Subject: Re: bpf, net80211 and FCS
To: Eric Auge <eau@phear.org>
From: David Young <dyoung@pobox.com>
List: tech-kern
Date: 06/02/2005 19:21:13
On Fri, Jun 03, 2005 at 01:49:27AM +0200, Eric Auge wrote:
> Hi guys,
> 
> A quick question, while having some fun with 802.11 packets
> I've done some quick monitoring tool using libpcap.
> 
> after some decapsulation routine, i'm just unable to get the FCS (frame
> check sequence iirc, which is located at the end of the frame and is 4
> bytes long) to compute and check that the received packet is "valid".
> 
> didn't understand why so i went to through /usr/src/sys/net80211/,
> and in ieee80211_input.c, ieee80211_input()
> 
> [...]
> 122         /* trim CRC here so WEP can find its own CRC at the end of
> packet. */
> 123         if (m->m_flags & M_HASFCS) {
> 124                 m_adj(m, -IEEE80211_CRC_LEN);
> 125                 m->m_flags &= ~M_HASFCS;
> 126         }
> 127
> 128         /*
> 129          * In monitor mode, send everything directly to bpf.
> 130          * Also do not process frames w/o i_addr2 any further.
> 131          * XXX may want to include the CRC
> 132          */
> 133         if (ic->ic_opmode == IEEE80211_M_MONITOR ||
> 134             m->m_pkthdr.len < sizeof(struct ieee80211_frame_min))
> 135                 goto out;
> 136
> [...]
> 
> FCS seems to be stripped just before getting into bpf, is there any
> reason to strip that in IEEE80211_M_MONITOR ?

Eric,

The FCS is ordinarily stripped before BPF-tapping because apps do not
expect for it to be present.  For your app, consider using radiotap
(DLT_IEEE802_11_RADIO).  The radiotap header may contain a flag,
IEEE80211_RADIOTAP_F_FCS, that tells whether there is an FCS in the last
four bytes of a tapped frame.

All 802.11 NICs check the FCS.  Most NICs will indicate to the driver
whether the FCS was correct or not.  The radiotap header was designed
to carry that kind of "meta-information" about frames.  If you were
so inclined, you could modify the drivers to set a "FCS (in)correct"
flag in the radiotap header, and submit a patch. :-)

Dave

-- 
David Young             OJC Technologies
dyoung@ojctech.com      Urbana, IL * (217) 278-3933