Radiotap dissector reporting wrong error
Summary
The radiotap dissector reports strange error about radiotap data being bigger than radiotap header while this is not the case. In the attached file, the first present flags word indicates there is a vendor NS present flag word following, and that vendor NS present flag word indicates there is nothing following it. The vendor NS field is properly formatted and its data size is coherent with the end of the radiotap header.
The dissector is able to parse the radiotap header properly so there is no issue about its size or content. Only this error message should not be present.
Also, parsing those headers using the parse tool from the radiotap library produces no error.
Steps to reproduce
- Open attached file
- All captured frames will show a radiotap error
What is the current bug behavior?
The following error message is shown when parsing radiotap header:
Expert Info (Error/Malformed): Radiotap data goes past the end of the radiotap header
What is the expected correct behavior?
No error message.
Sample capture file
Radiotap Header v0, Length 64 (malformed)
Header revision: 0
Header pad: 0
Header length: 64
Present flags
Present flags word: 0xc000580f
.... .... .... .... .... .... .... ...1 = TSFT: Present
.... .... .... .... .... .... .... ..1. = Flags: Present
.... .... .... .... .... .... .... .1.. = Rate: Present
.... .... .... .... .... .... .... 1... = Channel: Present
.... .... .... .... .... .... ...0 .... = FHSS: Absent
.... .... .... .... .... .... ..0. .... = dBm Antenna Signal: Absent
.... .... .... .... .... .... .0.. .... = dBm Antenna Noise: Absent
.... .... .... .... .... .... 0... .... = Lock Quality: Absent
.... .... .... .... .... ...0 .... .... = TX Attenuation: Absent
.... .... .... .... .... ..0. .... .... = dB TX Attenuation: Absent
.... .... .... .... .... .0.. .... .... = dBm TX Power: Absent
.... .... .... .... .... 1... .... .... = Antenna: Present
.... .... .... .... ...1 .... .... .... = dB Antenna Signal: Present
.... .... .... .... ..0. .... .... .... = dB Antenna Noise: Absent
.... .... .... .... .1.. .... .... .... = RX flags: Present
.... .... .... .... 0... .... .... .... = TX flags: Absent
.... .... .... .0.. .... .... .... .... = Channel+: Absent
.... .... .... 0... .... .... .... .... = MCS information: Absent
.... .... ...0 .... .... .... .... .... = A-MPDU Status: Absent
.... .... ..0. .... .... .... .... .... = VHT information: Absent
.... .... .0.. .... .... .... .... .... = frame timestamp: Absent
.... .... 0... .... .... .... .... .... = HE information: Absent
.... ...0 .... .... .... .... .... .... = HE-MU information: Absent
.... .0.. .... .... .... .... .... .... = 0 Length PSDU: Absent
.... 0... .... .... .... .... .... .... = L-SIG: Absent
...0 .... .... .... .... .... .... .... = TLVs: Absent
..0. .... .... .... .... .... .... .... = Radiotap NS next: False
.1.. .... .... .... .... .... .... .... = Vendor NS next: True
1... .... .... .... .... .... .... .... = Ext: Present
Present flags word: 0x00000007
..0. .... .... .... .... .... .... .... = Radiotap NS next: False
.0.. .... .... .... .... .... .... .... = Vendor NS next: False
0... .... .... .... .... .... .... .... = Ext: Absent
[Expert Info (Error/Malformed): Radiotap data goes past the end of the radiotap header]
[Radiotap data goes past the end of the radiotap header]
[Severity level: Error]
[Group: Malformed]
MAC timestamp: 2490882252
Flags: 0x10
.... ...0 = CFP: False
.... ..0. = Preamble: Long
.... .0.. = WEP: False
.... 0... = Fragmentation: False
...1 .... = FCS at end: True
..0. .... = Data Pad: False
.0.. .... = Bad FCS: False
0... .... = Short GI: False
Data Rate: 13,5 Mb/s
Channel frequency: 2437 [BG 6]
Channel flags: 0x0000
.... .... ...0 .... = Turbo: False
.... .... ..0. .... = Complementary Code Keying (CCK): False
.... .... .0.. .... = Orthogonal Frequency-Division Multiplexing (OFDM): False
.... .... 0... .... = 2 GHz spectrum: False
.... ...0 .... .... = 5 GHz spectrum: False
.... ..0. .... .... = Passive: False
.... .0.. .... .... = Dynamic CCK-OFDM: False
.... 0... .... .... = Gaussian Frequency Shift Keying (GFSK): False
...0 .... .... .... = GSM (900MHz): False
..0. .... .... .... = Static Turbo: False
.0.. .... .... .... = Half Rate Channel (10MHz Channel Width): False
0... .... .... .... = Quarter Rate Channel (5MHz Channel Width): False
Antenna: 1
dB antenna signal: 16 dB
RX flags: 0x0000
.... .... .... .... .... ..0. = Bad PLCP: False
Vendor namespace: AtherosC-0
Vendor OUI: 00:03:7f (Atheros Communication
Vendor sub namespace: 0
Vendor data length: 24
Vendor data
Build information
3.4.0 (v3.4.0-0-g9733f173ea5e)
Compiled (64-bit) with Qt 5.15.1, with libpcap, with GLib 2.52.3, with zlib
1.2.11, with SMI 0.4.8, with c-ares 1.15.0, with Lua 5.2.4, with GnuTLS 3.6.3
and PKCS #11 support, with Gcrypt 1.8.3, with MIT Kerberos, with MaxMind DB
resolver, with nghttp2 1.39.2, with brotli, with LZ4, with Zstandard, with
Snappy, with libxml2 2.9.9, with QtMultimedia, with automatic updates using
WinSparkle 0.5.7, with AirPcap, with SpeexDSP (using bundled resampler).
Running on 64-bit Windows 10 (2004), build 19041, with Intel(R) Core(TM)
i5-6600K CPU @ 3.50GHz (with SSE4.2), with 16338 MB of physical memory, with
locale French_France.utf8, with light display mode, without HiDPI, with Npcap
version 1.00, based on libpcap version 1.9.1, with GnuTLS 3.6.3, with Gcrypt
1.8.3, with brotli 1.0.2, without AirPcap, binary plugins supported (21 loaded).
Built using Microsoft Visual Studio 2019 (VC++ 14.27, build 29112).