Age | Commit message (Collapse) | Author | Files | Lines |
|
Change-Id: I6fa9593af64e8af1ade4f049ea949989adfd00c7
Reviewed-on: https://code.wireshark.org/review/30595
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Those frames *don't* have their link-layer headers stripped, even on
PF_PACKET/SOCK_DGRAM captures (hopefully, nobody will consider that a
bug and "fix" it).
The "hatype" field is the ARPHRD_ value for the adapter, as returned by
SIOCGIFHWADDR; in monitor mode, those frames will have an hatype of
ARPHRD_IEEE80211_RADIOTAP. Add an "sll.hatype" dissector table, which
we check before checking the "sll.ltype" dissector table, and have the
radiotap dissector register in that table.
We still use the special hack for an hatype of ARPHRD_NETLINK, because,
for *those* frames, the "protocol" field of the nominal SLL header is
the netlink family, not an Ethertype or anything else that the SLL
dissector would handle.
Change-Id: If503a7daa9133adf1b8c330ec28c4c824d4f551d
Reviewed-on: https://code.wireshark.org/review/30592
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
1) it doesn't supply any information not supplied by the new
"wlan_radio" tap and, in fact, supplies less information (including not
supplying any presence flags);
2) it only works for radiotap headers, not for any other forms of radio
metadata;
3) its data structure wasn't declared in a header available to any
listeners, it was defined internally to the radiotap dissector.
Change-Id: Ie84a48bbf204b8b3bb40370c17ca82d39e5df3fb
Reviewed-on: https://code.wireshark.org/review/30415
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
The radiotap spec says "dB antenna signal" and "dB antenna noise" are
unsigned. Make it universally so.
Change-Id: Iea2c5360d7352ca5e84862ea338d1fc689272191
Reviewed-on: https://code.wireshark.org/review/30410
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
While we're at it, only set the RSSI column once - no need to do it at
the beginning and later when we're setting fields.
Change-Id: Ia729019e5e6dfbe1cdad61f1f8397b0a3a171996
Reviewed-on: https://code.wireshark.org/review/30405
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
When there is no data, which is indicated by the 0-length PDSU radiotap header,
there is no more data to dissect, so don't dissect any more as that causes an
exception.
Change-Id: I284b8128ec309ba26f24a012380d311eb3e48697
Reviewed-on: https://code.wireshark.org/review/29529
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
... Use of an unregistered ett leads to an abort.
Inspired by I3ee2f557ace1643dfba5a978add66c3c7ba7d895. Some day I should get
the ett_ registration checking code in checkAPIs ready for prime time...
Change-Id: I69162d4bcec571e6a517a107ac365aa78bfe8d25
Reviewed-on: https://code.wireshark.org/review/29474
Petri-Dish: Jeff Morriss <jeff.morriss.ws@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
The RFC was posted in the Radiotap mailing list.
Change-Id: I8ddb1cd474d05c94d1b5a51eb5e16d548a313a86
Reviewed-on: https://code.wireshark.org/review/28923
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
|
|
We call that dissector even for zero-length PSDUs, so the radio
information is shown. We also show the zero-length PSDU type.
We don't call the 802.11 dissector for zero-length PSDU frames.
That way, you don't have to open up the radiotap information to find out
about zero-length PSDU frames, we can support zero-length PSDU
information for other pseudo-headers and file types if they support it,
and taps using the radio information can get zero-length PSDU frame
information.
Change-Id: I7d5da4ea978d8ca4889fc76160f11e3416b4d036
Reviewed-on: https://code.wireshark.org/review/29034
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
The loop doesn't just add them to the protocol tree, it also does sanity
checking; we want to do the sanity checking regardless of whether we're
building the protocol tree or not, so that if we skip processing the
radiotap header because it's malformed, we do so regardless of whether
we're building a protocol tree.
