Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-bugs: [Wireshark-bugs] [Bug 9256] New: Radiotap decode appears broken

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: bugzilla-daemon@xxxxxxxxxxxxx
Date: Wed, 09 Oct 2013 14:27:05 +0000
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9256

            Bug ID: 9256
           Summary: Radiotap decode appears broken
    Classification: Unclassified
           Product: Wireshark
           Version: 1.11.x (Experimental)
          Hardware: x86
                OS: Windows 7
            Status: UNCONFIRMED
          Severity: Major
          Priority: Low
         Component: Dissection engine (libwireshark)
          Assignee: bugzilla-admin@xxxxxxxxxxxxx
          Reporter: mark.s.phillips@xxxxxxxxxxx

Created attachment 11746
  --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=11746&action=edit
Example frame

Build Information:
Version 1.11.0 (SVN Rev 52461 from /trunk)

Copyright 1998-2013 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with GTK+ 2.24.14, with Cairo 1.10.2, with Pango 1.30.1, with
GLib 2.34.1, with WinPcap (4_1_3), with libz 1.2.5, without POSIX capabilities,
without libnl, with SMI 0.4.8, with c-ares 1.9.1, with Lua 5.1, without Python,
with GnuTLS 2.12.18, with Gcrypt 1.4.6, without Kerberos, with GeoIP, with
PortAudio V19-devel (built Oct  9 2013), with AirPcap.

Running on 64-bit Windows 7 Service Pack 1, build 7601, with WinPcap version
4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version 1.0 branch
1_0_rel0b (20091008), GnuTLS 2.12.18, Gcrypt 1.4.6, with AirPcap 4.1.1 build
1838.
      Intel(R) Core(TM) i7-3615QM CPU @ 2.30GHz, with 7973MB of physical
memory.


Built using Microsoft Visual C++ 10.0 build 40219

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
The attached pcap no longer decodes.

It works fine using SVN 51779. It is wrong with either SVN 52342 or 52461.

My investigation indicates it is broken when building with the latest version
of trunk/epan/dissectors/packet-ieee80211-radiotap-iter.c (52311) :-

http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-ieee80211-radiotap-iter.c?r1=52311&r2=52310&pathrev=52311

The exact issue can be seen in the attached files.

In brief there are two issues:-

1) The  Radiotap "Present Flags" changes to say
        ...0 0000 00.. .... .... .... .... .... = Reserved: 0x00000000
(malformed)
I think this is a missleading error message added by the code handling the
second error.

2) The following error message is seen AND the radio tap rate/mcs fields are
not parsed:-

        [Expert Info (Error/Malformed): Radiotap data goes past the end of the
radiotap header]
            [Radiotap data goes past the end of the radiotap header]
            [Severity level: Error]
            [Group: Malformed]

It appears that the iterator thinks the radiotap information is wrong (too
long) and returns an error.


I am not sure if the attached pcap is completely valid or not, but previously
it was decoding rate/mcs information which was useful it no longer is.














Old decode
==========

Either using SVN 51779 or reverting the changes in
packet-ieee80211-radiotap-iter.c 52311:-
http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-ieee80211-radiotap-iter.c?r1=52311&r2=52310&pathrev=52311

No.     Time           RSSI Rate  Rate (netmon) MCS        Source              
 Destination           Duration   Chan             IP TTL     Ping Response
Time Protocol Length Info
      1 0.000000000    -84 dBm 6.5                 0          Cisco_90:19:5d   
    Broadcast             0          5180 [A 36]                               
    802.11   305    Beacon frame, SN=927, FN=0, Flags=........C, BI=102,
SSID=BRCMGUEST

Frame 1: 305 bytes on wire (2440 bits), 305 bytes captured (2440 bits) on
interface 0
Radiotap Header v0, Length 28
    Header revision: 0
    Header pad: 0
    Header length: 28
    Present flags
        .... .... .... .... .... .... .... ...1 = TSFT: True
        .... .... .... .... .... .... .... ..1. = Flags: True
        .... .... .... .... .... .... .... .0.. = Rate: False
        .... .... .... .... .... .... .... 1... = Channel: True
        .... .... .... .... .... .... ...0 .... = FHSS: False
        .... .... .... .... .... .... ..1. .... = dBm Antenna Signal: True
        .... .... .... .... .... .... .1.. .... = dBm Antenna Noise: True
        .... .... .... .... .... .... 0... .... = Lock Quality: False
        .... .... .... .... .... ...0 .... .... = TX Attenuation: False
        .... .... .... .... .... ..0. .... .... = dB TX Attenuation: False
        .... .... .... .... .... .0.. .... .... = dBm TX Power: False
        .... .... .... .... .... 1... .... .... = Antenna: True
        .... .... .... .... ...0 .... .... .... = dB Antenna Signal: False
        .... .... .... .... ..0. .... .... .... = dB Antenna Noise: False
        .... .... .... .... .0.. .... .... .... = RX flags: False
        .... .... .... .0.. .... .... .... .... = Channel+: False
        .... .... .... 1... .... .... .... .... = HT information: True
        .... .... ...0 .... .... .... .... .... = A-MPDU Status: False
        .... .... ..0. .... .... .... .... .... = VHT information: False
        ...0 0000 00.. .... .... .... .... .... = Reserved: 0x00000000
        ..0. .... .... .... .... .... .... .... = Radiotap NS next: False
        .0.. .... .... .... .... .... .... .... = Vendor NS next: False
        0... .... .... .... .... .... .... .... = Ext: False
    MAC timestamp: 256180409
    Flags: 0x12
        .... ...0 = CFP: False
        .... ..1. = Preamble: Short
        .... .0.. = WEP: False
        .... 0... = Fragmentation: False
        ...1 .... = FCS at end: True
        ..0. .... = Data Pad: False
        .0.. .... = Bad FCS: False
        0... .... = Short GI: False
    Channel frequency: 5180 [A 36]
    Channel type: 802.11a (0x0140)
        .... .... ...0 .... = Turbo: False
        .... .... ..0. .... = Complementary Code Keying (CCK): False
        .... .... .1.. .... = Orthogonal Frequency-Division Multiplexing
(OFDM): True
        .... .... 0... .... = 2 GHz spectrum: False
        .... ...1 .... .... = 5 GHz spectrum: True
        .... ..0. .... .... = Passive: False
        .... .0.. .... .... = Dynamic CCK-OFDM: False
        .... 0... .... .... = Gaussian Frequency Shift Keying (GFSK): False
        ...0 .... .... .... = GSM (900MHz): False
        ..0. .... .... .... = Static Turbo: False
        .0.. .... .... .... = Half Rate Channel (10MHz Channel Width): False
        0... .... .... .... = Quarter Rate Channel (5MHz Channel Width): False
    SSI Signal: -84 dBm
    SSI Noise: -91 dBm
    Antenna: 1
    MCS information
        Known MCS information: 0x1f
            .... ...1 = Bandwidth: True
            .... ..1. = MCS index: True
            .... .1.. = Guard interval: True
            .... 1... = Format: True
            ...1 .... = FEC: True
            ..0. .... = STBC: False
        .... ..00 = Bandwidth: 20 MHz (0)
        .... .0.. = Guard interval: long (0)
        .... 0... = Format: mixed (0)
        ...0 .... = FEC: BCC (0)
        MCS index: 0
    [Data Rate: 6.5 Mb/s]
IEEE 802.11 Beacon frame, Flags: ........C
IEEE 802.11 wireless LAN management frame

-- 
You are receiving this mail because:
You are watching all bug changes.
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube