There is no need to remove the FCS at the end of the reassembled payload since FCS bytes have already been removed from the fragments. Also, the way it was removed in the code was wrong: it set the reported length of the reassembled payload to the reported length of the last fragment only.
Revert "ieee802.11: Make sure we do not include the FCS in the next_tvb."
This reverts commit 094297ec77.
We don't necessarily know why that stuff is there; is it some stuff used
in OLPC mesh networks (mesh control header), is it something added by
Ruckus wireless devices, is it something added by Atheros used by the
Ruckus devices, or something else? Sometimes the Ruckus devices seem to
add an OLPC-like 0x00 0x00, and sometimes they seem to add a copy of the
sequence number.
So just call it "Mysterious extra OLPC/Ruckus/Atheros/??? stuff".
Replace the special-purpose hack in the 802.2 LLC dissector for WSMP,
Ethertype 0x88DC, with a general mechanism in the 802.11 dissector to
attempt to determine whether the frame uses Ethertype protocol
discrimination (EPD) or LLC protocol discrimination (LPD) at the LLC
sublayer, as defined in IEEE Std 802-2014.
At least one ns-3 capture has DMG frames (as indicated by the channel
number being in the 60 GHz band - radiotap currently has no DMG metadata
field) that have the +HTC/Order flag subfield set but have no HT Control
field, causing them to be misdissected.
802.11-2016 says that DMG frames should never have +HTC/Order set; if it
*is* set in a QoS frame known to be a DMG frame, flag it with an expert
info item and don't treat it as having an HT Control field.
Update a bunch of comments to give more information, put comments in the
appropriate places, and speak of 802.11-2016 rather than older standards.
While we're at it, update the title and description of the +HTC/Order
flag to reflect its name as of 802.11-2016.
Added support for dissecting the PXU element
IEEE80211-2016, section 9.4.2.116
Added support for dissecting the PXUC element
IEEE80211-2016, section 9.4.2.117
That's QoS-frame only; for non-QoS frames, the +HTC/Order subfield
doesn't mean there's an HT Control field.
Update the reference to the part of the 802.11 standard mentioning that
subfield to 802.11-2016.
Change
case DATA_FRAME:
if (condition) {
do stuff;
break;
}
do other stuff;
break;
to
case DATA_FRAME:
if (condition) {
do stuff;
} else {
do other stuff;
}
break;
to make it clearer that it's "do this if condition is true, else do
that".
Found by running ./tools/check_typed_item_calls.py
epan/dissectors/packet-ieee80211.c:14209 proto_tree_add_item called for hf_ieee80211_osen_akm_count - item type is FT_UINT8 but call has len 2
epan/dissectors/packet-ieee80211.c:20025 proto_tree_add_item called for hf_ieee80211_tclas_ether_type - item type is FT_UINT8 but call has len 2
With the current return parameter of dissect_hs20_osu_provider() function, the dissector only show the first
osu_provider of the list. Changing the return end by return offset, the
dissector show all osu_provider of the list.
A second batch of spelling errors, detected using a script
that uses pyspellcheck and a Wireshark-specific dictionary file.
I will take at least one more pass through the dissectors, as
further improvements are made to the script.
Replaced tvb_captured_length_remaining() with
tvb_reported_length_remaining().
Change-Id: I87c07488590cd82ca8a945ac6f13efa45807e55b
Reviewed-on: https://code.wireshark.org/review/37098
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Microsoft Network Monitor lets you capture on an 802.11 adapter either
in monitor mode or in non-monitor mode; frames captured in non-monitor
mode may have the Protected bit set in the 802.11 header, but are
decrypted and don't incclude encryption information, and may have the
A-MSDU Present flag set in the QoS Control field, but have just a
regular frame payload, not a sequence of A-MSDUs, in the payload field.
Dissect those frames correctly.
Bug: 16758
Change-Id: I42b7e9ce52faa80222692403fa7276c039644343
Reviewed-on: https://code.wireshark.org/review/38082
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <gharris@sonic.net>
Here we conform to the latest ieee1905 Multi-AP spec as tested by the
WFA. We also add support for reassembling ieee1905 messages.
Bug: 16660
Change-Id: Ic67784d7c213856a364f88c177ede9688271ea2a
Reviewed-on: https://code.wireshark.org/review/37574
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Also, the status code 125 is duplicated. This mistake was probably
introduced from Draft P802.11Revmd_D3.0.pdf. I have commented out that
status code while I get clarification on the real value.
Change-Id: Id41e1da953a28ca6b098f6c96d6410dff04dc6d7
Reviewed-on: https://code.wireshark.org/review/37708
Petri-Dish: Richard Sharpe <realrichardsharpe@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
The static arrays are supposed to be arrays of const pointers to int,
not arrays of non-const pointers to const int.
Fixing that means some bugs (scribbling on what's *supposed* to be a
const array) will be caught (see packet-ieee80211-radiotap.c for
examples, the first of which inspired this change and the second of
which was discovered while testing compiles with this change), and
removes the need for some annoying casts.
Also make some of those arrays static while we're at it.
Update documentation and dissector-generator tools.
Change-Id: I789da5fc60aadc15797cefecfd9a9fbe9a130ccc
Reviewed-on: https://code.wireshark.org/review/37517
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add support for TK user input keys. With this Wireshark can
decrypt packet captures where 4WHS frames are missing and
packet captures with non-supported AKMS, for example
802.11r / Fast BSS Transitioning.
