From Network Instruments by Tom Brezinski When a Network Instruments wireless capture is decrypted a flag is set on the packet in the BFR file indicating that the packet is decrypted instead of modifying the protected flag in the frame control flags of the packet header. https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7478

svn path=/trunk/; revision=43727
author: Anders Broman <anders.broman@ericsson.com> 2012-07-15 16:37:25 +0000
committer: Anders Broman <anders.broman@ericsson.com> 2012-07-15 16:37:25 +0000
commit: 14ba8d892e5137ba9623e6737cfec44485227df2 (patch)
tree: 20eb25df89c09b82f4f999c2a92e69ba5219f50e /wiretap/network_instruments.c
parent: 5d9d9b82219cb87ee74b94ee3a8bf0d5ec51b57c (diff)
1 files changed, 25 insertions, 8 deletions
diff --git a/wiretap/network_instruments.c b/wiretap/network_instruments.c
index 554be28385..8984db543f 100644
--- a/wiretap/network_instruments.c
+++ b/wiretap/network_instruments.c
@@ -106,7 +106,7 @@ static gboolean observer_seek_read(wtap *wth, gint64 seek_off,
     union wtap_pseudo_header *pseudo_header, guint8 *pd, int length,
     int *err, gchar **err_info);
 static int read_packet_header(FILE_T fh, union wtap_pseudo_header *pseudo_header, 
-    packet_entry_header *packet_header, int *err, gchar **err_info);
+    packet_entry_header *packet_header, gboolean *decrypted_wireless, int *err, gchar **err_info);
 static int read_packet_data(FILE_T fh, int offset_to_frame, int current_offset_from_packet_header,
     guint8 *pd, int length, int *err, char **err_info);
 static gboolean skip_to_next_packet(wtap *wth, int offset_to_next_packet,
@@ -265,6 +265,7 @@ int network_instruments_open(wtap *wth, int *err, gchar **err_info)
 static gboolean observer_read(wtap *wth, int *err, gchar **err_info,
     gint64 *data_offset)
 {
+	gboolean decrypted_wireless;
     int header_bytes_consumed;
     int data_bytes_consumed;
     packet_entry_header packet_header;
@@ -274,8 +275,8 @@ static gboolean observer_read(wtap *wth, int *err, gchar **err_info,
         *data_offset = file_tell(wth->fh);
 
         /* process the packet header, including TLVs */
-        header_bytes_consumed = read_packet_header(wth->fh, &wth->pseudo_header, &packet_header, err,
-            err_info);
+        header_bytes_consumed = read_packet_header(wth->fh, &wth->pseudo_header, &packet_header, &decrypted_wireless, 
+            err, err_info);
         if (header_bytes_consumed <= 0)
             return FALSE;    /* EOF or error */
 
@@ -356,6 +357,11 @@ static gboolean observer_read(wtap *wth, int *err, gchar **err_info,
         return FALSE;
     }
 
+	/* clear the protected flag in the wireless header if needed */
+	if (decrypted_wireless && data_bytes_consumed > 1) {
+		*(buffer_start_ptr(wth->frame_buffer)+1) = (*(buffer_start_ptr(wth->frame_buffer)+1) & 0xbf);
+	}
+
     /* skip over any extra bytes following the frame data */
     if (!skip_to_next_packet(wth, packet_header.offset_to_next_packet,
             header_bytes_consumed + data_bytes_consumed, err, err_info)) {
@@ -370,15 +376,17 @@ static gboolean observer_seek_read(wtap *wth, gint64 seek_off,
     union wtap_pseudo_header *pseudo_header, guint8 *pd, int length,
     int *err, gchar **err_info)
 {
+	gboolean decrypted_wireless;
     packet_entry_header packet_header;
     int offset;
+	int data_bytes_consumed;
 
     if (file_seek(wth->random_fh, seek_off, SEEK_SET, err) == -1)
         return FALSE;
 
     /* process the packet header, including TLVs */
-    offset = read_packet_header(wth->random_fh, pseudo_header, &packet_header, err,
-        err_info);
+    offset = read_packet_header(wth->random_fh, pseudo_header, &packet_header, &decrypted_wireless,
+		err, err_info);
     if (offset <= 0)
         return FALSE;    /* EOF or error */
 
@@ -395,16 +403,23 @@ static gboolean observer_seek_read(wtap *wth, gint64 seek_off,
     }
 
     /* read the frame data */
-    if (!read_packet_data(wth->random_fh, packet_header.offset_to_frame,
-        offset, pd, length, err, err_info))
+	data_bytes_consumed = read_packet_data(wth->random_fh, packet_header.offset_to_frame,
+        offset, pd, length, err, err_info);
+    if (data_bytes_consumed < 0) {
         return FALSE;
+    }
+
+	/* clear the protected flag in the wireless header if needed */
+	if (decrypted_wireless && data_bytes_consumed > 1) {
+		*(pd+1) = (*(pd+1) & 0xbf);
+	}
 
     return TRUE;
 }
 
 static int
 read_packet_header(FILE_T fh, union wtap_pseudo_header *pseudo_header, 
-    packet_entry_header *packet_header, int *err, gchar **err_info)
+    packet_entry_header *packet_header, gboolean *decrypted_wireless, int *err, gchar **err_info)
 {
     int offset;
     int bytes_read;
@@ -486,6 +501,8 @@ read_packet_header(FILE_T fh, union wtap_pseudo_header *pseudo_header,
             pseudo_header->ieee_802_11.channel = wireless_header.frequency;
             pseudo_header->ieee_802_11.data_rate = wireless_header.rate;
             pseudo_header->ieee_802_11.signal_level = wireless_header.strengthPercent;
+			/* set decryption status */
+			*decrypted_wireless = (wireless_header.conditions & WIRELESS_WEP_SUCCESS) > 0;
             offset += bytes_read;
             break;
         default:
author	Anders Broman <anders.broman@ericsson.com>	2012-07-15 16:37:25 +0000
committer	Anders Broman <anders.broman@ericsson.com>	2012-07-15 16:37:25 +0000
commit	14ba8d892e5137ba9623e6737cfec44485227df2 (patch)
tree	20eb25df89c09b82f4f999c2a92e69ba5219f50e /wiretap/network_instruments.c
parent	5d9d9b82219cb87ee74b94ee3a8bf0d5ec51b57c (diff)