Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-12 19:48:20 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 1

Merge branch 'p-l--topic/support-wlan-monitor'

Browse source
This commit is contained in:
Seth Hall 2018-05-15 13:32:34 -04:00
commit f2b4c16dd5
4 changed files with 25 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

16
src/iosource/Packet.cc
View file

@ -86,6 +86,9 @@ int Packet::GetLinkHeaderSize(int link_type)
case DLT_PPP_SERIAL: // PPP_SERIAL case DLT_PPP_SERIAL: // PPP_SERIAL
return 4; return 4;
case DLT_IEEE802_11: // 802.11 monitor
return 34;
case DLT_IEEE802_11_RADIO: // 802.11 plus RadioTap case DLT_IEEE802_11_RADIO: // 802.11 plus RadioTap
return 59; return 59;
@ -279,12 +282,15 @@ void Packet::ProcessLayer2()
} }
pdata += rtheader_len; pdata += rtheader_len;
}
case DLT_IEEE802_11:
{
u_char len_80211 = 24; // minimal length of data frames u_char len_80211 = 24; // minimal length of data frames
if ( pdata + len_80211 >= end_of_data ) if ( pdata + len_80211 >= end_of_data )
{ {
Weird("truncated_radiotap_header"); Weird("truncated_802_11_header");
return; return;
} }
@ -316,7 +322,7 @@ void Packet::ProcessLayer2()
if ( pdata + len_80211 >= end_of_data ) if ( pdata + len_80211 >= end_of_data )
{ {
Weird("truncated_radiotap_header"); Weird("truncated_802_11_header");
return; return;
} }
@ -349,7 +355,7 @@ void Packet::ProcessLayer2()
if ( pdata + 8 >= end_of_data ) if ( pdata + 8 >= end_of_data )
{ {
Weird("truncated_radiotap_header"); Weird("truncated_802_11_header");
return; return;
} }
// Check that the DSAP and SSAP are both SNAP and that the control // Check that the DSAP and SSAP are both SNAP and that the control
@ -374,9 +380,11 @@ void Packet::ProcessLayer2()
l3_proto = L3_IPV4; l3_proto = L3_IPV4;
else if ( protocol == 0x86DD ) else if ( protocol == 0x86DD )
l3_proto = L3_IPV6; l3_proto = L3_IPV6;
else if ( protocol == 0x0806 || protocol == 0x8035 )
l3_proto = L3_ARP;
else else
{ {
Weird("non_ip_packet_in_ieee802_11_radio_encapsulation"); Weird("non_ip_packet_in_ieee802_11");
return; return;
} }
pdata += 2; pdata += 2;

11
testing/btest/Baseline/core.wlanmon/conn.log Normal file
View file

@ -0,0 +1,11 @@
#separator \x09
#set_separator ,
#empty_field (empty)
#unset_field -
#path conn
#open 2018-05-15-16-59-00
#fields ts uid id.orig_h id.orig_p id.resp_h id.resp_p proto service duration orig_bytes resp_bytes conn_state local_orig local_resp missed_bytes history orig_pkts orig_ip_bytes resp_pkts resp_ip_bytes tunnel_parents
#types time string addr port addr port enum string interval count count string bool bool count string count count count count set[string]
1526399270.280018 CHhAvVGS1DHFjwGM9 172.17.156.76 61738 208.67.220.220 53 udp dns 0.009303 35 128 SF - - 0 Dd 1 63 1 156 -
1526399270.293114 ClEkJM2Vm5giqnMf4h fe80::a667:6ff:fef7:ec54 5353 ff02::fb 5353 udp dns - - - S0 - - 0 D 1 328 0 0 -
#close 2018-05-15-16-59-00

BIN
testing/btest/Traces/wlanmon.pcap Normal file
View file

Binary file not shown.

2
testing/btest/core/wlanmon.bro Normal file
View file

@ -0,0 +1,2 @@
# @TEST-EXEC: bro -C -r $TRACES/wlanmon.pcap
# @TEST-EXEC: btest-diff conn.log