mirror of
https://github.com/the-tcpdump-group/tcpdump.git
synced 2024-11-23 10:04:05 +08:00
fix bug #303 (DLT_IEEE802_11_RADIO ext. bitmaps)
This bug was discovered and pinned down by Wim Torfs. The code in question handles DLT_IEEE802_11_RADIO datalink type, which consists of a variable-sized header, a variable number of fields and the actual 802.11 frame. The integers contained in the fields are aligned, properly extracting them is exactly the purpose of the existing "cpack" module. The issue with the current code is that it sets alignment base for cpack at the end of the variable-sized header, in other words, 64-bit integers would be properly extracted only so long as the header is 64-bit long, which only happens when the total number of bitmaps in it is odd (the minimum number of bitmaps is one). Once this condition isn't met, as is with two bitmaps, decoding becomes incorrect. The reporter's point that the alignment base must be the beginning of the variable-sized header is accurate. This commit adds a new cpack_advance() function to fast-forward the "c_next" pointer of a cpack_state context by an arbitrary number of octets. The ieee802_11_radio_print() function now uses it to skip the header and all its bitmaps, and the alignment base is now the header start.
This commit is contained in:
Denis Ovsienko
parent
3e3cc1fce3
commit
b766ec9d3b
11
cpack.c
11
cpack.c
@ -68,6 +68,17 @@ cpack_align_and_reserve(struct cpack_state *cs, size_t wordsize)
|
||||
return next;
|
||||
}
|
||||
|
||||
/* Advance by N bytes without returning them. */
|
||||
int
|
||||
cpack_advance(struct cpack_state *cs, const size_t toskip)
|
||||
{
|
||||
/* No space left? */
|
||||
if (cs->c_next - cs->c_buf + toskip > cs->c_len)
|
||||
return -1;
|
||||
cs->c_next += toskip;
|
||||
return 0;
|
||||
}
|
||||
|
||||
int
|
||||
cpack_init(struct cpack_state *cs, u_int8_t *buf, size_t buflen)
|
||||
{
|
||||
|
||||
2
cpack.h
2
cpack.h
@ -51,4 +51,6 @@ u_int8_t *cpack_align_and_reserve(struct cpack_state *cs, size_t wordsize);
|
||||
#define cpack_int32(__s, __p) cpack_uint32((__s), (u_int32_t*)(__p))
|
||||
#define cpack_int64(__s, __p) cpack_uint64((__s), (u_int64_t*)(__p))
|
||||
|
||||
extern int cpack_advance(struct cpack_state *, const size_t);
|
||||
|
||||
#endif /* _CPACK_H */
|
||||
|
||||
@ -2209,7 +2209,6 @@ ieee802_11_radio_print(const u_char *p, u_int length, u_int caplen)
|
||||
u_int32_t *presentp, *last_presentp;
|
||||
enum ieee80211_radiotap_type bit;
|
||||
int bit0;
|
||||
const u_char *iter;
|
||||
u_int len;
|
||||
u_int8_t flags;
|
||||
int pad;
|
||||
@ -2229,10 +2228,13 @@ ieee802_11_radio_print(const u_char *p, u_int length, u_int caplen)
|
||||
printf("[|802.11]");
|
||||
return caplen;
|
||||
}
|
||||
cpack_init(&cpacker, (u_int8_t *)hdr, len); /* align against header start */
|
||||
cpack_advance(&cpacker, sizeof(*hdr)); /* includes the 1st bitmap */
