Mesh Peering Management reason code field interpreted as status code
The Mesh Peering Management tag displays a status code instead of a reason code
svn path=/trunk/; revision=40132
It's tedious to parse the blockack bitmap by hand, showing it in wireshark
directly is much nicer. Attached patch does so, only for compressed BA for now.
From me: made it filterable.
svn path=/trunk/; revision=40126
1. If there's no character encoding (ENC_ASCII, ...) specified
then use ENC_ASCII.
2. For all but FT_UINT_STRING, always use ENC_NA
(replacing any existing True/1/FALSE/0
/ENC_BIG_ENDIAN/ENC_LITTLE_ENDIAN).
svn path=/trunk/; revision=39426
Move sniffer meta data parsing to separate files
packet-ieee80211.c includes dissectors for three different styles
of IEEE 802.11 sniffer meta data (like signal strength). Move these
to separate files in the same style as a fourth format (radiotap)
was already handled, so that packet-ieee80211.c focuses on the
actual IEEE 802.11 frame dissecting.
This reverts
http://anonsvn.wireshark.org/viewvc?revision=23911&view=revision
Objections?
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6443
svn path=/trunk/; revision=39379
Wi-Fi P2P: Show frame name in col_info
Make it easier to find specific P2P frames by adding the name of the P2P
Public Action frames into col_info.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6443
svn path=/trunk/; revision=39367
Specifically: Replace FALSE|0 and TRUE|1 by ENC_BIG_ENDIAN|ENC_LITTLE_ENDIAN as
the encoding parameter for proto_tree_add_item() calls which directly reference
an item in hf[] which has a type of:
FT_BOOLEAN
FT_IPv4
FT_EUI64
FT_GUID
FT_UINT_STRING
Also: For type FT_ITv6 use ENC_NA. (This was missed in SVN #39260)
svn path=/trunk/; revision=39328
Clean up IEEE 802.11 dissector - fixed fields
Many of the fixed fields use similar bitfield construction in the proto_tree. Use proto_tree_add_bitmask() to avoid having to implement the same subtree and item addition separately for each field.
svn path=/trunk/; revision=39322
Clean up IEEE 802.11 dissector - fixed fields
The fixed field identifiers were defined to have specific values. However, this is used only within the parser and does not correspond to any specific packet field. As such, there is no need for the specific values to be maintained and an enum makes it simpler to add and remove these fields as needed.
svn path=/trunk/; revision=39315
Clean up IEEE 802.11 dissector - fixed fields
The app_fixed_field() function has grown to overly complex and long function. Split it into separate helper functions for each fixed field and a table of dissector functions. This makes it easier to extend and maintain the implementation.
svn path=/trunk/; revision=39314
WPA IE pairwise cipher suite dissector uses incorrect value_string list
From me :
* Use correct value_string for WPA Key MGMT...
svn path=/trunk/; revision=39311
Wireshark encounters error while parsing ieee80211 QoS Null data.
The error is because of invalid read when trying to read mesh_flags
(after the header), which doesn't exist.
svn path=/trunk/; revision=39295
Specifically: Replace FALSE|0 and TRUE|1 by ENC_BIG_ENDIAN|ENC_LITTLE_ENDIAN as
the encoding parameter for proto_tree_add_item() calls which directly reference
an item in hf[] which has a type of:
FT_UINT8
FT_UINT16
FT_UINT24
FT_UINT32
FT_UINT64
FT_INT8
FT_INT16
FT_INT24
FT_INT32
FT_INT64
FT_FLOAT
FT_DOUBLE
svn path=/trunk/; revision=39288
FT_NONE
FT_BYTES
FT_IPV6
FT_IPXNET
FT_OID
Note: Encoding field set to ENC_NA only if the field was previously TRUE|FALSE|ENC_LITTLE_ENDIAN|ENC_BIG_ENDIAN
svn path=/trunk/; revision=39260
Dissector for ieee802.11e QoS Info field of QoS Capability Element(46) is missed
From me :
* Fix checkAPIs error (Found non-ASCII characters)
svn path=/trunk/; revision=39193
IEEE 802.11 dissector shows duplicated proto item for Action category
Action frame dissecting is first adding hf_ieee80211_action (wlan_mgt.fixed.action) field before the category-based processing. Immediately after that, the per-category implementations are adding FIELD_CATEGORY_CODE (hf_ieee80211_ff_category_code, i.e., wlan_mgt.fixed.category_code) to the proto tree for the exact same octet. Remove hf_ieee80211_action to avoid the duplicated item in the tree. In addition, remove the now unused action_item and action_tree variables.
svn path=/trunk/; revision=39169
If the GAS Query Request/Response Length field is incorrect, the
dissector function may return a value that is larger than the remaining
packet buffer. This results in a Tagged parameters item being added with
-1 byte length since tvb_reported_length_remaining() reports -1 once the
offset goes beyond the end of the packet. Clicking on that item results
in Wireshark dying on Gtk-ERROR. Note: this does not show up in tshark
and as such, cannot apparently be triggered with fuzz-test.sh.
Fix this by refusing to dissect GAS frames that have too large length
field value. In addition, verify that tvb_reported_length_remaining() is
returning a value larger than 0 instead of non-zero (which could be -1)
to make the IEEE 802.11 dissector more robust against this type of
issues.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6345
svn path=/trunk/; revision=39024
- Dissect ANQP Network Authentication Type
- Dissect ANQP Domain Name List
- Dissect Interworking element
- Dissect Roaming Consortium element
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6339
svn path=/trunk/; revision=39023
ieee80211: Support multiple ANQP info elements in response
ANQP Query Response may include multiple ANQP info elements. Parse each
one of these separately. In addition, clean up three ANQP subtrees to
avoid the unnecessary subtree at higher layer and instead, use a
separate subtree for each ANQP info elements.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6339
svn path=/trunk/; revision=39008
ieee80211: Show ANQP adv proto on subtree title line
This makes it easier to get the most significant information from the
Advertisement Protocol element in GAS messages without having to expand
subtrees.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6339
svn path=/trunk/; revision=39007
ieee80211: Do not add duplicate tag number/len for adv proto
dissect_advertisement_protocol() is used both for ANQP and for parsing
IEs. The tag number/length fields need to be added only for ANQP to
avoid adding duplicate entries in the proto tree.
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=6339
svn path=/trunk/; revision=39006