Age | Commit message (Collapse) | Author | Files | Lines |
|
If you know the actual data length, use tvb_new_subset_length(); it will
use that as the *reported* length, which is how it *should* be used, and
will calculate the *captured* length for you as appropriate.
Change-Id: I86dde999f59fdfec58b118729b7b881737983033
Reviewed-on: https://code.wireshark.org/review/10260
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
being used to determine if we are dissecting 802.11ad in several places.
Since we now have a macro for testing that and the frequency is in the phdr
we really should use that. This also prevents problems during display filter
execution with respect to fields that are only present for 802.11ad.
Change-Id: Id04a31c15b04378b6b0f056baa1f37d94a65b71c
Signed-off-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-on: https://code.wireshark.org/review/10234
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I6bd7a16e3ea97659a0007edfd9f90dbd2060e443
Reviewed-on: https://code.wireshark.org/review/10244
Reviewed-by: Jeff Morriss <jeff.morriss.ws@gmail.com>
|
|
Extracted from Joerg Mayer's Ixia-derived patch to 1.12 in bug 11464.
Most of the changes there are already in the trunk.
Change-Id: I90ba04e145ffb2b164810320e3510a5bed847ed4
Ping-Bug: 11464
Reviewed-on: https://code.wireshark.org/review/10243
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Instead of splitting the stats into two lists as with the GTK+ UI, add
everything to an expandable tree. This allows viewing nodes on more than
one network.
Rename the top-level Bluetooth menu item to Wireless and put the WLAN
stats dialog there.
The Qt UI matches SSIDs (WlanNetworkTreeWidgetItem::isMatch) a bit
differently than the GTK+ UI. Try to make the logic as plain as possible
since we'll likely have to update it in the future.
The addition of a custom BSSID address types means that we can't assume
that everything is AT_ETHER. Add routines for checking for broadcast
BSSIDs and comparing only the data portions of addresses.
Move PercentBarDelegate into its own module. Use it in
WlanStatisticsDialog.
Change-Id: Ie4214eb00671a890871380c4a07213ebfb7585c6
Reviewed-on: https://code.wireshark.org/review/10171
Reviewed-by: Gerald Combs <gerald@wireshark.org>
|
|
Change-Id: I1fee679b4b0f582806b0e9302c3e404c0222cd6d
Reviewed-on: https://code.wireshark.org/review/9930
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Pseduo -> Pseudo
Change-Id: I34700b3392bfd7e47e79cb2cad0f65a1046a26a2
Reviewed-on: https://code.wireshark.org/review/9925
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Specifically:
- Replace/remove much of 'dissect_qos_capability()' code to use
existing 'fixed field' code to dissect QoS_Info field.
Note: Much of the code added in g40d6131 to dissect the QoS Info
field duplicated already existing (but unused) "fixed field"
code to do same.
- Rework some QoS Info field filter names, variable names and
value-strings to better match the text used in 802.11-2012.
- Rename 'dissect_qos_info()' to 'dissect_wme_qos_info()' to
reflect the fact that this code is only for the (now preumably obsolete)
original WME(WMM) specification for the QoS Info field.
Change-Id: Id89780dfe60b2e4c63332bdb946cc29c67b5127a
Reviewed-on: https://code.wireshark.org/review/9903
Petri-Dish: Bill Meier <wmeier@newsguy.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Bill Meier <wmeier@newsguy.com>
|
|
doesn't
apply to them.
Change-Id: I4b0fcfe5d970877d7f8453e6c6f8c48ee69c2e38
Reviewed-on: https://code.wireshark.org/review/9905
Reviewed-by: Bill Meier <wmeier@newsguy.com>
|
|
802.11 is overwhelmingly little-endian; change all 1-byte fields that
were ENC_BIG_ENDIAN to ENC_LITTLE_ENDIAN.
Change one ENC_BIG_ENDIAN MAC address to ENC_NA; byte order doesn't
apply to them.
The remaining ENC_BIG_ENDIANs should be checked.
Change-Id: I3dc51a5555b99c25dce0d3b7f3be4c441b13d1a3
Reviewed-on: https://code.wireshark.org/review/9890
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Fix spelling, get rid of period at end of some field names.
Change-Id: I1963cdc92657dca8708133796f8835bdffee0c47
Reviewed-on: https://code.wireshark.org/review/9888
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Make all the multi-byte fields, except for OUIs, little-endian -
including fields that contain bitfields. Make the bits in the bitfields
little-endian as well.
For the "number of taps" bitfields, interpret the values.
Fix a typo ("pseduo" -> "pseudo").
