type we see, not the *last*, so the first one gets printed. If, however, a rates IE has a zero-length list of rates, don't save that one; some devices send out frames with two rates IEs, one zero-length and a later one containing the actual rates. Have parse_elements() return an indication of whether truncation occurred - and pass it the frame length, so it doesn't just keep parsing until an end-of-captured-data test fails, as that would make *every* frame look truncated.
up changes from Sam Leffler for 802.11n and 802.11s. Clean up ieee802_11_radio.h a bit.
Handle (to some degree) 802.11n Control Wrapper, Block Ack Req, and Block Ack frames.
"present but truncated", and "not present", and don't have it return an indication of whether we ran past the end of a packet - instead, have the routines that handle particular management frame types use macros that check what the status of a particular tagged parameter is and: print it if present and not truncated; skip it if not present; return a "packet truncated" indication if present but truncated. This means we handle tagged parameters that aren't present, and print parameters that are present and not truncated even if there's a present-but-truncated field after them. Add some additional bounds checks. Make the table of rates bigger - there can be more than 8 rates in a rates tagged parameter.
IEEE802_11_AP_LEN as the length of the previous AP in reassociation frame. Before copying variable-length fields from a management frame IE, make sure the length isn't too large.
[This patch] fixes some bugs and adds a new feature. Control packets were showing as [|802.11] because tcpdump expected for there to be an FCS on each one (wrong assumption). Also, even if pieces of a control packet are missing, I have made tcpdump print its type when it knows it. The new features is that if you give -v, the 802.11 Duration field (for virtual carrier sense) is printed. This is useful for detecting hardware/firmware bugs (!!) and for debugging the new crop of 802.11 drivers.
contention-free Ack or Poll indications, and print flag bits from the Frame Control field if "-v" was specified.
compile with Sun C, as "interface.h" isn't being included before the structures are being declared. Furthermore, in the files that Sun C *can* compile, it doesn't cause Sun C to generate code that's safe with unaligned accesses, as "__attribute__" is defined as a do-nothing macro with compilers that don't support it. Therefore, we get rid of that tag on the structures to which it was added, and instead use "EXTRACT_16BIT()" and "EXTRACT_32BIT()" to fetch 16-bit and 32-bit big-endian quantities from packets. We also fix some other references to multi-byte quantities to get rid of code that tries to do unaligned loads on platforms that don't support them. We also throw in a hack that makes those macros use "__attribute__((packed))" on structures containing only one 16-bit or 32-bit integer to get the compiler to generate unaligned-safe code rather than doing it by hand. (GCC on SPARC produces the same code that doing it by hand does; I don't know if GCC on any other big-endian strict-alignment processor generates better code for that case. On little-endian processors, as "ntohs()" and "ntohl()" might be functions, that might actually produce worse code.) Fix some places to use "%u" rather than "%d" to print unsigned quantities.
…nd so forth while i'm here
structures for the headers might have padding added by the compiler (I think at least some versions of GCC for ARM, for example, pad structures to a multiple of 4 bytes in length), use explicit #define values. The sequence control field of a management frame header is 16 bits long, not 8 bits long.
that may force it to be aligned on a 4-byte boundary, and it's not always aligned on a 4-byte boundary in those structures. Add a bunch of bounds checking. "ctrl_body_print()" expects its first argument to point to the beginning of the link-level frame; pass it a pointer to that, not to the stuff following the link-level frame.