Ethereal-dev: Re: [Ethereal-dev] Patch enabling ethereal to dissect IEEE-802.11 (Wireless LAN)
On Tue, Nov 14, 2000 at 03:18:33PM +0100, Johan Jorgensen wrote:
> I am pleased to be able to contribute the code for the IEEE 802.11
> wireless LAN dissector on behalf of Axis Communications AB. The patch
> enables Ethereal to properly dissect and analyze all of the different
> frametypes as defined in the current version of the IEEE 802.11
> standard.
Checked in, but:
without "wtap_fileformat.[ch]" - instead, it uses libpcap format
with a "network" type of 105, which is reserved for IEEE 802.11
in the current CVS version of libpcap;
without references to "NullTVB" in the dissector - instead, the
tvbuff handed to the 802.11 dissector is used (which required
that a "tvbuff_t *" argument be added to a couple of routines);
with "ieee-802-11" rather than "IEEE 802.11" as the "short name"
for 802.11 encapsulation (the "short name" is intended to be
used as, for example, the argument to the "-T" flag to
"editcap", so it should be something not too painful to type on
a command line;
with WTAP_ENCAP_IEEE_802_11 rather than WTAP_ENCAP_IEEE_80211 as
the encapsulation type name.
> Changes to files already in ethereal:
> A few changes are made to files that are already part of CVS repository.
> Those changes are described on a per-file-basis below. Please take a
> look at the patch file to see what has been changed.
I also added "packet-ieee80211.c" to "Makefile.nmake" for building on
Windows.
> Utilities:
> A small utility called prismdump has also been added. This utility is
> used in conjunction with NICs based on Intersil's Prism-II chipset. A
> detailed description is given in the file "doc/prismdump.html".
Unfortunately, that program probably won't compile on the two OSes on
which I most frequently compile stuff on my home PC:
FreeBSD (there isn't a PF_NETLINK socket type on FreeBSD);
Windows NT (see previous item).
I don't know whether it'll compile on *any* of those OSes; it won't
compile on Solaris 7, and it may not compile on Debian 2.1 (yes, 2.1)
unless the 2.0[.x] kernel has PF_NETLINK.
I.e., that program should perhaps be supplied separately, or perhaps the
configure script should arrange to compile it only on Linux systems that
have PF_NETLINK.
> Wishlist:
> I also have a small wish, namely low-level plugins. i.e. the ability to
> capture packets [from the kernel] by using a plugin. This would enable
> direct captures in a device-independent manner. Most 802.11 devices
> behave like ethernet devices and there is no standardized O/S-
> independent way to place an IEEE 802.11 device in "raw" mode. It would
> also make ethereal more portable because we could have different plugins
> for different operating systems.
That would be a good idea (and has been suggested before), but...
> I therefore propose that the following
> additions should be made to epan/plugins.c
...the only thing they'd have in common with the plugins managed by
"epan/plugins.c" is that both of them might be loaded at run time.
A plugin mechanism for capturing should probably be a separate plugin
mechanism; perhaps it belongs in Wiretap, which could provide a packet
capture API, with support for libpcap and other capture types (RMON, raw
802.11 devices, raw ISDN/PPP/blah blah blah on those platforms that
don't feed packets to the packet capture mechanism from the very lowest
level, but only hand up those packets that would be processed by the
networking stack, etc.).