This prevents a crash I saw where, on the first pass, we weren't
building a protocol tree, so we didn't check the bitmaps and proceeded
to process the bad radiotap header in a fuzzed file and set the
"zero-length PSDU" flag, and didn't call the 802.11 radio dissector, and
didn't allocate a "wlan radio information" structure and attach it to
the packet, but, when I went to the packet, and thus *did* build a
protocol tree, we *did* check the bitmaps in the process of adding them
to the protocol tree, skipped the part where we processed the rest of
the radiotap header, *didn't* set the "zero-length PSDU" flag, and
*did* call the 802.11 radio dissector, which crashed becaus the "wlan
radio information" pointer was null.
(No, checking the "wlan radio information" pointer isn't the correct
fix; the correct fix is to make sure we do the same processing, other
than adding items to the protocol tree, *regardless* of whether we're
building the protocol tree.)
Change-Id: If3c16f76981448e4f396a4a9730f1d5dce8f8eba
Reviewed-on: https://code.wireshark.org/review/29033
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Report an error and quit dissecting if it's less than 8.
Change-Id: I297fcb0ca754641a9e197037df1140361000fd25
Reviewed-on: https://code.wireshark.org/review/29022
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I3481098f81ec6445c777e126fd8a7ff1b0ad1a80
Ping-Bug: 15022
Reviewed-on: https://code.wireshark.org/review/29015
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Change-Id: I386c6cd84a74eda5dff32fb93b0a35eb54bc6b4b
Reviewed-on: https://code.wireshark.org/review/28884
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I9fc2320ecd760f2be92b53d57fe1e12152edf198
Reviewed-on: https://code.wireshark.org/review/28890
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
|
|
This is separate from the 802.11 preference, which only affects packets
where no file or packet metadata indicates whether there is an FCS (yes,
that is intentional behavior). This is specifically for radiotap, in
case some driver fails to set the FCS bit correctly (this is currently
an issue with Npcap, which currently assumes that the packet has an FCS
iff NDIS indicated the packet with the DOT11_RECV_FLAG_RAW_PACKET flag;
that doesn't appear to be a reliable indicator, and it's not clear there
*is* a reliable indicator, so Npcap might have to fall back on something
really gross like a quirks database for particular adapters).
Change-Id: Ia3b134d89004307442d42cfa5ed3cf8fb938235f
Ping-Bug: 15010
Reviewed-on: https://code.wireshark.org/review/28855
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Johannes made changes in the handling of LTF Symbols and LTF Symbol count
which are sort of backward compatible.
This brings us into conformance with those.
The specification can be found here: http://www.radiotap.org/fields/HE.html
Change-Id: I82e5458fa871b42549fabd0bcb49f6366c10d8bb
Reviewed-on: https://code.wireshark.org/review/27370
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
The radiotap HE-MU header is being completely reworked and likely expanded
in size. There are likely very few captures at the moment with such radiotap
headers. Rather than ripping the code out and seeing problems in the future
I have attempted to warn people who encounter such captures that they need
to upgrade. The standard will settle out soon.
Change-Id: I69eea20e2e65197a837a48706f9bcdddbbe42a63
Reviewed-on: https://code.wireshark.org/review/26995
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Add 8-bit, 16-bit, 24-bit, and 32-bit "fetch signed value" routines, and
use them rather than casting the result of the 8/16/24/32-bit "fetch
unsigned value" routines to a signed type (which, BTW, isn't sufficient
for 24-bit values, so this appears to fix a bug
in epan/dissectors/packet-zbee-zcl.c).
Use numbers rather than sizeof()s in various tvb_get_ routines.
Change-Id: I0e48a57fac9f70fe42de815c3fa915f1592548bd
Reviewed-on: https://code.wireshark.org/review/26844
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I69f70686f8f3c3416d5d46020a84a8b070f17b36
Reviewed-on: https://code.wireshark.org/review/26723
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
|
|
Remove an increment of the offset variable from after the last field.
Change-Id: Iee33caec4f58206e3e223390227907ae61092533
Reviewed-on: https://code.wireshark.org/review/26691
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
This adds support for the HE-MU header as recently modified. It also
handles the unknown fields correctly, and has been subjected to some
captures as well.
Change-Id: Id0c6c3b4dd0f0a91722d0a1a2c1706270862d97e
Reviewed-on: https://code.wireshark.org/review/25479
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
|
|
Change-Id: I3b93716421169b2c9ce51da6116223e62fa6a241
Reviewed-on: https://code.wireshark.org/review/26077
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Use an int instead of a uint so that sign extension does not occur and
fix the field labels and make them all use the correct units.
