On Apr 23, 2014, at 9:02 PM, Guy Harris <g...@alum.mit.edu> wrote:
> So is there any technical reason *not* to dissect the frame by:
>
> if that octet doesn't have the upper 6 bits as 010101, report it as an
> error;
>
> if that octet is 0x55, show it as a preamble octet, and treat the frame
> as not encrypted;
>
> if that octet is 0x54, report it as an error, as encryption is disabled
> but the security octet is *not* 0x55;
>
> if that octet is 0x56, report it as "encryption enabled, key ID 0", and
> treat the frame as encrypted;
>
> if that octet is 0x57, report it as "encryption enabled, key ID 1", and
> treat the frame as encrypted;
>
> with no preference needed?
Or, as per 6.2 "10G Zero-Overhead Cipher Suite (10Down, 10Bi)" (hey, I'll take
10Gb to the home, or even the neighborhood!):
if that octet has the value 01010101, show it as a preamble octet, and
treat the frame as not encrypted;
if that octet has the value XXXXXX00, where XXXXXX is not 010101,
report it as an error, as encryption is disabled but the security octet is
*not* 0x55;
if that octet has the value XXXXXX10, report it as "encryption enabled,
key ID 0", treat the frame as encrypted, and show XXXXXX as "LSB of the MPCP
time of the frame DA at the transmitter";
if that octet has the value XXXXXX11, report it as "encryption enabled,
key ID 1", treat the frame as encrypted, and show XXXXXX as "LSB of the MPCP
time of the frame DA at the transmitter".
_______________________________________________
tcpdump-workers mailing list
tcpdump-workers@lists.tcpdump.org
https://lists.sandelman.ca/mailman/listinfo/tcpdump-workers
