Wireshark-bugs: [Wireshark-bugs] [Bug 3156] New: Reassociation loses old keys and ability to dec
Date: Mon, 22 Dec 2008 10:01:13 -0800 (PST)
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=3156

           Summary: Reassociation loses old keys and ability to decrypt
                    older packets
           Product: Wireshark
           Version: SVN
          Platform: PC
        OS/Version: All
            Status: NEW
          Severity: Enhancement
          Priority: Low
         Component: Wireshark
        AssignedTo: wireshark-bugs@xxxxxxxxxxxxx
        ReportedBy: gregs@xxxxxxxxxxx
                CC: gregs@xxxxxxxxxxx



Greg Schwendimann <gregs@xxxxxxxxxxx> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
   Attachment #2594|                            |review_for_checkin?
               Flag|                            |


Created an attachment (id=2594)
 --> (https://bugs.wireshark.org/bugzilla/attachment.cgi?id=2594)
a patch to allow for multiple security associations to be cached

Build Information:
Paste the COMPLETE build information from "Help->About Wireshark", "wireshark
-v", or "tshark -v".
--
Airpdcap does not allow for more than one key to be stored for a pair of nodes.
 This means that when a device associates more than once the previous keys are
lost.  This is ok for the first pass as the newest key is all that is needed
but when the user tries to click on a packet, to get the tree, which used a
previous key all that is seen is the encrypted data.  The attached patch stores
previous associations in a linked list and will try all known keys before
decided the packet can't be decrypted.  The list of keys is garbage collected
when a new capture is started.


-- 
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.