Wireshark-dev: Re: [Wireshark-dev] clarification on 802.11 dissector

From: francisco javier sanchez-roselly <franciscojavier.sanchezroselly@xxxxxxxx>
Date: Wed, 5 Dec 2018 16:39:55 +0100
hi Richard, i thank you for your fast answer.

> On 5 Dec 2018, at 16:04, Richard Sharpe <realrichardsharpe@xxxxxxxxx> wrote:
> 
> On Wed, Dec 5, 2018 at 6:47 AM francisco javier sanchez-roselly
> <franciscojavier.sanchezroselly@xxxxxxxx> wrote:
>> 
>> hi All, i am checking some 802.11 frames and i have two doubts taking into account 802.11-2016 standard.
>> 
>> the first one has to do with To DS and From DS bits. the dissector groups these bits as a ‘DS status’ field not defined in the standard. the meaning is clear, but in my opinion, this association breaks the endianness criterion for the rest of the frame fields.
> 
> The code dealing with those two fields was likely written well before
> IEEE80211-2016 or even IEEE80211-2012 were written. The standard may
> have changed in that area.
> 
>> my other suggestion refers to FCS field, as standard says the general convention is not followed for this field, and the highest order term is transmited first.
> 
> I think you have misunderstood and perhaps you are looking at the way
> we write the fields in a frame from left to right. The lowest order
> bit of each field is first on the wire, and the frames will generally
> be laid out in memory with the left most fields in the lowest
> addresses. On little endian systems the lowest order bytes will be in
> the lower addresses as well.

my understanding after reading the standard and checking same capture frames is, little endian -first bit sent is the most significant- is used inside fields. the standard is clear when field size is greater than 8 bits -first octet sent the one containing the less significant bit-, but for fields smaller than 8 bits nothing is clearly stated and Wireshark presentation seems reasonable -first field sent is the one containing the less significant bit-.

the point is that for FCS is literally says: 'Any field containinga CRC is an exception to this convention and is trasmitted commencing with the coefficient of the higest-order term.’ in my opinion this means the FCS is transmiitted a whole, not considering byte boundaries. in Wireshark CRC in wire is 0x3fca42e0 and the dissection is 0xe042ca3f, i guess the dissection should be 0x3fca42e0

i ask for the clarification because as professor these facts sometimes are relevant.

i appreciate your help and patience, regards.

francisco javier sanchez-roselly

>> please ask you to guide me if i am missing something. otherwise, i will be glad to contribute with any change in the code.
>> 
>> thanks, regards.
>> 
>> francisco javier sanchez-roselly
>> 
>> 
>> ___________________________________________________________________________
>> Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
>> Archives:    https://www.wireshark.org/lists/wireshark-dev
>> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
>>             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe
> 
> 
> 
> -- 
> Regards,
> Richard Sharpe
> (何以解憂?唯有杜康。--曹操)(传说杜康是酒的发明者)
> ___________________________________________________________________________
> Sent via:    Wireshark-dev mailing list <wireshark-dev@xxxxxxxxxxxxx>
> Archives:    https://www.wireshark.org/lists/wireshark-dev
> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
>             mailto:wireshark-dev-request@xxxxxxxxxxxxx?subject=unsubscribe