osmocom
/
wireshark
11
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

Process the radio information internally for AiroPeek classic files. 

Process it in libwiretap; no need to hand it to libwireshark for
dissection, it can just dissect the radio information pseudo-header with
the processed information.

Change-Id: I482697947eecbd3967cf1910ba2fa2bff805cd66
Reviewed-on: https://code.wireshark.org/review/12202
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This commit is contained in:
Guy Harris 2015-11-26 11:42:32 -08:00
parent c965fb0614
commit 9418701909
6 changed files with 80 additions and 205 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
epan/CMakeLists.txt
View File

@ -826,7 +826,6 @@ set(DISSECTOR_SRC
dissectors/packet-ieee1722.c
dissectors/packet-ieee1722a.c
dissectors/packet-ieee17221.c
dissectors/packet-ieee80211-airopeek.c
dissectors/packet-ieee80211-netmon.c
dissectors/packet-ieee80211-prism.c
dissectors/packet-ieee80211-radio.c

1
epan/dissectors/Makefile.common
View File

@ -741,7 +741,6 @@ DISSECTOR_SRC = \
packet-ieee1722.c \
packet-ieee17221.c \
packet-ieee1722a.c \
packet-ieee80211-airopeek.c \
packet-ieee80211-netmon.c \
packet-ieee80211-prism.c \
packet-ieee80211-radio.c \

