The contents of the Symbol Proprietary TLV was assumbed to be the same
as the Vendor Specific TLV. This proved not to be the case, at least for
Zebra Extreme networks nodes. This change implements the dissection of
the format as defined in the bug.
Bug: 15909
Change-Id: I4c14dde386d33302d187680f9f09f8b5bb1ef213
Reviewed-on: https://code.wireshark.org/review/34023
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
The original code was causing a malformed packet exception if there was
one additional byte after the measurement pilot interval.
Bug: 15903
Change-Id: Ibe3e7fab5ea5c3d18ea4792ff342a0d8b8d2533b
Reviewed-on: https://code.wireshark.org/review/33858
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
This helps developers know they are missing bits of data that should be
there by adding an expert info rather than showing a malformed packet.
Bug: 15861
Change-Id: Iacd85be228c60e4e3dcef344a38506568172e0da
Reviewed-on: https://code.wireshark.org/review/33691
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Bits named according to IEEE 802.11-2016, p.836, Figure 9-192
Change-Id: I4e0a6c90796d80ebbdc31c32a3ea2d9da4db8885
Reviewed-on: https://code.wireshark.org/review/33193
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fine Time Measurement protocol has been introduced as part of 802.11mc,
wireshark software is missing the support of parsing the FTM.
Add necessary changes to parse FTM frames.
Bug: 15721
Change-Id: I86c6a8db25ffc99df146e0fa1c1cc05bf29710d2
Reviewed-on: https://code.wireshark.org/review/32935
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Issue reported by Helge Magnus Keck
Change-Id: I7878a56acf07119fc7f900eb72b6d497c675567c
Reviewed-on: https://code.wireshark.org/review/32808
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Issue reported by Helge Magnus Keck
Change-Id: Ib761b4209d1efc80ca2c107dda9919e71f5865c2
Reviewed-on: https://code.wireshark.org/review/32798
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
In the IEEE 802.11 dissector the conversations concept is (re)used
for tracking associations. The conversations are then used to keep
data that's unique for a certain association, like negotiated AKMS.
Though currently associations are unique per (re)association
whereas conversations are unique based only on src/dest address.
This is problematic for captures with multiple associations with
same STA/BSSI pair.
For example:
Assoc req frame (assoc #1, conversation #1)
Reassoc frame (assoc #2, conversation #1)
Assoc req frame (assoc #3, conversation #1)
To make a one to one mapping between conversations and associations
store an association counter with each frame and use it with the pinfo
srcport/destport fields to build a conversation key:
(src, dest, association_counter).
Bug: 15616
Change-Id: Ie020bdffbcdab4739ee07f73025ef1157c1fc329
Reviewed-on: https://code.wireshark.org/review/32737
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Also the MIC inside FT IE is variable length in coming IEEE 802.11
spec. According to IEEE 802.11 spec the MIC length is based on AKMS
negotiated during (re)association phase. This is good as long as
the capture file contains needed assoc frames.
Though if association frames are missing the MIC length is unknown.
As a backup try to use the AKMS found in current frame to
determine MIC length. Handle this logic in a new function like this:
MIC length is detemined by:
1. User overridden MIC length setting
2. AKMS negotiated during association phase (conversation)
3. AKMS from current frame
4. Default 16 bytes length.
Also changes had to be done to the ieee80211_packet_data_t handling.
This structure appears to be used as a temporary storage for data
related to current frame. However data was stored in file scope making
it impossible to know whether data was from current or another frame.
This is fixed by changing to the pinfo pool.
Bug: 15616
Change-Id: I521d440b47d71cbc94cd6c56714d21274c8dd23e
Reviewed-on: https://code.wireshark.org/review/32693
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Formation Information: Connect to Mesh Gate / AS
Reserved bit Capability
Issue reported by Helge Magnus Keck
Change-Id: Icf5337ab45bbf7ce1660b560b5fbc22d11785ec0
Reviewed-on: https://code.wireshark.org/review/32797
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Remove the zero-length array usage to fix warnings reported about
using this extended feature.
Fixes: v2.9.0rc0-2520-g61ccf52107 ("ieee80211: Decrypt and dissect EAPOL
keydata")
Change-Id: I62eceb543e3398db2eee22e12609959e27d684f7
Reviewed-on: https://code.wireshark.org/review/32781
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Issue reported by Helge Magnus Keck
Change-Id: Ide5c4d78f536e55a2eb318506633a4b6273f8014
Reviewed-on: https://code.wireshark.org/review/32789
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Reported by Helge Magnus Keck
Change-Id: If0aae0879d52a2516642d162395795c05c28b9b9
Reviewed-on: https://code.wireshark.org/review/32736
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Reported by Helge Magnus Keck
Change-Id: Ia96521920b3108f2d5867c9392fd93210ac99d37
Reviewed-on: https://code.wireshark.org/review/32735
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add defines for AKMS and use instead of magic values in code.
