several: make the phy reflect the packet modulation.

Use the data rate and channel to determine 11b vs. 11g vs. 11a for:

* Aruba Networks encapsulated remote mirroring;
* Prism headers;
* *Peek remote protocol;
* Network Instruments^W^WViavi Observer;
* *Peek classic format;
* Shomiti Surveyor.

Note why we *don't* need to do that for NetMon captures.

3 files changed, 71 insertions, 0 deletions

diff --git a/wiretap/network_instruments.c b/wiretap/network_instruments.c
index 4a6635dae0..d04c6c582b 100644
--- a/wiretap/network_instruments.c
+++ b/wiretap/network_instruments.c
@@ -20,6 +20,7 @@
 #include "wtap-int.h"
 #include "file_wrappers.h"
 #include "network_instruments.h"
+#include <wsutil/802_11-utils.h>
 
 static const char network_instruments_magic[] = {"ObserverPktBufferVersion=15.00"};
 static const int true_magic_length = 17;
@@ -501,6 +502,29 @@ read_packet_header(wtap *wth, FILE_T fh, union wtap_pseudo_header *pseudo_header
             pseudo_header->ieee_802_11.data_rate = wireless_header.rate;
             pseudo_header->ieee_802_11.has_signal_percent = TRUE;
             pseudo_header->ieee_802_11.signal_percent = wireless_header.strengthPercent;
+
+            /*
+             * We don't know they PHY, but we do have the data rate;
+             * try to guess the PHY based on the data rate and channel.
+             */
+            if (RATE_IS_DSSS(pseudo_header->ieee_802_11.data_rate)) {
+                /* 11b */
+                pseudo_header->ieee_802_11.phy = PHDR_802_11_PHY_11B;
+                pseudo_header->ieee_802_11.phy_info.info_11b.has_short_preamble = FALSE;
+            } else if (RATE_IS_OFDM(pseudo_header->ieee_802_11.data_rate)) {
+                /* 11a or 11g, depending on the band. */
+                if (CHAN_IS_BG(pseudo_header->ieee_802_11.channel)) {
+                    /* 11g */
+                    pseudo_header->ieee_802_11.phy = PHDR_802_11_PHY_11G;
+                    pseudo_header->ieee_802_11.phy_info.info_11g.has_mode = FALSE;
+                } else {
+                    /* 11a */
+                    pseudo_header->ieee_802_11.phy = PHDR_802_11_PHY_11A;
+                    pseudo_header->ieee_802_11.phy_info.info_11a.has_channel_type = FALSE;
+                    pseudo_header->ieee_802_11.phy_info.info_11a.has_turbo_type = FALSE;
+                }
+            }
+
             offset += (int)sizeof wireless_header;
             break;
         default:
diff --git a/wiretap/peekclassic.c b/wiretap/peekclassic.c
index 1e99520f2a..bdd17877a2 100644
--- a/wiretap/peekclassic.c
+++ b/wiretap/peekclassic.c
@@ -26,6 +26,7 @@
 #include <string.h>
 
 #include <wsutil/epochs.h>
+#include <wsutil/802_11-utils.h>
 
 #include "wtap-int.h"
 #include "file_wrappers.h"
@@ -515,6 +516,28 @@ static int peekclassic_read_packet_v7(wtap *wth, FILE_T fh,
 		rec->rec_header.packet_header.pseudo_header.ieee_802_11.signal_percent = radio_info[2];
 
 		/*
+		 * We don't know they PHY, but we do have the data rate;
+		 * try to guess it based on the data rate and channel.
+		 */
+		if (RATE_IS_DSSS(rec->rec_header.packet_header.pseudo_header.ieee_802_11.data_rate)) {
+			/* 11b */
+			rec->rec_header.packet_header.pseudo_header.ieee_802_11.phy = PHDR_802_11_PHY_11B;
+			rec->rec_header.packet_header.pseudo_header.ieee_802_11.phy_info.info_11b.has_short_preamble = FALSE;
+		} else if (RATE_IS_OFDM(rec->rec_header.packet_header.pseudo_header.ieee_802_11.data_rate)) {
+			/* 11a or 11g, depending on the band. */
+			if (CHAN_IS_BG(rec->rec_header.packet_header.pseudo_header.ieee_802_11.channel)) {
+				/* 11g */
+				rec->rec_header.packet_header.pseudo_header.ieee_802_11.phy = PHDR_802_11_PHY_11G;
+				rec->rec_header.packet_header.pseudo_header.ieee_802_11.phy_info.info_11g.has_mode = FALSE;
+			} else {
+				/* 11a */
+				rec->rec_header.packet_header.pseudo_header.ieee_802_11.phy = PHDR_802_11_PHY_11A;
+				rec->rec_header.packet_header.pseudo_header.ieee_802_11.phy_info.info_11a.has_channel_type = FALSE;
+				rec->rec_header.packet_header.pseudo_header.ieee_802_11.phy_info.info_11a.has_turbo_type = FALSE;
+			}
+		}
+
+		/*
 		 * The last 4 bytes appear to be random data - the length
 		 * might include the FCS - so we reduce the length by 4.
 		 *
diff --git a/wiretap/snoop.c b/wiretap/snoop.c
index 48a8e3bf0f..b2f207b589 100644
--- a/wiretap/snoop.c
+++ b/wiretap/snoop.c
@@ -13,6 +13,8 @@
 #include "file_wrappers.h"
 #include "atm.h"
 #include "snoop.h"
+#include <wsutil/802_11-utils.h>
+
 /* See RFC 1761 for a description of the "snoop" file format. */
 
 typedef struct {
@@ -768,6 +770,28 @@ snoop_read_shomiti_wireless_pseudoheader(FILE_T fh,
 	pseudo_header->ieee_802_11.has_signal_percent = TRUE;
 	pseudo_header->ieee_802_11.signal_percent = whdr.signal;
 
+	/*
+	 * We don't know they PHY, but we do have the data rate;
+	 * try to guess the PHY based on the data rate and channel.
+	 */
+	if (RATE_IS_DSSS(pseudo_header->ieee_802_11.data_rate)) {
+		/* 11b */
+		pseudo_header->ieee_802_11.phy = PHDR_802_11_PHY_11B;
+		pseudo_header->ieee_802_11.phy_info.info_11b.has_short_preamble = FALSE;
+	} else if (RATE_IS_OFDM(pseudo_header->ieee_802_11.data_rate)) {
+		/* 11a or 11g, depending on the band. */
+		if (CHAN_IS_BG(pseudo_header->ieee_802_11.channel)) {
+			/* 11g */
+			pseudo_header->ieee_802_11.phy = PHDR_802_11_PHY_11G;
+			pseudo_header->ieee_802_11.phy_info.info_11g.has_mode = FALSE;
+		} else {
+			/* 11a */
+			pseudo_header->ieee_802_11.phy = PHDR_802_11_PHY_11A;
+			pseudo_header->ieee_802_11.phy_info.info_11a.has_channel_type = FALSE;
+			pseudo_header->ieee_802_11.phy_info.info_11a.has_turbo_type = FALSE;
+		}
+	}
+
 	/* add back the header and don't forget the pad as well */
 	*header_size = rsize + 8 + 4;