2001-11-06 20:30:40 +00:00
|
|
|
/* packet-eap.c
|
2002-02-25 23:28:32 +00:00
|
|
|
* Routines for EAP Extensible Authentication Protocol dissection
|
2004-06-28 05:41:50 +00:00
|
|
|
* RFC 2284, RFC 3748
|
2001-11-06 20:30:40 +00:00
|
|
|
*
|
2004-07-18 00:24:25 +00:00
|
|
|
* $Id$
|
2001-11-06 20:30:40 +00:00
|
|
|
*
|
2006-05-21 04:49:01 +00:00
|
|
|
* Wireshark - Network traffic analyzer
|
|
|
|
* By Gerald Combs <gerald@wireshark.org>
|
2001-11-06 20:30:40 +00:00
|
|
|
* Copyright 1998 Gerald Combs
|
2002-08-28 21:04:11 +00:00
|
|
|
*
|
2001-11-06 20:30:40 +00:00
|
|
|
* This program is free software; you can redistribute it and/or
|
|
|
|
* modify it under the terms of the GNU General Public License
|
|
|
|
* as published by the Free Software Foundation; either version 2
|
|
|
|
* of the License, or (at your option) any later version.
|
2002-08-28 21:04:11 +00:00
|
|
|
*
|
2001-11-06 20:30:40 +00:00
|
|
|
* This program is distributed in the hope that it will be useful,
|
|
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
* GNU General Public License for more details.
|
2002-08-28 21:04:11 +00:00
|
|
|
*
|
2001-11-06 20:30:40 +00:00
|
|
|
* You should have received a copy of the GNU General Public License
|
|
|
|
* along with this program; if not, write to the Free Software
|
|
|
|
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#ifdef HAVE_CONFIG_H
|
|
|
|
# include "config.h"
|
|
|
|
#endif
|
|
|
|
|
|
|
|
#include <glib.h>
|
2002-01-21 07:37:49 +00:00
|
|
|
#include <epan/packet.h>
|
2002-03-23 21:24:38 +00:00
|
|
|
#include <epan/conversation.h>
|
2005-09-17 00:02:31 +00:00
|
|
|
#include <epan/ppptypes.h>
|
2005-02-09 23:38:00 +00:00
|
|
|
#include <epan/reassemble.h>
|
2005-08-12 23:29:19 +00:00
|
|
|
#include <epan/emem.h>
|
2007-11-16 23:03:09 +00:00
|
|
|
#include <epan/eap.h>
|
|
|
|
|
2007-11-23 17:48:28 +00:00
|
|
|
#include "packet-wps.h"
|
|
|
|
|
2001-11-06 20:30:40 +00:00
|
|
|
static int proto_eap = -1;
|
|
|
|
static int hf_eap_code = -1;
|
|
|
|
static int hf_eap_identifier = -1;
|
|
|
|
static int hf_eap_len = -1;
|
|
|
|
static int hf_eap_type = -1;
|
2002-03-19 20:55:40 +00:00
|
|
|
static int hf_eap_type_nak = -1;
|
2001-11-06 20:30:40 +00:00
|
|
|
|
|
|
|
static gint ett_eap = -1;
|
|
|
|
|
2002-02-25 23:28:32 +00:00
|
|
|
static dissector_handle_t ssl_handle;
|
|
|
|
|
2002-02-22 09:52:01 +00:00
|
|
|
|
2007-11-16 23:03:09 +00:00
|
|
|
|
|
|
|
const value_string eap_code_vals[] = {
|
2002-02-22 09:52:01 +00:00
|
|
|
{ EAP_REQUEST, "Request" },
|
|
|
|
{ EAP_RESPONSE, "Response" },
|
|
|
|
{ EAP_SUCCESS, "Success" },
|
|
|
|
{ EAP_FAILURE, "Failure" },
|
2010-01-27 18:16:07 +00:00
|
|
|
{ EAP_INITIATE, "Initiate" }, /* [RFC5296] */
|
|
|
|
{ EAP_FINISH, "Finish" }, /* [RFC5296] */
|
2002-02-22 09:52:01 +00:00
|
|
|
{ 0, NULL }
|
2001-11-06 20:30:40 +00:00
|
|
|
};
|
|
|
|
|
2002-03-19 11:33:08 +00:00
|
|
|
/*
|
|
|
|
References:
|
2002-08-28 21:04:11 +00:00
|
|
|
1) http://www.iana.org/assignments/ppp-numbers
|
2002-03-19 11:33:08 +00:00
|
|
|
PPP EAP REQUEST/RESPONSE TYPES
|
|
|
|
2) http://www.ietf.org/internet-drafts/draft-ietf-pppext-rfc2284bis-02.txt
|
|
|
|
3) RFC2284
|
2004-06-28 05:41:50 +00:00
|
|
|
4) RFC3748
|
2009-05-07 21:13:32 +00:00
|
|
|
5) http://www.iana.org/assignments/eap-numbers EAP registry (updated 2009-02-25)
|
2002-03-19 11:33:08 +00:00
|
|
|
*/
|
|
|
|
|
2007-11-16 23:03:09 +00:00
|
|
|
const value_string eap_type_vals[] = {
|
2009-05-07 21:13:32 +00:00
|
|
|
{ 1, "Identity [RFC3748]" },
|
|
|
|
{ 2, "Notification [RFC3748]" },
|
|
|
|
{ 3, "Legacy Nak (Response only) [RFC3748]" },
|
|
|
|
{ 4, "MD5-Challenge [RFC3748]" },
|
|
|
|
{ 5, "One Time Password (OTP) [RFC3748]" },
|
2004-06-28 05:41:50 +00:00
|
|
|
{ 6, "Generic Token Card [RFC3748]" },
|
2009-05-07 21:13:32 +00:00
|
|
|
{ 7, "Allocated" },
|
|
|
|
{ 8, "Allocated" },
|
2002-03-19 11:33:08 +00:00
|
|
|
{ 9, "RSA Public Key Authentication [Whelan]" },
|
|
|
|
{ 10, "DSS Unilateral [Nace]" },
|
|
|
|
{ 11, "KEA [Nace]" },
|
|
|
|
{ 12, "KEA-VALIDATE [Nace]" },
|
2009-05-07 21:13:32 +00:00
|
|
|
{ 13, "EAP-TLS [RFC5216] [Aboba]" },
|
2002-03-19 11:33:08 +00:00
|
|
|
{ 14, "Defender Token (AXENT) [Rosselli]" },
|
2009-05-07 21:13:32 +00:00
|
|
|
{ 15, "RSA Security SecurID EAP [Nystrom]" },
|
2002-03-19 11:33:08 +00:00
|
|
|
{ 16, "Arcot Systems EAP [Jerdonek]" },
|
2009-05-07 21:13:32 +00:00
|
|
|
{ 17, "EAP-Cisco Wireless (LEAP) [Norman]" },
|
|
|
|
{ 18, "GSM Subscriber Identity Modules (EAP-SIM) [RFC4186]" },
|
2002-03-19 11:33:08 +00:00
|
|
|
{ 19, "SRP-SHA1 Part 1 [Carlson]" },
|
2009-05-07 21:13:32 +00:00
|
|
|
{ 20, "Unassigned" },
|
|
|
|
{ 21, "EAP-TTLS [RFC5281]" },
|
2002-03-19 11:33:08 +00:00
|
|
|
{ 22, "Remote Access Service [Fields]" },
|
2009-05-07 21:13:32 +00:00
|
|
|
{ 23, "EAP-AKA Authentication [RFC4187]" },
|
2002-08-28 21:04:11 +00:00
|
|
|
{ 24, "EAP-3Com Wireless [Young]" },
|
2009-11-29 13:55:34 +00:00
|
|
|
{ 25, "PEAP [Palekar]" },
|
|
|
|
{ 26, "MS-EAP-Authentication [Palekar]" },
|
2002-03-19 11:33:08 +00:00
|
|
|
{ 27, "Mutual Authentication w/Key Exchange (MAKE)[Berrendonner]" },
|
|
|
|
{ 28, "CRYPTOCard [Webb]" },
|
|
|
|
{ 29, "EAP-MSCHAP-V2 [Potter]" },
|
|
|
|
{ 30, "DynamID [Merlin]" },
|
|
|
|
{ 31, "Rob EAP [Ullah]" },
|
2009-05-07 21:13:32 +00:00
|
|
|
{ 32, "Protected One-Time Password [RFC4793] [Nystrom]" },
|
2003-04-01 19:17:55 +00:00
|
|
|
{ 33, "MS-Authentication-TLV [Palekar]" },
