Age | Commit message (Collapse) | Author | Files | Lines |
|
Enhanced peekremote dissector to take into account the new extended
flags written by Cisco APs in sniffer mode after WLC version 8.5.
Support for 80mhz channel flag (bit 9), short preamble (bit 8), amount
of spatial streams (bit 14-16)
dot11_ht_vht_flags=0x00000551 <--short preamble encoded to 10th bit of
dot11_ht_vht_flags.
dot11_ht_vht_flags=0x00008bc8 <--80MHz info encoded to 9th bit of
dot11_ht_vht_flags.
The spatial streams information is already encoded to 16:15:14 bits of
dot11_ht_vht_flags. The following are the bit pattern representation,
000 - 1 spatial stream
001 - 2 spatial streams
010 - 3 spatial streams
Bug: 14452
Change-Id: If0539e356b32a791901d213a653f7a98521667ee
Reviewed-on: https://code.wireshark.org/review/26178
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I92c94448e6641716d03158a5f332c8b53709423a
Reviewed-on: https://code.wireshark.org/review/25756
Petri-Dish: Dario Lombardo <lomato@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Also, there's no need to zero out the NSS values for 11ac - we zero out
the entire pseudo-header at the beginning. We only need to set them if
we *have* them.
Change-Id: I9ebda7e246c24941ca77314bba6f86dea41e5992
Reviewed-on: https://code.wireshark.org/review/24135
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
The spatial streams amount support is still to be added.
Bug: 14136
Change-Id: I58b4ff4febcbd871c063a7add6a1e6b79ef23683
Reviewed-on: https://code.wireshark.org/review/24079
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Bug: 13544
Change-Id: If04ad8e71f06c289673492db3ed916e85cfc55e5
Reviewed-on: https://code.wireshark.org/review/20853
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Similar to the "tcp.port" changes in I99604f95d426ad345f4b494598d94178b886eb67,
convert dissectors that use "udp.port".
More cleanup done on dissectors that use both TCP and UDP dissector
tables, so that less preference callbacks exist.
Change-Id: If07be9b9e850c244336a7069599cd554ce312dd3
Reviewed-on: https://code.wireshark.org/review/18120
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Started by grepping call_dissector_with_data, call_dissector_only and call_dissector and traced the handles passed into them to a find_dissector within the dissector. Then replaced find_dissector with find_dissector_add_dependency and added the protocol id from the dissector.
"data" dissector was not considered to be a dependency.
Change-Id: I15d0d77301306587ef8e7af5876e74231816890d
Reviewed-on: https://code.wireshark.org/review/14509
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Assign result of `register_dissector(..., func, proto)` to FOO_handle
and remove `FOO_handle = create_dissector_handle(func, proto)`.
Found by looking for files named packet-FOO.c having the above
create_dissector_handle pattern. Some files (with different dissect
routines for the two functions) remain unchanged.
Change-Id: Ifbed8202c6dbc63a1dae9acc03313980ffbbbb90
Reviewed-on: https://code.wireshark.org/review/13247
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
The use of a flag field here is aesthetically unpleasing when the flags
are referred to frequently. Convert these into bitfield entries.
Change-Id: I6f47e31558439dfd343ec7f856d04480366a1237
Reviewed-on: https://code.wireshark.org/review/12511
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: Ie39ef054a4a942687bd079f3a4d8c2cc55d5f22c
Reviewed-on: https://code.wireshark.org/review/12485
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Some of the ASN.1 dissectors still generate a new_create_dissector_handle from the tool itself, so leave those for now.
Change-Id: Ic6e5803b1444d7ac24070949f5fd557909a5641f
Reviewed-on: https://code.wireshark.org/review/12484
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
The preferences are still supported for backwards compatibility, but the heuristic_protos file has final say on the "preference" to enable/disable a heuristic dissector.
Also add parameter to heur_dissector_add() for the "default" enable/disable of a heuristic dissector. With this parameter, a few more (presumably weak) heuristic dissectors have been "registered" but of course default to being disabled.
