If we don't know whether space-time block coding is being used, we don't
know the number of space-time streams, so don't try to calculate it and
don't put it into the protocol tree.
Change-Id: I7ffd1b0e79e45fee526305846aadca04eb135b11
Reviewed-on: https://code.wireshark.org/review/9205
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Found by Pascal Quantin.
Change-Id: I843db0c1d28bcd4714799285da5e1ea8a81307a1
Reviewed-on: https://code.wireshark.org/review/9204
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Don't set PHDR_802_11_HAS_SHORT_PREAMBLE or phdr.short_preamble unless
we have the flags bits from the Flags field.
Discovered by Pascal Quantin by running valgrind on the capture from bug
11317.
Change-Id: I7e91dea116f6cc977101b7b5e76067021f68a0bf
Reviewed-on: https://code.wireshark.org/review/9203
Reviewed-by: Guy Harris <guy@alum.mit.edu>
We really need a better way to handle packet offset overflows.
Change-Id: I6e476f7bc6ddac2c5515c4e09192d88f528ea091
Reviewed-on: https://code.wireshark.org/review/9194
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The low-order bit of the field indicates whether it's the HT or VHT
version.
Show subfields as part of a 32-bit bitfield; few subfields begin and end
on a byte boundary (the Link Adaptation Control field no longer does so;
its low-order reserved bit became the VHT flag).
Update references to the 11n spec.
Update a comment.
Change-Id: I9fcb99a5517afb319b67d4deb2355c7cb0be73b6
Reviewed-on: https://code.wireshark.org/review/9191
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Change-Id: I969efbaeda75d2790165a6cbc214f58f1bd0ba7f
Reviewed-on: https://code.wireshark.org/review/9190
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Rather than having a separate "802.11 HT" dissector, just look for the
802.11n (HT) PHY.
(As a side-effect, This also causes PPI HT frames to have the radio
information dissected by the wlan_radio dissector, as is the case with
other 802.11 frames accompanied by radio information.)
Change-Id: I854c42e19481a17767e64a3b92222b09dbaa02dd
Reviewed-on: https://code.wireshark.org/review/9185
Reviewed-by: Guy Harris <guy@alum.mit.edu>
This gives a chance to perform RTP reassembly when "Try to decode RTP outside of conversations"
option is activated.
Bug: 11310
Change-Id: Ic8bd9532a88a072c3cb1f1907cf7117b5072a954
Reviewed-on: https://code.wireshark.org/review/9175
Reviewed-by: Anders Broman <a.broman58@gmail.com>
(Try to keep the same indentation style within a single switch
statement, at least.)
Change-Id: I5b349fd90881d1a1d2be377a291bfceda56476aa
Reviewed-on: https://code.wireshark.org/review/9180
Reviewed-by: Guy Harris <guy@alum.mit.edu>
It's a bogus warning, but not all compilers do enough dataflow analysis
to figure that out.
Change-Id: Iebc1fffab87e83b16210003b60aae2333e0b5ec9
Reviewed-on: https://code.wireshark.org/review/9179
Reviewed-by: Guy Harris <guy@alum.mit.edu>
Add more fields to the metadata to handle everything radiotap has, and
show them.
Call the FEC type field just "FEC", and have it be an integer field with
0 meaning BCC and 1 meaning LDPC, rather than a Boolean.
11ac doesn't have *an* MCS, it can have up to 4, one per user.
Label the 11ac bandwidth values the same way we do in the radiotap
dissector.
Change-Id: I2c2415baff3e5d68d49dda497980e8271d26b1f6
Reviewed-on: https://code.wireshark.org/review/9176
Reviewed-by: Guy Harris <guy@alum.mit.edu>
into Information column in typical fashion (append) instead of
just in reversed order (prepand)
Change-Id: Id78c307fc6d34a378ac7b9335ac1e578837b08a6
Reviewed-on: https://code.wireshark.org/review/9170
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Icaca74f7d5038b4e2e232fb499933219b322e02d
Reviewed-on: https://code.wireshark.org/review/9159
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
The payload dissection now only includes the remaining bytes,
even if the actual number of payload bytes should be bigger.
An expert Info is added, to inform the user, that the trace was
truncated, but the payload is still given to a sub-dissector,
as it may contain valid information
Change-Id: Iefef78e7c7aed7f87e40875f345ff5debf364f3a
Reviewed-on: https://code.wireshark.org/review/9124
Reviewed-by: Roland Knall <rknall@gmail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
abort the dissection in this case
Change-Id: Ic65f7535422d1c0a6e395a15fbc4a8ae550c0976
Reviewed-on: https://code.wireshark.org/review/9144
Petri-Dish: Martin Kaiser <wireshark@kaiser.cx>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Have a field that holds the PHY type but nothing else. Have
a union with structures holding PHY-type-specific information, as a
bunch of attributes are PHY-specific.
