Fix parsing of extended advertising when the extended advertising header
is empty. The flag field is excluded when none of the fields are present
and the extended header length field is 0.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Fix parsing of the CTE Info field in the extended advertising header.
The bit-mask of the different fields was wrongly placed.
The text of the different fields all said "CTE Info".
The CTE Time field was added twice.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Occured when a control procedure packet was logged without connection
context.
The bug was introduced in 0dab2494ca
Signed-off-by: Rubin Gerritsen <rubin.gerritsen@nordicsemi.no>
See Bluetooth Core Spec, Vol 6, Part B, Section 5.3
If the event counter is available, the procedure is marked as complete
when the instant is reached.
Signed-off-by: Rubin Gerritsen <rubin.gerritsen@nordicsemi.no>
This makes it easier to read logs where both the master
and slave initiate control procedures at the same time.
Retransmitted packets are not part of the request/response
tracing.
In order to perform the analysis, direction information must
be available.
The matching is implemented by storing control procedure contexts
for each direction for each connection object as each direction
may initiate its own procedure.
Limitations:
- When there is a control procedure violation where a device
initiates a new procedure before the previous is complete,
only the first procedure is traced.
It would be possible to create more advanced tracing by
storing a list of contexts per frame.
However, as this is anyways a specification violation, this
adds unnecessary complexity.
- Control procedures involving an instant are marked as completed
when the last frame is sent even though the control procedure
is completed when the instant is reached.
This is the best possible approach when the event counter is
not available.
Due to this limitation, we are not able to detect the control
procedure violation where a device initiates a new procedure
before the instant is reached.
The following control procedure violations are detected:
- Starting a control procedure before the previous is complete.
Control procedure violations where a new procedure is started
before the instant is reached is currently not detected.
That requires knowing the event counter.
- Control procedure packets that are not valid responses to an
existing ongoing control procedure.
Signed-off-by: Rubin Gerritsen <rubin.gerritsen@nordicsemi.no>
Add event counter and event counter valid variables to the btle context.
This information has to come from the capture context, and the information
is useful to provide context information around LL control procedures with
instant.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Now they appear in the correct order.
Some common code snippets are extracted out to separate functions.
Signed-off-by: Rubin Gerritsen <rubin.gerritsen@nordicsemi.no>
Fix l2cap reassembly resuming reassembly on old fragment that has
failed when a new packet arrives that matches the remaining
segmentation length of the failed reassembly.
Update the l2cap_index and set segmentation started to false so
that this does not happen anymore.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Change the wording of the sequence number context information from
"Wrong" to the more accurate description that this is a retransmit.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Add context information for next expected sequence number so that
analysing for acknowledgedment or request for retransmit can be done
without comparing packets manually.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Found using tools/check_tfs.py, included in this commit.
Here are the reports that were fixed here:
Examining:
All dissector modules
epan/dissectors/packet-assa_r3.c tfs_mortisepins_flags - could have used tfs_high_low from tfs.c instead: {High,Low}
epan/dissectors/packet-btle.c tfs_present_bit - could have used tfs_present_not_present from tfs.c instead: {Present,Not Present}