The length of an OCT MMPDU is 16 bits, not 8 bits, and it's not a text
string, it's an octet string.
The Beacon Interval Control is 48 bits, not 64 bits.
Handle the beam refinement UI as a 2-byte field that overlaps with a
4-byte field - *none* of the bitfields align on nice 8-bit boundaries,
so that's the best we can do.
Bug: 11419
Change-Id: Ib00ad030ecb33cf676bec23c05b15a4211c75c07
Reviewed-on: https://code.wireshark.org/review/9886
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: Idcda58191ca664412ef874a69f40eb09a5b38234
Reviewed-on: https://code.wireshark.org/review/9820
Reviewed-by: Bill Meier <wmeier@newsguy.com>
|
|
though the spec (802.11ad-2012) says they are optional.
Communicated to me by the WiFi Alliance. I have captures. Not sure if I can
share them.
Change-Id: Id5998594214ac4b6a1d3baf3cb2f0d4fe6227b40
Signed-off-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-on: https://code.wireshark.org/review/9785
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Change-Id: Ife299ec6b56e6a158ed76413d7f2a8e760824a01
Reviewed-on: https://code.wireshark.org/review/9696
Reviewed-by: Jörg Mayer <jmayer@loplof.de>
|
|
And only take into account management, non null data and or extension frames
in WLAN traffic statistics, as previously
Bug: 11318
Change-Id: I32c059a2594331c4e317380b9de43fb582f7f8cb
Reviewed-on: https://code.wireshark.org/review/9566
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Change-Id: Id9409109ffe667d1f8b3201792f7b4146b1f73f5
Reviewed-on: https://code.wireshark.org/review/9582
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
This reverts commit 89c24ee8e8086dc88042d9f048479487b342702e.
Further investigation of unused functions required ....
Change-Id: I0c015cf067eaa0ce5bdafa0bce29bed373e9a82f
Reviewed-on: https://code.wireshark.org/review/9565
Reviewed-by: Bill Meier <wmeier@newsguy.com>
|
|
Primarily:
Call fixed_field functions directly instead of doing a
linear search by "function number" in a large table
of dissector addresses to determine the function address
for each function call.
As part of this change, the order of certain fixed_field
functions was changed to fix any forward references.
Also:
Spelling
Whitespace
Change-Id: I9bb7e239086f9b65044929f2cb7e7f9d9b9adaee
Reviewed-on: https://code.wireshark.org/review/9563
Reviewed-by: Bill Meier <wmeier@newsguy.com>
|
|
Change-Id: I2bb087138de662fd41301b93ef9804345c0875b8
Reviewed-on: https://code.wireshark.org/review/9521
Reviewed-by: Bill Meier <wmeier@newsguy.com>
|
|
This patch adds reassembly_table_destroy calls as cleanup function for
dissectors which have a simple init routine that just calls
reassembly_table_init (comments are ignored).
The changes were automatically generated using
https://git.lekensteyn.nl/peter/wireshark-notes/diff/one-off/cleanup-rewrite.py?id=4cc0aec05dc67a51926a045e1955b7a956757b5e
(with the if and assignment parsers disabled).
The only difference from the autogenerated output is that the XXX
comments from the init routines in smb-pipe and tds dissectors are kept.
Change-Id: I64aedf7189877247282b30b0e0f83757be6199e7
Reviewed-on: https://code.wireshark.org/review/9222
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Move a bunch of #defines that involve the frame control field to
packet-ieee80211.h and have the WLAN statistics tap use them rather than
hardcoded numbers.
Change-Id: I893cc50e546af67c910755357cefd86c39a1c783
Reviewed-on: https://code.wireshark.org/review/9476
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Bug: 11319
Change-Id: I8b746f7238729173b2ca23734e9f7fdbbe4f5110
Reviewed-on: https://code.wireshark.org/review/9232
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
The low-order bit of the field indicates whether it's the HT or VHT
version.
Show subfields as part of a 32-bit bitfield; few subfields begin and end
on a byte boundary (the Link Adaptation Control field no longer does so;
its low-order reserved bit became the VHT flag).
Update references to the 11n spec.
Update a comment.
Change-Id: I9fcb99a5517afb319b67d4deb2355c7cb0be73b6
Reviewed-on: https://code.wireshark.org/review/9191
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: Icb3497924c88963688d60a59c5873a271b7e4d21
Reviewed-on: https://code.wireshark.org/review/9187
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Rather than having a separate "802.11 HT" dissector, just look for the
802.11n (HT) PHY.
(As a side-effect, This also causes PPI HT frames to have the radio
information dissected by the wlan_radio dissector, as is the case with
other 802.11 frames accompanied by radio information.)