162
epan/dissectors/packet-ieee80211-airopeek.c
View File

@ -1,162 +0,0 @@
/* packet-ieee80211-airopeek.c
* Routines for pre-V9 Savvius (WildPackets) AiroPeek header dissection
*
* Wireshark - Network traffic analyzer
* By Gerald Combs <gerald@wireshark.org>
* Copyright 1998 Gerald Combs
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
*/
#include "config.h"
#include <epan/packet.h>
#include <wiretap/wtap.h>
void proto_register_ieee80211_airopeek(void);
void proto_reg_handoff_ieee80211_airopeek(void);
static dissector_handle_t ieee80211_radio_handle;
static int proto_airopeek = -1;
static int hf_data_rate = -1;
static int hf_channel = -1;
static int hf_signal_strength = -1;
static gint ett_airopeek = -1;
static int
dissect_airopeek(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data _U_)
{
proto_tree *airopeek_tree = NULL;
proto_item *ti;
guint8 data_rate;
guint8 signal_level;
tvbuff_t *next_tvb;
struct ieee_802_11_phdr phdr;
col_set_str(pinfo->cinfo, COL_PROTOCOL, "AiroPeek");
col_clear(pinfo->cinfo, COL_INFO);
/* Dissect the header */
if (tree) {
ti = proto_tree_add_item(tree, proto_airopeek, tvb, 0, 4, ENC_NA);
airopeek_tree = proto_item_add_subtree(ti, ett_airopeek);
}
/* We don't have any 802.11 metadata yet. */
phdr.fcs_len = 0;
phdr.decrypted = FALSE;
phdr.datapad = FALSE;
phdr.phy = PHDR_802_11_PHY_UNKNOWN;
phdr.presence_flags =
PHDR_802_11_HAS_CHANNEL|
PHDR_802_11_HAS_DATA_RATE|
PHDR_802_11_HAS_SIGNAL_PERCENT;
data_rate = tvb_get_guint8(tvb, 0);
phdr.data_rate = data_rate;
/* Add the radio information to the column information */
col_add_fstr(pinfo->cinfo, COL_TX_RATE, "%u.%u",
data_rate / 2,
data_rate & 1 ? 5 : 0);
proto_tree_add_uint64_format_value(airopeek_tree, hf_data_rate, tvb, 0, 1,
(guint64)data_rate * 500000,
"%u.%u Mb/s",
data_rate / 2,
data_rate & 1 ? 5 : 0);
phdr.channel = tvb_get_guint8(tvb, 1);
proto_tree_add_item(airopeek_tree, hf_channel, tvb, 1, 1, ENC_BIG_ENDIAN);
signal_level = tvb_get_guint8(tvb, 2);
/*
* This is signal strength as a percentage of the maximum, i.e.
* (RXVECTOR RSSI/RXVECTOR RSSI_Max)*100, or, at least, that's
* what I infer it is, given what the WildPackets note "Converting
* Signal Strength Percentage to dBm Values" says.
*
* It also says that the conversion the percentage to a dBm value is
* an adapter-dependent process, so, as we don't know what type of
* adapter was used to do the capture, we can't do the conversion.
*/
phdr.signal_percent = signal_level;
col_add_fstr(pinfo->cinfo, COL_RSSI, "%u%%", signal_level);
proto_tree_add_uint_format_value(airopeek_tree, hf_signal_strength, tvb, 2, 1,
signal_level,
"%u%%",
signal_level);
/* dissect the 802.11 header next */
pinfo->current_proto = "IEEE 802.11";
next_tvb = tvb_new_subset_remaining(tvb, 4);
call_dissector_with_data(ieee80211_radio_handle, next_tvb, pinfo, tree, &phdr);
return tvb_captured_length(tvb);
}
void proto_register_ieee80211_airopeek(void)
{
static hf_register_info hf[] = {
{&hf_data_rate,
{"Data Rate", "airopeek.data_rate", FT_UINT64, BASE_DEC, NULL, 0,
"Data rate (b/s)", HFILL }},
{&hf_channel,
{"Channel", "airopeek.channel", FT_UINT8, BASE_DEC, NULL, 0,
"802.11 channel number that this frame was sent/received on", HFILL }},
{&hf_signal_strength,
{"Signal Strength", "airopeek.signal_strength", FT_UINT8, BASE_DEC, NULL, 0,
"Signal strength (Percentage)", HFILL }}
};
static gint *tree_array[] = {
&ett_airopeek
};
proto_airopeek = proto_register_protocol("AiroPeek 802.11 radio information",
"AiroPeek",
"airopeek");
proto_register_field_array(proto_airopeek, hf, array_length(hf));
proto_register_subtree_array(tree_array, array_length(tree_array));
}
void proto_reg_handoff_ieee80211_airopeek(void)
{
dissector_handle_t airopeek_handle;
/* Register handoff to airopeek-header dissectors */
airopeek_handle = new_create_dissector_handle(dissect_airopeek, proto_airopeek);
dissector_add_uint("wtap_encap", WTAP_ENCAP_IEEE_802_11_AIROPEEK,
airopeek_handle);
ieee80211_radio_handle = find_dissector("wlan_radio");
}
/*
* Editor modelines
*
* Local Variables:
* c-basic-offset: 2
* tab-width: 8
* indent-tabs-mode: nil
* End:
*
* ex: set shiftwidth=2 tabstop=8 expandtab:
* :indentSize=2:tabSize=8:noTabs=true:
*/