They conform closer to the spec now.
Bug 14455
Change-Id: Ic57207d10565690a6e2ed66693dcdf294d421b22
Reviewed-on: https://code.wireshark.org/review/26046
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
|
|
Change-Id: I36433f37e4e33260b41a2b35ca49e844fe76baf3
Reviewed-on: https://code.wireshark.org/review/26068
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Make the 1-byte fields little-endian (it doesn't matter, but it's more
consistent that way), and make the transmission attenuation fields
little-endian (where it *does* matter - making them big-endian was
probably a copy-and-pasteo).
Note that the OUI field being "big-endian" is correct, however.
(Radiotap specifies it as an array of 3 octets containing an OUI, and we
display OUIs as big-endian 24-bit quantities.)
Change-Id: I42d19f7ec0d066ce89dbef78d11dff900c0a6b60
Reviewed-on: https://code.wireshark.org/review/25998
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Two sets of reserved bits now have a meaning:
1. The pri/sec 80 MHz fields in D2
2. The RU allocation offset fields, also in D2.
Change-Id: I9acfce4e3dc61579a686fd53c570c9aceebad10b
Reviewed-on: https://code.wireshark.org/review/25927
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I92c94448e6641716d03158a5f332c8b53709423a
Reviewed-on: https://code.wireshark.org/review/25756
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I80577a0082227d892426f478ffcfff23d6ba0daa
Reviewed-on: https://code.wireshark.org/review/25472
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
One thing I hate is big slabs of open coding. Compilers are very good these days
and will inline functions if they are used in only one place.
By using functions we make the code very much more readible.
There is also a big opportunity to use functions like proto_tree_add_bitmask.
Change-Id: I66d1509f577d2955996f4649e05494ab0370ed01
Reviewed-on: https://code.wireshark.org/review/24964
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: Iecfb705b37f54119eaec75ab8df8c7ee3c76bfec
Reviewed-on: https://code.wireshark.org/review/25503
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
If a field is indicated as not known, then display that field as reserved
which will prevent people from searching for fields that are not known and
makes more sense.
Also, rename some of the hf fields to be more in line with standard practice.
Change-Id: I5cbbd682acbea3713b7b19325fe1a36cc0e36aa1
Reviewed-on: https://code.wireshark.org/review/25397
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Warn that it is subject to change, although there is an experimental
Linux patch using it, so it's probably *unlikely* to change.
Update another comment while we're at it.
Change-Id: I4d5eb1461a83b990b75312ebab9471c2fe4749af
Reviewed-on: https://code.wireshark.org/review/24985
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Now that HE Information is starting to be used in radiotap headers we need to
start defining and showing these. More will be comming, especially the dissection
of the header itself and carrying info in the ieee_802_11_phdr structure.
Change-Id: I94c2184e83243656764147029295ad4ce4254416
Reviewed-on: https://code.wireshark.org/review/24945
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Modeled after BASE_PT_XXX, this will format a FT_UINT24 to look a OUI, in the form of:
XX:XX:XX (Manufacturer Name) for display.
For display filtering, it will treat the value as hexadecimal.
It requires that FT_UINT24 be the field type.
Change-Id: I8716ae4dfcd4e854764a2425e2ff13c50f571d52
Reviewed-on: https://code.wireshark.org/review/23869
Reviewed-by: Richard Sharpe
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: Id7f6d5d2b108d98a7c40fd01e3f35ad20076f54b
Reviewed-on: https://code.wireshark.org/review/22025
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
It's a little more efficient to use proto_tree_add_item, than
proto_tree_add_xxx, passing it the returned tvb_get_xxx value.
Change-Id: I22ddd7ab36e1ee5aae78fc693d7dbac4b4f802f2
Reviewed-on: https://code.wireshark.org/review/21691
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Bug: 13713
Change-Id: I7e96a6209fe5cd0ba11323f35e4408eb4ff7141a
Signed-off-by: Chris Wills <xenkrs@outlook.com>
Reviewed-on: https://code.wireshark.org/review/21677
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Avoid anachronisms, however; there was no "macOS 10.0" or even "OS X
10.0", for example. It was "Mac OS X" until 10.8 (although 10.7 was
sometimes called "OS X" and sometimes called "Mac OS X"), and it was "OS
X" from 10.8 to 10.11.