|
|
|
|
{ 34, "SentriNET [Kelleher]" },
|
|
|
|
{ 35, "EAP-Actiontec Wireless [Chang]" },
|
|
|
|
{ 36, "Cogent Systems Biometrics Authentication EAP [Xiong]" },
|
|
|
|
{ 37, "AirFortress EAP [Hibbard]" },
|
|
|
|
{ 38, "EAP-HTTP Digest [Tavakoli]" },
|
|
|
|
{ 39, "SecureSuite EAP [Clements]" },
|
|
|
|
{ 40, "DeviceConnect EAP [Pitard]" },
|
|
|
|
{ 41, "EAP-SPEKE [Zick]" },
|
2004-06-28 05:41:50 +00:00
|
|
|
{ 42, "EAP-MOBAC [Rixom]" },
|
2009-05-07 21:13:32 +00:00
|
|
|
{ 43, "EAP-FAST [RFC4851]" },
|
2004-06-28 05:41:50 +00:00
|
|
|
{ 44, "ZoneLabs EAP (ZLXEAP) [Bogue]" },
|
|
|
|
{ 45, "EAP-Link [Zick]" },
|
2006-12-06 22:03:45 +00:00
|
|
|
{ 46, "EAP-PAX [Clancy]" },
|
2009-05-07 21:13:32 +00:00
|
|
|
{ 47, "EAP-PSK [RFC4764]" },
|
|
|
|
{ 48, "EAP-SAKE [RFC4763]" },
|
|
|
|
{ 49, "EAP-IKEv2 [RFC5106]" },
|
2010-01-27 18:16:07 +00:00
|
|
|
{ 50, "EAP-AKA' [RFC5448]" },
|
2009-05-07 21:13:32 +00:00
|
|
|
{ 51, "EAP-GPSK [RFC5433]" },
|
2010-01-27 18:16:07 +00:00
|
|
|
{ 53, "EAP-pwd [RFC-harkins-emu-eap-pwd-12.txt]" },
|
2009-05-07 21:13:32 +00:00
|
|
|
{ 254, "Expanded Type [RFC3748]" },
|
|
|
|
{ 255, "Experimental [RFC3748]" },
|
2002-03-19 11:33:08 +00:00
|
|
|
{ 0, NULL }
|
|
|
|
|
2002-02-06 22:45:43 +00:00
|
|
|
};
|
2001-11-06 20:30:40 +00:00
|
|
|
|
2002-03-22 11:41:59 +00:00
|
|
|
/*
|
2002-03-27 07:41:20 +00:00
|
|
|
* State information for EAP-TLS (RFC2716) and Lightweight EAP:
|
|
|
|
*
|
|
|
|
* http://www.missl.cs.umd.edu/wireless/ethereal/leap.txt
|
|
|
|
*
|
2002-03-28 09:51:17 +00:00
|
|
|
* Attach to all conversations:
|
2002-03-27 07:41:20 +00:00
|
|
|
*
|
2002-03-28 09:51:17 +00:00
|
|
|
* a sequence number to be handed to "fragment_add_seq()" as
|
|
|
|
* the fragment sequence number - if it's -1, no reassembly
|
|
|
|
* is in progress, but if it's not, it's the sequence number
|
|
|
|
* to use for the current fragment;
|
|
|
|
*
|
|
|
|
* a value to be handed to "fragment_add_seq()" as the
|
|
|
|
* reassembly ID - when a reassembly is started, it's set to
|
|
|
|
* the frame number of the current frame, i.e. the frame
|
|
|
|
* that starts the reassembly;
|
|
|
|
*
|
|
|
|
* an indication of the current state of LEAP negotiation,
|
|
|
|
* with -1 meaning no LEAP negotiation is in progress.
|
|
|
|
*
|
|
|
|
* Attach to frames containing fragments of EAP-TLS messages the
|
|
|
|
* reassembly ID for those fragments, so we can find the reassembled
|
|
|
|
* data after the first pass through the packets.
|
|
|
|
*
|
|
|
|
* Attach to LEAP frames the state of the LEAP negotiation when the
|
|
|
|
* frame was processed, so we can properly dissect
|
2002-03-22 11:41:59 +00:00
|
|
|
* the LEAP message after the first pass through the packets.
