Improved Radiotap support and a test.

Radiotap support should be fully functional now with Radiotap packets that include IPv4 and IPv6. Other radiotap packets are silently ignored. This includes a test which has 802.11 headers both with and without QoS data.
2025-10-10 02:28:21 +00:00 · 2016-01-19 04:10:44 -05:00 · 2016-01-19 04:10:44 -05:00 · 88f2a066ce
commit 88f2a066ce
parent 7d5acfd8c8
4 changed files with 74 additions and 16 deletions
--- a/src/iosource/Packet.cc
+++ b/src/iosource/Packet.cc
@ -256,21 +256,68 @@ void Packet::ProcessLayer2()

 	case DLT_IEEE802_11_RADIO:
 		{
-		//if ( ! (pdata[73] == 0 && pdata[74] == 0 && pdata[75] == 0) )
-		//	{
-		//	Weird("unknown_radiotap_packet");
-		//	return;
-		//	}
+		if ( pdata + 3 >= end_of_data )
+			{
+			Weird("truncated_radiotap_header");
+			return;
+			}
+		// Skip over the RadioTap header
+		int rtheader_len = (pdata[3] << 8) + pdata[2];
+		if ( pdata + rtheader_len >= end_of_data )
+			{
+			Weird("truncated_radiotap_header");
+			return;
+			}
+		pdata += rtheader_len;

-		// Skip over the RadioTap header, the IEEE QoS header,
-		// and logical link control header.
-		//printf("link header size: %d\n", GetLinkHeaderSize(link_type));
-		// skip Radio Tap header.
-		pdata += (pdata[3] << 8) + pdata[2];
-		// skip QoS data header
-		pdata += 26;
+		if ( pdata + 1 >= end_of_data )
+			{
+			Weird("truncated_radiotap_header");
+			return;
+			}
+		int type_80211 = pdata[0];
+		int len_80211 = 0;
+		if ( (type_80211 >> 4) & 0x04 ) 
+			{
+			//identified a null frame (we ignore for now).  no weird.
+			return;
+			}
+		// Look for the QoS indicator bit.
+		if ( (type_80211 >> 4) & 0x08 )
+			len_80211 = 26;
+		else
+			len_80211 = 24;

-		int protocol = (pdata[6] << 8) + pdata[7];
+		if ( pdata + len_80211 >= end_of_data )
+			{
+			Weird("truncated_radiotap_header");
+			return;
+			}
+		// skip 802.11 data header
+		pdata += len_80211;
+
+		if ( pdata + 8 >= end_of_data )
+			{
+			Weird("truncated_radiotap_header");
+			return;
+			}
+		// Check that the DSAP, SSAP are both SNAP and that the control 
+		// field indicates that this is an unnumbered frame.
+		// The organization code (24bits) needs to also be zero to 
+		// indicate that this is encapsulated ethernet.
+		if ( pdata[0] == 0xAA && pdata[1] == 0xAA && pdata[2] == 0x03 &&
+		     pdata[3] == 0 && pdata[4] == 0 && pdata[5] == 0 )
+			{
+			pdata += 6;
+			}
+		else
+			{
+			// If this is a logical link control frame without the 
+			// possibility of having a protocol we care about, we'll
+			// just skip it for now.
+			return;
+			}
+		int protocol = (pdata[0] << 8) + pdata[1];
 		if ( protocol == 0x0800 )
 			l3_proto = L3_IPV4;
 		else if ( protocol == 0x86DD )
@ -280,9 +327,7 @@ void Packet::ProcessLayer2()
 			Weird("non_ip_packet_in_ieee802_11_radio_encapsulation");
 			return;
 			}
-
-		// skip logical link control header
-		pdata += 8;
+		pdata += 2;

 		break;
 		}