Re: [tcpdump-workers] Patches for wlan filtering

Mon, 05 Nov 2007 14:49:46 -0800

----- Original Message ----- From: "Guy Harris" <[EMAIL PROTECTED]> 
To: <[email protected]>
Sent: Monday, November 05, 2007 2:03 PM
Subject: Re: [tcpdump-workers] Patches for wlan filtering



Guy Harris wrote:


On Oct 30, 2007, at 3:42 AM, Guy Harris wrote:
I won't be able to fix that tonight, but, if we delay the release a couple of days, I might be able to fix that.
Actually, a combination of a brain spasm (see the time above - that was local time...), a possible watch misconfiguration/misbehavior (and lack of a day-of-week indication on said watch), and slightly confusing display in Meeting Maker confused me into thinking today was the 31st. I might be able to fix the code tonight. 

Well, it took a bit longer, but I've checked in changes that
1) appear, at least with the regression testing I've done, don't break other link layers (after having fixed some bugs in the code without the changes);
2) appear to do the right thing for various 802.11 link-layer headers - for example, the filter tcp now generates 

(000) ldx      #0x0
(001) txa
(002) add      #24
(003) st       M[0]
(004) ldb      [x + 0]
(005) jset     #0x8             jt 6    jf 11
(006) jset     #0x4             jt 11   jf 7
(007) jset     #0x80            jt 8    jf 11
(008) ld       #0x2
(009) add      x
(010) st       M[0]
(011) ldb      [0]
(012) jset     #0x4             jt 21   jf 13
(013) ldb      [0]
(014) jset     #0x8             jt 15   jf 21
(015) ldx      M[0]
(016) ldh      [x + 6]
(017) jeq      #0x86dd          jt 18   jf 21
(018) ldx      M[0]
(019) ldb      [x + 14]
(020) jeq      #0x6             jt 31   jf 21
(021) ldb      [0]
(022) jset     #0x4             jt 32   jf 23
(023) ldb      [0]
(024) jset     #0x8             jt 25   jf 32
(025) ldx      M[0]
(026) ldh      [x + 6]
(027) jeq      #0x800           jt 28   jf 32
(028) ldx      M[0]
(029) ldb      [x + 17]
(030) jeq      #0x6             jt 31   jf 32
(031) ret      #68
(032) ret      #0



Nice!
I plan to compare this with the old version with the three possible link layers (bare 802.11, radiotap, PPI) within a couple of days (there will be a new beta of WinPcap by the end of the week). 

Thanks again for taking care of this
GV



for DLT_IEEE802_11.
-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe. 

-
This is the tcpdump-workers list.
Visit https://cod.sandelman.ca/ to unsubscribe.

Reply via email to