From 14ba8d892e5137ba9623e6737cfec44485227df2 Mon Sep 17 00:00:00 2001
From: Anders Broman <anders.broman@ericsson.com>
Date: Sun, 15 Jul 2012 16:37:25 +0000
Subject: From Network Instruments by Tom Brezinski When a Network Instruments
 wireless capture is decrypted a flag is set on the packet in the BFR file
 indicating that the packet is decrypted instead of modifying the protected
 flag in the frame control flags of the packet header.
 https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=7478

svn path=/trunk/; revision=43727
---
 wiretap/network_instruments.c | 33 +++++++++++++++++++++++++--------
 1 file changed, 25 insertions(+), 8 deletions(-)

(limited to 'wiretap/network_instruments.c')

diff --git a/wiretap/network_instruments.c b/wiretap/network_instruments.c
index 554be28385..8984db543f 100644
--- a/wiretap/network_instruments.c
+++ b/wiretap/network_instruments.c
@@ -106,7 +106,7 @@ static gboolean observer_seek_read(wtap *wth, gint64 seek_off,
     union wtap_pseudo_header *pseudo_header, guint8 *pd, int length,
     int *err, gchar **err_info);
 static int read_packet_header(FILE_T fh, union wtap_pseudo_header *pseudo_header, 
-    packet_entry_header *packet_header, int *err, gchar **err_info);
+    packet_entry_header *packet_header, gboolean *decrypted_wireless, int *err, gchar **err_info);
 static int read_packet_data(FILE_T fh, int offset_to_frame, int current_offset_from_packet_header,
     guint8 *pd, int length, int *err, char **err_info);
 static gboolean skip_to_next_packet(wtap *wth, int offset_to_next_packet,
@@ -265,6 +265,7 @@ int network_instruments_open(wtap *wth, int *err, gchar **err_info)
 static gboolean observer_read(wtap *wth, int *err, gchar **err_info,
     gint64 *data_offset)
 {
+	gboolean decrypted_wireless;
     int header_bytes_consumed;
     int data_bytes_consumed;
     packet_entry_header packet_header;
@@ -274,8 +275,8 @@ static gboolean observer_read(wtap *wth, int *err, gchar **err_info,
         *data_offset = file_tell(wth->fh);
 
         /* process the packet header, including TLVs */
-        header_bytes_consumed = read_packet_header(wth->fh, &wth->pseudo_header, &packet_header, err,
-            err_info);
+        header_bytes_consumed = read_packet_header(wth->fh, &wth->pseudo_header, &packet_header, &decrypted_wireless, 
+            err, err_info);
         if (header_bytes_consumed <= 0)
             return FALSE;    /* EOF or error */
 
@@ -356,6 +357,11 @@ static gboolean observer_read(wtap *wth, int *err, gchar **err_info,
         return FALSE;
     }
 
+	/* clear the protected flag in the wireless header if needed */
+	if (decrypted_wireless && data_bytes_consumed > 1) {
+		*(buffer_start_ptr(wth->frame_buffer)+1) = (*(buffer_start_ptr(wth->frame_buffer)+1) & 0xbf);
+	}
+
     /* skip over any extra bytes following the frame data */
     if (!skip_to_next_packet(wth, packet_header.offset_to_next_packet,
             header_bytes_consumed + data_bytes_consumed, err, err_info)) {
@@ -370,15 +376,17 @@ static gboolean observer_seek_read(wtap *wth, gint64 seek_off,
     union wtap_pseudo_header *pseudo_header, guint8 *pd, int length,
     int *err, gchar **err_info)
 {
+	gboolean decrypted_wireless;
     packet_entry_header packet_header;
     int offset;
+	int data_bytes_consumed;
 
     if (file_seek(wth->random_fh, seek_off, SEEK_SET, err) == -1)
         return FALSE;
 
     /* process the packet header, including TLVs */
-    offset = read_packet_header(wth->random_fh, pseudo_header, &packet_header, err,
-        err_info);
+    offset = read_packet_header(wth->random_fh, pseudo_header, &packet_header, &decrypted_wireless,
+		err, err_info);
     if (offset <= 0)
         return FALSE;    /* EOF or error */
 
@@ -395,16 +403,23 @@ static gboolean observer_seek_read(wtap *wth, gint64 seek_off,
     }
 
     /* read the frame data */
-    if (!read_packet_data(wth->random_fh, packet_header.offset_to_frame,
-        offset, pd, length, err, err_info))
+	data_bytes_consumed = read_packet_data(wth->random_fh, packet_header.offset_to_frame,
+        offset, pd, length, err, err_info);
+    if (data_bytes_consumed < 0) {
         return FALSE;
+    }
+
+	/* clear the protected flag in the wireless header if needed */
+	if (decrypted_wireless && data_bytes_consumed > 1) {
+		*(pd+1) = (*(pd+1) & 0xbf);
+	}
 
     return TRUE;
 }
 
 static int
 read_packet_header(FILE_T fh, union wtap_pseudo_header *pseudo_header, 
-    packet_entry_header *packet_header, int *err, gchar **err_info)
+    packet_entry_header *packet_header, gboolean *decrypted_wireless, int *err, gchar **err_info)
 {
     int offset;
     int bytes_read;
@@ -486,6 +501,8 @@ read_packet_header(FILE_T fh, union wtap_pseudo_header *pseudo_header,
             pseudo_header->ieee_802_11.channel = wireless_header.frequency;
             pseudo_header->ieee_802_11.data_rate = wireless_header.rate;
             pseudo_header->ieee_802_11.signal_level = wireless_header.strengthPercent;
+			/* set decryption status */
+			*decrypted_wireless = (wireless_header.conditions & WIRELESS_WEP_SUCCESS) > 0;
             offset += bytes_read;
             break;
         default:
-- 
cgit v1.2.3