6, "OFDM 802.11g" },
+    { 7, "PBCC 802.11g" },
+    { 8, "OFDM 802.11a" },
+  };
+
+  static const value_string encoding_type[] = {
+    { 0, "Unknown" },
+    { 1, "CCK" },
+    { 2, "PBCC" },
+    { 3, "OFDM" },
+  };
+
+  static const value_string ssi_type[] = {
+    { 0, "None" },
+    { 1, "Normalized RSSI" },
+    { 2, "dBm" },
+    { 3, "Raw RSSI" },
+  };
+
+  static const value_string preamble_type[] = {
+    { 0, "Unknown" },
+    { 1, "Short" },
+    { 2, "Long" },
+  };
+
+  static hf_register_info hf[] = {
+    { &hf_wlan_version, { "Header revision", "wlancap.version", FT_UINT32, 
+			  BASE_DEC, NULL, 0x0, "", HFILL } },
+    { &hf_wlan_length, { "Header length", "wlancap.length", FT_UINT32, 
+			 BASE_DEC, NULL, 0x0, "", HFILL } },
+    { &hf_wlan_mactime, { "MAC timestamp", "wlancap.mactime", FT_STRING, 
+			  BASE_NONE, NULL, 0x0, "", HFILL } },
+    { &hf_wlan_hosttime, { "Host timestamp", "wlancap.hosttime", FT_STRING, 
+			   BASE_NONE, NULL, 0x0, "", HFILL } },
+    { &hf_wlan_phytype, { "PHY type", "wlancap.phytype", FT_UINT32, BASE_DEC,
+			  VALS(phy_type), 0x0, "", HFILL } },
+    { &hf_wlan_channel, { "Channel", "wlancap.channel", FT_UINT32, BASE_DEC,
+			  NULL, 0x0, "", HFILL } },
+    { &hf_wlan_datarate, { "Data rate", "wlancap.datarate", FT_UINT32, 
+			   BASE_DEC, NULL, 0x0, "", HFILL } },
+    { &hf_wlan_antenna, { "Antenna", "wlancap.antenna", FT_UINT32, BASE_DEC,
+			  NULL, 0x0, "", HFILL } },
+    { &hf_wlan_priority, { "Priority", "wlancap.priority", FT_UINT32, BASE_DEC,
+			   NULL, 0x0, "", HFILL } },
+    { &hf_wlan_ssi_type, { "SSI Type", "wlancap.ssi_type", FT_UINT32, BASE_DEC,
+			   VALS(ssi_type), 0x0, "", HFILL } },
+    { &hf_wlan_ssi_signal, { "SSI Signal", "wlancap.ssi_signal", FT_UINT32, 
+			     BASE_DEC, NULL, 0x0, "", HFILL } },
+    { &hf_wlan_ssi_noise, { "SSI Noise", "wlancap.ssi_noise", FT_INT32, 
+			    BASE_DEC, NULL, 0x0, "", HFILL } },
+    { &hf_wlan_preamble, { "Preamble", "wlancap.preamble", FT_UINT32, 
+			   BASE_DEC, VALS(preamble_type), 0x0, "", HFILL } },
+    { &hf_wlan_encoding, { "Encoding Type", "wlancap.encoding", FT_UINT32, 
+			   BASE_DEC, VALS(encoding_type), 0x0, "", HFILL } },
+  };
+  static gint *ett[] = {
+    &ett_wlan
+  };
+
+  proto_wlancap = proto_register_protocol("WLANCAP", "WLANCAP", "WLANCAP");
+  proto_register_field_array(proto_wlancap, hf, array_length(hf));
+  proto_register_subtree_array(ett, array_length(ett));
+
+}
+
+void
+dissect_wlancap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
+{
+    const guint8 *dataptr;
+    char out_buff[SHORT_STR];
+    char out_buff2[SHORT_STR];
+    proto_tree *wlan_tree;
+    proto_item *ti;
+    tvbuff_t *next_tvb;
+    int offset;
+    guint32 version;
+    guint32 length;
+
+    if(check_col(pinfo->cinfo, COL_PROTOCOL))
+        col_set_str(pinfo->cinfo, COL_PROTOCOL, "WLAN");
+    if(check_col(pinfo->cinfo, COL_INFO))
+        col_clear(pinfo->cinfo, COL_INFO);
+    offset = 0;
+
+    version = tvb_get_ntohl(tvb, offset) - WLANCAP_MAGIC_COOKIE_BASE;
+    length = tvb_get_ntohl(tvb, offset+sizeof(guint32));
+
+    if(check_col(pinfo->cinfo, COL_INFO))
+        col_add_fstr(pinfo->cinfo, COL_INFO, "AVS WLAN Capture v%x, Length %d",version, length);
+
+    /* Dissect the packet */
+    if (tree) {
+      ti = proto_tree_add_protocol_format(tree, proto_wlancap,
+            tvb, 0, length, "AVS WLAN Monitoring Header");
+      wlan_tree = proto_item_add_subtree(ti, ett_wlan);
+      proto_tree_add_uint(wlan_tree, hf_wlan_version, tvb, offset,
+			  4, tvb_get_ntohl(tvb, offset) - WLANCAP_MAGIC_COOKIE_BASE);
+      offset+=4;
+      proto_tree_add_uint(wlan_tree, hf_wlan_length, tvb, offset,
+			  4, tvb_get_ntohl(tvb, offset));
+      offset+=4;
+#if 1
+      dataptr = tvb_get_ptr (tvb, offset, 8);
+      memset (out_buff, 0, SHORT_STR);
+      snprintf (out_buff, SHORT_STR, "0x%02X%02X%02X%02X%02X%02X%02X%02X",
+		dataptr[7],
+		dataptr[6],
+		dataptr[5],
+		dataptr[4],
+		dataptr[3],
+		dataptr[2],
+		dataptr[1],