epan/dissectors/packet-dhcp.c tfs_fqdn_s - could have used tfs_server_client from tfs.c instead: {Server,Client}
epan/dissectors/packet-docsis-macmgmt.c mdd_tfs_on_off - could have used tfs_on_off from tfs.c instead: {On,Off}
epan/dissectors/packet-docsis-macmgmt.c mdd_tfs_en_dis - could have used tfs_enabled_disabled from tfs.c instead: {Enabled,Disabled}
epan/dissectors/packet-docsis-macmgmt.c req_not_req_tfs - could have used tfs_requested_not_requested from tfs.c instead: {Requested,Not Requested}
epan/dissectors/packet-docsis-tlv.c on_off_tfs - could have used tfs_on_off from tfs.c instead: {On,Off}
epan/dissectors/packet-docsis-tlv.c activation_tfs - could have used tfs_active_inactive from tfs.c instead: {Active,Inactive}
epan/dissectors/packet-docsis.c ena_dis_tfs - could have used tfs_enabled_disabled from tfs.c instead: {Enabled,Disabled}
epan/dissectors/packet-ecmp.c tfs_not_expected_expected - could have used tfs_odd_even from tfs.c instead: {Odd,Even}
epan/dissectors/packet-erf.c erf_link_status_tfs - could have used tfs_up_down from tfs.c instead: {Up,Down}
epan/dissectors/packet-h263.c on_off_flg - could have used tfs_on_off from tfs.c instead: {On,Off}
epan/dissectors/packet-h263.c cpm_flg - could have used tfs_on_off from tfs.c instead: {On,Off}
epan/dissectors/packet-interlink.c flags_set_notset - could have used tfs_set_notset from tfs.c instead: {Set,Not set}
epan/dissectors/packet-ip.c tos_set_low - could have used tfs_low_normal from tfs.c instead: {Low,Normal}
epan/dissectors/packet-ip.c tos_set_high - could have used tfs_high_normal from tfs.c instead: {High,Normal}
epan/dissectors/packet-isakmp.c flag_r - could have used tfs_response_request from tfs.c instead: {Response,Request}
epan/dissectors/packet-isis-lsp.c tfs_metric_supported_not_supported - could have used tfs_no_yes from tfs.c instead: {No,Yes}
epan/dissectors/packet-kerberos.c supported_tfs - could have used tfs_supported_not_supported from tfs.c instead: {Supported,Not supported}
epan/dissectors/packet-kerberos.c set_tfs - could have used tfs_set_notset from tfs.c instead: {Set,Not set}
epan/dissectors/packet-mac-lte.c mac_lte_scell_status_vals - could have used tfs_activated_deactivated from tfs.c instead: {Activated,Deactivated}
epan/dissectors/packet-p_mul.c no_yes - could have used tfs_no_yes from tfs.c instead: {No,Yes}
epan/dissectors/packet-pgm.c opts_present - could have used tfs_present_not_present from tfs.c instead: {Present,Not Present}
epan/dissectors/packet-rsl.c rsl_ms_fpc_epc_mode_vals - could have used tfs_inuse_not_inuse from tfs.c instead: {In use,Not in use}
epan/dissectors/packet-sita.c tfs_sita_on_off - could have used tfs_on_off from tfs.c instead: {On,Off}
epan/dissectors/packet-vines.c tfs_vine_rtp_no_yes - could have used tfs_no_yes from tfs.c instead: {No,Yes}
epan/dissectors/packet-vnc.c button_mask_tfs - could have used tfs_pressed_not_pressed from tfs.c instead: {Pressed,Not pressed}
27 issues found
Change-Id: I7e53b491f20289955c9e9caa8357197d9010a5aa
Reviewed-on: https://code.wireshark.org/review/38087
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Bluetooth Low Energy Advertising Extensions Host Advertising Data reassembly.
Bug: 16666
Change-Id: I78fea77a75f07ff7ef8a661e81ac3c729980de0e
Reviewed-on: https://code.wireshark.org/review/38016
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The static arrays are supposed to be arrays of const pointers to int,
not arrays of non-const pointers to const int.
Fixing that means some bugs (scribbling on what's *supposed* to be a
const array) will be caught (see packet-ieee80211-radiotap.c for
examples, the first of which inspired this change and the second of
which was discovered while testing compiles with this change), and
removes the need for some annoying casts.
Also make some of those arrays static while we're at it.
Update documentation and dissector-generator tools.
Change-Id: I789da5fc60aadc15797cefecfd9a9fbe9a130ccc
Reviewed-on: https://code.wireshark.org/review/37517
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Check for btle_context before accessing it.