Change-Id: I51bebb2146ef3fbb8418d4f5c7f2cb2b58003a22
Reviewed-on: https://code.wireshark.org/review/9610
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Hadriel Kaplan <hadrielk@yahoo.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
This allows better presentation of heuristic dissectors to the end user.
Change-Id: I2ff3985ab914e83c2989880cc0c7b9904045b3f6
Reviewed-on: https://code.wireshark.org/review/9602
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
OK, where's NSS for the presumably-one-and-only user hiding for 11ac?
Change-Id: I53eb216c5d209dc5bb46c1d0aca7f8a200161e3e
Reviewed-on: https://code.wireshark.org/review/9512
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Bug: 11326
Change-Id: I5a438bda7448f6b6b9959bdc03b0252b3cf22697
Reviewed-on: https://code.wireshark.org/review/9469
Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
|
|
Add more fields to the metadata to handle everything radiotap has, and
show them.
Call the FEC type field just "FEC", and have it be an integer field with
0 meaning BCC and 1 meaning LDPC, rather than a Boolean.
11ac doesn't have *an* MCS, it can have up to 4, one per user.
Label the 11ac bandwidth values the same way we do in the radiotap
dissector.
Change-Id: I2c2415baff3e5d68d49dda497980e8271d26b1f6
Reviewed-on: https://code.wireshark.org/review/9176
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Have a field that holds the PHY type but nothing else. Have
a union with structures holding PHY-type-specific information, as a
bunch of attributes are PHY-specific.
If we have a channel and band, but don't have the frequency, attempt to
calculate the frequency, and add that to the radio information if we
succeed. If we have the frequency, but don't have the channel, attempt
to calculate the channel, and add that to the radio information if we
succeed.
Handle FHSS information, 11a "half/quarter-clocked" and turbo
information, 11g normal vs. Super G, additional 11n and 11ac
information, and the "short preamble" flag for 11b and 11g.
Add a PHY type for 11 legacy DSSS and detect it if possible.
Clean up the AVS dissector - make all fields wlancap. fields (if you
want generic fields, use the wlan_radio. fields).
Set more fields when writing out Commview Wi-Fi files.
Change-Id: I691ac59f5e9e1a23779b56a65124049914b72e69
Reviewed-on: https://code.wireshark.org/review/9146
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Provide that information so that the "802.11 radio information" protocol
can indicate whether a packet was 802.11 legacy/11b/11a/11g/11n/11ac,
and possibly whether it's 2.4 GHz or 5 GHz 11n. (Sometimes the center
frequency might not be supplied, so the band information can be useful.)
Also, provide some 11ac information, now that we can distinguish between
11n and 11ac. Don't calculate the data rate from the MCS index unless
it's 11n; we don't yet have code to calculate it for 11ac.
For radiotap, only provide guard interval information for 11n and 11ac,
not for earlier standards.
Handle the 11ac flag in the Peek remote protocol.
For Peek tagged files, the "extension flags" are 11n/11ac flags, so we
don't have to check for the "MCS used" bit in order to decide that the
packet is 11n or 11ac or to decide whether to provide the "bandwidth" or
"short GI" information.
Change-Id: Ia8a1a9b11a35243ed84eb4e72c384cc77512b098
Reviewed-on: https://code.wireshark.org/review/9032
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Have dissectors of various forms of radio information headers in the
packets fill in a struct ieee_802_11_phdr with radio information as
appropriate, and call the "802.11 radio information" dissector rather
than the raw 802.11 dissector.
This means that the radio information can be found in a
protocol-independent and encapsulation-independent form when you're
looking at the packet; that information can be presented in a form
somewhat easier to read than the raw metadata header format.
It also enables having a single "radio information" tap that allows
statistics to handle all different sorts of radio information
encapsulation.
In addition, it lets us clean up some of the arguments passed to the
common 802.11 dissector routine, by having it pull that information from
the struct ieee_802_11_phdr.
Ensure that the right structure gets passed to that routine, and that
all the appropriate parts of that structure are filled in.
