[Click] problem with BPF_FILTER

Mon Aug 8 02:59:44 EDT 2005

thanks for the advice, daniel.

As per https://amsterdam.lcs.mit.edu/pipermail/click/2005-July/004076.html,
I specified "CAPTURE PCAP" argument in the FromDevice, but it seems
to be adding a 16 bytes header to the incoming packets, I dont know why?

I printed the packets as they were coming from FromDevice,
"FromDevice(ath1raw, CAPTURE PCAP) -> Print -> Discard"

and the packets were like:
00030323 00060000 10047609 00000019 00001200 0e580000 10047609 e000021f

but they were supposed to be:
00001200 0e580000 10047609 e000021f 00008000 0000ffff ffffffff 0020a64d

One can clearly make out, that CAPTURE PCAP added a 16 byte header of:
"00030323 00060000 10047609 00000019" and this screws everything.

Any thoughts, please...??

thanks
vaibhave

On Sat, 6 Aug 2005, Daniel Henkel wrote:

> Hi Vaibhave,
> 
> In Linux you can switch between libpcap (with BPF_Filter) or the
> native Linux packet sockets capture interface. See this post by Eddie
> https://amsterdam.lcs.mit.edu/pipermail/click/2005-July/004076.html
> 
> That might solve your problem.
> 
> - Daniel.
> 
> .....
> Interdisciplinary Telecommunications Program
> University of Colorado at Boulder
> http://AUGNet.colorado.edu
> 
> ---- Original Message ----
> From: Vaibhave Agarwal
> To: click at amsterdam.lcs.mit.edu
> CC: 
> Subject: [Click] problem with BPF_FILTER
> 
> Friday, August 5, 2005, 7:22:13 PM, you wrote:
> 
> VA> I have been using gen_config_safe.pl to generate following safe.click
> VA> configuration file and i am using userlevel click
> 
> VA> ------------------------------------------------------------ 
> VA> AddressInfo(safe_addr 6.147.11.105/8 00:09:5B:93:0B:69);
> VA> winfo :: WirelessInfo(BSSID 00:00:00:00:00:00);
> 
> VA> FromHost(safe, safe_addr, ETHER safe_addr)
> ->> q :: Queue()
> ->> encap :: WifiEncap(0x0, WIRELESS_INFO winfo)
> ->> set_power :: SetTXPower(63)
> ->> set_rate :: SetTXRate(2)
> ->> radiotap_encap :: RadiotapEncap()
> ->> to_dev :: ToDevice(ath1raw);
> 
> VA> // ether[2:2] == 0x1200 means it has an ath_rx_radiotap header (it is 18
> VA> bytes long)
> VA> // ether[18] == 0x08 means NODS   
> VA> // ether[34:4] == 0 and ether[38:2] == 0 means a bssid of 
> VA> 00:00:00:00:00:00
> VA> // ether[48] is the ethertype
> VA> from_dev :: FromDevice(ath1raw,
> VA>                    BPF_FILTER "ether[2:2] == 0x1200 and ether[18] == 0x08
> VA>                         and ether[34:4] == 0 and ether[38:2] == 0 and
> VA> ether[48] == 0x08"
> VA> )
> ->> prism2_decap :: Prism2Decap()
> ->> extra_decap :: ExtraDecap()
> ->> radiotap_decap :: RadiotapDecap()
> ->> phyerr_filter :: FilterPhyErr()
> ->> tx_filter :: FilterTX()
> ->> dupe :: WifiDupeFilter()
> ->> wifi_cl :: Classifier(0/08%0c 1/00%03) //nods data
> ->> WifiDecap()
> ->> SetPacketType(HOST)
> ->> ToHost(safe);
> VA> ----------------------------------------------------------------------------
> 
> VA> The problem comes with BPF_FILTER.
> VA> This script doesnt capture any packet at all.
> VA> But once I remove the BPF_FILTER line, it works fine and captures all
> VA> 802.11 packets, even all the beacon and management
> VA> packets(meant for the ath1 interface). 
>                         
> VA> I tried to print the data packet contents and I did find that the 
> VA> ether[2:2] == 0x1200 and ether[18] == 0x08 and bssid =0 and ether[48] = 8,
> VA> but still bpf filter can't capture these packets.
> 
> VA> Does that mean, there is some problem with BPF_FILTER??
> VA> I have upgraded my libpcap library to libpcap-0.8.3-7, because
> VA> previously it used to give me the following warning with libpcap-0.6
> VA> "Warning: arptype 803 not supported by libpcap"
> 
> VA> Any advice would be highly appreciated,
> VA> thanks
> VA> vaibhave
> 
> 
> VA> _______________________________________________
> VA> click mailing list
> VA> click at amsterdam.lcs.mit.edu
> VA> https://amsterdam.lcs.mit.edu/mailman/listinfo/click
> 
> 