Bug: 16612
Change-Id: I8ad0237a6f742f4091e886b0151917542d2eea82
Reviewed-on: https://code.wireshark.org/review/37387
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Fix dead store (Dead assignement/Dead increment) Warning found by Clang
Change-Id: I9ad5252af93642a52db0e1d9df67fa5553103d7f
Reviewed-on: https://code.wireshark.org/review/37372
Reviewed-by: Anders Broman <a.broman58@gmail.com>
true_false_strings have no helper function to properly retrieve the
string representing the true or false value, much like unit_strings,
even though this is not uncommon in dissectors.
This change introduces the helper function and modifies the dissectors,
so that they use this helper i.s.o. their own expressions.
Change-Id: I477ed2d90a9a529fc5dcfef7e3ea42ec180d27ae
Reviewed-on: https://code.wireshark.org/review/36920
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Petri-Dish: Jaap Keuter <jaap.keuter@xs4all.nl>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Complete Additional Controller Advertising Data dissecting, this was just
reported as advertising data in the extended header. Put it under a new tree
for ACAD info in the extended header.
Also fix the wrong length field used for the length of the ACAD field.
In addition put the scan response data under it's own scan response, similar
to SCAN_RSP handling. We can only do this if the context has given us the
information that this is the aux scan response data.
Remove an accidental addition used for debugging, and an empty if-statement for
a reserved flag.
Change-Id: I7f0ad74b3e30ffecade59b6d0c5965bfc634531e
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Reviewed-on: https://code.wireshark.org/review/36835
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add support for dissecting packet format on LE Coded PHY. This only includes
one additional field, the Coding Indicator (CI) which provides information
about the symbol rate of the FEC Block 2 of the pdu.
The TERM1 and TERM2 bytes are like the preamble assumed not included in the PDU,
these blocks are just bit-sequences for the radio and contains no important
information.
Change-Id: I7f0ad74b3e30ffecade59b6d0c5965bfc634531d
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Reviewed-on: https://code.wireshark.org/review/36787
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Provide a mechanism for the capture context to provide the auxiliary PDU type
name since this value cannot be inferred from the bytestream and must be taken
from context instead.
Change-Id: I7f0ad74b3e30ffecade59b6d0c5965bfc6345319
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Reviewed-on: https://code.wireshark.org/review/36783
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add BTLE physical channel pdu type from capture context. The dissector uses
the access address to determine if the packet is either an Advertising physical
channel PDU or a Data physical channel PDU.
This assupmtion is not valid for Periodic Advertising where the AUX_SYNC_IND
advertising packet will be sent with a non-advertising access address.
There is also the new Isochronous physical channel PDU which can be both
broadcasted or connection-oriented.
Change-Id: I7f0ad74b3e30ffecade59b6d0c5965bfc6345318
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Reviewed-on: https://code.wireshark.org/review/36782
Petri-Dish: Anders Broman <a.broman58@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Dissect the common extendend advertising payload header which is common for
the following advertising PDUs:
- ADV_EXT_IND
- AUX_ADV_IND
- AUX_SYNC_IND
- AUX_CHAIN_IND
- AUX_SCAN_RSP
- AUX_CONNECT_RSP
Change-Id: I7f0ad74b3e30ffecade59b6d0c5965bfc6345317
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Reviewed-on: https://code.wireshark.org/review/36781
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Add handling of ADV_EXT_IND and setting valid adv header flags.
Advertising Extension assumes channel selection #2, and both TX and RX address
type bits must be checked if present in the extended advertising header by
reading the extended advertising header flags.
Change-Id: I7f0ad74b3e30ffecade59b6d0c5965bfc6345315
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Reviewed-on: https://code.wireshark.org/review/36780
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The initiator address field of the directed advertising PDU has been renamed
to target address in newer versions of the Bluetooth specification.
Change-Id: I7f0ad74b3e30ffecade59b6d0c5965bfc6345313
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Reviewed-on: https://code.wireshark.org/review/36778
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Rename packets names that has changed in the bluetooth core specification.
Requests have responses, indications have no response.
Change-Id: I7f0ad74b3e30ffecade59b6d0c5965bfc6345310
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Reviewed-on: https://code.wireshark.org/review/36775
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Alexis La Goutte <alexis.lagoutte@gmail.com>
Change all wireshark.org URLs to use https.