Rename the 802.11 radio protocol to "wlan_radio", rather than just
"radio", as it's 802.11-specific. Give all its fields "wlan_radio."
names rather than "wlan." names.
Change-Id: I78d79afece0ce0cf5fc17293c1e29596413b31c8
Reviewed-on: https://code.wireshark.org/review/8992
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Type 1 is Peek type (using Peek dissector)
Peek dissector is also update for Cisco AP, Pass info to peek dissector it is "Aruba PEEK" (with buggy FCS)
Add also check of signal value (when signal strength = 100%) it is a TX packet and there is no FCS
Bug:11204
Change-Id: I435e0e3275bc0a03fa534e49e86251114f568040
Reviewed-on: https://code.wireshark.org/review/8710
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
There's all sorts of interesting stuff out there on the Intertubes if
you happen to be searching for the right thing.
Change-Id: Ib5e18ece5dfaa284ece8cfda23887a9408c8318e
Reviewed-on: https://code.wireshark.org/review/8503
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I18152e75aec2eedccad4d393c1b4b493cd7b406d
Reviewed-on: https://code.wireshark.org/review/8125
Reviewed-by: Evan Huus <eapache@gmail.com>
Petri-Dish: Evan Huus <eapache@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Fourth batch (packet-mac-lte.c -> packet-rtp.c).
Will look at cleaning up and committing script afterwards.
Change-Id: Id921f07f4b274f0cfb77ce81abe4a285fdb8b644
Reviewed-on: https://code.wireshark.org/review/6023
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Reviewed-by: Martin Mathieson <martin.r.mathieson@googlemail.com>
|
|
Specifically:
- Set packet.h to be the first wireshark #include after
config.h and "system" #includes.
packet.h added as an #include in some cases when missing.
- Remove some #includes included (directly/indirectly) in
packet.h. E.g., glib.h.
(Done only for those files including packet.h).
- As needed, move "system" #includes to be after config.h and
before wireshark #includes.
- Rework various #include file specifications for consistency.
- Misc.
Change-Id: Ifaa1a14b50b69fbad38ea4838a49dfe595c54c95
Reviewed-on: https://code.wireshark.org/review/5923
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Bill Meier <wmeier@newsguy.com>
|
|
Also, the 0x00000100 flag is "MCS index used", if a dissection of an
802.11n frame by OmniPeek is to be believed and if the "802.11n flags"
have the same meaning in Peek tagged files and in the Peek remote
protocol.
Rename that field to "extended flags", as it's not just for 802.11n, add
the "802.11ac" flag, and rename the "future use" flag.
Change-Id: I605622801450d5d114c3c971c98960b198346bdd
Reviewed-on: https://code.wireshark.org/review/4968
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I5f23bec128444b6590b5fc938bbe0e8a679cd31b
Reviewed-on: https://code.wireshark.org/review/4965
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
- remove unneeded initializers;
- replace tabs in files with editor mode line 'expandtabs';
- col_set_str() --> col_add_str() (in one case);
- tvb_length() -- > tvb_reported_length() (in one case);
- do some whitespace & indentation fixes/changes.
Change-Id: Ib8ffbbcdb6e4a74c0df6021a75430ae1ef9ae089
Reviewed-on: https://code.wireshark.org/review/3435
Reviewed-by: Bill Meier <wmeier@newsguy.com>
|
|
https://www.wireshark.org/lists/wireshark-dev/201406/msg00131.html
This reverts commit 246fe2ca4c67d8c98caa84e2f57694f6322e2f96.
Change-Id: Ib24bae0198c13a84bd7f731bf4af921212109a8f
Reviewed-on: https://code.wireshark.org/review/2430
Reviewed-by: Michael Mann <mmann78@netscape.net>
|
|
Change-Id: I9209c1271967405c34c1b6fa43e1726a4d3a5a3f
Reviewed-on: https://code.wireshark.org/review/2377
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
Call the without-Atheros-padding dissector for the payload.
Fixes bug 10139.