|
2002-03-27 07:41:20 +00:00
|
|
|
*
|
|
|
|
* Attach to all conversations both pieces of information, to keep
|
|
|
|
* track of EAP-TLS reassembly and the LEAP state machine.
|
2002-03-22 11:41:59 +00:00
|
|
|
*/
|
|
|
|
|
|
|
|
typedef struct {
|
2002-03-27 07:41:20 +00:00
|
|
|
int eap_tls_seq;
|
2002-03-28 09:51:17 +00:00
|
|
|
guint32 eap_reass_cookie;
|
2002-03-27 07:41:20 +00:00
|
|
|
int leap_state;
|
|
|
|
} conv_state_t;
|
|
|
|
|
|
|
|
typedef struct {
|
|
|
|
int info; /* interpretation depends on EAP message type */
|
|
|
|
} frame_state_t;
|
|
|
|
|
|
|
|
/*********************************************************************
|
2002-08-28 21:04:11 +00:00
|
|
|
EAP-TLS
|
2002-03-27 07:41:20 +00:00
|
|
|
RFC2716
|
|
|
|
**********************************************************************/
|
|
|
|
|
|
|
|
/*
|
|
|
|
from RFC2716, pg 17
|
|
|
|
|
|
|
|
Flags
|
|
|
|
|
|
|
|
0 1 2 3 4 5 6 7 8
|
|
|
|
+-+-+-+-+-+-+-+-+
|
2004-07-04 10:26:01 +00:00
|
|
|
|L M S R R Vers |
|
2002-03-27 07:41:20 +00:00
|
|
|
+-+-+-+-+-+-+-+-+
|
|
|
|
|
|
|
|
L = Length included
|
|
|
|
M = More fragments
|
|
|
|
S = EAP-TLS start
|
|
|
|
R = Reserved
|
2004-07-04 10:26:01 +00:00
|
|
|
Vers = PEAP version (Reserved for TLS and TTLS)
|
2002-03-27 07:41:20 +00:00
|
|
|
*/
|
|
|
|
|
|
|
|
#define EAP_TLS_FLAG_L 0x80 /* Length included */
|
|
|
|
#define EAP_TLS_FLAG_M 0x40 /* More fragments */
|
|
|
|
#define EAP_TLS_FLAG_S 0x20 /* EAP-TLS start */
|
2004-07-04 10:26:01 +00:00
|
|
|
#define EAP_PEAP_FLAG_VERSION 0x07 /* EAP-PEAP version */
|
2002-03-27 07:41:20 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
* reassembly of EAP-TLS
|
|
|
|
*/
|
|
|
|
static GHashTable *eaptls_fragment_table = NULL;
|
|
|
|
|
|
|
|
static int hf_eaptls_fragment = -1;
|
|
|
|
static int hf_eaptls_fragments = -1;
|
2002-06-07 10:11:41 +00:00
|
|
|
static int hf_eaptls_fragment_overlap = -1;
|
|
|
|
static int hf_eaptls_fragment_overlap_conflict = -1;
|
|
|
|
static int hf_eaptls_fragment_multiple_tails = -1;
|
|
|
|
static int hf_eaptls_fragment_too_long_fragment = -1;
|
|
|
|
static int hf_eaptls_fragment_error = -1;
|
2010-02-02 16:01:52 +00:00
|
|
|
static int hf_eaptls_reassembled_length = -1;
|
2002-03-27 07:41:20 +00:00
|
|
|
static gint ett_eaptls_fragment = -1;
|
|
|
|
static gint ett_eaptls_fragments = -1;
|
2004-07-04 10:26:01 +00:00
|
|
|
static gint ett_eap_sim_attr = -1;
|
2004-09-04 20:13:42 +00:00
|
|
|
static gint ett_eap_aka_attr = -1;
|
2007-11-23 17:48:28 +00:00
|
|
|
static gint ett_eap_exp_attr = -1;
|
2002-03-27 07:41:20 +00:00
|
|
|
|
2002-10-24 06:17:36 +00:00
|
|
|
static const fragment_items eaptls_frag_items = {
|
2002-06-07 10:11:41 +00:00
|
|
|
&ett_eaptls_fragment,
|
|
|
|
&ett_eaptls_fragments,
|
|
|
|
&hf_eaptls_fragments,
|
|
|
|
&hf_eaptls_fragment,
|
|
|
|
&hf_eaptls_fragment_overlap,
|
|
|
|
&hf_eaptls_fragment_overlap_conflict,
|
|
|
|
&hf_eaptls_fragment_multiple_tails,
|
|
|
|
&hf_eaptls_fragment_too_long_fragment,
|
|
|
|
&hf_eaptls_fragment_error,
|
2003-04-20 11:36:16 +00:00
|
|
|
NULL,
|
2010-02-02 16:01:52 +00:00
|
|
|
&hf_eaptls_reassembled_length,
|
2002-06-07 10:11:41 +00:00
|
|
|
"fragments"
|
|
|
|
};
|
|
|
|
|
2007-11-23 17:48:28 +00:00
|
|
|
/**********************************************************************
|
|
|
|
Support for EAP Expanded Type.
