Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-dev: [Wireshark-dev] ieee802.11 dissector patch for forcing WEP decryption (correctio

From: Frédéric Roudaut <frederic.roudaut@xxxxxxx>
Date: Wed, 27 Sep 2006 20:52:21 +0200
Hi ,

I just notice that I forgot to remove a definition not needed in the previous patch.
Here is the correction.

Best Regards,

---
Frederic Roudaut
Index: packet-ieee80211.c
===================================================================
--- packet-ieee80211.c	(r�vision 19338)
+++ packet-ieee80211.c	(copie de travail)
@@ -84,6 +84,9 @@
 /* Ignore the WEP bit; assume packet is decrypted */
 static gboolean wlan_ignore_wep = FALSE;
 
+/* Assume packets that fail WEP decryption (No/Bad key) are already decrypted keeping the WEP Parameters. */
+static gboolean wlan_force_dissection = FALSE;
+
 /* Tables for reassembly of fragments. */
 static GHashTable *wlan_fragment_table = NULL;
 static GHashTable *wlan_reassembled_table = NULL;
@@ -3025,7 +3028,7 @@
 	 * We have the entire packet, and it includes a 4-byte ICV.
 	 * Slice it off, and put it into the tree.
 	 *
-	 * We only support decrypting if we have the the ICV.
+	 * We only support decrypting if we have the ICV.
 	 *
 	 * XXX - the ICV is encrypted; we're putting the encrypted
 	 * value, not the decrypted value, into the tree.
@@ -3050,14 +3053,21 @@
 				    "WEP ICV: 0x%08x (not verified)",
 				    tvb_get_ntohl(tvb, hdr_len + ivlen + len));
 
-      if (pinfo->ethertype != ETHERTYPE_CENTRINO_PROMISC)
-      {
-        /* Some wireless drivers (such as Centrino) WEP payload already decrypted */
-        call_dissector(data_handle, next_tvb, pinfo, tree);
-        goto end_of_wlan;
-      }
-    } else {
-
+      if ((pinfo->ethertype != ETHERTYPE_CENTRINO_PROMISC) 
+	  && (!wlan_force_dissection))
+	{        
+	  /* Some wireless drivers (such as Centrino) WEP payload already decrypted 
+	     Is it still useful ??? Does it not means that all packets with ethertype == ETHERTYPE_CENTRINO_PROMISC
+	     will be dissected. What about others ?
+	  */
+	  	  
+	  /* Some wireless drivers (such as Madwifi-ng in Monitor Mode) WEP payload already decrypted but Link encap is UNSPEC.
+	     Thus we may want to force the Dissection.
+	  */		  
+	  call_dissector(data_handle, next_tvb, pinfo, tree);
+	  goto end_of_wlan;
+	}
+    } else {      
       if (tree)
 	proto_tree_add_uint_format (wep_tree, hf_wep_icv, tvb,
 				    hdr_len + ivlen + len, 4,
@@ -3219,25 +3229,26 @@
       ENDTRY;
 
       switch (encap_type) {
-
+	
       case ENCAP_802_2:
         call_dissector(llc_handle, next_tvb, pinfo, tree);
         break;
-
+	
       case ENCAP_ETHERNET:
         call_dissector(eth_withoutfcs_handle, next_tvb, pinfo, tree);
         break;
-
+	
       case ENCAP_IPX:
         call_dissector(ipx_handle, next_tvb, pinfo, tree);
         break;
       }
       break;
     }
-  pinfo->fragmented = save_fragmented;
 
-  end_of_wlan:
-  tap_queue_packet(wlan_tap, pinfo, whdr);
+pinfo->fragmented = save_fragmented;
+
+end_of_wlan:
+tap_queue_packet(wlan_tap, pinfo, whdr);
 }
 
 /*
@@ -4157,6 +4168,12 @@
 				 "Some 802.11 cards leave the WEP bit set even though the packet is decrypted.",
 				 &wlan_ignore_wep);
 
+  prefs_register_bool_preference(wlan_module, "force_dissection",
+				 "Force Dissection",
+				 "Assume packets that fail WEP decryption (No/Bad key) are already decrypted keeping the WEP Parameters and dissect them. "
+				 "Some 802.11 cards keeps the WEP Parameters even though the packet is decrypted. Thus we may want to force the Dissection when no key or no correct key is present.",
+				 &wlan_force_dissection);
+
 #ifndef USE_ENV
   prefs_register_enum_preference(wlan_module, "wep_keys",
 				 "WEP key count",