On Apr 27, 2013 11:59 PM, "Guy Harris" <g...@alum.mit.edu> wrote: > > > On Apr 27, 2013, at 3:26 PM, Luis Correia <lfpcorr...@gmail.com> wrote: > > > Im getting DLT_IEEE802_11_RADIO. Is this ok? > > Yes. That means you have a Radiotap header. > > > About the rssi values I managed to get them by teaching myself little endian vs big endian and redefining my struct's fields. > > > > I'm now getting correct rssi values almost every time. (Negative, distance coherent..) > > Note that, as I said, unless you're running on OpenBSD, what you're getting is either "RF signal power at the antenna" as "a single signed 8-bit value, which indicates the RF signal power at the antenna, in decibels difference from 1mW": > > http://www.radiotap.org/defined-fields/Antenna%20signal > > or "RF signal power at the antenna, decibel difference from an arbitrary, fixed reference" as "a single unsigned 8-bit value": > > http://www.radiotap.org/defined-fields/dB%20antenna%20signal > > Note also that parsing radiotap headers should not be done by assuming the radiotap header is a fixed-format structure; all values in a radiotap header are optional, so you should scan through the "presence bits" looking for one of the two "antenna signal" values and, *depending on which one you find*, treating it as "signed dB from 1mW" or "unsigned dB from some unspecified reference point".
Hi guy. Indeed I've seen a radiotap_iterator function in radiotap headers. But the function "logic" was a little heavy for a 400mhz MIPS CPU. No? >From what I have read the parse packet function should be as fast as possible.. what's your opinion on that? Do you think I should copy each packet for latter processing or do I have "room" for in-flight processing? Can't I just bit test the it_present field for one of the two rssi readings and access the struct field? > > > However sometimes I see packets with positive values!! > > If it's dBm (decibels from 1 mW) the value is signed, which could be positive (meaning "stronger than 1mW"). If it's dB from an arbitrary fixed reference point, the value is unsigned, which is *always* positive. > > > PS: If I'm not mistaken aren't you the guy that wrote libpcap?! > > You're mistaken. It was written by Steve McCanne and Van Jacobson: > > http://sharkfest.wireshark.org/sharkfest.11/presentations/McCanne-Sharkfest'11_Keynote_Address.pdf > > I've been a significant contributor, but that's just building upon a strong base they created. None the less congrats ;) _______________________________________________ tcpdump-workers mailing list tcpdump-workers@lists.tcpdump.org https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
