Radiotap dissector out of sync with the current specification.

This issue was migrated from bug 1812 in our old bug tracker.

Original bug information:

Reporter: Gerald Combs
Status: RESOLVED FIXED
Product: Wireshark
Component: GTK+ UI
OS: All
Platform: All
Version: unspecified

Gerald Combs said:

Build Information:

Paste the COMPLETE build information from "Help->About Wireshark", "wireshark -v", or "tshark -v".

As noted at http://mail.ojctech.com/pipermail/radiotap/2007-August/000045.html, Wireshark interprets bit 14 in the Radiotap header as IEEE80211_RADIOTAP_FCS.  The correct interpretation according to http://netbsd.gw.com/cgi-bin/man-cgi?ieee80211_radiotap+9+NetBSD-current is IEEE80211_RADIOTAP_RX_FLAGS.

added uigtk label

Stig Bjørlykke said:

And all this is nicely commented in packet-radiotap.c, line 80 :)

Stig Bjørlykke said:

Is it OK to have constructions like this in the dissectors?
Or should this be handled by configure?

#ifdef __FreeBSD__
    IEEE80211_RADIOTAP_XCHANNEL = 14;
#elif __NetBSD__
    IEEE80211_RADIOTAP_RX_FLAGS = 14;
#else
    IEEE80211_RADIOTAP_FCS = 14,
#endif

Guy Harris said:

No, and no.  The interpretation of a Radiotap file should *not* be dependent on the OS on which you're running Wireshark!

IEEE80211_RADIOTAP_XCHANNEL was moved to 18 when I mentioned this problem to David Young and Sam Leffler.  IEEE80211_RADIOTAP_FCS was, as far as I know, never used.

I'm working on the one remaining issue, namely collisions between some OpenBSD bits and bits used in other OSes.  Hopefully we can come up with a standard that all OSes can adopt and continue to adhere to.  If not, we might have to define multiple DLT_ values for different flavors of radiotap; that wouldn't be the ideal, but at least it'd mean that a file capture on one OS could be interpreted by Wiretap (or tcpdump, or...) running on *any* OS.

Jaap Keuter said:

So, how about this issue? Is it still open?

Stephen Fisher said:

Any updates?

Gerald Combs said:

It looks like r23625 and r28385 have addressed this.

closed