On Mon, Jun 17, 2002 at 10:24:47AM -0400, Solomon Peachy wrote:
> > 1) the 802.11 dissector common code ("dissect_ieee80211_common()")
> > needs to have an argument telling it whether the frame has an
> > FCS or not and, if that argument says it doesn't, not treat
> > the stuff at the end of the frame as an FCS
>
> Right now, that argument comes in the form of a preference. Either the
> FCS is present, or it is not present. It won't vary on a per-packet basis
> in the middle of a capture.
But it *does* vary on a per capture file type basis! That preference
should be completely ignored when reading an AiroPeek or Wireless
Sniffer file, as those files appear *never* to contain the FCS at the
end of the frame.
I.e, don't assume that libpcap is the only source of 802.11 captures
read by Ethereal.
> Assuming that we have a sane snarflen, that
> is.. but if not, the packet data will be truncated anyway, rendering the
> FCS argument a little moot in the grander scheme of htings.
Yes, that's the whole length vs. reported length issue I was talking
about.
> > 2) "dissect_ieee80211_radio()" should, for now, pass to
> > "dissect_ieee80211_common()" a value of "does not contain
> > FCS", although that may change in the future - if so, we'll
> > need some mechanism by which the Wiretap code can pass an
> > indication of whether there's an FCS or not to
> > Ethereal/Tethereal.
>
> The more I think about this, the more I like it. The existing "radio"
> header was arbitrarily defined for the original monitor code on the prism
> driver, and the wlan-ng stuff will be changing this format drastically in
> the future (with new encapsulations and whatnot, don't worry). And the
> FCS will _always_ be present in those cases.
"dissect_ieee80211_radio()" deals with a radio pseudo-header for
AiroPeek and Wireless Sniffer captures; it is currently not used for
libpcap captures.
The reason why "dissect_ieee80211_radio()" should pass a value of "does
not contain FCS" to "dissect_ieee80211_common()" is that, as noted
above, AiroPeek and Wireless Sniffer captures don't include the FCS.
> Okay, this is what I plan to do in the short run:
>
> * Leave the "Assume FCS is present" toggle in the 802.11 dissector, but
> have it default to off.
> * Mangle the dissect_ieee80211_common() and friends to have the FCS
> toggle as an argument, like you proposed.
No, it should have an "FCS present" flag as an argument. For
"dissect_ieee80211()", the toggle should be passed as an argument; for
"dissect_ieee80211_radio()", FALSE should, for now, be passed as an
argument, *not* the toggle, as the toggle should have no effect
whatsoever on the processing of AiroPeek or Wireless Sniffer captures.
> * Assume FCS is missing if the captured length is too short. Ditto for
> the WEP ICV.
The WEP ICV comes *before* the payload, so if it's not present, the
payload also isn't present, right?