|
||||
for (last_presentp = &hdr->it_present;
|
||||
IS_EXTENDED(last_presentp) &&
|
||||
(u_char*)(last_presentp + 1) <= p + len;
|
||||
last_presentp++);
|
||||
last_presentp++)
|
||||
cpack_advance(&cpacker, sizeof(hdr->it_present)); /* more bitmaps */
|
||||
|
||||
/* are there more bitmap extensions than bytes in header? */
|
||||
if (IS_EXTENDED(last_presentp)) {
|
||||
@ -2240,14 +2242,6 @@ ieee802_11_radio_print(const u_char *p, u_int length, u_int caplen)
|
||||
return caplen;
|
||||
}
|
||||
|
||||
iter = (u_char*)(last_presentp + 1);
|
||||
|
||||
if (cpack_init(&cpacker, (u_int8_t*)iter, len - (iter - p)) != 0) {
|
||||
/* XXX */
|
||||
printf("[|802.11]");
|
||||
return caplen;
|
||||
}
|
||||
|
||||
/* Assume no flags */
|
||||
flags = 0;
|
||||
/* Assume no Atheros padding between 802.11 header and body */
|
||||
|
||||
@ -1,26 +1,26 @@
|
||||
43019938624962560us tsft 0.0 Mb/s 0 MHz Turbo 108dB signal 9dB noise antenna 160 [bit 31] 0us Probe Request (omus) [1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 Mbit][|802.11]
|
||||
43030942331174912us tsft 0.0 Mb/s 0 MHz Turbo 108dB signal 9dB noise antenna 160 [bit 31] 0us Acknowledgment RA:90:a4:de:c0:46:0a
|
||||
43023739671019520us tsft 0.0 Mb/s 0dB noise 0dBm tx power [bit 15] 314us Probe Response (omus) [1.0* 2.0* 5.5* 11.0* 6.0 9.0 12.0 18.0 Mbit] CH: 1
|
||||
43316037965316096us tsft 0.0 Mb/s 0 MHz Turbo 108dB signal 9dB noise antenna 160 [bit 31] 0us Probe Request (omus) [1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 Mbit][|802.11]
|
||||
43326418901270528us tsft 0.0 Mb/s 0 MHz Turbo 108dB signal 9dB noise antenna 160 [bit 31] 0us Acknowledgment RA:90:a4:de:c0:46:0a
|
||||
43319220536082432us tsft 0.0 Mb/s 0dB noise 0dBm tx power [bit 15] 314us Probe Response (omus) [1.0* 2.0* 5.5* 11.0* 6.0 9.0 12.0 18.0 Mbit] CH: 1
|
||||
44170981270355968us tsft 0.0 Mb/s 0 MHz Turbo 108dB signal 9dB noise antenna 160 [bit 31] 0us Probe Request (omus) [1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 Mbit][|802.11]
|
||||
44187555549151232us tsft 0.0 Mb/s 0 MHz Turbo 108dB signal 9dB noise antenna 160 [bit 31] 0us Acknowledgment RA:90:a4:de:c0:46:0a
|
||||
44180361478930432us tsft 0.0 Mb/s 0dB noise 0dBm tx power [bit 15] 314us Probe Response (omus) [1.0* 2.0* 5.5* 11.0* 6.0 9.0 12.0 18.0 Mbit] CH: 1
|
||||
44458778438926336us tsft 0.0 Mb/s 0 MHz Turbo 108dB signal 9dB noise antenna 160 [bit 31] 0us Probe Request (omus) [1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 Mbit]
|
||||
44469099245338624us tsft 0.0 Mb/s 0 MHz Turbo 108dB signal 9dB noise antenna 160 [bit 31] 0us Acknowledgment RA:90:a4:de:c0:46:0a
|
||||
44461896585183232us tsft 0.0 Mb/s 0dB noise 0dBm tx power [bit 15] 314us Probe Response (omus) [1.0* 2.0* 5.5* 11.0* 6.0 9.0 12.0 18.0 Mbit] CH: 1
|
||||
