Hi guys,

A quick question, while having some fun with 802.11 packets
I've done some quick monitoring tool using libpcap.

after some decapsulation routine, i'm just unable to get the FCS (frame
check sequence iirc, which is located at the end of the frame and is 4
bytes long) to compute and check that the received packet is "valid".

didn't understand why so i went to through /usr/src/sys/net80211/,
and in ieee80211_input.c, ieee80211_input()

[...]
122         /* trim CRC here so WEP can find its own CRC at the end of
packet. */
123         if (m->m_flags & M_HASFCS) {
124                 m_adj(m, -IEEE80211_CRC_LEN);
125                 m->m_flags &= ~M_HASFCS;
126         }
127
128         /*
129          * In monitor mode, send everything directly to bpf.
130          * Also do not process frames w/o i_addr2 any further.
131          * XXX may want to include the CRC
132          */
133         if (ic->ic_opmode == IEEE80211_M_MONITOR ||
134             m->m_pkthdr.len < sizeof(struct ieee80211_frame_min))
135                 goto out;
136
[...]

FCS seems to be stripped just before getting into bpf, is there any
reason to strip that in IEEE80211_M_MONITOR ?

I just would like to be able to compute the checksum and check
if the "monitored" packet is "valid".

I might have missed something, hope you can enlighten me. :)

Regards,
Eric.