Change-Id: Ib40b88836d58b0e16dae9a2eacfdee67344bc6d8
Reviewed-on: https://code.wireshark.org/review/32712
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
FT over IEEE 802.1X (SHA384) is also an FT AKMS so treat it
as such when dissecting the RSN IE. While at it replace the big
if statement with a function.
Bug: 15616
Change-Id: I9abe45a5c70bc062a9d6d8fb97226a3d0cde42b3
Reviewed-on: https://code.wireshark.org/review/32692
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
In dissect_compressed_beamforming_and_cqi, break out of a loop if our
bit offset doesn't advance.
Bug: 15553
Change-Id: I6212be4c08c42ef1969c1302e85a8e08f1d7547f
Reviewed-on: https://code.wireshark.org/review/32677
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Gerald Combs <gerald@wireshark.org>
If the offset for src or dst address is set to 0 it should not be used.
Change-Id: I7ea4da49d5fe33e118bbf4cdf9a241083a0d950f
Reviewed-on: https://code.wireshark.org/review/32600
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add support for decrypting IEEE 802.11 WPA3-Personal / SAE traffic.
SAE uses AES encryption but a different key derivation function (KDF)
making Wireshark fail to decrypt such captures. Also both KDF and
decryption method is determined based only on EAPOL key description
version. This is not enough to figure out that SAE is being used.
Implement the alternative KDF needed to derive valid PTK. Also
implement a function to parse pairwise + group cipher suites and
auth key management type from RSNE tag. Using this new function
together with a number of new cipher and AKM lookup functions
correct KDF for SAE can be selected.
Bug: 15621
Change-Id: I8f6c917af1c9642c276a244943dd35f850ee3757
Reviewed-on: https://code.wireshark.org/review/32485
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
If we go over 31, we get an invalid shift. It's due to malformed
packets. Add an expert info and exit the loop.
Bug: 14770
Change-Id: Icc17831ee23395ed2b0d414af09d86d1d1a6444c
Reviewed-on: https://code.wireshark.org/review/32316
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add dissection of MESH specific bits in QoS control field (bit 8-10).
Use presence of Mesh Control field to determine if this is a MESH
frame.
Bug: 15522
Change-Id: I23ccf0f2ba4f6ae649b2932183c69e886cb4d22a
Reviewed-on: https://code.wireshark.org/review/32084
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Fix regression introduced by '802.11: Dissect locally originated mesh
frames' that prevent to include dissection for Mesh Control field when
QoS Control field is present in the frame.
Bug: 15521
Change-Id: Idb6b0591c245fc5976f03df6e163fc9072dae193
Reviewed-on: https://code.wireshark.org/review/32083
Reviewed-by: cedric izoard <cedric.izoard@ceva-dsp.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Dissector supports only type 1: AP Name.
Bug: 15415
Change-Id: I64b248137fd2b895b8a0e7c88e48096aad0448d8
Reviewed-on: https://code.wireshark.org/review/31476
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Content of Mesh Peering Management element depends of the type of
self-protected action frame it is included in.
This type was currently wrongly read from the element itself.
To know the type of self-protected action frame when parsing Mesh
Peering Management element it is saved in a new field of the
association_sanity_check_t structure: ampe_frame (AMPE stands for
Authenticated mesh peering exchange).
This field is updated when parsing a self-protected action frame that
is part of the AMPE (i.e. Mesh Peering OPEN, CONFIRM or CLOSE)
Bug: 15499
Change-Id: Ibad4fd77d43542ef867ac2a8ad9f186a1dd6c0f0
Reviewed-on: https://code.wireshark.org/review/32025
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
MIC element is used in Authenticated Mesh Peering Exchange (AMPE)
frames.
The content of the frame after the MIC element is encrypted and
authenticated so don't try to parse it as normal 802.11 element.
Bug: 15499
Change-Id: Iaede048e1c30c5f980e98afb87b099bca531d3d0
Depends-On: I20e7f1e5779934e19464ad86666bfec8ded939e0
Reviewed-on: https://code.wireshark.org/review/32027
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
Although the element is simply called MIC it is only used during a
mesh peering exchange (at least as of 802.11-2016) that's why I
associated it to field wlan.mesh.mic
Bug: 15499
Change-Id: I20e7f1e5779934e19464ad86666bfec8ded939e0
Depens-On: Ibad4fd77d43542ef867ac2a8ad9f186a1dd6c0f0
Reviewed-on: https://code.wireshark.org/review/32026
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Michael Mann <mmann78@netscape.net>
It can be annoying to have to manually calculate the number
of tones based on the global bandwidth and the RU allocation.
Do that in the dissector.
Change-Id: I42eb403a91ebacc4fcfaa3e8c3e793a055d2b9f8
Reviewed-on: https://code.wireshark.org/review/31559
Reviewed-by: Emmanuel Grumbach <egrumbach@gmail.com>
Petri-Dish: Jim Young <jim.young.ws@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Richard Sharpe <realrichardsharpe@gmail.com>
The TSF values are "normal" numbers, not a bitmap
or anything like that.
