[Joerg Mayer <jmayer@xxxxxxxxx>]

Hello,

can you please open a bug at bugs.wireshark.org and attach the patch there?
Does your patch distinguish between an 802.3/LLC/SNAP encapsulated frame
of length 3 and Ethertype 3?
This should be discussed in said new bug.

Thanks
    Jörg

On Mon, Aug 06, 2012 at 05:10:36PM +0300, Emeltchenko Andrei wrote:
> From: Andrei Emeltchenko <andrei.emeltchenko@xxxxxxxxx>
> 
> Decode 4-way handshake over 802.11 media packets like one shown below:
> 
> ...
> Logical-Link Control
>     DSAP: SNAP (0xaa)
>     IG Bit: Individual
>     SSAP: SNAP (0xaa)
>     CR Bit: Command
>     Control field: U, func=UI (0x03)
>     Organization Code: Bluetooth (0x001958)
>     Type: Bluetooth Security (0x0003)
> 802.1X Authentication
>     Version: 802.1X-2001 (1)
>     Type: Key (3)
>     Length: 117
>     Key Descriptor Type: EAPOL RSN Key (2)
>     Key Information: 0x010a
>         .... .... .... .010 = Key Descriptor Version: AES Cipher, HMAC-SHA1 MIC (2)
>         .... .... .... 1... = Key Type: Pairwise Key
>         .... .... ..00 .... = Key Index: 0
>         .... .... .0.. .... = Install: Not set
>         .... .... 0... .... = Key ACK: Not set
>         .... ...1 .... .... = Key MIC: Set
>         .... ..0. .... .... = Secure: Not set
>         .... .0.. .... .... = Error: Not set
>         .... 0... .... .... = Request: Not set
>         ...0 .... .... .... = Encrypted Key Data: Not set
>     Key Length: 16
>     Replay Counter: 1
>     WPA Key Nonce: 768574f5be8f87e5564ef8eab556a26c2e1f0abc6ca256b5...
>     Key IV: 00000000000000000000000000000000
>     WPA Key RSC: 0000000000000000
>     WPA Key ID: 0000000000000000
>     WPA Key MIC: 0553a180d3415401216c080bac23d381
>     WPA Key Data Length: 22
>     WPA Key Data: 30140100000fac040100000fac040100000fac020000
> ...
> ---
>  epan/dissectors/packet-eapol.c     |    1 +
>  epan/dissectors/packet-ethertype.c |    1 +
>  epan/dissectors/packet-llc.c       |    3 +++
>  epan/etypes.h                      |    4 ++++
>  epan/oui.h                         |    1 +
>  5 files changed, 10 insertions(+)
> 
> diff --git a/epan/dissectors/packet-eapol.c b/epan/dissectors/packet-eapol.c
> index 304bba8..54081cd 100644
> --- a/epan/dissectors/packet-eapol.c
> +++ b/epan/dissectors/packet-eapol.c
> @@ -517,4 +517,5 @@ proto_reg_handoff_eapol(void)
>    eapol_handle = create_dissector_handle(dissect_eapol, proto_eapol);
>    dissector_add_uint("ethertype", ETHERTYPE_EAPOL, eapol_handle);
>    dissector_add_uint("ethertype", ETHERTYPE_RSN_PREAUTH, eapol_handle);
> +  dissector_add_uint("ethertype", ETHERTYPE_BT_SECURITY, eapol_handle);
>  }
> diff --git a/epan/dissectors/packet-ethertype.c b/epan/dissectors/packet-ethertype.c
> index 6a357cd..00ed2a4 100644
> --- a/epan/dissectors/packet-ethertype.c
> +++ b/epan/dissectors/packet-ethertype.c
> @@ -49,6 +49,7 @@ static dissector_table_t ethertype_dissector_table;
>  static dissector_handle_t data_handle;