Change-Id: I854c42e19481a17767e64a3b92222b09dbaa02dd
Reviewed-on: https://code.wireshark.org/review/9185
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
remaining payload
Bug: 11298
Change-Id: I18082a15fbeaa843099741511292eec19acf94b9
Reviewed-on: https://code.wireshark.org/review/9033
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
parse_key_string reads from rec->string and rec->key (without
modifying those parameters), then returns a newly allocated
decryption_key_t struct which is not used except for reading the
type field. Release memory after copying that single field!
Change-Id: Iac19bea23dedb73cab9dd1ea09f98cc83556e96c
Reviewed-on: https://code.wireshark.org/review/9025
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
|
|
Have dissectors of various forms of radio information headers in the
packets fill in a struct ieee_802_11_phdr with radio information as
appropriate, and call the "802.11 radio information" dissector rather
than the raw 802.11 dissector.
This means that the radio information can be found in a
protocol-independent and encapsulation-independent form when you're
looking at the packet; that information can be presented in a form
somewhat easier to read than the raw metadata header format.
It also enables having a single "radio information" tap that allows
statistics to handle all different sorts of radio information
encapsulation.
In addition, it lets us clean up some of the arguments passed to the
common 802.11 dissector routine, by having it pull that information from
the struct ieee_802_11_phdr.
Ensure that the right structure gets passed to that routine, and that
all the appropriate parts of that structure are filled in.
Rename the 802.11 radio protocol to "wlan_radio", rather than just
"radio", as it's 802.11-specific. Give all its fields "wlan_radio."
names rather than "wlan." names.
Change-Id: I78d79afece0ce0cf5fc17293c1e29596413b31c8
Reviewed-on: https://code.wireshark.org/review/8992
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Rather than accessing it through pinfo->pseudo_header, have it passed as
an argument.
This means we no longer tweak the pseudo-header filled in by libwiretap,
but instead construct our own pseudo-header, which is a bit cleaner.
It also opens up the possibility of other dissectors passing radio
information down to the 802.11 dissector, so it can display it in a
better-organized format than the raw metadata headers for
radiotap/PPI/Prism/AVS/etc., and having some of the options for 802.11
dissection (Atheros padding, Centrino stuff, etc.) also passed in
through that pseudo-header so we have fewer arguments to
dissect_ieee80211_common().
Change-Id: I470300a0407ebf029c542f7ca5878593563a70a9
Reviewed-on: https://code.wireshark.org/review/8980
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Bug:11205
Change-Id: Ia3bc63dbb1504381b58f9e31b56412574ec96f4e
Reviewed-on: https://code.wireshark.org/review/8675
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Change-Id: I0fa523dd0e62f94e478ad35b216fc3dc5651718c
Reviewed-on: https://code.wireshark.org/review/8547
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I4c557c49a6d6013dff129515cdfadb496529ff35
Reviewed-on: https://code.wireshark.org/review/8414
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Hopefully, that'll convince Microsoft's static analyzer that nr will
always be >= 1, so you can safely subtract 1 from it and use it as an
array index.
Get rid of the vht_mimo_control_t structure in favor of a few variables
for the bitfields we actually use.
Make some tables static - no need to initialize them every time we enter
the routine.
Change-Id: Icde05a768ea1a9c897b69003afcab1dddeffaaf5
Reviewed-on: https://code.wireshark.org/review/8411
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
While we are at it, put back some debug logs that were removed in g1439eb6 (otherwise msgbuf is no more initialized)
Change-Id: Ie34c4f2e638bc3ee77a0565446de37a15385dc0d
Reviewed-on: https://code.wireshark.org/review/8389
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Change-Id: I714078683cff517c79a15abf29e1ae4a9a60271d
Reviewed-on: https://code.wireshark.org/review/8365
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I90bddd1dd879706b95ab28539411e26fc29e61d8
Reviewed-on: https://code.wireshark.org/review/8359
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
This patch extends the existing decryption support for WPA to also
handle rekeys by checking each decrypted packet for a 4-way-handshake.
Rekeys can be used for WPA-PSK, but are more common with WPA-Enterprise
(WPA-EAP).
For decrypting WPA-EAP secured packets the user must provide all used PMK's
of the connection (aka PSK's) as WPA-PSK 32 byte hex values to wireshark
via the existing interface.
(The capture must have all 4-way-handshakes included also, starting with
the first unencrypted one.)
Every decrypted unicast packet will habe the used PMK and TK shown in the
CCMP/TKIP section below the key index in the GUI. Group packets will display the
GTK instead.
