Support for 802.11 Action frames

[FeldrinH]

The IEEE80211 packet decoder has some support for Action frames, but in many cases it throws an UnpackError and refuses to parse the entire packet if it finds an Action frame it doesn't recognize.

It would be nice if all common Action frames were supported. It would also be nice if instead of throwing an error it would keep the unrecognized Action frame as raw bytes, so the user could decode it themselves.

Additional context A pcap file with some 802.11 Action frames that dpkt currently can't decode: odid_wifi_sample.zip

[kbandla]

Hi @FeldrinH. Can you share the script you used to try to parse the packets?

[FeldrinH]

Sure. The actual script included extra logic for other linktypes, but the relevant part is this:

import sys
from dpkt import pcap, pcapng
from dpkt.radiotap import Radiotap

if __name__ == '__main__':
    file = sys.argv[1]
    print(f"Reading pcap from {file}")
    with open(file, mode='rb') as f:
        if file.endswith('.pcapng'):
            reader = pcapng.Reader(f)
        else:
            reader = pcap.Reader(f)

        assert reader.datalink() == pcap.DLT_IEEE802_11_RADIO

        count = 0
        for _, buffer in reader:
            count += 1
            packet = Radiotap(buffer)
            packet.pprint()
    print(f"Read {count} packets")

Tested with dpkt 1.9.8, produces dpkt.dpkt.UnpackError: KeyError: category=4 code=9.