>  
>  const value_string etype_vals[] = {
> +	{ ETHERTYPE_BT_SECURITY,          "Bluetooth Security" },
>  	{ ETHERTYPE_IP,                   "IP" },
>  	{ ETHERTYPE_IPv6,                 "IPv6" },
>  	{ ETHERTYPE_VLAN,                 "802.1Q Virtual LAN" },
> diff --git a/epan/dissectors/packet-llc.c b/epan/dissectors/packet-llc.c
> index e5a5203..61b47cc 100644
> --- a/epan/dissectors/packet-llc.c
> +++ b/epan/dissectors/packet-llc.c
> @@ -207,6 +207,7 @@ http://www.cisco.com/univercd/cc/td/doc/product/software/ios113ed/113ed_cr/ibm_r
>  	{ OUI_SONY_ERICSSON_5,	"Sony Ericsson Mobile Communications AB" },
>  	{ OUI_SONY_ERICSSON_6,	"Sony Ericsson Mobile Communications AB" },
>  	{ OUI_SONY_ERICSSON_7,	"Sony Ericsson Mobile Communications AB" },
> +	{ OUI_BLUETOOTH,	"Bluetooth" },
>  	{ OUI_SONY_ERICSSON_8,	"Sony Ericsson Mobile Communications AB" },
>  	{ OUI_IEEE_802_1QBG,	"IEEE 802.1Qbg" },
>  	{ OUI_TURBOCELL,		"Karlnet (Turbocell)" },
> @@ -358,6 +359,7 @@ capture_snap(const guchar *pd, int offset, int len, packet_counts *ld)
>  
>  	case OUI_ENCAP_ETHER:
>  	case OUI_CISCO_90:
> +	case OUI_BLUETOOTH:
>  	case OUI_APPLE_ATALK:
>  		/* No, I have no idea why Apple used
>  		   one of their own OUIs, rather than
> @@ -615,6 +617,7 @@ dissect_snap(tvbuff_t *tvb, int offset, packet_info *pinfo, proto_tree *tree,
>  		break;
>  
>  	case OUI_ENCAP_ETHER:
> +	case OUI_BLUETOOTH:
>  	case OUI_CISCO_90:
>  	case OUI_APPLE_ATALK:
>  		/* No, I have no idea why Apple used
> diff --git a/epan/etypes.h b/epan/etypes.h
> index c208265..33bb20f 100644
> --- a/epan/etypes.h
> +++ b/epan/etypes.h
> @@ -41,6 +41,10 @@
>  #define ETHERTYPE_UNK			0x0000
>  #endif
>  
> +#ifndef ETHERTYPE_BT_SECURITY
> +#define ETHERTYPE_BT_SECURITY		0x0003
> +#endif
> +
>  /* Sources:
>   * http://www.iana.org/assignments/ethernet-numbers
>   * TCP/IP Illustrated, Volume 1
> diff --git a/epan/oui.h b/epan/oui.h
> index f06b7fc..cdfe19b 100644
> --- a/epan/oui.h
> +++ b/epan/oui.h
> @@ -59,6 +59,7 @@
>  #define OUI_SONY_ERICSSON_5 0x001620    /* Sony Ericsson Mobile Communications AB */
>  #define OUI_SONY_ERICSSON_6 0x0016B8    /* Sony Ericsson Mobile Communications AB */
>  #define OUI_SONY_ERICSSON_7 0x001813    /* Sony Ericsson Mobile Communications AB */
> +#define OUI_BLUETOOTH       0x001958    /* Bluetooth SIG */
>  #define OUI_SONY_ERICSSON_8 0x001963    /* Sony Ericsson Mobile Communications AB */
>  #define OUI_IEEE_802_1QBG   0x001B3F    /* IEEE 802.1 Qbg */
>  #define OUI_TURBOCELL       0x0020F6    /* KarlNet, who brought you Turbocell */
> -- 
> 1.7.9.5
> 
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-dev
>              mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe

-- 
Joerg Mayer                                           <jmayer@xxxxxxxxx>
We are stuck with technology when what we really want is just stuff that
works. Some say that should read Microsoft instead of technology.