Wireshark-bugs: [Wireshark-bugs] [Bug 9256] New: Radiotap decode appears broken
Date: Wed, 09 Oct 2013 14:27:05 +0000
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=9256 Bug ID: 9256 Summary: Radiotap decode appears broken Classification: Unclassified Product: Wireshark Version: 1.11.x (Experimental) Hardware: x86 OS: Windows 7 Status: UNCONFIRMED Severity: Major Priority: Low Component: Dissection engine (libwireshark) Assignee: bugzilla-admin@xxxxxxxxxxxxx Reporter: mark.s.phillips@xxxxxxxxxxx Created attachment 11746 --> https://bugs.wireshark.org/bugzilla/attachment.cgi?id=11746&action=edit Example frame Build Information: Version 1.11.0 (SVN Rev 52461 from /trunk) Copyright 1998-2013 Gerald Combs <gerald@xxxxxxxxxxxxx> and contributors. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Compiled (64-bit) with GTK+ 2.24.14, with Cairo 1.10.2, with Pango 1.30.1, with GLib 2.34.1, with WinPcap (4_1_3), with libz 1.2.5, without POSIX capabilities, without libnl, with SMI 0.4.8, with c-ares 1.9.1, with Lua 5.1, without Python, with GnuTLS 2.12.18, with Gcrypt 1.4.6, without Kerberos, with GeoIP, with PortAudio V19-devel (built Oct 9 2013), with AirPcap. Running on 64-bit Windows 7 Service Pack 1, build 7601, with WinPcap version 4.1.3 (packet.dll version 4.1.0.2980), based on libpcap version 1.0 branch 1_0_rel0b (20091008), GnuTLS 2.12.18, Gcrypt 1.4.6, with AirPcap 4.1.1 build 1838. Intel(R) Core(TM) i7-3615QM CPU @ 2.30GHz, with 7973MB of physical memory. Built using Microsoft Visual C++ 10.0 build 40219 Wireshark is Open Source Software released under the GNU General Public License. Check the man page and http://www.wireshark.org for more information. -- The attached pcap no longer decodes. It works fine using SVN 51779. It is wrong with either SVN 52342 or 52461. My investigation indicates it is broken when building with the latest version of trunk/epan/dissectors/packet-ieee80211-radiotap-iter.c (52311) :- http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-ieee80211-radiotap-iter.c?r1=52311&r2=52310&pathrev=52311 The exact issue can be seen in the attached files. In brief there are two issues:- 1) The Radiotap "Present Flags" changes to say ...0 0000 00.. .... .... .... .... .... = Reserved: 0x00000000 (malformed) I think this is a missleading error message added by the code handling the second error. 2) The following error message is seen AND the radio tap rate/mcs fields are not parsed:- [Expert Info (Error/Malformed): Radiotap data goes past the end of the radiotap header] [Radiotap data goes past the end of the radiotap header] [Severity level: Error] [Group: Malformed] It appears that the iterator thinks the radiotap information is wrong (too long) and returns an error. I am not sure if the attached pcap is completely valid or not, but previously it was decoding rate/mcs information which was useful it no longer is. Old decode ========== Either using SVN 51779 or reverting the changes in packet-ieee80211-radiotap-iter.c 52311:- http://anonsvn.wireshark.org/viewvc/trunk/epan/dissectors/packet-ieee80211-radiotap-iter.c?r1=52311&r2=52310&pathrev=52311 No. Time RSSI Rate Rate (netmon) MCS Source Destination Duration Chan IP TTL Ping Response Time Protocol Length Info 1 0.000000000 -84 dBm 6.5 0 Cisco_90:19:5d Broadcast 0 5180 [A 36] 802.11 305 Beacon frame, SN=927, FN=0, Flags=........C, BI=102, SSID=BRCMGUEST Frame 1: 305 bytes on wire (2440 bits), 305 bytes captured (2440 bits) on interface 0 Radiotap Header v0, Length 28 Header revision: 0 Header pad: 0 Header length: 28 Present flags .... .... .... .... .... .... .... ...1 = TSFT: True .... .... .... .... .... .... .... ..1. = Flags: True .... .... .... .... .... .... .... .0.. = Rate: False .... .... .... .... .... .... .... 1... = Channel: True .... .... .... .... .... .... ...0 .... = FHSS: False .... .... .... .... .... .... ..1. .... = dBm Antenna Signal: True .... .... .... .... .... .... .1.. .... = dBm Antenna Noise: True .... .... .... .... .... .... 