QosControl missing in eapol key exchanging message
michal.kazior at tieto.com
Sun Feb 22 22:27:24 PST 2015
On 20 February 2015 at 15:20, Shu, Nick <Nick.Shu at spirent.com> wrote:
> Hi, Group:
> I'm using a mini PICe wifi AC NIC & ath10k driver to connect to a Cisco AP. Doing a WPA-PSK authentication that has a 4 way handshake.
> When I use wireshark to decode the captured wifi message (Qos Key message 2of 4 is from Sta to AP), I noticed that QoS Control section (0x0007) missing in header, that caused wireshark to not be able to decode the message.
> Does anybody knows about this? Any particular reason? Does this violate the spec for message building?
I assume you started wireshark on host with ath10k. In that case
packets the machine transmits will be mangled. The reason is ath10k
needs to strip the QoS Control from each QoS Data frame because
firmware expects the frame in the so called "Native Wifi" format and
QoS is delivered out-of-band (as meta information in Tx command).
I guess this could be a little improved by stripping the QoS Data bit
from Frame Type so that wireshark can decode frames properly at the
cost of not knowing which frames were sent as QoS and non-QoS anymore.
More information about the ath10k