On Mon, Sep 30, 2019 at 7:57 PM Pascal Quantin <pas...@wireshark.org> wrote:
> Hi Achuthan, > > Le lun. 30 sept. 2019 à 19:53, Achuthan Paramanathan <a...@kamstrup.com> a > écrit : > >> Dear wireshark, >> >> >> >> I recently noticed that decryption of downlink traffic in wireshark - >> Version 3.0.3 is not done properly. Even though it is marked as correct >> decoded in wireshark view. The uplink traffic is decrypted correctly. >> >> >> >> I then had a look in the code (*master branch*) >> “../dissectors/packet-lorawan.c” line 795 >> >> Here, the function decrypt_lorawan_frame_payload() which takes in an >> argument dir, in this case it is statically set to 0 indicating uplink >> traffic. This will work as long as the traffic is uplink, however in >> downlink this will result in an wrong decryption. >> >> >> >> My suggestion is to use the flag “uplink” which is set to FALSE in line >> 753 when mac_mtype is of type downlink, as dir argument in function call >> decrypt_lorawan_frame_payload() >> > > Could you please fill a bug on https://bugs.wireshark.org with a pcap > containing a bit of UL and DL traffic? It would allow to verify your fix > proposal. > > Thanks for the help, > Pascal. > >> >> > ___________________________________________________________________________ > Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> > Archives: https://www.wireshark.org/lists/wireshark-dev > Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev > mailto:wireshark-dev-requ...@wireshark.org > ?subject=unsubscribe It would be great to have a pcap, please don't forget to include the keys to decrypt it. I will be happy to update the dissector. Regards, Erik
___________________________________________________________________________ Sent via: Wireshark-dev mailing list <wireshark-dev@wireshark.org> Archives: https://www.wireshark.org/lists/wireshark-dev Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev mailto:wireshark-dev-requ...@wireshark.org?subject=unsubscribe