|
|
|
|
|
|
|
|
Currently this is limited to WifiProtectedSetup. Maybe we need
|
|
|
|
a generic method to support EAP extended types ?
|
|
|
|
*********************************************************************/
|
|
|
|
static int hf_eapext_vendorid = -1;
|
|
|
|
static int hf_eapext_vendortype = -1;
|
|
|
|
|
|
|
|
/* Vendor-Type and Vendor-id */
|
|
|
|
#define WFA_VENDOR_ID 0x00372A
|
|
|
|
#define WFA_SIMPLECONFIG_TYPE 0x1
|
|
|
|
|
|
|
|
static const value_string eapext_vendorid_vals[] = {
|
|
|
|
{ WFA_VENDOR_ID, "WFA" },
|
|
|
|
{ 0, NULL }
|
|
|
|
};
|
|
|
|
|
|
|
|
static const value_string eapext_vendortype_vals[] = {
|
|
|
|
{ WFA_SIMPLECONFIG_TYPE, "SimpleConfig" },
|
|
|
|
{ 0, NULL }
|
|
|
|
};
|
|
|
|
|
|
|
|
static void
|
|
|
|
dissect_exteap(proto_tree *eap_tree, tvbuff_t *tvb, int offset,
|
|
|
|
gint size, packet_info* pinfo)
|
|
|
|
{
|
|
|
|
|
|
|
|
proto_tree_add_item(eap_tree, hf_eapext_vendorid, tvb, offset, 3, FALSE);
|
|
|
|
offset += 3; size -= 3;
|
|
|
|
|
|
|
|
proto_tree_add_item(eap_tree, hf_eapext_vendortype, tvb, offset, 4, FALSE);
|
|
|
|
offset += 4; size -= 4;
|
|
|
|
|
|
|
|
/* Generic method to support multiple vendor-defined extended types goes here :-) */
|
|
|
|
dissect_exteap_wps(eap_tree, tvb, offset, size, pinfo);
|
|
|
|
}
|
|
|
|
/* *********************************************************************
|
|
|
|
********************************************************************* */
|
2002-03-27 07:41:20 +00:00
|
|
|
|
|
|
|
static gboolean
|
2002-08-28 21:04:11 +00:00
|
|
|
test_flag(unsigned char flag, unsigned char mask)
|
2002-03-27 07:41:20 +00:00
|
|
|
{
|
|
|
|
return ( ( flag & mask ) != 0 );
|
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
|
|
|
eaptls_defragment_init(void)
|
|
|
|
{
|
|
|
|
fragment_table_init(&eaptls_fragment_table);
|
|
|
|
}
|
2002-03-22 11:41:59 +00:00
|
|
|
|
2004-07-04 10:26:01 +00:00
|
|
|
static void
|
|
|
|
dissect_eap_mschapv2(proto_tree *eap_tree, tvbuff_t *tvb, int offset,
|
|
|
|
gint size)
|
|
|
|
{
|
|
|
|
gint left = size;
|
|
|
|
gint ms_len;
|
|
|
|
guint8 value_size;
|
|
|
|
enum {
|
|
|
|
MS_CHAPv2_CHALLENGE = 1,
|
|
|
|
MS_CHAPv2_RESPONSE = 2,
|
|
|
|
MS_CHAPv2_SUCCESS = 3,
|
|
|
|
MS_CHAPv2_FAILURE = 4,
|
|
|
|
MS_CHAPv2_CHANGE_PASSWORD = 5
|
|
|
|
} opcode;
|
|
|
|
static const value_string opcodes[] = {
|
|
|
|
{ MS_CHAPv2_CHALLENGE, "Challenge" },
|
|
|
|
{ MS_CHAPv2_RESPONSE, "Response" },
|
|
|
|
{ MS_CHAPv2_SUCCESS, "Success" },
|
|
|
|
