Ticket #30 (new new layer)

Opened 2 years ago

Last modified 6 months ago

RadioTap support

Reported by: nico@chdir.org Assigned to: pbi
Priority: major Milestone:
Component: Scapy Version:
Keywords: radiotap,wifi Cc:

Description

RadioTap? is equivalent to PrismHeader?, but it is (or will be) used by a growing number of wifi drivers like ipw2200 (and by the Linux's unified ieee80211 stack also?).

This protocol is a crap to implement in scapy : fields must be naturally aligned, it's not a TLV (you have a 32 bits bitmap indicating which fields will follow the headers, and theses fields have a specific order), everything use the host's endianess (by the way, it lacks a LEBitEnumField), etc.

This patch is a bit messy, but it works well on ipw2200 and Atheros (the driver can use RadioTap? headers if you put 803 into /proc/sys/net/ath0/dev_type). There are two link layer numbers (127 and 803), one for Atheros, the other for the rest. It doesn't make sense to inject RadioTap? packet so it was written with "read-only mode" in mind.

Some documentation/reference :

-- Nicolas Bareil

Attachments

patch-radiotap-scapy.diff (7.1 kB) - added by nico@chdir.org on 02/06/07 22:09:19.
Patch (under the GNU GPL)
eth1.p (103 bytes) - added by frealek on 04/26/07 15:34:25.
1 packet capture with radiotap header, from ipw2100

Change History

02/06/07 22:09:19 changed by nico@chdir.org

  • attachment patch-radiotap-scapy.diff added.

Patch (under the GNU GPL)

04/26/07 15:33:05 changed by frealek

I tested the patch with ipw2100. It doesn't work as good as expected, because it fails to decode the payloads correctly. 

$ file eth1.p
eth1.p: tcpdump capture file (little-endian) - version 2.4 (802.11 with radiotap header, capture length 65535)

>>> pkts = rdpcap('eth1.p')
>>> pkts
<eth1.p: UDP:0 TCP:0 ICMP:0 Other:1>
>>> pkts.show()   
0000 RadioTap / 802.11 Control 1L None > 00:ff:ff:ff:ff:ff / Dot11WEP
>>> pkts[0]    
Traceback (most recent call last):
  File "<console>", line 1, in ?
  File "./scapy.py", line 4953, in __repr__
    val = f.i2repr(self, self.fields[f.name])
  File "./scapy.py", line 5921, in i2repr
    return '%d / %0.3f GHz' % ((val-2407)/5.0, val/1000.0)
TypeError: unsupported operand type(s) for -: 'NoneType' and 'int'

It seems to work better with this mod : 

47c47
< +        if val == 0:
---
> +        if not val:

Perhaps it is NOT the good way to fix this, I'm no scapy expert... I didn't take much time to understand why this None appears. This feels more like a workaround, just to get the underlying Dot11 packets.

I found out that radiotap_packet.payload removes only 11 bytes from the packet. As with the eth1.p attached packet, wireshark shows the radiotap header is "0000 0c00 2000 0000 eaff 0015", and str(radiotap_packet.payload) begins with '\x15@\x00\x00\x00\xff\xff\xff\xff\xff\xff...'.

This modification (of the patch) seems to work for me... but I'm not sure of the implications : 

154c154
< +        pkt.l = pkt[RadioTap].len - pkt.l - 8 - 1 # 8 is the header's length
---
> +        pkt.l = pkt[RadioTap].len - pkt.l - 8 # 8 is the header's length

04/26/07 15:34:25 changed by frealek

  • attachment eth1.p added.

1 packet capture with radiotap header, from ipw2100

04/28/07 19:19:44 changed by pbi

  • type changed from defect to new layer.

Add/Change #30 (RadioTap support)




Change Properties
Action