+		dataptr[0]);
+      proto_tree_add_string(wlan_tree, hf_wlan_mactime, tvb, offset,
+			    8, out_buff);
+      offset+=8;
+      dataptr = tvb_get_ptr (tvb, offset, 8);
+      memset (out_buff2, 0, SHORT_STR);
+      snprintf (out_buff2, SHORT_STR, "0x%02X%02X%02X%02X%02X%02X%02X%02X",
+		dataptr[7],
+		dataptr[6],
+		dataptr[5],
+		dataptr[4],
+		dataptr[3],
+		dataptr[2],
+		dataptr[1],
+		dataptr[0]);
+      proto_tree_add_string(wlan_tree, hf_wlan_hosttime, tvb, offset,
+			    8, out_buff2);
+      offset+=8;
+#else
+      proto_tree_add_uint(wlan_tree, hf_wlan_mactime, tvb, offset,
+			  8, tvb_get_ntohl(tvb, offset));
+      offset+=8;
+      proto_tree_add_uint(wlan_tree, hf_wlan_hosttime, tvb, offset,
+			  8, tvb_get_ntohl(tvb, offset));
+      offset+=8;
+#endif
+      proto_tree_add_uint(wlan_tree, hf_wlan_phytype, tvb, offset,
+			  4, tvb_get_ntohl(tvb, offset));
+      offset+=4;
+      /* XXX cook channel (fh uses different numbers) */
+      proto_tree_add_uint(wlan_tree, hf_wlan_channel, tvb, offset,
+			  4, tvb_get_ntohl(tvb, offset));
+      offset+=4;
+
+      proto_tree_add_uint_format(wlan_tree, hf_wlan_datarate, tvb, offset, 
+				 4, tvb_get_ntohl(tvb, offset) * 100, 
+				 "Datarate: %d kbps", 
+				 tvb_get_ntohl(tvb, offset) * 100);
+      offset+=4;
+      proto_tree_add_uint(wlan_tree, hf_wlan_antenna, tvb, offset,
+			  4, tvb_get_ntohl(tvb, offset));
+      offset+=4;
+      proto_tree_add_uint(wlan_tree, hf_wlan_priority, tvb, offset,
+			  4, tvb_get_ntohl(tvb, offset));
+      offset+=4;
+      proto_tree_add_uint(wlan_tree, hf_wlan_ssi_type, tvb, offset,
+			  4, tvb_get_ntohl(tvb, offset));
+      offset+=4;
+      /* XXX cook ssi_signal (Based on type; ie format) */
+      proto_tree_add_uint(wlan_tree, hf_wlan_ssi_signal, tvb, offset,
+			  4, tvb_get_ntohl(tvb, offset));
+      offset+=4;
+      /* XXX cook ssi_noise (Based on type; ie format) */
+      proto_tree_add_int(wlan_tree, hf_wlan_ssi_noise, tvb, offset,
+			  4, tvb_get_ntohl(tvb, offset));
+      offset+=4;
+      proto_tree_add_uint(wlan_tree, hf_wlan_preamble, tvb, offset,
+			  4, tvb_get_ntohl(tvb, offset));
+      offset+=4;
+      proto_tree_add_uint(wlan_tree, hf_wlan_encoding, tvb, offset,
+			  4, tvb_get_ntohl(tvb, offset));
+      offset+=4;
+    }
+
+    if (offset == 0)
+      offset = length;
+
+    /* dissect the 802.11 header next */
+    next_tvb = tvb_new_subset(tvb, offset, -1, -1);
+    call_dissector(ieee80211_handle, next_tvb, pinfo, tree);
+}
+
+void
+proto_reg_handoff_wlancap(void)
+{
+    dissector_handle_t wlancap_handle;
+
+    /* handle for 802.11 dissector */
+    ieee80211_handle = find_dissector("wlan");
+
+    wlancap_handle = create_dissector_handle(dissect_wlancap, proto_wlancap);
+
+    dissector_add("wtap_encap", WTAP_ENCAP_WLAN_HEADER, wlancap_handle);
+}
diff --new-file -aur --exclude CVS ethereal/packet-wlancap.h ethereal-dev/packet-wlancap.h
--- ethereal/packet-wlancap.h	Wed Dec 31 19:00:00 1969
+++ ethereal-dev/packet-wlancap.h	Thu Oct 24 11:37:28 2002
@@ -0,0 +1,34 @@
+/*
+ * packet-wlan.h
+ *	Declarations for packet-wlan.c
+ *
+ * $Id: packet-prism.h,v 1.3 2002/08/28 21:00:25 jmayer Exp $
+ *
+ * Ethereal - Network traffic analyzer
+ * By Gerald Combs <gerald@xxxxxxxxxxxx>
+ * Copyright 1998 Gerald Combs
+ *
+ * Copied from README.developer
+ *
+ * This program is free software; you can redistribute it and/or
+ * modify it under the terms of the GNU General Public License
+ * as published by the Free Software Foundation; either version 2
+ * of the License, or (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+ */
+
+void capture_wlancap(const guchar *pd, int offset, int len, packet_counts *ld);
+void proto_register_wlancap(void);
+void proto_reg_handoff_wlancap(void);
+void dissect_wlancap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree);
+
+#define WLANCAP_MAGIC_COOKIE_BASE 0x80211000
+#define WLANCAP_MAGIC_COOKIE_V1 0x80211001

Attachment: pgpLLrPcTPRU_.pgp
Description: PGP signature