#518: WPA-PSK: superfluous bytes at end of packet
------------------------------+---------------------------------------------
Reporter: [EMAIL PROTECTED] | Owner:
Type: defect | Status: new
Priority: major | Milestone:
Component: madwifi: driver | Version: trunk
Keywords: | Patch_attached: 0
------------------------------+---------------------------------------------
* Version: madwifi-ng-r1497-20060407 (+ wpa_supplicant-0.5.2)
* Hardware: [lspci] Atheros Communications, Inc. AR5212 802.11abg NIC
(rev 01) [in IBM T43p]
* AP: netgear WGR614 v6
== Symptom ==
When receiving (WPA enabled) a DHCP reply, the dhclient (v 3.0.2)
complains, that it receives a packet with a different size than expected:
----------
$ dhclient ath0[[BR]]
(...)[[BR]]
DHCPREQUEST on ath0 to 255.255.255.255 port 67[[BR]]
ip length '''314''' disagrees with bytes received '''534'''.[[BR]]
accepting packet with data after udp payload.[[BR]]
DHCPACK from x.x.x.x[[BR]]
bound to y.y.y.y -- renewal in z seconds.[[BR]]
-----------
== Analysis ==
An ehterreal dump on device ath0 indeed shows, that the received DHCP
reply has the following properties
* the packet captured is 548 bytes (which is '''534''' + 14 bytes ether
header)
* The IP payload, according to the IP header, is only 294 Bytes
('''314''' - 20 bytes IP header)
* After the 294 bytes payload follow 220 NUL bytes (294 + 20 + 220 =
534)
So it seems, that the ethernet packet received is indeed 220 bytes larger
than needed, padded with NUL bytes.
My vague assumption is, that these are leftovers from decryption
(initialization vector and padding) that are not stripped away with
skb_trim() after decrypting.
--
Ticket URL: <http://madwifi.org/ticket/518>
MadWifi <http://madwifi.org/>
Multiband Atheros Driver for Wireless Fidelity
