diff options
author | Guy Harris <gharris@sonic.net> | 2021-03-04 20:40:30 -0800 |
---|---|---|
committer | Guy Harris <gharris@sonic.net> | 2021-03-04 20:40:30 -0800 |
commit | 2627bd4b842991ca47fea39bdec1b962d02b0e80 (patch) | |
tree | 0047f8b22ef837b36b6cb84d6c2fcc78683316c4 /wiretap/snoop.c | |
parent | 8f700ab1f399a23fd6373255a8a5b497487676ba (diff) |
snoop: expand a comment.
There's a bunch of information about the Shomiti wireless header that
would be Nice To Have. Note it.
Diffstat (limited to 'wiretap/snoop.c')
-rw-r--r-- | wiretap/snoop.c | 28 |
1 files changed, 22 insertions, 6 deletions
diff --git a/wiretap/snoop.c b/wiretap/snoop.c index 296716fc67..48a8e3bf0f 100644 --- a/wiretap/snoop.c +++ b/wiretap/snoop.c @@ -418,6 +418,28 @@ wtap_open_return_val snoop_open(wtap *wth, int *err, gchar **err_info) return WTAP_OPEN_MINE; } +/* + * XXX - pad[3] is the length of the header, not including + * the length of the pad field; is it a 1-byte field, a 2-byte + * field with pad[2] usually being 0, a 3-byte field with + * pad[1] and pad[2] usually being 0, or a 4-byte field? + * + * If it's not a 4-byte field, is there anything significant + * in the other bytes? + * + * Can the header length ever be less than 8, so that not + * all the fields following pad are present? + * + * What's in undecrypt? In captures I've seen, undecrypt[0] + * is usually 0x00 but sometimes 0x02 or 0x06, and undecrypt[1] + * is either 0x00 or 0x02. + * + * What's in preamble? In captures I've seen, it's 0x00. + * + * What's in code? In captures I've seen, it's 0x01 or 0x03. + * + * If the header is longer than 8 bytes, what are the other fields? + */ typedef struct { guint8 pad[4]; guint8 undecrypt[2]; @@ -722,12 +744,6 @@ snoop_read_shomiti_wireless_pseudoheader(FILE_T fh, * XXX - presumably that means that the header length * doesn't include the length field, as we've read * 12 bytes total. - * - * XXX - what's in the other 3 bytes of the padding? Is it a - * 4-byte length field? - * XXX - is there anything in the rest of the header of interest? - * XXX - are there any files where the header is shorter than - * 4 bytes of length plus 8 bytes of information? */ if (whdr.pad[3] < 8) { *err = WTAP_ERR_BAD_FILE; |