Wireshark-dev: [Wireshark-dev] 802.11 Type/Subtype Field Incorrect
From: Dustin Johnson <[email protected]>
Date: Tue, 10 Apr 2007 17:43:14 -0700
Hi all,
I have been looking at correcting the IEEE 802.11 Type/Subtype field, but would like to know if there are reasons against it. First let me explain what I think is wrong with the field:
The frame type "QoS Data" is displayed in Wireshark as 40.  In IEEE 
802.11ma-D9.0 the type field is defined as bits 3,2 and the subtype as 
bits 4,5,6,7.  In this same document "QoS Data" is defined as type = 10 
and subtype = 1000.
In the actual byte the data is presented as such -> 100010XX (Where the 
Xs are extraneous to the type/subtype).  If this value is bit shifted 
right 2 then the value becomes 0x22 or D34.
Looking at the dissector code this is not the way that the type/subtype 
fields are put together.  Instead it is done as such -> 101000 = 0x28 = 
D40.  Thus, the type/subtype fields are switched.  I would like to 
correct the problem but would like to know what type of impact that 
would have.
Thank you,
   Dustin Johnson

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature