Wireshark-dev: [Wireshark-dev] ieee802.11 dissector patch for forcing WEP decryption (correctio
Hi ,
I just notice that I forgot to remove a definition not needed in the
previous patch.
Here is the correction.
Best Regards,
---
Frederic Roudaut
Index: packet-ieee80211.c
===================================================================
--- packet-ieee80211.c (révision 19338)
+++ packet-ieee80211.c (copie de travail)
@@ -84,6 +84,9 @@
/* Ignore the WEP bit; assume packet is decrypted */
static gboolean wlan_ignore_wep = FALSE;
+/* Assume packets that fail WEP decryption (No/Bad key) are already decrypted keeping the WEP Parameters. */
+static gboolean wlan_force_dissection = FALSE;
+
/* Tables for reassembly of fragments. */
static GHashTable *wlan_fragment_table = NULL;
static GHashTable *wlan_reassembled_table = NULL;
@@ -3025,7 +3028,7 @@
* We have the entire packet, and it includes a 4-byte ICV.
* Slice it off, and put it into the tree.
*
- * We only support decrypting if we have the the ICV.
+ * We only support decrypting if we have the ICV.
*
* XXX - the ICV is encrypted; we're putting the encrypted
* value, not the decrypted value, into the tree.
@@ -3050,14 +3053,21 @@
"WEP ICV: 0x%08x (not verified)",
tvb_get_ntohl(tvb, hdr_len + ivlen + len));
- if (pinfo->ethertype != ETHERTYPE_CENTRINO_PROMISC)
- {
- /* Some wireless drivers (such as Centrino) WEP payload already decrypted */
- call_dissector(data_handle, next_tvb, pinfo, tree);
- goto end_of_wlan;
- }
- } else {
-
+ if ((pinfo->ethertype != ETHERTYPE_CENTRINO_PROMISC)
+ && (!wlan_force_dissection))
+ {
+ /* Some wireless drivers (such as Centrino) WEP payload already decrypted
+ Is it still useful ??? Does it not means that all packets with ethertype == ETHERTYPE_CENTRINO_PROMISC
+ will be dissected. What about others ?
+ */
+
+ /* Some wireless drivers (such as Madwifi-ng in Monitor Mode) WEP payload already decrypted but Link encap is UNSPEC.
+ Thus we may want to force the Dissection.
+ */
+ call_dissector(data_handle, next_tvb, pinfo, tree);
+ goto end_of_wlan;
+ }
+ } else {
if (tree)
proto_tree_add_uint_format (wep_tree, hf_wep_icv, tvb,
hdr_len + ivlen + len, 4,
@@ -3219,25 +3229,26 @@
ENDTRY;
switch (encap_type) {
-
+
case ENCAP_802_2:
call_dissector(llc_handle, next_tvb, pinfo, tree);
break;
-
+
case ENCAP_ETHERNET:
call_dissector(eth_withoutfcs_handle, next_tvb, pinfo, tree);
break;
-
+
case ENCAP_IPX:
call_dissector(ipx_handle, next_tvb, pinfo, tree);
break;
}
break;
}
- pinfo->fragmented = save_fragmented;
- end_of_wlan:
- tap_queue_packet(wlan_tap, pinfo, whdr);
+pinfo->fragmented = save_fragmented;
+
+end_of_wlan:
+tap_queue_packet(wlan_tap, pinfo, whdr);
}
/*
@@ -4157,6 +4168,12 @@
"Some 802.11 cards leave the WEP bit set even though the packet is decrypted.",
&wlan_ignore_wep);
+ prefs_register_bool_preference(wlan_module, "force_dissection",
+ "Force Dissection",
+ "Assume packets that fail WEP decryption (No/Bad key) are already decrypted keeping the WEP Parameters and dissect them. "
+ "Some 802.11 cards keeps the WEP Parameters even though the packet is decrypted. Thus we may want to force the Dissection when no key or no correct key is present.",
+ &wlan_force_dissection);
+
#ifndef USE_ENV
prefs_register_enum_preference(wlan_module, "wep_keys",
"WEP key count",