Decryption using user TK works as a backup if the normal
decryption flow does not succeed. Having TK decryption keys
added will affect general IEEE 802.11 dissector performance
as each encrypted packet will be tested with every TK.
Worst case scenario is plenty of TKs where none of them
matches encrypted frames.
On successful user TK decryption an SA is formed based on
parameters used to decrypt the frame. This SA is similar to
what is formed when Wireshark detects and derive keys from
4WHS messages. With the SA entry in place the decryption
performance (success case) should be on par with "normal"
decryption flow.
Bug: 16579
Change-Id: I72c2c1e2c6693131d3ba07f8ddb8ff772c1b54a9
Reviewed-on: https://code.wireshark.org/review/37217
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Simplify the SA storage by replacing the static array with a
hash table. This way there's no need to keep track of whether
an entry is used or not and no need to traverse the whole
array for the non-matching case. This change should benefit
performance but was mainly done to prepare for coming changes
where code adding and searching for SA entries is modified. With
this change in place those changes become cleaner.
Change-Id: Ide572c5e4e7e872f1654d8d8f288cd6451f04435
Reviewed-on: https://code.wireshark.org/review/37307
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Remove some unused defines, function parameters and functions.
Change-Id: I1bbc3ff7e0a9d11e8521ddf24b35113d8e332f08
Reviewed-on: https://code.wireshark.org/review/37305
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Added range_string for Operating Indicator Class
information to support Hotspot 2.0 ANQP messages
Bug: 16568
Change-Id: I98db7aed00703cf329d5a96d317bdf655a0f3dcd
Reviewed-on: https://code.wireshark.org/review/37245
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Adding Hotspot 2.0 ANQP Connection Capability Information
so the IP protocol and port assignments show up in the GUI
based on the Hotspot 2.0 documentation and implementation details.
Bug: 16569
Change-Id: Ic3e26e04c5d48269d59b6604b125569328c82faf
Reviewed-on: https://code.wireshark.org/review/37246
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Adding ANQP Type 280 - Network Authentication Type
Information with Timestamp per IEEE 802.11-2016 standard
and adding fields required for timestamp values.
Bug: 16570
Change-Id: Ifbe5d8abc40fcb543c2abaa7478d5feaae2f7945
Reviewed-on: https://code.wireshark.org/review/37247
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Set index start to 1 for Friendly Operator Name subtree.
Moved lang code and name string within subtree.
Bug: 16534
Change-Id: I0fd4d926f585ec432a869c7a15e13b84d5d0f2fb
Reviewed-on: https://code.wireshark.org/review/36996
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Adjusted dissect_anqp_capab_list() to include
~anqp_subtype and ~anqp_reserved fields when
WFA HS2.0 exists as a vendor-specific capability ID.
Bug: 16548
Change-Id: I2923df3f6de42a58af643cd07b29c77e802cdcab
Reviewed-on: https://code.wireshark.org/review/37147
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
- Fix some fields name
- Use BASE_UNIT to display fields units
Bug: 16494
Change-Id: I004c720bb53fd8afe64494d2574efc137ca94ccf
Reviewed-on: https://code.wireshark.org/review/36874
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
In Wi-Fi Agile Multiband Technical Specification it is specified that
'BSS Transition Candidate List Entries' found in WNM Transition
management request/response action frame may contain WFA vendor
specific element.
Bug: 16494
Change-Id: Ifa7a2b1a6da48e6d4920e896340c3671cfb9625e
Reviewed-on: https://code.wireshark.org/review/36871
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
When present in WNM Transition management request, 'BSS Termination
Duration' has the same format as the sub element in neighbor report
element and not just a single 64bits value.
Bug: 16494
Change-Id: I3a5a0659fa9e81e97de7a99fea2cffa6a58eea0e
Reviewed-on: https://code.wireshark.org/review/36870
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
"Wi-fi Agile Multiband" specification also defines WFA vendor specific
sub-elements for WNM notification request.
For simplicity treat those sub-element as normal WFA vendor specific
elements. This is OK as the 'OUI type' for those sub-elements doesn't
clash with 'OUI type' defined for normal elements.
Bug: 16494
Change-Id: Id2321ec283647a6db4be7f475fd5fc107596f854
Reviewed-on: https://code.wireshark.org/review/36869
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
This patch complete dissection of WFA vendor specific MBO-OCE element
with the OCE attributes.
The OCE attributes are defined in 'Optimized Connectivity Experience'
specification. (version 1.1 has been used as reference).
Bug: 16494
Change-Id: I366f230efe1029ca2b97da78a8b80371c438043e
Reviewed-on: https://code.wireshark.org/review/36868
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add parsing of MBO ANQP element as defined by 'Wi-Fi Agile Multiband'
specification (v1.4)
Bug: 16494
Change-Id: If03a9d474912a607fa1752ac1f787b71a45e0fa6
Reviewed-on: https://code.wireshark.org/review/36867
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
For Vendor Specific ANQP element the OUI is not included in the packet
subset dissected by the anqp vendor specific function so adapt the
length accordingly.
Bug: 16494
Change-Id: I8082fdabc379cb3ea71c01e6fb009f49afd16dff
Reviewed-on: https://code.wireshark.org/review/36866
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>