{ MS_CHAPv2_FAILURE, "Failure" },
|
|
|
|
{ MS_CHAPv2_CHANGE_PASSWORD, "Change-Password" },
|
|
|
|
{ 0, NULL }
|
|
|
|
};
|
|
|
|
|
|
|
|
/* OpCode (1 byte), MS-CHAPv2-ID (1 byte), MS-Length (2 bytes), Data */
|
|
|
|
opcode = tvb_get_guint8(tvb, offset);
|
|
|
|
proto_tree_add_text(eap_tree, tvb, offset, 1,
|
|
|
|
"OpCode: %d (%s)",
|
|
|
|
opcode, val_to_str(opcode, opcodes, "Unknown"));
|
|
|
|
offset++;
|
|
|
|
left--;
|
|
|
|
if (left <= 0)
|
|
|
|
return;
|
|
|
|
|
|
|
|
proto_tree_add_text(eap_tree, tvb, offset, 1, "MS-CHAPv2-ID: %d",
|
|
|
|
tvb_get_guint8(tvb, offset));
|
|
|
|
offset++;
|
|
|
|
left--;
|
|
|
|
if (left <= 0)
|
|
|
|
return;
|
|
|
|
|
|
|
|
ms_len = tvb_get_ntohs(tvb, offset);
|
|
|
|
proto_tree_add_text(eap_tree, tvb, offset, 2, "MS-Length: %d%s",
|
|
|
|
ms_len,
|
|
|
|
ms_len != size ? " (invalid len)" : "");
|
|
|
|
offset += 2;
|
|
|
|
left -= 2;
|
|
|
|
|
|
|
|
switch (opcode) {
|
|
|
|
case MS_CHAPv2_CHALLENGE:
|
|
|
|
if (left <= 0)
|
|
|
|
break;
|
|
|
|
value_size = tvb_get_guint8(tvb, offset);
|
|
|
|
proto_tree_add_text(eap_tree, tvb, offset, 1,
|
|
|
|
"Value-Size: %d", value_size);
|
|
|
|
offset++;
|
|
|
|
left--;
|
|
|
|
proto_tree_add_text(eap_tree, tvb, offset, value_size,
|
|
|
|
"Challenge: %s",
|
|
|
|
tvb_bytes_to_str(tvb, offset, value_size));
|
|
|
|
offset += value_size;
|
|
|
|
left -= value_size;
|
|
|
|
if (left <= 0)
|
|
|
|
break;
|
|
|
|
proto_tree_add_text(eap_tree, tvb, offset, left,
|
|
|
|
"Name: %s",
|
|
|
|
tvb_format_text(tvb, offset, left));
|
|
|
|
break;
|
|
|
|
case MS_CHAPv2_RESPONSE:
|
|
|
|
if (left <= 0)
|
|
|
|
break;
|
|
|
|
value_size = tvb_get_guint8(tvb, offset);
|
|
|
|
proto_tree_add_text(eap_tree, tvb, offset, 1,
|
|
|
|
"Value-Size: %d", value_size);
|
|
|
|
offset++;
|
|
|
|
left--;
|
|
|
|
if (value_size == 49) {
|
|
|
|
proto_tree_add_text(eap_tree, tvb, offset, 16,
|
|
|
|
"Peer-Challenge: %s",
|
|
|
|
tvb_bytes_to_str(tvb, offset, 16));
|
|
|
|
offset += 16;
|
|
|
|
proto_tree_add_text(eap_tree, tvb, offset, 8,
|
|
|
|
"Reserved, must be zero: %s",
|
|
|
|
tvb_bytes_to_str(tvb, offset, 8));
|
|
|
|
offset += 8;
|
|
|
|
proto_tree_add_text(eap_tree, tvb, offset, 24,
|
|
|
|
"NT-Response: %s",
|
|
|
|
tvb_bytes_to_str(tvb, offset, 24));
|
|
|
|
offset += 24;
|
|
|
|
proto_tree_add_text(eap_tree, tvb, offset, 1,
|
|
|
|
"Flags: %d",
|
|
|
|
tvb_get_guint8(tvb, offset));
|
|
|
|
offset++;
|
|
|
|
left -= value_size;
|
|
|
|
} else {
|
|
|
|
proto_tree_add_text(eap_tree, tvb, offset, value_size,