44746549837692928us tsft 0.0 Mb/s 0 MHz Turbo 108dB signal 9dB noise antenna 160 [bit 31] 0us Probe Request (omus) [1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 Mbit][|802.11]
|
||||
44757549248937984us tsft 0.0 Mb/s 0 MHz Turbo 108dB signal 9dB noise antenna 160 [bit 31] 0us Acknowledgment RA:90:a4:de:c0:46:0a
|
||||
44750350883749888us tsft 0.0 Mb/s 0dB noise 0dBm tx power [bit 15] 314us Probe Response (omus) [1.0* 2.0* 5.5* 11.0* 6.0 9.0 12.0 18.0 Mbit] CH: 1
|
||||
45034325531426816us tsft 0.0 Mb/s 0 MHz Turbo 108dB signal 9dB noise antenna 160 [bit 31] 0us Probe Request (omus) [1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 Mbit][|802.11]
|
||||
45051105968652288us tsft 0.0 Mb/s 0 MHz Turbo 108dB signal 9dB noise antenna 160 [bit 31] 0us Acknowledgment RA:90:a4:de:c0:46:0a
|
||||
45043907603464192us tsft 0.0 Mb/s 0dB noise 0dBm tx power [bit 15] 314us Probe Response (omus) [1.0* 2.0* 5.5* 11.0* 6.0 9.0 12.0 18.0 Mbit] CH: 1
|
||||
57288455637434368us tsft 0.0 Mb/s 0 MHz Turbo 108dB signal 9dB noise antenna 160 [bit 31] 314us Authentication (Open System)-1: Successful[|802.11]
|
||||
57295787146608640us tsft 0.0 Mb/s 0 MHz Turbo 108dB signal 9dB noise antenna 160 [bit 31] 0us Acknowledgment RA:90:a4:de:c0:46:0a
|
||||
57292437072117760us tsft 0.0 Mb/s 0dB noise 0dBm tx power [bit 15] 314us Authentication (Open System)-2:
|
||||
57303449368264704us tsft 0.0 Mb/s 0 MHz Turbo 108dB signal 9dB noise antenna 160 [bit 31] 314us Assoc Request (omus) [1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 Mbit][|802.11]
|
||||
57322600627437568us tsft 0.0 Mb/s 0 MHz Turbo 108dB signal 9dB noise antenna 160 [bit 31] 0us Acknowledgment RA:90:a4:de:c0:46:0a
|
||||
57316016442572800us tsft 0.0 Mb/s 0dB noise 0dBm tx power [bit 15] 314us Assoc Response AID(1) :: Successful
|
||||
57361147958919168us tsft 0 MHz Turbo 108dB signal 9dB noise antenna 128 20 MHz [bit 31] 48us
|
||||
57787887319515136us tsft 0 MHz Turbo 108dB signal 9dB noise antenna 128 20 MHz [bit 31] Pwr Mgmt 44us
|
||||
10016360us tsft 1.0 Mb/s 2412 MHz 11b -22dB signal -86dB noise antenna 1 [bit 31] 0us Probe Request (omus) [1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 Mbit]
|
||||
10018922us tsft 1.0 Mb/s 2412 MHz 11b -19dB signal -86dB noise antenna 0 [bit 31] 0us Acknowledgment RA:90:a4:de:c0:46:0a
|
||||
10017245us tsft 1.0 Mb/s -86dB noise 27dBm tx power [bit 15] 314us Probe Response (omus) [1.0* 2.0* 5.5* 11.0* 6.0 9.0 12.0 18.0 Mbit] CH: 1
|
||||
10085301us tsft 1.0 Mb/s 2412 MHz 11b -19dB signal -86dB noise antenna 1 [bit 31] 0us Probe Request (omus) [1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 Mbit]
|
||||
10087718us tsft 1.0 Mb/s 2412 MHz 11b -18dB signal -86dB noise antenna 0 [bit 31] 0us Acknowledgment RA:90:a4:de:c0:46:0a
|
||||
10086042us tsft 1.0 Mb/s -86dB noise 27dBm tx power [bit 15] 314us Probe Response (omus) [1.0* 2.0* 5.5* 11.0* 6.0 9.0 12.0 18.0 Mbit] CH: 1
|
