Merge branch 'topic/jgras/mac-logging' of https://github.com/J-Gras/bro

Thanks! I've tweaked this a bit further, have a look.

BIT-1613 #merged

src/iosource/Packet.cc

@@ -44,8 +44,8 @@ void Packet::Init(int arg_link_type, struct timeval *arg_ts, uint32 arg_caplen,
 	eth_type = 0;
 	vlan = 0;
 	inner_vlan = 0;
-	bzero(eth_src, sizeof(eth_src));
-	bzero(eth_dst, sizeof(eth_dst));
+	l2_src = 0;
+	l2_dst = 0;
 
 	l2_valid = false;
 
@@ -140,8 +140,8 @@ void Packet::ProcessLayer2()
 		int protocol = (pdata[12] << 8) + pdata[13];
 
 		eth_type = protocol;
-		memcpy(eth_dst, pdata, 6);
-		memcpy(eth_src, pdata + 6, 6);
+		l2_dst = pdata;
+		l2_src = pdata + 6;
 
 		pdata += GetLinkHeaderSize(link_type);
 
@@ -276,14 +276,17 @@ void Packet::ProcessLayer2()
 			}
 		pdata += rtheader_len;
 
+		u_char len_80211 = 0;
 		int type_80211 = pdata[0];
-		int len_80211 = 0;
+
 		if ( (type_80211 >> 4) & 0x04 )
 			{
 			//identified a null frame (we ignore for now).  no weird.
 			return;
 			}
+
 		// Look for the QoS indicator bit.
+
 		if ( (type_80211 >> 4) & 0x08 )
 			len_80211 = 26;
 		else
@@ -294,6 +297,35 @@ void Packet::ProcessLayer2()
 			Weird("truncated_radiotap_header");
 			return;
 			}
+
+		// Look for data frames
+		if ( type_80211 & 0x08 )
+			{
+			// Determine link-layer addresses based
+			// on 'To DS' and 'From DS' flags
+			switch ( pdata[1] & 0x03 ) {
+				case 0x00:
+					l2_dst = pdata + 4;
+					l2_src = pdata + 10;
+					break;
+
+				case 0x01:
+					l2_dst = pdata + 16;
+					l2_src = pdata + 10;
+					break;
+
+				case 0x02:
+					l2_dst = pdata + 4;
+					l2_src = pdata + 16;
+					break;
+
+				case 0x03:
+					l2_dst = pdata + 16;
+					l2_src = pdata + 24;
+					break;
+			}
+			}
+
 		// skip 802.11 data header
 		pdata += len_80211;
 

src/iosource/Packet.h

@@ -1,13 +1,6 @@
 #ifndef packet_h
 #define packet_h
 
-#include "bro-config.h"
-
-#include <sys/types.h>
-#ifdef HAVE_NET_ETHERNET_H
-#include <net/ethernet.h>
-#endif
-
 #include "Desc.h"
 #include "IP.h"
 #include "NetVar.h"
@@ -58,7 +51,7 @@ public:
 	Packet(int link_type, struct timeval *ts, uint32 caplen,
 	       uint32 len, const u_char *data, int copy = false,
 	       std::string tag = std::string(""))
-	           : data(0), eth_src(), eth_dst()
+	           : data(0), l2_src(0), l2_dst(0)
 	       {
 	       Init(link_type, ts, caplen, len, data, copy, tag);
 	       }
@@ -66,7 +59,7 @@ public:
 	/**
 	 * Default constructor. For internal use only.
 	 */
-	Packet() : data(0), eth_src(), eth_dst()
+	Packet() : data(0), l2_src(0), l2_dst(0)
 		{
 		struct timeval ts = {0, 0};
 		Init(0, &ts, 0, 0, 0);
@@ -154,6 +147,11 @@ public:
 	 */
 	static Packet* Unserialize(UnserialInfo* info);
 
+	/**
+	 * Maximal length of a layer 2 address.
+	 */
+	static const int l2_addr_len = 6;
+
 	// These are passed in through the constructor.
 	std::string tag;		/// Used in serialization
 	double time;			/// Timestamp reconstituted as float
@@ -184,16 +182,15 @@ public:
 	uint32 eth_type;
 
 	/**
-	 * If layer 2 is Ethernet, the source MAC address. Valid iff
-	 * Layer2Valid() returns true.
+	 * Layer 2 source address. Valid iff Layer2Valid() returns true.
 	 */
-	ether_addr eth_src[6];
+	const u_char* l2_src;
 
 	/**
-	 * If layer 2 is Ethernet, the destiantion MAC address. Valid iff
-	 * Layer2Valid() returns true.
+	 * Layer 2 destination address. Valid iff Layer2Valid() returns
+	 * true.
 	 */
-	ether_addr eth_dst[6];
+	const u_char* l2_dst;
 
 	/**
 	 * (Outermost) VLAN tag if any, else 0. Valid iff Layer2Valid()