Comment # 2
on bug 13149
from Will Glynn
I've never before touched the Wireshark codebase, so please bear with me :-)
All the action here happens in epan/dissectors/packet-ieee80211.c.
An association request can be considered "non-FT" unless
dissect_ieee80211_mgt() -> ieee_80211_add_tagged_parameters() ->
add_tagged_field() ever calls dissect_mobility_domain(), in which case the
request should be considered "FT". add_tagged_field() -> dissect_rsn_ie() can
say if the AKM suite(s) should be considered "FT" or "non-FT", and that's what
should be highlighted if there's a mismatch -- but we can't know if there's a
mismatch until we're done dissecting all the other IEs.
I see two basic approaches:
1. I could make a new struct, plumb it down from dissect_ieee80211_mgt() for
the association/reassociation request cases to both IE dissectors, and then use
it to add expert info if appropriate once all the tagged parameters are
dissected.
2. Take the proto_tree *tagged_tree in dissect_ieee80211_mgt(), pass it to a
sanity-checking function, walk the tree, and add an expert info to the AKM
suite list iff it's found to be incorrect in the wider context. However, there
doesn't appear to be a lot of precedent for dissectors walking their own
dissection output...
Or, of course, option 3: something I haven't considered.
What would you suggest?
You are receiving this mail because:
- You are watching all bug changes.