802.11 Reduced Neighbor Report (RNR) information element is not correctly dissected
Summary
The 802.11 Reduced Neighbor Report (RNR) Information Element is not correctly dissected when multiple Neighbor AP Information fields are present.
Steps to reproduce
Open a capture file containing a Beacon/Probe Response frame carrying an RNR element.
What is the current bug behavior?
See the attached screenshot, showing a Beacon frame including an RNR element with three Neighbor AP Information fields (see also Figs. 9-629 and 9-630 of 802.11-2020). The first Neighbor AP Information field has a TBTT Information Count (BTW please fix the typo TBBT -> TBTT) equal to 1 and the first TBTT Information field (TBTT 0) is correctly dissected. However, TBTT 0 should not be followed by another TBTT Information field (the count is 1), but by another Neighbor AP Information field.
What is the expected correct behavior?
The first two bytes following TBTT 0 (0x10 0x07) should be interpreted as the TBTT Information Header of the second Neighbor AP Information field.
Sample capture file
Attached is a capture file generated by the ns-3 simulator. The Beacon frame I am referring to is the first captured packet.
Relevant logs and/or screenshots
Build information
3.5.0rc0-1725-g7b81ddd35b0b (v3.5.0rc0-1725-g7b81ddd35b0b)
Compiled (64-bit) with Qt 5.12.6, with libpcap, without POSIX capabilities, with
GLib 2.58.3, with zlib 1.2.11, with SMI 0.4.8, with c-ares 1.15.0, with Lua
5.2.4, with GnuTLS 3.6.15 and PKCS #11 support, with Gcrypt 1.8.7, with MIT
Kerberos, with MaxMind DB resolver, with nghttp2 1.39.2, with brotli, with LZ4,
with Zstandard, with Snappy, with libxml2 2.9.9, with QtMultimedia, with
automatic updates using Sparkle, with SpeexDSP (using system library), with
Minizip.
Running on Mac OS X 10.16, build 20C69 (Darwin 20.2.0), with Intel(R) Core(TM)
i9-9880H CPU @ 2.30GHz (with SSE4.2), with 16384 MB of physical memory, with
locale C, with light display mode, with HiDPI, with libpcap version 1.9.1, with
GnuTLS 3.6.15, with Gcrypt 1.8.7, with brotli 1.0.9, with zlib 1.2.11, binary
plugins supported (21 loaded).
Built using clang 4.2.1 Compatible Apple LLVM 11.0.0 (clang-1100.0.33.16).