If we have a channel and band, but don't have the frequency, attempt to
calculate the frequency, and add that to the radio information if we
succeed. If we have the frequency, but don't have the channel, attempt
to calculate the channel, and add that to the radio information if we
succeed.
Handle FHSS information, 11a "half/quarter-clocked" and turbo
information, 11g normal vs. Super G, additional 11n and 11ac
information, and the "short preamble" flag for 11b and 11g.
Add a PHY type for 11 legacy DSSS and detect it if possible.
Clean up the AVS dissector - make all fields wlancap. fields (if you
want generic fields, use the wlan_radio. fields).
Set more fields when writing out Commview Wi-Fi files.
Change-Id: I691ac59f5e9e1a23779b56a65124049914b72e69
Reviewed-on: https://code.wireshark.org/review/9146
Reviewed-by: Guy Harris <guy@alum.mit.edu>
don't THROW() an exception
Change-Id: Ie0ddd8caf1963ab0ab7e8bb47a275ce887e19d60
Reviewed-on: https://code.wireshark.org/review/9145
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Change-Id: I5f9315b144333be789f8555f4128371994d4245b
Reviewed-on: https://code.wireshark.org/review/9141
Reviewed-by: Michael Mann <mmann78@netscape.net>
BTSNOOP format is supported by libwiretap and this dissector add
ability to open the same file in second mode:
1. Wireshark aka Protocol Viewer (default)
2. Fileshark aka File Viewer
Mode 2 also has feature to dissect protocols contained by this file,
try "Protocol Preferences -> Dissect next layer".
Change-Id: I99f0df5b55d31bf5a7d6e9269bfc054c09022b51
Reviewed-on: https://code.wireshark.org/review/17
Reviewed-by: Evan Huus <eapache@gmail.com>
Petri-Dish: Evan Huus <eapache@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
If we can't read the dictionary containing all our definitions, free necessary
memory before returning.
Change-Id: I814962d920852b9a82acb3bb2e7bc41addd835f7
Reviewed-on: https://code.wireshark.org/review/9131
Reviewed-by: Evan Huus <eapache@gmail.com>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: I87f6f9f40e1c33148de43b53a8881d51416f5d2c
Reviewed-on: https://code.wireshark.org/review/7898
Reviewed-by: Michael Mann <mmann78@netscape.net>
Petri-Dish: Michael Mann <mmann78@netscape.net>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
atof is locale-dependent. In locales such as Swedish, German and Dutch,
the dot is a thousand separator, resulting in wrong conversions for
floats.
While at it, make the mate dissector also be independent of locale.
Blacklist atof in checkAPIs. Lemon is still using strtod, but that is
not our problem for now.
Bug: 11297
Bug: 8964
Change-Id: I6fe3e45eb1d6d95d41aa4f3af1f81a6204a60c63
Reviewed-on: https://code.wireshark.org/review/9116
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Petri-Dish: Gerald Combs <gerald@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Change-Id: Ie471a67a978aeb54727d03f93b98e3e422441a58
Reviewed-on: https://code.wireshark.org/review/9119
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Coming after Jasper talk #Sharkfest15 about TCP stuff
Change-Id: I2b01bc6dfe24e28454101da59720d2c74603b88f
Reviewed-on: https://code.wireshark.org/review/9120
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
it using PeekRemote-Ng (with Header version = 2)
Change-Id: I601cb7ecfaf01e51ec696502d10918f869486d01
Reviewed-on: https://code.wireshark.org/review/9126
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Change-Id: If2cb75fc9992bec2d699c5abace06dccc8bfb4ae
Reviewed-on: https://code.wireshark.org/review/9125
Reviewed-by: Michael Mann <mmann78@netscape.net>
we already have an expert info, we can simply exit
Change-Id: I8adbfb084991195152a02bbef64c38c5aa9e841e
Reviewed-on: https://code.wireshark.org/review/9113
Reviewed-by: Martin Kaiser <wireshark@kaiser.cx>
Do with the Prism and AVS headers what we do with the radiotap, PPI,
etc. headers.
Change-Id: I4b2522a2b294f53f22c363cd43604c4af0304fc2
Reviewed-on: https://code.wireshark.org/review/9082
Reviewed-by: Guy Harris <guy@alum.mit.edu>