diff options
| author | Jaap Keuter <jaap.keuter@xs4all.nl> | 2017-02-15 22:25:58 +0100 |
|---|---|---|
| committer | Jaap Keuter <jaap.keuter@xs4all.nl> | 2017-02-28 07:27:00 +0000 |
| commit | 311b1ee70072531352262f3a47181e89472e3109 (patch) | |
| tree | 64a3e1d9da3f4f6c7f7aedcbdc8d921ba6da4981 /epan | |
| parent | 2534ec45c108c00a9e8c5fa09b85f1c70f4ae35e (diff) | |
| download | wireshark-311b1ee70072531352262f3a47181e89472e3109.tar.gz | |
IEEE 802.11: Handle Atheros padding
For some unknown reason between 802.11 protocol fields end and LLC
protocol field start two octets of padding may appear. These octets
(value 0x00) were observed on the OLPC laptop, heuristically detected
and marked as OLPC mysterious stuff.
It seems that Atheros chipset drivers also show this behaviour,
although the padding is not 0x0000, but seem to be a duplicate of the
sequence control field. This is now also heuristically detected and
marked more generically as payload padding.
Bug: 13411
Change-Id: I1e817e07dc19be8b3917ff302ede3328ca6a4938
Reviewed-on: https://code.wireshark.org/review/20284
Petri-Dish: Alexis La Goutte <alexis.lagoutte@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Jaap Keuter <jaap.keuter@xs4all.nl>
Diffstat (limited to 'epan')
| -rw-r--r-- | epan/dissectors/packet-ieee80211.c | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/epan/dissectors/packet-ieee80211.c b/epan/dissectors/packet-ieee80211.c index 79f20cae43..cd158fd15a 100644 --- a/epan/dissectors/packet-ieee80211.c +++ b/epan/dissectors/packet-ieee80211.c @@ -18492,7 +18492,9 @@ dissect_ieee80211_common(tvbuff_t *tvb, packet_info *pinfo, On top of that, at least at some point it appeared that the OLPC XO sent out frames with two bytes of 0 between the "end" of the 802.11 header and the beginning of - the payload. + the payload. Something similar has also been observed + with Atheros chipsets. There the sequence control field + seems repeated. So, if the packet doesn't start with 0xaa 0xaa: @@ -18508,7 +18510,8 @@ dissect_ieee80211_common(tvbuff_t *tvb, packet_info *pinfo, whether the packet starts with 0xff 0xff and, if so, treat it as an encapsulated IPX frame, and then check whether the packet starts with 0x00 0x00 and, if so, treat it as an OLPC - frame. */ + frame, or check the packet starts with the repetition of the + sequence control field and, if so, treat it as an Atheros frame. */ encap_type = ENCAP_802_2; if (tvb_bytes_exist(next_tvb, 0, 2)) { octet1 = tvb_get_guint8(next_tvb, 0); @@ -18519,7 +18522,8 @@ dissect_ieee80211_common(tvbuff_t *tvb, packet_info *pinfo, encap_type = ENCAP_ETHERNET; else if ((octet1 == 0xff) && (octet2 == 0xff)) encap_type = ENCAP_IPX; - else if ((octet1 == 0x00) && (octet2 == 0x00)) { + else if (((octet1 == 0x00) && (octet2 == 0x00)) || + (((octet2 << 8) | octet1) == seq_control)) { proto_tree_add_item(tree, hf_ieee80211_mysterious_olpc_stuff, next_tvb, 0, 2, ENC_NA); next_tvb = tvb_new_subset_remaining(next_tvb, 2); } |