https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3156
Summary: Reassociation loses old keys and ability to decrypt
older packets
Product: Wireshark
Version: SVN
Platform: PC
OS/Version: All
Status: NEW
Severity: Enhancement
Priority: Low
Component: Wireshark
AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
ReportedBy: gregs@xxxxxxxxxxx
CC: gregs@xxxxxxxxxxx
Greg Schwendimann <gregs@xxxxxxxxxxx> changed:
What |Removed |Added
----------------------------------------------------------------------------
Attachment #2594| |review_for_checkin?
Flag| |
Created an attachment (id=2594)
--> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=2594)
a patch to allow for multiple security associations to be cached
Build Information:
Paste the COMPLETE build information from "Help->About Wireshark", "wireshark
-v", or "tshark -v".
--
Airpdcap does not allow for more than one key to be stored for a pair of nodes.
This means that when a device associates more than once the previous keys are
lost. This is ok for the first pass as the newest key is all that is needed
but when the user tries to click on a packet, to get the tree, which used a
previous key all that is seen is the encrypted data. The attached patch stores
previous associations in a linked list and will try all known keys before
decided the packet can't be decrypted. The list of keys is garbage collected
when a new capture is started.
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