|
|
|
|
"Response (unknown length): %s",
|
|
|
|
tvb_bytes_to_str(tvb, offset,
|
|
|
|
value_size));
|
|
|
|
offset += value_size;
|
|
|
|
left -= value_size;
|
|
|
|
}
|
|
|
|
if (left <= 0)
|
|
|
|
break;
|
|
|
|
proto_tree_add_text(eap_tree, tvb, offset, left,
|
|
|
|
"Name: %s",
|
|
|
|
tvb_format_text(tvb, offset, left));
|
|
|
|
break;
|
|
|
|
case MS_CHAPv2_SUCCESS:
|
|
|
|
if (left <= 0)
|
|
|
|
break;
|
|
|
|
proto_tree_add_text(eap_tree, tvb, offset, left,
|
|
|
|
"Message: %s",
|
|
|
|
tvb_format_text(tvb, offset, left));
|
|
|
|
break;
|
|
|
|
case MS_CHAPv2_FAILURE:
|
|
|
|
if (left <= 0)
|
|
|
|
break;
|
|
|
|
proto_tree_add_text(eap_tree, tvb, offset, left,
|
|
|
|
"Failure Request: %s",
|
|
|
|
tvb_format_text(tvb, offset, left));
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
proto_tree_add_text(eap_tree, tvb, offset, left,
|
|
|
|
"Data (%d byte%s) Value: %s",
|
|
|
|
left, plurality(left, "", "s"),
|
|
|
|
tvb_bytes_to_str(tvb, offset, left));
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
static void
|
|
|
|
dissect_eap_sim(proto_tree *eap_tree, tvbuff_t *tvb, int offset, gint size)
|
|
|
|
{
|
|
|
|
gint left = size;
|
|
|
|
enum {
|
|
|
|
SIM_START = 10,
|
|
|
|
SIM_CHALLENGE = 11,
|
|
|
|
SIM_NOTIFICATION = 12,
|
|
|
|
SIM_RE_AUTHENTICATION = 13,
|
|
|
|
SIM_CLIENT_ERROR = 14
|
|
|
|
} subtype;
|
|
|
|
static const value_string subtypes[] = {
|
|
|
|
{ SIM_START, "Start" },
|
|
|
|
{ SIM_CHALLENGE, "Challenge" },
|
|
|
|
{ SIM_NOTIFICATION, "Notification" },
|
|
|
|
{ SIM_RE_AUTHENTICATION, "Re-authentication" },
|
|
|
|
{ SIM_CLIENT_ERROR, "Client-Error" },
|
|
|
|
{ 0, NULL }
|
|
|
|
};
|
|
|
|
static const value_string attributes[] = {
|
|
|
|
{ 1, "AT_RAND" },
|
|
|
|
{ 6, "AT_PADDING" },
|
|
|
|
{ 7, "AT_NONCE_MT" },
|
|
|
|
{ 10, "AT_PERMANENT_ID_REQ" },
|
|
|
|
{ 11, "AT_MAC" },
|
|
|
|
{ 12, "AT_NOTIFICATION" },
|
|
|
|
{ 13, "AT_ANY_ID_REQ" },
|
|
|
|
{ 14, "AT_IDENTITY" },
|
|
|
|
{ 15, "AT_VERSION_LIST" },
|
|
|
|
{ 16, "AT_SELECTED_VERSION" },
|
|
|
|
{ 17, "AT_FULLAUTH_ID_REQ" },
|
2004-09-04 20:13:42 +00:00
|
|
|
{ 19, "AT_COUNTER" },
|
|
|
|
{ 20, "AT_COUNTER_TOO_SMALL" },
|
|
|
|
{ 21, "AT_NONCE_S" },
|
|
|
|
{ 22, "AT_CLIENT_ERROR_CODE" },
|
2004-07-04 10:26:01 +00:00
|
|
|
{ 129, "AT_IV" },
|
|
|
|
{ 130, "AT_ENCR_DATA" },
|
|
|
|
{ 132, "AT_NEXT_PSEUDONYM" },
|
|
|
|
{ 133, "AT_NEXT_REAUTH_ID" },
|
2004-09-04 20:13:42 +00:00
|
|
|
{ 135, "AT_RESULT_IND" },
|
2004-07-04 10:26:01 +00:00
|
|
|
