diff options
author | Guy Harris <gharris@sonic.net> | 2020-08-07 02:04:59 -0700 |
---|---|---|
committer | Guy Harris <gharris@sonic.net> | 2020-08-07 18:07:57 +0000 |
commit | b711b300cc9da138ff4d1a5aeeae538710c9daa5 (patch) | |
tree | 986d6383dd22c13612631d362ac25cf1ac6e96d6 /wiretap | |
parent | 06702303da1ad853cb4bc00f7fa86f5814aa9c6a (diff) |
netmon: handle non-monitor-mode 802.11 packets differently.
Microsoft Network Monitor lets you capture on an 802.11 adapter either
in monitor mode or in non-monitor mode; frames captured in non-monitor
mode may have the Protected bit set in the 802.11 header, but are
decrypted and don't incclude encryption information, and may have the
A-MSDU Present flag set in the QoS Control field, but have just a
regular frame payload, not a sequence of A-MSDUs, in the payload field.
Dissect those frames correctly.
Bug: 16758
Change-Id: I42b7e9ce52faa80222692403fa7276c039644343
Reviewed-on: https://code.wireshark.org/review/38082
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
Diffstat (limited to 'wiretap')
-rw-r--r-- | wiretap/netmon.c | 6 | ||||
-rw-r--r-- | wiretap/wtap.h | 5 |
2 files changed, 9 insertions, 2 deletions
diff --git a/wiretap/netmon.c b/wiretap/netmon.c index 6aa5bd373f..17285a5b43 100644 --- a/wiretap/netmon.c +++ b/wiretap/netmon.c @@ -1000,6 +1000,12 @@ netmon_set_pseudo_header_info(wtap_rec *rec, Buffer *buf) * seen where both Management and Control frames * do not have an FCS). * An "FCS length" of -2 means "NetMon weirdness". + * + * The metadata header also has a bit indicating whether + * the adapter was in monitor mode or not; if it isn't, + * we set "decrypted" to TRUE, as, for those frames, the + * Protected bit is preserved in received frames, but + * the frame is decrypted. */ memset(&rec->rec_header.packet_header.pseudo_header.ieee_802_11, 0, sizeof(rec->rec_header.packet_header.pseudo_header.ieee_802_11)); rec->rec_header.packet_header.pseudo_header.ieee_802_11.fcs_len = -2; diff --git a/wiretap/wtap.h b/wiretap/wtap.h index 52ed51a563..66effcca24 100644 --- a/wiretap/wtap.h +++ b/wiretap/wtap.h @@ -834,8 +834,9 @@ union ieee_802_11_phy_info { struct ieee_802_11_phdr { gint fcs_len; /* Number of bytes of FCS - -1 means "unknown" */ - gboolean decrypted; /* TRUE if frame is decrypted even if "protected" bit is set */ - gboolean datapad; /* TRUE if frame has padding between 802.11 header and payload */ + guint decrypted:1; /* TRUE if frame is decrypted even if "protected" bit is set */ + guint datapad:1; /* TRUE if frame has padding between 802.11 header and payload */ + guint no_a_msdus:1; /* TRUE if we should ignore the A-MSDU bit */ guint phy; /* PHY type */ union ieee_802_11_phy_info phy_info; |