Previously hardcoded integers were used in control procedure
dissection. This resulted in hard to read code.
Signed-off-by: Rubin Gerritsen <rubin.gerritsen@nordicsemi.no>
The dissection also includes adding control procedure sequence validation.
See Core_v5.3, Vol 6, Part B, Section 2.4.2.36-39 and Section 5.1.19-22.
Core_v5.3 was released in 2021.
Signed-off-by: Rubin Gerritsen <rubin.gerritsen@nordicsemi.no>
The LL_REJECT_EXT_IND is an allowed response to the LL_POWER_CONTROL_REQ,
see Core_v5.3, Vol 6, Part B, Section 5.1.17.
Performs control procedure validation one a LL_POWER_CHANGE_IND is sent
Signed-off-by: Rubin Gerritsen <rubin.gerritsen@nordicsemi.no>
Core spec 5.2, Vol 6, Part B, Section 5.3 describes how the link layer should
resolve the scenario where a collision occurs where both link layers initiate
incompabile control procedures.
This commit adds expect information for the case where these conflicts are not
handled according to spec.
Example of an invalid scenario:
M->S: LL_PHY_REQ
S->M: LL_PHY_REQ
S->M: LL_PHY_RSP
M->S: LL_PHY_UPDATE_IND
The correct sequence for this scenario is:
M->S: LL_PHY_REQ
S->M: LL_PHY_REQ
S->M: LL_PHY_RSP
M->S: LL_REJECT_EXT_IND
M->S: LL_PHY_UPDATE_IND
Signed-off-by: Rubin Gerritsen <rubin.gerritsen@nordicsemi.no>
By defining control_proc_add_frame(), control_proc_add_last_frame(), and
control_proc_add_frame_with_instant() a lot of duplicate code can be removed.
This commit makes the checks for the CIS establishment procedure follow the spec.
Previously the dissector had two bugs:
- It allowed both master and slave to initiate this procedure
- The procedure was marked as complete once the LL_CIS_RSP was received.
Signed-off-by: Rubin Gerritsen <rubin.gerritsen@nordicsemi.no>
Moves the check of starting a control procedure before the previous was complete inside
the function control_proc_start(). This check should be beformed before starting any
control procedure. Therefore it is better to simply move it inside the funciton to remove
code duplication.
Signed-off-by: Rubin Gerritsen <rubin.gerritsen@nordicsemi.no>
A device is not allowed to start a new control procedure if it
has already responded to a peer procedure.
The detection of a response being present did not take into account
that some procedures do not have a response.
Signed-off-by: Rubin Gerritsen <rubin.gerritsen@nordicsemi.no>
Handle PHY Update procedure where both PHY fields are set to no change.
This procedure is terminated immediately without instant.
The instant field is reserved for future use.
This fixes the Control Procedure validation not marking this procedure
as terminated, and marking all following control procedures as invalid
since the instant has not yet been reached.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Copy Advertiser Address from AUX_ADV_IND if not present in AUX_CHAIN_IND
to make reassembly work. Check for valid reassembled data before
doing dissect_ad_eir().
Update channel to include index to clear up possible confusion if this
is RF channel, or channel index.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Fix clock accuracy field offset in the sync info information in the
extended advertising header.
The field was placed at offset 4 instead of the current offset + 4.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Fix parsing of extended advertising when the extended advertising header
is empty. The flag field is excluded when none of the fields are present
and the extended header length field is 0.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Fix parsing of the CTE Info field in the extended advertising header.
The bit-mask of the different fields was wrongly placed.
The text of the different fields all said "CTE Info".
The CTE Time field was added twice.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Occured when a control procedure packet was logged without connection
context.
The bug was introduced in 0dab2494ca
Signed-off-by: Rubin Gerritsen <rubin.gerritsen@nordicsemi.no>
See Bluetooth Core Spec, Vol 6, Part B, Section 5.3
If the event counter is available, the procedure is marked as complete
when the instant is reached.
Signed-off-by: Rubin Gerritsen <rubin.gerritsen@nordicsemi.no>
This makes it easier to read logs where both the master
and slave initiate control procedures at the same time.
Retransmitted packets are not part of the request/response
tracing.
In order to perform the analysis, direction information must
be available.
The matching is implemented by storing control procedure contexts
for each direction for each connection object as each direction
may initiate its own procedure.
Limitations:
- When there is a control procedure violation where a device
initiates a new procedure before the previous is complete,
only the first procedure is traced.
It would be possible to create more advanced tracing by
storing a list of contexts per frame.
However, as this is anyways a specification violation, this
adds unnecessary complexity.
- Control procedures involving an instant are marked as completed
when the last frame is sent even though the control procedure
is completed when the instant is reached.
This is the best possible approach when the event counter is
not available.
Due to this limitation, we are not able to detect the control
procedure violation where a device initiates a new procedure
before the instant is reached.
The following control procedure violations are detected:
- Starting a control procedure before the previous is complete.
Control procedure violations where a new procedure is started
before the instant is reached is currently not detected.
That requires knowing the event counter.
- Control procedure packets that are not valid responses to an
existing ongoing control procedure.
Signed-off-by: Rubin Gerritsen <rubin.gerritsen@nordicsemi.no>
Add event counter and event counter valid variables to the btle context.
This information has to come from the capture context, and the information
is useful to provide context information around LL control procedures with
instant.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Now they appear in the correct order.
Some common code snippets are extracted out to separate functions.
Signed-off-by: Rubin Gerritsen <rubin.gerritsen@nordicsemi.no>
Fix l2cap reassembly resuming reassembly on old fragment that has
failed when a new packet arrives that matches the remaining
segmentation length of the failed reassembly.
