radiotap.netbsd.org archive mirror
 help / color / mirror / Atom feed
* [RFC] extended flags
@ 2015-10-21 11:24 Johannes Berg
  0 siblings, 0 replies; only message in thread
From: Johannes Berg @ 2015-10-21 11:24 UTC (permalink / raw)
  To: radiotap-S783fYmB3Ccdnm+yROfE0A

I'd like to define flags to indicate
 * frame was decrypted (FC protected bit is set, but data is decrypted)
 * or not - frame is known to be encrypted
 * in this case - (ext)IV is present
 * in this case - MIC isn't present

Wireshark can be configured for this (apart from the MIC case), but
it's tedious to configure it according to the capture file you happen
to have at hand.

I suggest to define the following field:

= extended flags =

 Bit Number:: 22 (not assigned yet)
 Structure:: u32 flags
 Required Alignment:: 4
 Unit(s):: n/a

This field defines decryption flags for frames. The following flags are
defined:

|| '''value''' || '''meaning''' ||
|| `0x00000001` || frame is decrypted (but FC protected bit is set) ||
|| `0x00000002` || frame is encrypted (FC protected bit is also set) ||
|| `0x00000004` || (ext) IV is still present (reserved if 0x1 isn't set) ||
|| `0x00000008` || MIC is not present (should only be used if FCS is also not present, reserved if 0x1 isn't set) ||
|| `0xfffffff0` || (reserved) ||

If there are no objections I'll work on a wireshark patch (though
probably only in about two weeks from now, since I'll be travelling)

johannes

^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2015-10-21 11:24 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-10-21 11:24 [RFC] extended flags Johannes Berg

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).