Re: clarification on 802.11 dissector

[Richard Sharpe <realrichardsharpe () gmail com>]

On Wed, Dec 5, 2018 at 7:40 AM francisco javier sanchez-roselly
<franciscojavier.sanchezroselly () ujaen es> wrote:
> hi Richard, i thank you for your fast answer.
>
> > On 5 Dec 2018, at 16:04, Richard Sharpe <realrichardsharpe () gmail com> wrote:
> >
> > On Wed, Dec 5, 2018 at 6:47 AM francisco javier sanchez-roselly
> > <franciscojavier.sanchezroselly () ujaen es> wrote:
> > > hi All, i am checking some 802.11 frames and i have two doubts taking into account 802.11-2016 standard.
> > >
> > > the first one has to do with To DS and From DS bits. the dissector groups these bits as a ‘DS status’ field not 
> > > defined in the standard. the meaning is clear, but in my opinion, this association breaks the endianness criterion 
> > > for the rest of the frame fields.
> >
> > The code dealing with those two fields was likely written well before
> > IEEE80211-2016 or even IEEE80211-2012 were written. The standard may
> > have changed in that area.
> >
> > > my other suggestion refers to FCS field, as standard says the general convention is not followed for this field, 
> > > and the highest order term is transmited first.
> >
> > I think you have misunderstood and perhaps you are looking at the way
> > we write the fields in a frame from left to right. The lowest order
> > bit of each field is first on the wire, and the frames will generally
> > be laid out in memory with the left most fields in the lowest
> > addresses. On little endian systems the lowest order bytes will be in
> > the lower addresses as well.
>
> my understanding after reading the standard and checking same capture frames is, little endian -first bit sent is the 
> most significant- is used inside fields. the standard is clear when field size is greater than 8 bits -first octet 
> sent the one containing the less significant bit-, but for fields smaller than 8 bits nothing is clearly stated and 
> Wireshark presentation seems reasonable -first field sent is the one containing the less significant bit-.
>
> the point is that for FCS is literally says: 'Any field containinga CRC is an exception to this convention and is 
> trasmitted commencing with the coefficient of the higest-order term.’ in my opinion this means the FCS is 
> transmiitted a whole, not considering byte boundaries. in Wireshark CRC in wire is 0x3fca42e0 and the dissection is 
> 0xe042ca3f, i guess the dissection should be 0x3fca42e0

You have raised an interesting question. I checked IEEE802.11-2016 and
it says exactly what you have said.

I would have to check the CRC checking code to see what it is doing,
and I have not done that yet, but perhaps we should be displaying the
CRC in the opposite order.

-- 
Regards,
Richard Sharpe
(何以解憂？唯有杜康。--曹操)(传说杜康是酒的发明者)
___________________________________________________________________________
Sent via:    Wireshark-dev mailing list <wireshark-dev () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-dev
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-dev
             mailto:wireshark-dev-request () wireshark org?subject=unsubscribe