51
wiretap/peekclassic.c
View File

@ -257,7 +257,7 @@ wtap_open_return_val peekclassic_open(wtap *wth, int *err, gchar **err_info)
* some radio information. Presumably
* this is from AiroPeek.
*/
file_encap = WTAP_ENCAP_IEEE_802_11_AIROPEEK;
file_encap = WTAP_ENCAP_IEEE_802_11_WITH_RADIO;
break;
default:
@ -395,6 +395,8 @@ static gboolean peekclassic_seek_read_v7(wtap *wth, gint64 seek_off,
return TRUE;
}
#define RADIO_INFO_SIZE 4
static int peekclassic_read_packet_v7(wtap *wth, FILE_T fh,
struct wtap_pkthdr *phdr, Buffer *buf, int *err, gchar **err_info)
{
@ -411,6 +413,7 @@ static int peekclassic_read_packet_v7(wtap *wth, FILE_T fh,
guint64 timestamp;
time_t tsecs;
guint32 tusecs;
guint8 radio_info[RADIO_INFO_SIZE];
if (!wtap_read_bytes_or_eof(fh, ep_pkt, sizeof(ep_pkt), err, err_info))
return -1;
@ -444,12 +447,52 @@ static int peekclassic_read_packet_v7(wtap *wth, FILE_T fh,
switch (wth->file_encap) {
case WTAP_ENCAP_IEEE_802_11_AIROPEEK:
case WTAP_ENCAP_IEEE_802_11_WITH_RADIO:
phdr->pseudo_header.ieee_802_11.fcs_len = 0; /* no FCS */
phdr->pseudo_header.ieee_802_11.decrypted = FALSE;
phdr->pseudo_header.ieee_802_11.datapad = FALSE;
phdr->pseudo_header.ieee_802_11.phy = PHDR_802_11_PHY_UNKNOWN;
phdr->pseudo_header.ieee_802_11.presence_flags = 0; /* not present */
phdr->pseudo_header.ieee_802_11.presence_flags =
PHDR_802_11_HAS_DATA_RATE |
PHDR_802_11_HAS_CHANNEL |
PHDR_802_11_HAS_SIGNAL_PERCENT;
/*
* Now process the radio information pseudo-header.
* It's a 4-byte pseudo-header, consisting of:
*
* 1 byte of data rate, in units of 500 kb/s;
*
* 1 byte of channel number;
*
* 1 byte of signal strength as a percentage of
* the maximum, i.e. (RXVECTOR RSSI/RXVECTOR RSSI_Max)*100,
* or, at least, that's what I infer it is, given what
* the WildPackets note "Converting Signal Strength
* Percentage to dBm Values" says (it also says that
* the conversion the percentage to a dBm value is
* an adapter-dependent process, so, as we don't know
* what type of adapter was used to do the capture,
* we can't do the conversion);
*
* 1 byte of unknown content (padding?).
*/
if (phdr->len < RADIO_INFO_SIZE || phdr->caplen < RADIO_INFO_SIZE) {
*err = WTAP_ERR_BAD_FILE;
*err_info = g_strdup_printf("peekclassic: 802.11 packet has length < 4");
return -1;
}
phdr->len -= RADIO_INFO_SIZE;
phdr->caplen -= RADIO_INFO_SIZE;
sliceLength -= RADIO_INFO_SIZE;
/* read the pseudo-header */
if (!wtap_read_bytes(fh, radio_info, RADIO_INFO_SIZE, err, err_info))
return -1;
phdr->pseudo_header.ieee_802_11.data_rate = radio_info[0];
phdr->pseudo_header.ieee_802_11.channel = radio_info[1];
phdr->pseudo_header.ieee_802_11.signal_percent = radio_info[2];
/*
* The last 4 bytes appear to be random data - the length
@ -461,7 +504,7 @@ static int peekclassic_read_packet_v7(wtap *wth, FILE_T fh,
*/
if (phdr->len < 4 || phdr->caplen < 4) {
*err = WTAP_ERR_BAD_FILE;
*err_info = g_strdup_printf("peekclassic: 802.11 packet has length < 4");
*err_info = g_strdup_printf("peekclassic: 802.11 packet has length < 8");
return -1;
}
phdr->len -= 4;

3
wiretap/wtap.c
View File

@ -861,9 +861,6 @@ static struct encap_type_info encap_table_base[] = {
/* WTAP_ENCAP_IXVERIWAVE */
{ "IxVeriWave header and stats block", "ixveriwave" },
/* WTAP_ENCAP_IEEE_802_11_AIROPEEK */
{ "IEEE 802.11 plus AiroPeek radio header", "ieee-802-11-airopeek" },
/* WTAP_ENCAP_SDH */
{ "SDH", "sdh" },