Change-Id: I883bf4e58899aa78b07fae63d8c0376a31bda444
Reviewed-on: https://code.wireshark.org/review/2027
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
For a number of protocols that encapsulate 802.11 frames inside packets,
whether the frame includes an FCS or not is specified by the protocol,
not by whether the link-layer frame carrying the packets *itself*
includes an FCS. As we've done with Ethernet, add "_withfcs" and
"_withoutfcs" dissectors, which *don't* check the pseudo-header FCS
length indication, and call those, rather than dissectors that check the
pseudo-header length indication, from the dissectors for those protocols.
Change-Id: Ib8c8ecdd872e1782fdfc66e7573415d91911a62e
Reviewed-on: https://code.wireshark.org/review/1866
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I8e5991f636e68a956bf5e09dd6bf4be1d4619ba0
Reviewed-on: https://code.wireshark.org/review/1852
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Change-Id: I81f726cd20878770a37d9489f40d473960714425
Reviewed-on: https://code.wireshark.org/review/646
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
|
|
Change-Id: I8e32672912bb202903182126613ce3394e0e1c35
Reviewed-on: https://code.wireshark.org/review/639
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
The PeekRemote headers are 802.11, so "Dot80211" is redundant.
"Wep" really means "Protected" as there's also WPA/WPA2.
"FlagsN" means "802.11n", not "802.11ac", and the "n" in "flagsn"
indicates that. Also, "Hz" stands for "Hertz", as in "Heinrich Hertz",
so the "H" is capitalized.
Change-Id: If46cc4859ae8d65a199c9ad1fd48d2f2128ccd3d
Reviewed-on: https://code.wireshark.org/review/630
Reviewed-by: Guy Harris <guy@alum.mit.edu>
|
|
Information about value of flags from Emburey
Change-Id: Iba79fba8e95cd2fc80f6fba5fa937d5485fbb381
Closed-bugs: 9586
Reviewed-on: https://code.wireshark.org/review/595
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Evan Huus <eapache@gmail.com>
|
|
Change-Id: I1ed387f1cb8d207c32c5202b578bd452cef4401c
Reviewed-on: https://code.wireshark.org/review/594
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
(Using sed : sed -i '/^ \* \$Id\$/,+1 d')
Fix manually some typo (in export_object_dicom.c and crc16-plain.c)
Change-Id: I4c1ae68d1c4afeace8cb195b53c715cf9e1227a8
Reviewed-on: https://code.wireshark.org/review/497
Reviewed-by: Anders Broman <a.broman58@gmail.com>
|
|
PeekRemote packets from Cisco appears to be a 64-bit timestamp; it's
probably the Time Synchronization Function timestamp (TSFT), so call it
that.
svn path=/trunk/; revision=54453
|
|
svn path=/trunk/; revision=54347
|
|
/home/jmayer/work/wireshark/svn/trunk/epan/dissectors/packet-peekremote.c: In function ‘dissect_peekremote_new’:
/home/jmayer/work/wireshark/svn/trunk/epan/dissectors/packet-peekremote.c:210:15: error: variable ‘ti_header_version’ set but not used [-Werror=unused-but-set-variable]
proto_item *ti_header_version, *ti_header_size;
^
cc1: all warnings being treated as errors
svn path=/trunk/; revision=54345
|
|
screenshot in bug 9586.
First cut at dissecting the 802.11n (55-byte) header, as per the other
screenshot in that bug.
Update Protocol column to match the new name we gave the protocol.
Still waiting for a new-header capture to test with....
svn path=/trunk/; revision=54341
|
|
svn path=/trunk/; revision=54322
|
|
svn path=/trunk/; revision=54319
|
|
svn path=/trunk/; revision=54317
|
|
a (version 2) screenshot
svn path=/trunk/; revision=54316
|
|
NEWS got updated
svn path=/trunk/; revision=54312
|
|
svn path=/trunk/; revision=54089
|
|
svn path=/trunk/; revision=53655
|
|
svn path=/trunk/; revision=45017
|