I tried to analyse traffic from my Netgear WG511T 802.11g card with
netfilter ULOG. I noticed, that no information on the MAC address was
returned (struct ulog_packet_msg_t.mac_len=0).
I found in the kernel sources in net/ipv4/netfilter/ipt_ULOG.c that this
information should origin from struct sk_buff.mac_header. ULOG returns
the MAC data only, if it is at most 80bytes. I had to patch the kernel
to get the data from the buffer.
For IEEE 802 I would expect a MAC header of 14 bytes (2*6 for the MAC
addresses and 2 for the protocol ID). The "MAC header" from the wireless
card has 90 bytes. First there is the real header (14 bytes) and then
for me unrecognisable data.
It looks for example like this:
I believe that this is a bug and think sk_buff.mac_header is filled
wrongly. But maybe I interpret this field wrongly. If this is the case,
what is the additional data good for?
I have no problems with a Orinoco wireless card (mac_header 14 bytes).
This behaviour is reproducible on Ubuntu Gutsy (linux 2.6.22-14, ath_hal
0.9.18.0, wlan 0.8.4.2, ath_pci 0.9.4.5) and on a Netgear router WG302
running OpenWrt with Madwifi drivers from trunk (r3314).
Please let me know, if you think this is a bug and a new ticket should
(Might be related to http://madwifi.org/ticket/1182)
Get latest updates about Open Source Projects, Conferences and News.