0... .... = Lock Quality: False .... .... .... .... .... ...0 .... .... = TX Attenuation: False .... .... .... .... .... ..0. .... .... = dB TX Attenuation: False .... .... .... .... .... .0.. .... .... = dBm TX Power: False .... .... .... .... .... 1... .... .... = Antenna: True .... .... .... .... ...0 .... .... .... = dB Antenna Signal: False .... .... .... .... ..0. .... .... .... = dB Antenna Noise: False .... .... .... .... .0.. .... .... .... = RX flags: False .... .... .... .0.. .... .... .... .... = Channel+: False .... .... .... 1... .... .... .... .... = HT information: True .... .... ...0 .... .... .... .... .... = A-MPDU Status: False .... .... ..0. .... .... .... .... .... = VHT information: False ...0 0000 00.. .... .... .... .... .... = Reserved: 0x00000000 ..0. .... .... .... .... .... .... .... = Radiotap NS next: False .0.. .... .... .... .... .... .... .... = Vendor NS next: False 0... .... .... .... .... .... .... .... = Ext: False MAC timestamp: 256180409 Flags: 0x12 .... ...0 = CFP: False .... ..1. = Preamble: Short .... .0.. = WEP: False .... 0... = Fragmentation: False ...1 .... = FCS at end: True ..0. .... = Data Pad: False .0.. .... = Bad FCS: False 0... .... = Short GI: False Channel frequency: 5180 [A 36] Channel type: 802.11a (0x0140) .... .... ...0 .... = Turbo: False .... .... ..0. .... = Complementary Code Keying (CCK): False .... .... .1.. .... = Orthogonal Frequency-Division Multiplexing (OFDM): True .... .... 0... .... = 2 GHz spectrum: False .... ...1 .... .... = 5 GHz spectrum: True .... ..0. .... .... = Passive: False .... .0.. .... .... = Dynamic CCK-OFDM: False .... 0... .... .... = Gaussian Frequency Shift Keying (GFSK): False ...0 .... .... .... = GSM (900MHz): False ..0. .... .... .... = Static Turbo: False .0.. .... .... .... = Half Rate Channel (10MHz Channel Width): False 0... .... .... .... = Quarter Rate Channel (5MHz Channel Width): False SSI Signal: -84 dBm SSI Noise: -91 dBm Antenna: 1 MCS information Known MCS information: 0x1f .... ...1 = Bandwidth: True .... ..1. = MCS index: True .... .1.. = Guard interval: True .... 1... = Format: True ...1 .... = FEC: True ..0. .... = STBC: False .... ..00 = Bandwidth: 20 MHz (0) .... .0.. = Guard interval: long (0) .... 0... = Format: mixed (0) ...0 .... = FEC: BCC (0) MCS index: 0 [Data Rate: 6.5 Mb/s] IEEE 802.11 Beacon frame, Flags: ........C IEEE 802.11 wireless LAN management frame -- You are receiving this mail because: You are watching all bug changes.
- Follow-Ups:
- [Wireshark-bugs] [Bug 9256] Radiotap decode appears broken
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 9256] Radiotap decode appears broken
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 9256] Radiotap decode appears broken
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 9256] Radiotap decode appears broken
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 9256] Radiotap decode appears broken
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 9256] Radiotap decode appears broken
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 9256] Radiotap decode appears broken
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 9256] Radiotap decode appears broken
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 9256] Radiotap decode appears broken
- From: bugzilla-daemon
- [Wireshark-bugs] [Bug 9256] Radiotap decode appears broken
- Prev by Date: [Wireshark-bugs] [Bug 9255] New: Wireshark crashes every 10 minutes on Win 2008 Server
- Next by Date: [Wireshark-bugs] [Bug 9255] Wireshark crashes every 10 minutes on Win 2008 Server
- Previous by thread: [Wireshark-bugs] [Bug 9255] Wireshark crashes every 10 minutes on Win 2008 Server
- Next by thread: [Wireshark-bugs] [Bug 9256] Radiotap decode appears broken
- Index(es):
- Get Wireshark
- Download
- Code of Conduct