Merge branch 'topic/jgras/mac-logging' of https://github.com/J-Gras/bro

Thanks! I've tweaked this a bit further, have a look. BIT-1613 #merged
2025-10-03 07:08:19 +00:00 · 2016-06-06 15:55:25 -07:00 · 2016-06-06 15:55:25 -07:00 · d59bb2e9d1
commit d59bb2e9d1
parent 44b3ece440 50cf694aae
22 changed files with 1828 additions and 452 deletions
--- a/src/iosource/Packet.cc
+++ b/src/iosource/Packet.cc
@ -44,8 +44,8 @@ void Packet::Init(int arg_link_type, struct timeval *arg_ts, uint32 arg_caplen,
 	eth_type = 0;
 	vlan = 0;
 	inner_vlan = 0;
-	bzero(eth_src, sizeof(eth_src));
-	bzero(eth_dst, sizeof(eth_dst));
+	l2_src = 0;
+	l2_dst = 0;

 	l2_valid = false;

@ -140,8 +140,8 @@ void Packet::ProcessLayer2()
 		int protocol = (pdata[12] << 8) + pdata[13];

 		eth_type = protocol;
-		memcpy(eth_dst, pdata, 6);
-		memcpy(eth_src, pdata + 6, 6);
+		l2_dst = pdata;
+		l2_src = pdata + 6;

 		pdata += GetLinkHeaderSize(link_type);

@ -276,14 +276,17 @@ void Packet::ProcessLayer2()
 			}
 		pdata += rtheader_len;

+		u_char len_80211 = 0;
 		int type_80211 = pdata[0];
-		int len_80211 = 0;
+
 		if ( (type_80211 >> 4) & 0x04 )
 			{
 			//identified a null frame (we ignore for now).  no weird.
 			return;
 			}
+
 		// Look for the QoS indicator bit.
+
 		if ( (type_80211 >> 4) & 0x08 )
 			len_80211 = 26;
 		else
@ -294,6 +297,35 @@ void Packet::ProcessLayer2()
 			Weird("truncated_radiotap_header");
 			return;
 			}
+
+		// Look for data frames
+		if ( type_80211 & 0x08 )
+			{
+			// Determine link-layer addresses based
+			// on 'To DS' and 'From DS' flags
+			switch ( pdata[1] & 0x03 ) {
+				case 0x00:
+					l2_dst = pdata + 4;
+					l2_src = pdata + 10;
+					break;
+
+				case 0x01:
+					l2_dst = pdata + 16;
+					l2_src = pdata + 10;
+					break;
+
+				case 0x02:
+					l2_dst = pdata + 4;
+					l2_src = pdata + 16;
+					break;
+
+				case 0x03:
+					l2_dst = pdata + 16;
+					l2_src = pdata + 24;
+					break;
+			}
+			}
+
 		// skip 802.11 data header
 		pdata += len_80211;