David Young wrote:
Radiotap is designed to be a variable-length header. When you say that gencode will handle it, you mean that it will skip based on the length field to the end of the radiotap header? If so, that sounds great!
That's the goal. There are a number of places that need to be changed, and I have to make sure that using the A and X registers to compute offsets in places that used to require only one register doesn't break any code that was expected not to touch both registers.
I think that link[M:N] filters should skip the radio header, but I think that users will want to test both radio headers and link-level headers. For example, I may want to filter based on Rx antenna, or else set a threshold Rx signal strength above (or below) which packets are filtered.
That could be done, but, given that the offsets of particular items in the radio header are variable, testing for the antenna signal strength would look something like
load 0 into X register
load flag into A register
if IEEE80211_RADIOTAP_TSFT not set, goto 1
load 8 into A register
add X register to A register
transfer A register to X register
1:
load flag into A register
if IEEE80211_RADIOTAP_CHANNEL not set, goto 2
load 4 into A register
add X register to A register
transfer A register to X register
2:
load flag into A register
if IEEE80211_RADIOTAP_FHSS not set, goto 3
load 2 into A register
add X register to A register
transfer A register to X register
3:
load flag into A register
if IEEE80211_RADIOTAP_RATE not set, goto 4
load 1 into A register
add X register to A register
transfer A register to X register
4:
load flag into A register
if IEEE80211_RADIOTAP_DBM_ANTSIGNAL not set, fail (or succeed, whichever is appropriate)
load 4[X] into A register
compare with threshold value
if A < threshold, fail (or succeed), else succeed (or fail)
-
This is the tcpdump-workers list.
Visit https://lists.sandelman.ca/ to unsubscribe.
