Ethereal-dev: Re: [Ethereal-dev] [PATCH] updated 802.11 dissector

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

From: Solomon Peachy <solomon@xxxxxxxxxxxxxx>
Date: Tue, 18 Jun 2002 10:00:04 -0400
On Tue, Jun 18, 2002 at 01:41:19AM -0700, Guy Harris wrote:
> Checked in, with some cleanups of the code to handle short frames, and
> with the WEP ICV universally named an "ICV" rather than a "CRC" (e.g.,
> changing the filterable field name).

Cool!
 
> BTW, is WEP encryption done *before* fragmentation or *after*
> fragmentation?

This is something I'm actually unsure of, as the 802.11 spec seems a bit
vague.

> does it WEP-encrypt the payload and then fragment it, or does it
> fragment the payload and then WEP-encrypt each fragment?  The current
> code does WEP decryption after defragmentation, which works if it
> WEP-encrypts the payload and then fragments it.

There's nothing in the 802.11 spec about how to handle WEP when we need to
fragment the payload.  It seems to indicate you just take the whole
payload as-is and split it up.

However, in section 9.5 (Defragmentation): "If WEP has been applied to
the fragment, it shall be decrypted before the framnent is used for
defragmentation of the MSDU or MMPDU."

So according to the defragmentation spec, WEP should occur on a
per-fragment basis. 

*sigh*  And to think I had it this way then re-wrote it.  :)  Not that it
worked at that point, but still.

To fix this, it'll be a bit more complex than simply moving the WEP code
up a few lines..

I'll need to generate some fragmented WEP traffic, then I'll fix
everything up and post a new patch when I have it working.

 - Pizza 
-- 
Solomon Peachy                        solomon@xxxxxxxxxxxxxx
AbsoluteValue Systems                 http://www.linux-wlan.com
715-D North Drive                     +1 (321) 259-0737  (office)
Melbourne, FL 32934                   +1 (321) 259-0286  (fax)

Attachment: pgpFSE51m_xP4.pgp
Description: PGP signature