Update the l2cap_index and set segmentation started to false so
that this does not happen anymore.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Change the wording of the sequence number context information from
"Wrong" to the more accurate description that this is a retransmit.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Add context information for next expected sequence number so that
analysing for acknowledgedment or request for retransmit can be done
without comparing packets manually.
Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
Found using tools/check_tfs.py, included in this commit.
Here are the reports that were fixed here:
Examining:
All dissector modules
epan/dissectors/packet-assa_r3.c tfs_mortisepins_flags - could have used tfs_high_low from tfs.c instead: {High,Low}
epan/dissectors/packet-btle.c tfs_present_bit - could have used tfs_present_not_present from tfs.c instead: {Present,Not Present}
epan/dissectors/packet-dhcp.c tfs_fqdn_s - could have used tfs_server_client from tfs.c instead: {Server,Client}
epan/dissectors/packet-docsis-macmgmt.c mdd_tfs_on_off - could have used tfs_on_off from tfs.c instead: {On,Off}
epan/dissectors/packet-docsis-macmgmt.c mdd_tfs_en_dis - could have used tfs_enabled_disabled from tfs.c instead: {Enabled,Disabled}
epan/dissectors/packet-docsis-macmgmt.c req_not_req_tfs - could have used tfs_requested_not_requested from tfs.c instead: {Requested,Not Requested}
epan/dissectors/packet-docsis-tlv.c on_off_tfs - could have used tfs_on_off from tfs.c instead: {On,Off}
epan/dissectors/packet-docsis-tlv.c activation_tfs - could have used tfs_active_inactive from tfs.c instead: {Active,Inactive}
epan/dissectors/packet-docsis.c ena_dis_tfs - could have used tfs_enabled_disabled from tfs.c instead: {Enabled,Disabled}
epan/dissectors/packet-ecmp.c tfs_not_expected_expected - could have used tfs_odd_even from tfs.c instead: {Odd,Even}
epan/dissectors/packet-erf.c erf_link_status_tfs - could have used tfs_up_down from tfs.c instead: {Up,Down}
epan/dissectors/packet-h263.c on_off_flg - could have used tfs_on_off from tfs.c instead: {On,Off}
epan/dissectors/packet-h263.c cpm_flg - could have used tfs_on_off from tfs.c instead: {On,Off}
epan/dissectors/packet-interlink.c flags_set_notset - could have used tfs_set_notset from tfs.c instead: {Set,Not set}
epan/dissectors/packet-ip.c tos_set_low - could have used tfs_low_normal from tfs.c instead: {Low,Normal}
epan/dissectors/packet-ip.c tos_set_high - could have used tfs_high_normal from tfs.c instead: {High,Normal}
epan/dissectors/packet-isakmp.c flag_r - could have used tfs_response_request from tfs.c instead: {Response,Request}
epan/dissectors/packet-isis-lsp.c tfs_metric_supported_not_supported - could have used tfs_no_yes from tfs.c instead: {No,Yes}
epan/dissectors/packet-kerberos.c supported_tfs - could have used tfs_supported_not_supported from tfs.c instead: {Supported,Not supported}
epan/dissectors/packet-kerberos.c set_tfs - could have used tfs_set_notset from tfs.c instead: {Set,Not set}
epan/dissectors/packet-mac-lte.c mac_lte_scell_status_vals - could have used tfs_activated_deactivated from tfs.c instead: {Activated,Deactivated}
epan/dissectors/packet-p_mul.c no_yes - could have used tfs_no_yes from tfs.c instead: {No,Yes}
epan/dissectors/packet-pgm.c opts_present - could have used tfs_present_not_present from tfs.c instead: {Present,Not Present}
epan/dissectors/packet-rsl.c rsl_ms_fpc_epc_mode_vals - could have used tfs_inuse_not_inuse from tfs.c instead: {In use,Not in use}
epan/dissectors/packet-sita.c tfs_sita_on_off - could have used tfs_on_off from tfs.c instead: {On,Off}
epan/dissectors/packet-vines.c tfs_vine_rtp_no_yes - could have used tfs_no_yes from tfs.c instead: {No,Yes}
epan/dissectors/packet-vnc.c button_mask_tfs - could have used tfs_pressed_not_pressed from tfs.c instead: {Pressed,Not pressed}
27 issues found
Change-Id: I7e53b491f20289955c9e9caa8357197d9010a5aa
Reviewed-on: https://code.wireshark.org/review/38087
Petri-Dish: Martin Mathieson <martin.r.mathieson@googlemail.com>
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Bluetooth Low Energy Advertising Extensions Host Advertising Data reassembly.
Bug: 16666
Change-Id: I78fea77a75f07ff7ef8a661e81ac3c729980de0e
Reviewed-on: https://code.wireshark.org/review/38016
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
The static arrays are supposed to be arrays of const pointers to int,
not arrays of non-const pointers to const int.
Fixing that means some bugs (scribbling on what's *supposed* to be a
const array) will be caught (see packet-ieee80211-radiotap.c for
examples, the first of which inspired this change and the second of
which was discovered while testing compiles with this change), and
removes the need for some annoying casts.
Also make some of those arrays static while we're at it.
Update documentation and dissector-generator tools.
Change-Id: I789da5fc60aadc15797cefecfd9a9fbe9a130ccc
Reviewed-on: https://code.wireshark.org/review/37517
Petri-Dish: Guy Harris <gharris@sonic.net>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Check for btle_context before accessing it.
Bug: 16612
Change-Id: I8ad0237a6f742f4091e886b0151917542d2eea82
Reviewed-on: https://code.wireshark.org/review/37387
Petri-Dish: Stig Bjørlykke <stig@bjorlykke.org>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@gmail.com>
Martin Mathieson