radiotap.netbsd.org archive mirror
 help / color / mirror / Atom feed
* How do I parse alternate namespaces?
@ 2011-09-26  2:12 Dan White
       [not found] ` <20110926021224.GA10126-whqxDF3IS4PR7s880joybQ@public.gmane.org>
  0 siblings, 1 reply; 2+ messages in thread
From: Dan White @ 2011-09-26  2:12 UTC (permalink / raw)
  To: radiotap-qavaossjCcEdnm+yROfE0A

I am attempting to write a radiotap parser (in C) and I'm looking for
assistance with how to parse alternative namespaces.

This is so far what I've found on the website for guidance:

Main Page:

   Provided bit 31 of the it_present field is not set, the data for fields
   specified in the it_present bitmask immediately follow the radiotap
   header. If it is set, then more it_present words follow and the radiotap
   data follows after the it_present word that has bit 31 unset. Multiple
   namespaces may be present.
...
   Defined (and suggested) fields are listed with their bit number. Due to
   the use of bit 31 to indicate a chained bitmask, the values 31, 63, etc.
   (n * 32 - 1) are reserved. Vendor-specified namespaces and radiotap
   namespace reset additionally reserves bits 29 and 30 in each bitmask as
   well, extending the reserved numbers to 29, 30, 31, 61, 62, 63, etc. (n
   * 32 - 3, n * 32 - 2, n * 32 - 1).

Reset to Radiotap Namespace

   This field is reserved in all namespaces and every it_present word, the
   standard radiotap namespace as well as all vendor namespaces. It is
   mutually exclusive with the Vendor Namespace field, setting both is
   undefined.

   Upon interpreting this field, the interpreter shall reset its
   presence-bitmap index to 0 and its namespace to the default radiotap
   namespace, and change to the default radiotap namespace, before it
   interprets subsequent presence-bitmap words.

Vendor Namespace

Structure
u8 OUI[3], u8 sub_namespace, u16 skip_length

Required Alignment
2

   This field is reserved in all namespaces and every it_present word, the
   standard radiotap namespace as well as all vendor namespaces. It is
   mutually exclusive with the Reset to Radiotap Namespace field, setting
   both is undefined.

   The Vendor Namespace Field contains three sub-fields. The first sub-field
   is 3 bytes long. It contains the vendor's IEEE 802 Organizationally
   Unique Identifier (OUI). The fourth byte is a vendor-specific "namespace
   selector."

   Before it resumes interpretation of presence bits in the following 32-bit
   presence words, if any, the interpreter shall reset its presence-bitmap
   index to 0, and change to the vendor namespace specified by the OUI and
   selector.

   The fifth and sixth bytes, skip_length, comprise a 16 bit little-endian
   value that tells the interpreter how many bytes of data after the end of
   the Vendor Namespace Field can only be interpreted according to the
   vendor namespace. If a radiotap header changes to a namespace that the
   interpreter does not understand, and back, the interpreter may resume
   interpretation in the new namespace by skipping skip_length data bytes
   after the end of the Vendor Namespace Field. If a radiotap header changes
   from a vendor namespace to another vendor namespace, the 6-byte data
   describing the new vendor namespace shall not be accounted for in
   skip_length.


The basic structure of the radiotap header appears to be:

u_int8_t        it_version;
u_int8_t        it_pad;
u_int16_t       it_len;

And then one or more of:
u_int32_t       it_present;

Followed by a variable amount of field data corresponding to which fields
are enabled. Is that generally correct?

What is considered to be a namespace? Can one of the members of the
it_present array be a namespace, or is the namespace actually found inside
the field data?

In the case where there are are two it_present values, like:

11000000 00000000 00000000 00000000
00000000 00000000 00000000 11111111
<field data>

Is the second it_present value considered to be in a private namespace (in
which case I would reference the field data to determine what the namespace
is?), or would it be considered a part of the default namespace?

If so, what does the Reset to RadioTap Namespace bit do? Given:
11000000 00000000 00000000 00000000
00100000 00000000 00000000 11111111

Does this mean that the next it_present value, if present, will be
considered in the default namespace? If so, does 'the interpreter shall
reset its presence-bitmap index to 0' mean that the interpreter should
forget all the values that were specified in the first it_present value?

What does 'Required Alignment 2' mean?

What does 'If a radiotap header changes from a vendor namespace to another
vendor namespace, the 6-byte data describing the new vendor namespace shall
not be accounted for in skip_length.' mean? Can you provide an example for
that scenario?

