RadioTap Archive on lore.kernel.org
 help / color / Atom feed
* crypto flag?
@ 2011-12-07 18:50 Johannes Berg
       [not found] ` <1323283809.3404.49.camel-8upI4CBIZJIJvtFkdXX2HixXY32XiHfO@public.gmane.org>
  0 siblings, 1 reply; 3+ messages in thread
From: Johannes Berg @ 2011-12-07 18:50 UTC (permalink / raw)
  To: radiotap-sUITvd46vNxg9hUCZPvPmw

Hi,

Just wanted to see what people think ... I frequently find myself with
different pcap files:

 * OTA files: completely encrypted frames
 * locally created files (HW crypto): IV present but frame not encrypted
 * (infrequently, with other HW: files that have protection bit w/o IVs)

wireshark has a setting for this, but I find myself switching it around
all the time.

What would you think about a radiotap flag that tells wireshark what
happened in the packet?

johannes

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: crypto flag?
       [not found] ` <1323283809.3404.49.camel-8upI4CBIZJIJvtFkdXX2HixXY32XiHfO@public.gmane.org>
@ 2011-12-07 19:47   ` Guy Harris
       [not found]     ` <6561D89F-D6B0-47B6-9DCC-ABDC3BAD9452-FrUbXkNCsVf2fBVCVOL8/A@public.gmane.org>
  0 siblings, 1 reply; 3+ messages in thread
From: Guy Harris @ 2011-12-07 19:47 UTC (permalink / raw)
  To: radiotap


On Dec 7, 2011, at 10:50 AM, Johannes Berg wrote:

> What would you think about a radiotap flag that tells wireshark what
> happened in the packet?

Other than saying "that tells the program reading the file what happened in the packet" - this shouldn't be thought of as Wireshark-specific - a flag of that sort makes sense; if there's some information that is necessary or every very helpful when processing a file, and the program that generates the file knows that information, the ideal is to have that information stored in the file somewhere that allows programs reading the file to get it.

^ permalink raw reply	[flat|nested] 3+ messages in thread

* Re: crypto flag?
       [not found]     ` <6561D89F-D6B0-47B6-9DCC-ABDC3BAD9452-FrUbXkNCsVf2fBVCVOL8/A@public.gmane.org>
@ 2011-12-07 21:07       ` Johannes Berg
  0 siblings, 0 replies; 3+ messages in thread
From: Johannes Berg @ 2011-12-07 21:07 UTC (permalink / raw)
  To: radiotap

On Wed, 2011-12-07 at 11:47 -0800, Guy Harris wrote:
> On Dec 7, 2011, at 10:50 AM, Johannes Berg wrote:
> 
> > What would you think about a radiotap flag that tells wireshark what
> > happened in the packet?
> 
> Other than saying "that tells the program reading the file what
> happened in the packet" - this shouldn't be thought of as
> Wireshark-specific - a flag of that sort makes sense; if there's some
> information that is necessary or every very helpful when processing a
> file, and the program that generates the file knows that information,
> the ideal is to have that information stored in the file somewhere
> that allows programs reading the file to get it.

Yes, you're right, it's not wireshark specific. I think that we know
this information when generating, and if not we can leave it out.

I think it'd have to be something like

name: crypto flags
bit number: xxx
structure: u8
unit: bitmap

0x01: IV present
0x02: frame encrypted
...

come to think of it, we could record a bit more info about crypto I
guess, at least in the case where we actually have keys (which happens
if you record on the same machine that is doing something)

I'll think about this a bit more to see if there's something else we can
record.

johannes

^ permalink raw reply	[flat|nested] 3+ messages in thread

end of thread, back to index

Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2011-12-07 18:50 crypto flag? Johannes Berg
     [not found] ` <1323283809.3404.49.camel-8upI4CBIZJIJvtFkdXX2HixXY32XiHfO@public.gmane.org>
2011-12-07 19:47   ` Guy Harris
     [not found]     ` <6561D89F-D6B0-47B6-9DCC-ABDC3BAD9452-FrUbXkNCsVf2fBVCVOL8/A@public.gmane.org>
2011-12-07 21:07       ` Johannes Berg

RadioTap Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/radiotap/0 radiotap/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 radiotap radiotap/ https://lore.kernel.org/radiotap \
		radiotap@radiotap.org
	public-inbox-index radiotap

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.netbsd.radiotap


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git