Hello,
can you please open a bug at bugs.wireshark.org and attach the patch there?
Does your patch distinguish between an 802.3/LLC/SNAP encapsulated frame
of length 3 and Ethertype 3?
This should be discussed in said new bug.
Thanks
Jörg
On Mon, Aug 06, 2012 at 05:10:36PM +0300, Emeltchenko Andrei wrote:
> From: Andrei Emeltchenko <andrei.emeltche...@intel.com>
>
> Decode 4-way handshake over 802.11 media packets like one shown below:
>
> ...
> Logical-Link Control
> DSAP: SNAP (0xaa)
> IG Bit: Individual
> SSAP: SNAP (0xaa)
> CR Bit: Command
> Control field: U, func=UI (0x03)
> Organization Code: Bluetooth (0x001958)
> Type: Bluetooth Security (0x0003)
> 802.1X Authentication
> Version: 802.1X-2001 (1)
> Type: Key (3)
> Length: 117
> Key Descriptor Type: EAPOL RSN Key (2)
> Key Information: 0x010a
> .... .... .... .010 = Key Descriptor Version: AES Cipher, HMAC-SHA1
> MIC (2)
> .... .... .... 1... = Key Type: Pairwise Key
> .... .... ..00 .... = Key Index: 0
> .... .... .0.. .... = Install: Not set
> .... .... 0... .... = Key ACK: Not set
> .... ...1 .... .... = Key MIC: Set
> .... ..0. .... .... = Secure: Not set
> .... .0.. .... .... = Error: Not set
> .... 0... .... .... = Request: Not set
> ...0 .... .... .... = Encrypted Key Data: Not set
> Key Length: 16
> Replay Counter: 1
> WPA Key Nonce: 768574f5be8f87e5564ef8eab556a26c2e1f0abc6ca256b5...
> Key IV: 00000000000000000000000000000000
> WPA Key RSC: 0000000000000000
> WPA Key ID: 0000000000000000
> WPA Key MIC: 0553a180d3415401216c080bac23d381
> WPA Key Data Length: 22
> WPA Key Data: 30140100000fac040100000fac040100000fac020000
> ...
> ---
> epan/dissectors/packet-eapol.c | 1 +
> epan/dissectors/packet-ethertype.c | 1 +
> epan/dissectors/packet-llc.c | 3 +++
> epan/etypes.h | 4 ++++
> epan/oui.h | 1 +
> 5 files changed, 10 insertions(+)
>
> diff --git a/epan/dissectors/packet-eapol.c b/epan/dissectors/packet-eapol.c
> index 304bba8..54081cd 100644
> --- a/epan/dissectors/packet-eapol.c
> +++ b/epan/dissectors/packet-eapol.c
> @@ -517,4 +517,5 @@ proto_reg_handoff_eapol(void)
> eapol_handle = create_dissector_handle(dissect_eapol, proto_eapol);
> dissector_add_uint("ethertype", ETHERTYPE_EAPOL, eapol_handle);
> dissector_add_uint("ethertype", ETHERTYPE_RSN_PREAUTH, eapol_handle);
> + dissector_add_uint("ethertype", ETHERTYPE_BT_SECURITY, eapol_handle);
> }
> diff --git a/epan/dissectors/packet-ethertype.c
> b/epan/dissectors/packet-ethertype.c
> index 6a357cd..00ed2a4 100644
> --- a/epan/dissectors/packet-ethertype.c
> +++ b/epan/dissectors/packet-ethertype.c
> @@ -49,6 +49,7 @@ static dissector_table_t ethertype_dissector_table;
> static dissector_handle_t data_handle;
>
> const value_string etype_vals[] = {
> + { ETHERTYPE_BT_SECURITY, "Bluetooth Security" },
> { ETHERTYPE_IP, "IP" },
> { ETHERTYPE_IPv6, "IPv6" },
> { ETHERTYPE_VLAN, "802.1Q Virtual LAN" },
> diff --git a/epan/dissectors/packet-llc.c b/epan/dissectors/packet-llc.c
> index e5a5203..61b47cc 100644
> --- a/epan/dissectors/packet-llc.c
> +++ b/epan/dissectors/packet-llc.c
> @@ -207,6 +207,7 @@
> http://www.cisco.com/univercd/cc/td/doc/product/software/ios113ed/113ed_cr/ibm_r
> { OUI_SONY_ERICSSON_5, "Sony Ericsson Mobile Communications AB" },
> { OUI_SONY_ERICSSON_6, "Sony Ericsson Mobile Communications AB" },
> { OUI_SONY_ERICSSON_7, "Sony Ericsson Mobile Communications AB" },
> + { OUI_BLUETOOTH, "Bluetooth" },
> { OUI_SONY_ERICSSON_8, "Sony Ericsson Mobile Communications AB" },
> { OUI_IEEE_802_1QBG, "IEEE 802.1Qbg" },
> { OUI_TURBOCELL, "Karlnet (Turbocell)" },
> @@ -358,6 +359,7 @@ capture_snap(const guchar *pd, int offset, int len,
> packet_counts *ld)
>
> case OUI_ENCAP_ETHER:
> case OUI_CISCO_90:
> + case OUI_BLUETOOTH:
> case OUI_APPLE_ATALK:
> /* No, I have no idea why Apple used
> one of their own OUIs, rather than
> @@ -615,6 +617,7 @@ dissect_snap(tvbuff_t *tvb, int offset, packet_info
> *pinfo, proto_tree *tree,
> break;
>
> case OUI_ENCAP_ETHER:
> + case OUI_BLUETOOTH:
> case OUI_CISCO_90:
> case OUI_APPLE_ATALK:
> /* No, I have no idea why Apple used
> diff --git a/epan/etypes.h b/epan/etypes.h
> index c208265..33bb20f 100644
> --- a/epan/etypes.h
> +++ b/epan/etypes.h
> @@ -41,6 +41,10 @@
> #define ETHERTYPE_UNK 0x0000
> #endif
>
> +#ifndef ETHERTYPE_BT_SECURITY
> +#define ETHERTYPE_BT_SECURITY 0x0003
> +#endif
> +
> /* Sources:
> * http://www.iana.org/assignments/ethernet-numbers
> * TCP/IP Illustrated, Volume 1
> diff --git a/epan/oui.h b/epan/oui.h
> index f06b7fc..cdfe19b 100644
> --- a/epan/oui.h
> +++ b/epan/oui.h
> @@ -59,6 +59,7 @@
> #define OUI_SONY_ERICSSON_5 0x001620 /* Sony Ericsson Mobile
> Communications AB */
> #define OUI_SONY_ERICSSON_6 0x0016B8 /* Sony Ericsson Mobile
> Communications AB */
> #define OUI_SONY_ERICSSON_7 0x001813 /* Sony Ericsson Mobile
> Communications AB */
> +#define OUI_BLUETOOTH 0x001958 /* Bluetooth SIG */
> #define OUI_SONY_ERICSSON_8 0x001963 /* Sony Ericsson Mobile
> Communications AB */
> #define OUI_IEEE_802_1QBG 0x001B3F /* IEEE 802.1 Qbg */
> #define OUI_TURBOCELL 0x0020F6 /* KarlNet, who brought you
> Turbocell */
> --
> 1.7.9.5
>
> ___________________________________________________________________________
> Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org>
> Archives: http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
> mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
--
Joerg Mayer <jma...@loplof.de>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.
___________________________________________________________________________
Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org>
Archives: http://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