Change-Id: Ie4a848997dcc6c45c2245c1fb84ec526032375c3
Reviewed-on: https://code.wireshark.org/review/20933
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Timestamp was added according to radiotap spec.
Original changes provided by Johannes Berg from Intel
Change-Id: I72cb315626787d85b2bfb676c8ea7c73130f5a69
Reviewed-on: https://code.wireshark.org/review/20282
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Bug: 12859
Change-Id: Iaf2242b0dcf16f211d5a7565b96099cc44e8bf3d
Reviewed-on: https://code.wireshark.org/review/17899
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: Ib17ca3a613648667d0f99fa7412d074a205840a9
Reviewed-on: https://code.wireshark.org/review/19300
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
|
|
proto_tree_add_uint_format_value had the most use of unit strings, this
patch handles all of the other proto_tree_add_xxx_format_value calls that
could be better served using BASE_UNIT_STRING with a "unit string" in hf_ field.
Added more "common" unit string values to unit_strings.[ch]
Change-Id: I0fb680be781e10037eb7bd40dd21a9ee20c1fb1c
Reviewed-on: https://code.wireshark.org/review/19288
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Several calls to proto_tree_add_uint_format_value could be better served
using BASE_UNIT_STRING with a "unit string" in hf_ field. There also
a few cases where proto_tree_add_uint_format_value could just be
proto_tree_add_uint.
Added a few more "common" unit string values to unit_strings.[ch]
Change-Id: Iaedff82c515269c9c31ab9100dff19f5563c932d
Reviewed-on: https://code.wireshark.org/review/19242
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
'radiotap.present.flags' exists multiple times with NOT compatible types: FT_BOOLEAN and FT_UINT32
Change-Id: Ib53eb43c2103b24bd02bd41fd20030b7e7ae321b
Reviewed-on: https://code.wireshark.org/review/18886
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Mirror it after protocol dissector API.
Change-Id: I7985bcfa9e07654c7cf005efec94efc205d7a304
Reviewed-on: https://code.wireshark.org/review/18496
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
MCS 9 at 20 MHz is valid for 3 and 6 spatial streams.
Changed the rate table to include rate (mbps) for VHT 20MHz MCS 9.
Signed-off-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Bug: 12558
Change-Id: Ia16ae545a5ac1779131e24e1f54a5659390cd321
Reviewed-on: https://code.wireshark.org/review/16146
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Treat it as such. Fetch it once, regardless of whether we have any
non-zero NSS values or not, and use the per-user NSS value to decide
whether a particular bit in the bitmask is valid and worth displaying.
Make the four coding fields bitfields, with the appropriate bit.
Change-Id: I506b35afa9d07da8d800da5c304d5d0aadd87c54
Reviewed-on: https://code.wireshark.org/review/16155
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
A few of the combinations are marked as "Not valid" in 802.11ac-2013.
Ping-Bug: 12558
Change-Id: I18b78ebb84ab32a6fc53c6d634ef07ae87fb4866
Reviewed-on: https://code.wireshark.org/review/16153
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Started by grepping call_dissector_with_data, call_dissector_only and call_dissector and traced the handles passed into them to a find_dissector within the dissector. Then replaced find_dissector with find_dissector_add_dependency and added the protocol id from the dissector.
"data" dissector was not considered to be a dependency.
Change-Id: I15d0d77301306587ef8e7af5876e74231816890d
Reviewed-on: https://code.wireshark.org/review/14509
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
For 802.11n, if the GI length is present in the MCS field and is "short
GI", "gi_length" is equal to 1, not to 0, so set the "short GI" flag in
the generic radio information to "gi_length".
Bug: 12123
Change-Id: Ica2c5794698a643a6393f0468cdbfe025aa90074
Reviewed-on: https://code.wireshark.org/review/13950
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|