Additionally this fixes a small issue with group rekey handling, so every packet
can be selected in the GUI in random order, removing the need to manually find
the correct group keying packets prior to that.
It was tested primary with WPA-CCMP, but TKIP is also working.
One section in the code touch bluetooth 802.1X support. It should do
exactly the same, but will now also examine all decypted packets for rekeys.
Ping-Bug: 11172
Change-Id: I19d055581fce6268df888da63485a48326046748
Reviewed-on: https://code.wireshark.org/review/8268
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
proto_tree_add_bitmask_[value|value_with_flags|list]
Part 2 of a few
Change-Id: Ic1f1aafe2ed02dce95b15c03a91cbd68807a5cf4
Reviewed-on: https://code.wireshark.org/review/8165
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
following ge243b0041 check the last add_tagged_field for avoid a Coverity warning
(Yes the code is already safe..)
Ping-Bug: 11110
Change-Id: Iaceb8cf9c91de426bc5e5408b4271091cab57862
Reviewed-on: https://code.wireshark.org/review/8084
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I7f0f10ca695fedab613156811fac60e5fa015bee
Reviewed-on: https://code.wireshark.org/review/8000
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Change-Id: I8de390e273e06620a8cdf62acae076ed6dd10a54
Reviewed-on: https://code.wireshark.org/review/7999
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
add_tagged_field() may return 0 if the tag length is not what is
expected for this particular tag
Bug: 11110
Change-Id: Ia2fd6635613fb6d8e1264147d2ddd44162484887
Reviewed-on: https://code.wireshark.org/review/7989
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
|
|
Add support of Reported Frame Body (subelement of Beacon Report)
Bug:11101
Change-Id: I44f313ef081fcba7aaf6208baed81a46152fddb6
Reviewed-on: https://code.wireshark.org/review/7970
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
dissection
Specifically: Management/Control frames saved by Microsoft Netmon (3.4?)
with "IEEE 802.11 plus Network Monitor radio header" encapsulation
may or may not be saved with an FCS.
See Bug 11105.
Fix: Use "check fcs" preference to specify whether Management & Control
frames have an fcs for this encapsulation.
Change-Id: Ibd0be7b4765c2df2b959cb2234aeed027266246b
Reviewed-on: https://code.wireshark.org/review/7939
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Missing break for Measurement Report tag
Ping-Bug:11101
Change-Id: I570088f1eed756d541be74539774295eb67c2d47
Reviewed-on: https://code.wireshark.org/review/7969
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Add Request Channel Load and Noise Histogram
Bug:11101
Change-Id: I276eb4711169555a2df6a72c78d0ad743398b954
Reviewed-on: https://code.wireshark.org/review/7877
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Add expert info when there is some undecoded Measure Request/Report type (and subtype)
Change-Id: Iece7487680d3211f28365d6596db31f408edb96b
Ping-Bug:11101
Reviewed-on: https://code.wireshark.org/review/7876
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
the EAPOL Key Exchange descriptions show key packets 2 and 4 as "Key (Message 4 of 4)"
Reason of issue :
In the IEEE 802.11 specification the value for the counter is defined as following:
Message #2 - counter = n
Message #4 - counter = n+1
So the only way to distinguish between message #2 and message #4 using the counter value would be for Wireshark to "look ahead" and compare the counter values (e.g., if counter1 < counter2, then message 2, else message 4).
Fix :
However, there is a much easier way to distinguish between message #2 and message #4. Instead of using the counter field, Wireshark could parse the "WPA Key Nonce" field (display filter = wlan_rsna_eapol.keydes.nonce).
According to the IEEE specification, sections 11.6.6.3 and 11.6.6.5 define the value for the WPA Key Nonce as following:
Message #2, Key Nonce = SNonce (Supplicant Nonce)
Message #4, Key Nonce = 0
So, the logic would be:
1. Use the Wireshark parser to determine the WPA Key Nonce value. The Key nonce field is 32 octets.
2. If !(keynonce), then message #2
Else message #4
(Only check the first 4 octets of nonce if equal to zero)
Issue reported by Murray Pickard
Reason of issue (and proposed fix) by Amato Carbonara
Bug: 10557
Change-Id: I66086ac27a4d7d3ac0356be295d23001e2af71c8
Reviewed-on: https://code.wireshark.org/review/7868
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
A1,A2,A3 and A4 in 802.11 MAC header were not correctly
mapped to SA/TA/DA/RA/BSSID
Change-Id: I050cbb544500d8c3bf3d545f85144ca853079dde
Reviewed-on: https://code.wireshark.org/review/7655
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|