||||
10284358us tsft 1.0 Mb/s 2412 MHz 11b -61dB signal -86dB noise antenna 1 [bit 31] 0us Probe Request (omus) [1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 Mbit]
|
||||
10288217us tsft 1.0 Mb/s 2412 MHz 11b -46dB signal -86dB noise antenna 0 [bit 31] 0us Acknowledgment RA:90:a4:de:c0:46:0a
|
||||
10286542us tsft 1.0 Mb/s -86dB noise 27dBm tx power [bit 15] 314us Probe Response (omus) [1.0* 2.0* 5.5* 11.0* 6.0 9.0 12.0 18.0 Mbit] CH: 1
|
||||
10351366us tsft 1.0 Mb/s 2412 MHz 11b -70dB signal -86dB noise antenna 1 [bit 31] 0us Probe Request (omus) [1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 Mbit]
|
||||
10353769us tsft 1.0 Mb/s 2412 MHz 11b -57dB signal -86dB noise antenna 0 [bit 31] 0us Acknowledgment RA:90:a4:de:c0:46:0a
|
||||
10352092us tsft 1.0 Mb/s -86dB noise 27dBm tx power [bit 15] 314us Probe Response (omus) [1.0* 2.0* 5.5* 11.0* 6.0 9.0 12.0 18.0 Mbit] CH: 1
|
||||
10418368us tsft 1.0 Mb/s 2412 MHz 11b -67dB signal -86dB noise antenna 1 [bit 31] 0us Probe Request (omus) [1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 Mbit]
|
||||
10420929us tsft 1.0 Mb/s 2412 MHz 11b -73dB signal -86dB noise antenna 0 [bit 31] 0us Acknowledgment RA:90:a4:de:c0:46:0a
|
||||
10419253us tsft 1.0 Mb/s -86dB noise 27dBm tx power [bit 15] 314us Probe Response (omus) [1.0* 2.0* 5.5* 11.0* 6.0 9.0 12.0 18.0 Mbit] CH: 1
|
||||
10485371us tsft 1.0 Mb/s 2412 MHz 11b -72dB signal -86dB noise antenna 1 [bit 31] 0us Probe Request (omus) [1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 Mbit]
|
||||
10489278us tsft 1.0 Mb/s 2412 MHz 11b -74dB signal -86dB noise antenna 0 [bit 31] 0us Acknowledgment RA:90:a4:de:c0:46:0a
|
||||
10487602us tsft 1.0 Mb/s -86dB noise 27dBm tx power [bit 15] 314us Probe Response (omus) [1.0* 2.0* 5.5* 11.0* 6.0 9.0 12.0 18.0 Mbit] CH: 1
|
||||
13338508us tsft 1.0 Mb/s 2412 MHz 11b -14dB signal -86dB noise antenna 1 [bit 31] 314us Authentication (Open System)-1: Successful
|
||||
13340215us tsft 1.0 Mb/s 2412 MHz 11b -17dB signal -86dB noise antenna 0 [bit 31] 0us Acknowledgment RA:90:a4:de:c0:46:0a
|
||||
13339435us tsft 1.0 Mb/s -86dB noise 27dBm tx power [bit 15] 314us Authentication (Open System)-2:
|
||||
13341999us tsft 1.0 Mb/s 2412 MHz 11b -18dB signal -86dB noise antenna 1 [bit 31] 314us Assoc Request (omus) [1.0 2.0 5.5 11.0 6.0 9.0 12.0 18.0 Mbit]
|
||||
13346458us tsft 1.0 Mb/s 2412 MHz 11b -18dB signal -86dB noise antenna 0 [bit 31] 0us Acknowledgment RA:90:a4:de:c0:46:0a
|
||||
13344925us tsft 1.0 Mb/s -86dB noise 27dBm tx power [bit 15] 314us Assoc Response AID(1) :: Successful
|
||||
13355433us tsft 2412 MHz 11g -22dB signal -86dB noise antenna 1 19.5 Mb/s MCS 2 20 MHz lon GI [bit 31] 48us
|
||||
13454791us tsft 2412 MHz 11g -21dB signal -86dB noise antenna 1 52.0 Mb/s MCS 11 20 MHz lon GI [bit 31] Pwr Mgmt 44us
|
||||
|
||||
Loading…
Reference in New Issue
Block a user