Although this patch successfully recognizes group keys and decrypts packets
properly using the group key, there is a limitation. If an AP is using key
rotation, clicking on individual packets in a trace may not properly decrypt a
packet encrypted with a group key. This is because the current structure used
in Wireshark only supports one active unicast and one active group key. If a
new key has been seen, but you are looking at a packet encrypted with an older
key, it will not decrypt. The summary lines, however, do show the packets
properly decrypted.
I've written up a much longer and more detailed explanation in a comment in the
code, along with a proposed idea for a solution, plus a clunky work-around in
the GUI when using the current code.
I also suspect there might still be a problem with decrypting TKIP groups keys
that are sent using WPA2 authentication. In the most common operation, if you
are using WPA2, you'll also be using AES keys. It's not a common AP
configuration to use WPA2 with TKIP. In fact, most APs don't seem to support
it. Since it is an uncommon setup, I haven't put aside the time to test this
patch against such an AP. I do have access to an AP that supports this, so
when I have the time I'll test it and if needed, will submit another patch to
handle that odd-ball condition.
From me:
Remove the decrypt element of s_rijndael_ctx (which was unused, as indicated
in the comments).
Preserve the GPL licensing text in several files (which the patch shouldn't
have removed).
Remove changes that added whitespace.
Convert C++-style comments to C-style.
Update to include recent SVN changes (e.g. renaming variables named "index").
Remove extraneous printf's.
Define DEBUG_DUMP in airpdcap_debug.h.
Comment out some instances of DEBUG_DUMP.
Change malloc/free to g_malloc/g_free.
Use g_memdup instead of allocating and copying.
Use gint16 instead of INT16 in airpdcap_rijndael.c.
Add Brian to AUTHORS.
svn path=/trunk/; revision=25879
The MEGACO dissector issues an error when a command "AuditValue" is captured
[Packet size limited during capture: MEGACO truncated], but the packet seems to
be OK. See the example attached.
svn path=/trunk/; revision=25868
Fix for https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=2453
The patch fixes the problem by extending the original "outstanding stuff"
approach.
Now the pointer itself won't be NULLified, instead we track the pointers with
their expiry state in structs in the outstanding_stuff list.
The Lua objects refers to those structs instead of the actual pointers and
checks the expiry state of the pointers before accessing them.
The pointers are marked expired when the dissection of the frame is finished
and the allocated struct is freed by Lua's garbage collector.
If the garbage collector hits the struct when it holds a not expired pointer,
it marks it as expired (that means we don't have any object in Lua referring to
the pointer) and the struct will be freed at the end of the dissection of the
frame.
this is for the 1.0 branch
svn path=/trunk/; revision=25845
Follow-up from SVN 25825 check in
The g_slist_free() is really needed in export_object.c, otherwise, the export
list has false (repetitive) entries in it, that cause a crash when selecting
them.
Whether false entries are in the list, only depends on the speed of the export
processing, since this tap is
Replaced all guchar with gchar. This should eliminate the warnings on solaris.
I guess I used the wrong reference.
Added patch for 'Authors' in case I need to add myself to the list.
svn path=/trunk/; revision=25834
Still seeing these errors...
packet-dcm.c: In function `dcm_uid_or_desc':
packet-dcm.c:960: warning: pointer type mismatch in conditional expression
packet-dcm.c: At top level:
packet-dcm.c:229: warning: 'dcm_desegment_headers' defined but not used
svn path=/trunk/; revision=25828