--- libnids-1.18-orig/src/libnids.c	2003-10-10 10:41:32.000000000 -0700
+++ libnids-1.18/src/libnids.c	2004-02-16 20:15:36.000000000 -0800
@@ -180,6 +180,7 @@
     u_char *data_aligned;
 #ifdef DLT_IEEE802_11
     unsigned short fc;
+    int linkoffset_tweaked_by_prism_code = 0;
 #endif
     switch (linktype) {
     case DLT_EN10MB:
@@ -196,12 +197,23 @@
 	    /* non-ip frame */
 	    return;
 	break;
+#ifdef DLT_PRISM_HEADER
+#ifndef DLT_IEEE802_11
+#error DLT_PRISM_HEADER is defined, but DLT_IEEE802_11 is not ???
+#endif
+    case DLT_PRISM_HEADER:
+	linkoffset = 144; //sizeof(prism2_hdr);
+	linkoffset_tweaked_by_prism_code = 1;
+        //now let DLT_IEEE802_11 do the rest
+#endif
 #ifdef DLT_IEEE802_11
     case DLT_IEEE802_11:
 	/* I don't know why frame control is always little endian, but it 
 	 * works for tcpdump, so who am I to complain? (wam)
 	 */
-	fc = EXTRACT_LE_16BITS(data);
+	if (!linkoffset_tweaked_by_prism_code)
+		linkoffset = 0;
+	fc = EXTRACT_LE_16BITS(data + linkoffset);
 	if (FC_TYPE(fc) != T_DATA || FC_WEP(fc)) {
 	    return;
 	}
@@ -209,9 +221,9 @@
 	    /* a wireless distribution system packet will have another
 	     * MAC addr in the frame
 	     */
-	    linkoffset = 30;
+	    linkoffset += 30;
 	} else {
-	    linkoffset = 24;
+	    linkoffset += 24;
 	}
 	if (hdr->len < linkoffset + LLC_FRAME_SIZE)
 	    return;
@@ -440,6 +452,7 @@
     }
     switch ((linktype = pcap_datalink(desc))) {
 #ifdef DLT_IEEE802_11
+    case DLT_PRISM_HEADER:
     case DLT_IEEE802_11:
 	/* wireless, need to calculate offset per frame */
 	break;