Thank You.
-- 
Dan White

^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: How do I parse alternate namespaces?
       [not found] ` <20110926021224.GA10126-whqxDF3IS4PR7s880joybQ@public.gmane.org>
@ 2011-09-26  8:22   ` Johannes Berg
  0 siblings, 0 replies; 2+ messages in thread
From: Johannes Berg @ 2011-09-26  8:22 UTC (permalink / raw)
  To: Dan White; +Cc: radiotap-qavaossjCcEdnm+yROfE0A

Hi,

Not sure if you didn't quote this or if it was missing from where you
quoted from, but let me add for reference:

> Reset to Radiotap Namespace

bit number 29 in every it_present word

> Vendor Namespace

bit number 30 in every it_present word


> The basic structure of the radiotap header appears to be:
> 
> u_int8_t        it_version;
> u_int8_t        it_pad;
> u_int16_t       it_len;
> 
> And then one or more of:
> u_int32_t       it_present;
> 
> Followed by a variable amount of field data corresponding to which fields
> are enabled. Is that generally correct?

Right.

> What is considered to be a namespace? Can one of the members of the
> it_present array be a namespace, or is the namespace actually found inside
> the field data?

Both really. First: if bit 29/30 are set, 31 also needs to be set for it
to make any sense at all. The bits are considered to be just numbers,
and every time bit 29/30 are set the numbering starts again from 0. When
30 is set, the next bit number is 0, but the interpretation is in the
namespace. Also, encountering that means there's the OUI data in the
data portion at that point.

> In the case where there are are two it_present values, like:
> 
> 11000000 00000000 00000000 00000000
> 00000000 00000000 00000000 11111111
> <field data>
> 
> Is the second it_present value considered to be in a private namespace (in
> which case I would reference the field data to determine what the namespace
> is?), or would it be considered a part of the default namespace?

It would be considered part of a private namespace, so upon reading bit
30 you need to read 6 bytes from the data for the OUI/subtype/skip_len.

> If so, what does the Reset to RadioTap Namespace bit do? Given:
> 11000000 00000000 00000000 00000000
> 00100000 00000000 00000000 11111111
> 
> Does this mean that the next it_present value, if present, will be
> considered in the default namespace? 

Well, if it's like that, the bit 29 there is an error since bit 31 isn't
set. If it was like this instead:
11000000 00000000 00000000 00000000
10100000 00000000 00000000 11111111
00000000 00000000 00000000 00000001

the data would have to be:
OUI [3], subtype, skip_len [2]  [for the first it_present word]
[skip_len bytes for the vendor namespace]
8 bytes for the TSF value [possibly padded to the right alignment]

So yes, as you see, the next it_present value will be considered in the
default namespace again, but with the first bit index 0.

Consider also this:
10100000 00000000 00000000 00000101
00000000 00000000 00000000 00000100

This indicates that there is a TSF field and _two_ rate fields, possibly
to indicate a retry at a lower rate for TX control or TX status
information (obviously this doesn't make sense for RX).


> If so, does 'the interpreter shall
> reset its presence-bitmap index to 0' mean that the interpreter should
> forget all the values that were specified in the first it_present value?

No, it just means that the interpreter restarts bit numbering at 0.

> What does 'Required Alignment 2' mean?

Alignment here means that if, counted from the start of the header, the
value would lie on a byte boundary that isn't a multiple of 2 (or 4 or 8
in some other fields) it needs to be padded first and the interpreter
needs to skip the padding. The padding will not contain any useful data.
Since the header length is variable, in my TSF/2xRate example above
there'd be 4 bytes of padding directly after the header first.

> What does 'If a radiotap header changes from a vendor namespace to another
> vendor namespace, the 6-byte data describing the new vendor namespace shall
> not be accounted for in skip_length.' mean? Can you provide an example for
> that scenario?

Well given the above example with vendor namespace, I said "skip_len
bytes for the vendor namespace". The 6 bytes "OUI[3], subtype,
skip_len[2]" aren't counted as part of skip_len since their length is
well-known. Remember that the skip_len allows parsers that don't
understand a specific vendor namespace to skip all fields in it without
having to abort parsing at that point.



In any case, why write your own parser? While that's perfectly valid of
course there's also a BSD-licensed reference implementation as a library
that you can use :-)

johannes

^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2011-09-26  8:22 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-09-26  2:12 How do I parse alternate namespaces? Dan White
     [not found] ` <20110926021224.GA10126-whqxDF3IS4PR7s880joybQ@public.gmane.org>
2011-09-26  8:22   ` Johannes Berg

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).