Moreover, we often need to add or substract values
from the TSF of a beacon. Change it to be printed in
decimal to make people's life easier.
Change-Id: I01505395fb10538b204a87dd864ac04e29b821e0
Reviewed-on: https://code.wireshark.org/review/31544
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The RU Allocation is really a decimal number and the
standard uses it as a decimal number. It is not a bitmap.
Print it in decimal.
Change-Id: I2f8ff9798aa1af855ad3c8b0a26704282fe18189
Reviewed-on: https://code.wireshark.org/review/31315
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This allows taps that can fail to report an error and fail; a failed
tap's packet routine won't be called again, so they don't have to keep
track of whether they've failed themselves.
We make the return value from the packet routine an enum.
Don't have a separate type for the per-packet routine for "follow" taps;
they're expected to act like tap packet routines, so just use the type
for tap packet routines.
One tap packet routine returned -1; that's not a valid return value, and
wasn't one before this change (the return value was a boolean), so
presume the intent was "don't redraw".
Another tap routine's early return, without doing any work, returned
TRUE; this is presumably an error (no work done, no need to redraw), so
presumably it should be "don't redraw".
Clean up some white space while we're at it.
Change-Id: Ia7d2b717b2cace4b13c2b886e699aa4d79cc82c8
Reviewed-on: https://code.wireshark.org/review/31283
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Make the time stamp precision a 4-bit bitfield, so, when combined with
the other bitfields, we have 32 bits. That means we put the flags at
the same structure level as the time stamp precision, so they can be
combined; that gets rid of an extra "flags." for references to the flags.
Put the two pointers next to each other, and after a multiple of 8 bytes
worth of other fields, so that there's no padding before or between them.
It's still not down to 64 bytes, which is the next lower power of 2, so
there's more work to do.
Change-Id: I6f3e9d9f6f48137bbee8f100c152d2c42adb8fbe
Reviewed-on: https://code.wireshark.org/review/31213
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This fix prevents that a BoundsError is thrown in function try_decrypt for
packets with captured length less than packet length. Otherwise, some data
is not dissected.
Change-Id: I0dcd89b85b959f5712ff58b184bfa2e064746d0b
Reviewed-on: https://code.wireshark.org/review/31026
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Type of field wlan.ext_tag.ess_report.ess_info.thresh
must be FT_INT8 instead of FT_UINT8.
Change-Id: Icd1a121832d6a660550023a91d0b732385f68b60
Reviewed-on: https://code.wireshark.org/review/31016
Petri-Dish: Graham Bloice <graham.bloice@trihedral.com>
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
1. Correctly print out the AP Tx Power level.
2. The A-Control UL MU Response field was renamed to the TR Response field.
3. Handle padding correctly in the A-Control field.
Change-Id: I33000aa28b9e00ab97ca30d53907685e302c49c2
Reviewed-on: https://code.wireshark.org/review/30918
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Encrypted packets were decrypted two times. One time to scan for
new keys. If no keys were found the decrypted data was simply
discarded. Then later on the packet was decrypted again for
dissection.
Avoid decrypting packets two times by storing the result from first
decryption if no key was found. Skip the second attempt.
Note though that in the special case where a key was actually found
inside an encrypted packet the decryption will still be performed
twice. First time decrypt, discover the key, and return the EAPOL
keydata. Second time decrypt and return the decrypted frame.
Change-Id: I1acd0060d4e1f351fb15070f8d7aa78c0035ce39
Reviewed-on: https://code.wireshark.org/review/30568
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Decrypt EAPOL keydata information and have it dissected with the
ieee80211 dissector.
This is achieved by letting the Dot11Decrypt engine retrieve the EAPOL
keydata decrypted while extracting the GTK during 4-way handshake.
The ieee80211 dissector then stores the decrypted data in packet proto
data so that the wlan_rsna_eapol subdissector can retrieve it for
dissection.
Change-Id: I2145f47396cf3261b40e623fddc9ed06b3d7e72b
Reviewed-on: https://code.wireshark.org/review/30530
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This is only the new IEs and one new Extension Frame type
Change-Id: If55fbf205735f657352c8f21b22fa0858ae183f0
Reviewed-on: https://code.wireshark.org/review/30519
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fix up some comments while we're at it.
Bug: 15203
Change-Id: I1d8ab71f618a74bbf0625eb89eb836c48200b5dd
Reviewed-on: https://code.wireshark.org/review/30401
Reviewed-by: Guy Harris <guy@alum.mit.edu>
MIC length is determined automatically for OWE and multiple MIC lengths per session are supported.
Bug: 15215
Change-Id: Ie655fbd3fdc8555df430d4dc8a0081e169150c28
Reviewed-on: https://code.wireshark.org/review/30246
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
- Include some new tags from 802.11ai
- Support authentication messages using FILS authentication
- Determine MIC length automatically
Bug: 15210
Change-Id: I21a6c8df0a4f0429f8d900f32f0e95ace126d4e6
Reviewed-on: https://code.wireshark.org/review/30232
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Jaap Keuter