OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Leendert van Doorn (leendertparamecium.org)
Date: Mon May 07 2001 - 20:53:29 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    # I don't know what the ioctl is supposed for, so random
    # answers...

    My ioctl's do essentially the same thing as Javier's /proc interface.
    Either interface will do.

    # No, what you want to do is to pass it in the skbuff. That's
    # the only logical way to pass this data up without getting crazy.
    # You have quite a bit of freedom with skbuffs. Basically, you
    # can prepend any data you want before the 802.3 header and hide it
    # (with skb_reserve or skb_put). This is the way I would do it.
    #
    # skbuff skb->head/skb->data
    # | |
    # V V
    # +------+--------+-------+----+-----+---
    # | PLCP | 802.11 | 802.3 | IP | TCP | ...
    # +---------------+-------+----+-----+---
    #
    # <hope everybody is using fixed fonts>

    Exactly, this is how I pass things up. The 802.3 header is actually an
    LLC header, monitor mode will give you the raw 802.11 packets.

    # After, you just need to communicate to the utility the offsets
    # in the packet. And, as you still have 802.3 headers, you don't break
    # TCP/IP or tcpdump (very important !!!).

    I modified libpcap. I didn't make it work for tcpdump (this is a tcpdump
    problem not a libpcap problem), instead I used ethereal/tethereal. It
    has support for 802.11 packet decoding.

    # By the way : I don't believe anybody need to have the RSSI
    # value of every packet. iwspy is good enough for most use. I also don't
    # think that the 802.11 header is that useful, a standard tcpdump is
    # already plenty good enough for me (when it works). Bah...

    Depends on what you want to do. I need to look at the data without being
    authenticated or knowing the WEP keys.

    # > I'm not sure if it's better to drop the packet or to signal the
    # > application about the problem.

    That's why I pass up the entire aironet specific header which has the rssi
    and plcp fields, but I agree it is nicer to come up with some driver
    independent way.

            Leendert

    _______________________________________________
    Aironet mailing list - Aironetcsl.cse.ucsc.edu
    http://csl.cse.ucsc.edu/mailman/listinfo/aironet