67
wiretap/wtap.h
View File

@ -231,40 +231,39 @@ extern "C" {
#define WTAP_ENCAP_V5_EF 142
#define WTAP_ENCAP_BACNET_MS_TP_WITH_PHDR 143
#define WTAP_ENCAP_IXVERIWAVE 144
#define WTAP_ENCAP_IEEE_802_11_AIROPEEK 145
#define WTAP_ENCAP_SDH 146
#define WTAP_ENCAP_DBUS 147
#define WTAP_ENCAP_AX25_KISS 148
#define WTAP_ENCAP_AX25 149
#define WTAP_ENCAP_SCTP 150
#define WTAP_ENCAP_INFINIBAND 151
#define WTAP_ENCAP_JUNIPER_SVCS 152
#define WTAP_ENCAP_USBPCAP 153
#define WTAP_ENCAP_RTAC_SERIAL 154
#define WTAP_ENCAP_BLUETOOTH_LE_LL 155
#define WTAP_ENCAP_WIRESHARK_UPPER_PDU 156
#define WTAP_ENCAP_STANAG_4607 157
#define WTAP_ENCAP_STANAG_5066_D_PDU 158
#define WTAP_ENCAP_NETLINK 159
#define WTAP_ENCAP_BLUETOOTH_LINUX_MONITOR 160
#define WTAP_ENCAP_BLUETOOTH_BREDR_BB 161
#define WTAP_ENCAP_BLUETOOTH_LE_LL_WITH_PHDR 162
#define WTAP_ENCAP_NSTRACE_3_0 163
#define WTAP_ENCAP_LOGCAT 164
#define WTAP_ENCAP_LOGCAT_BRIEF 165
#define WTAP_ENCAP_LOGCAT_PROCESS 166
#define WTAP_ENCAP_LOGCAT_TAG 167
#define WTAP_ENCAP_LOGCAT_THREAD 168
#define WTAP_ENCAP_LOGCAT_TIME 169
#define WTAP_ENCAP_LOGCAT_THREADTIME 170
#define WTAP_ENCAP_LOGCAT_LONG 171
#define WTAP_ENCAP_PKTAP 172
#define WTAP_ENCAP_EPON 173
#define WTAP_ENCAP_IPMI_TRACE 174
#define WTAP_ENCAP_LOOP 175
#define WTAP_ENCAP_JSON 176
#define WTAP_ENCAP_NSTRACE_3_5 177
#define WTAP_ENCAP_ISO14443 178
#define WTAP_ENCAP_SDH 145
#define WTAP_ENCAP_DBUS 146
#define WTAP_ENCAP_AX25_KISS 147
#define WTAP_ENCAP_AX25 148
#define WTAP_ENCAP_SCTP 149
#define WTAP_ENCAP_INFINIBAND 150
#define WTAP_ENCAP_JUNIPER_SVCS 151
#define WTAP_ENCAP_USBPCAP 152
#define WTAP_ENCAP_RTAC_SERIAL 153
#define WTAP_ENCAP_BLUETOOTH_LE_LL 154
#define WTAP_ENCAP_WIRESHARK_UPPER_PDU 155
#define WTAP_ENCAP_STANAG_4607 156
#define WTAP_ENCAP_STANAG_5066_D_PDU 157
#define WTAP_ENCAP_NETLINK 158
#define WTAP_ENCAP_BLUETOOTH_LINUX_MONITOR 159
#define WTAP_ENCAP_BLUETOOTH_BREDR_BB 160
#define WTAP_ENCAP_BLUETOOTH_LE_LL_WITH_PHDR 161
#define WTAP_ENCAP_NSTRACE_3_0 162
#define WTAP_ENCAP_LOGCAT 163
#define WTAP_ENCAP_LOGCAT_BRIEF 164
#define WTAP_ENCAP_LOGCAT_PROCESS 165
#define WTAP_ENCAP_LOGCAT_TAG 166
#define WTAP_ENCAP_LOGCAT_THREAD 167
#define WTAP_ENCAP_LOGCAT_TIME 168
#define WTAP_ENCAP_LOGCAT_THREADTIME 169
#define WTAP_ENCAP_LOGCAT_LONG 170
#define WTAP_ENCAP_PKTAP 171
#define WTAP_ENCAP_EPON 172
#define WTAP_ENCAP_IPMI_TRACE 173
#define WTAP_ENCAP_LOOP 174
#define WTAP_ENCAP_JSON 175
#define WTAP_ENCAP_NSTRACE_3_5 176
#define WTAP_ENCAP_ISO14443 177
/* After adding new item here, please also add new item to encap_table_base array */
#define WTAP_NUM_ENCAP_TYPES wtap_get_num_encap_types()