Fix some broken links while we're at it.
Change-Id: I161bf8eeca43b8027605acea666032da86f5ea1c
Reviewed-on: https://code.wireshark.org/review/34089
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The first L2CAP PDU fragment starts with the 4 octet long L2CAP header
consisting of the Length and the CID fields. The Length field doesn't
include the header itself. Thus the Length field in the BLE Data header
will be 4 octets larger than the L2CAP PDU header Length field if the
packet wouldn't be fragmented.
The current implementation doesn't correctly detect the start fragment
causing reassembly to fail as it compares the BLE Data Length with the
L2CAP Length without compensating for the header.
By increasing the L2CAP PDU Length field with the header length the
reassembly works.
Rename the variable to better reflect what length it actually
represents.
Bug: 15807
Change-Id: Idcb6bdccc4daae756a63a9bae0839fe25ae99f23
Reviewed-on: https://code.wireshark.org/review/33428
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Make the time stamp precision a 4-bit bitfield, so, when combined with
the other bitfields, we have 32 bits. That means we put the flags at
the same structure level as the time stamp precision, so they can be
combined; that gets rid of an extra "flags." for references to the flags.
Put the two pointers next to each other, and after a multiple of 8 bytes
worth of other fields, so that there's no padding before or between them.
It's still not down to 64 bytes, which is the next lower power of 2, so
there's more work to do.
Change-Id: I6f3e9d9f6f48137bbee8f100c152d2c42adb8fbe
Reviewed-on: https://code.wireshark.org/review/31213
Petri-Dish: Guy Harris <guy@alum.mit.edu>
Tested-by: Petri Dish Buildbot
Reviewed-by: Guy Harris <guy@alum.mit.edu>
The spec states that connSupervisionTimeout = Timeout * 10 ms
Change-Id: I89494c74d80b63c85f001540ea79850736457b21
Reviewed-on: https://code.wireshark.org/review/27255
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Separate the stuff that any record could have from the stuff that only
particular record types have; put the latter into a union, and put all
that into a wtap_rec structure.
Add some record-type checks as necessary.
Change-Id: Id6b3486858f826fce4b096c59231f463e44bfaa2
Reviewed-on: https://code.wireshark.org/review/25696
Reviewed-by: Guy Harris <guy@alum.mit.edu>
In cases with missing frames, frames with incorrect CRC or unknown
direction it must be possible to turn off detecting retransmissions.
Change-Id: Ia5a1194004f768986b939b4195a21c6e7a2ac4c8
Reviewed-on: https://code.wireshark.org/review/23803
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The retrans detection using SN must use all available frames to make a best
effort. The probability for having error in the SN bit is little compared
to reassembly errors occuring when discarding frames with incorrect CRC.
Change-Id: I40f89e69b19600939b6e0a85a2e655b6681ea5b2
Reviewed-on: https://code.wireshark.org/review/23783
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Only use SN to detect retransmission.
Lower retransmit expert info severity to Note.
Change-Id: I4604903cce9cc58a6fcffff6597e7e99d228aa80
Reviewed-on: https://code.wireshark.org/review/23780
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Reviewed-by: Stig Bjørlykke <stig@bjorlykke.org>
Change NESN/SN check to detect retransmit pr. connection.
Frames with same SN in one direction is retransmit.
Ignore retransmit frames when doing reassembly (btle and l2cap).
Also ignore frames with incorrect CRC when doing reassembly.
This fix is related to g95e09a60.
Change-Id: I6386b42758ec3abada07ec1964d3e1b7ba7400e4
Reviewed-on: https://code.wireshark.org/review/23771
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
This can be used in a higher layer 6LoWPAN to recreate the source
and destination addresses.
Change-Id: I967c3ac7c3a50526a10bec067521419d0aed8b4f
Reviewed-on: https://code.wireshark.org/review/23616
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Anders Broman <a.broman58@gmail.com>