osmith
/
wireshark
forked from osmocom/wireshark
1
0
Fork 0
Code Pull Requests Releases Wiki Activity

IEEE 802.11: Handle Atheros padding 

For some unknown reason between 802.11 protocol fields end and LLC
protocol field start two octets of padding may appear. These octets
(value 0x00) were observed on the OLPC laptop, heuristically detected
and marked as OLPC mysterious stuff.

It seems that Atheros chipset drivers also show this behaviour,
although the padding is not 0x0000, but seem to be a duplicate of the
sequence control field. This is now also heuristically detected and
marked more generically as payload padding.

Bug: 13411
Change-Id: I1e817e07dc19be8b3917ff302ede3328ca6a4938
Reviewed-on: https://code.wireshark.org/review/20284
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
This commit is contained in:
Jaap Keuter 2017-02-15 22:25:58 +01:00
parent 2534ec45c1
commit 311b1ee700
1 changed files with 7 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
epan/dissectors/packet-ieee80211.c
View File

@ -18492,7 +18492,9 @@ dissect_ieee80211_common(tvbuff_t *tvb, packet_info *pinfo,
On top of that, at least at some point it appeared that
the OLPC XO sent out frames with two bytes of 0 between
the "end" of the 802.11 header and the beginning of
the payload.
the payload. Something similar has also been observed
with Atheros chipsets. There the sequence control field
seems repeated.
So, if the packet doesn't start with 0xaa 0xaa:
@ -18508,7 +18510,8 @@ dissect_ieee80211_common(tvbuff_t *tvb, packet_info *pinfo,
whether the packet starts with 0xff 0xff and, if so, treat it
as an encapsulated IPX frame, and then check whether the
packet starts with 0x00 0x00 and, if so, treat it as an OLPC
frame. */
frame, or check the packet starts with the repetition of the
sequence control field and, if so, treat it as an Atheros frame. */
encap_type = ENCAP_802_2;
if (tvb_bytes_exist(next_tvb, 0, 2)) {
octet1 = tvb_get_guint8(next_tvb, 0);
@ -18519,7 +18522,8 @@ dissect_ieee80211_common(tvbuff_t *tvb, packet_info *pinfo,
encap_type = ENCAP_ETHERNET;
else if ((octet1 == 0xff) && (octet2 == 0xff))
encap_type = ENCAP_IPX;
else if ((octet1 == 0x00) && (octet2 == 0x00)) {
else if (((octet1 == 0x00) && (octet2 == 0x00)) ||
(((octet2 << 8) | octet1) == seq_control)) {
proto_tree_add_item(tree, hf_ieee80211_mysterious_olpc_stuff, next_tvb, 0, 2, ENC_NA);
next_tvb = tvb_new_subset_remaining(next_tvb, 2);
}