{ 0, NULL }
|
|
|
|
};
|
|
|
|
|
|
|
|
subtype = tvb_get_guint8(tvb, offset);
|
|
|
|
proto_tree_add_text(eap_tree, tvb, offset, 1,
|
|
|
|
"subtype: %d (%s)",
|
|
|
|
subtype, val_to_str(subtype, subtypes, "Unknown"));
|
|
|
|
|
|
|
|
offset++;
|
|
|
|
left--;
|
|
|
|
|
|
|
|
if (left < 2)
|
|
|
|
return;
|
|
|
|
proto_tree_add_text(eap_tree, tvb, offset, 2, "Reserved: %d",
|
|
|
|
tvb_get_ntohs(tvb, offset));
|
|
|
|
offset += 2;
|
|
|
|
left -= 2;
|
|
|
|
|
|
|
|
/* Rest of EAP-SIM data is in Type-Len-Value format. */
|
|
|
|
while (left >= 2) {
|
|
|
|
guint8 type, length;
|
|
|
|
proto_item *pi;
|
|
|
|
proto_tree *attr_tree;
|
|
|
|
int aoffset;
|
|
|
|
gint aleft;
|
|
|
|
aoffset = offset;
|
|
|
|
type = tvb_get_guint8(tvb, aoffset);
|
|
|
|
length = tvb_get_guint8(tvb, aoffset + 1);
|
|
|
|
aleft = 4 * length;
|
|
|
|
|
|
|
|
pi = proto_tree_add_text(eap_tree, tvb, aoffset, aleft,
|
|
|
|
"Attribute: %s",
|
|
|
|
val_to_str(type, attributes,
|
|
|
|
"Unknown %u"));
|
|
|
|
attr_tree = proto_item_add_subtree(pi, ett_eap_sim_attr);
|
|
|
|
proto_tree_add_text(attr_tree, tvb, aoffset, 1,
|
|
|
|
"Type: %u", type);
|
|
|
|
aoffset++;
|
|
|
|
aleft--;
|
|
|
|
|
|
|
|
if (aleft <= 0)
|
|
|
|
break;
|
|
|
|
proto_tree_add_text(attr_tree, tvb, aoffset, 1,
|
|
|
|
"Length: %d (%d bytes)",
|
|
|
|
length, 4 * length);
|
|
|
|
aoffset++;
|
|
|
|
aleft--;
|
|
|
|
proto_tree_add_text(attr_tree, tvb, aoffset, aleft,
|
|
|
|
"Value: %s",
|
|
|
|
tvb_bytes_to_str(tvb, aoffset, aleft));
|
|
|
|
|
|
|
|
offset += 4 * length;
|
|
|
|
left -= 4 * length;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2004-09-04 20:13:42 +00:00
|
|
|
static void
|
|
|
|
dissect_eap_aka(proto_tree *eap_tree, tvbuff_t *tvb, int offset, gint size)
|
|
|
|
{
|
|
|
|
gint left = size;
|
|
|
|
enum {
|
|
|
|
AKA_CHALLENGE = 1,
|
|
|
|
AKA_AUTHENTICATION_REJECT = 2,
|
|
|
|
AKA_SYNCHRONIZATION_FAILURE = 4,
|
|
|
|
AKA_IDENTITY = 5,
|
|
|
|
AKA_NOTIFICATION = 12,
|
|
|
|
AKA_REAUTHENTICATION = 13,
|
|
|
|
AKA_CLIENT_ERROR = 14
|
|
|
|
} subtype;
|
|
|
|
static const value_string subtypes[] = {
|
|
|
|
{ AKA_CHALLENGE, "AKA-Challenge" },
|
|
|
|
{ AKA_AUTHENTICATION_REJECT, "AKA-Authentication-Reject" },
|
|
|
|
{ AKA_SYNCHRONIZATION_FAILURE, "AKA-Synchronization-Failure" },
|
|
|
|
{ AKA_IDENTITY, "AKA-Identity" },
|
|
|
|
{ AKA_NOTIFICATION, "Notification" },
|
|
|
|
{ AKA_REAUTHENTICATION, "Re-authentication" },
|
|
|
|
{ AKA_CLIENT_ERROR, "Client-Error" },
|
|
|
|
{ 0, NULL }
|
|
|
|
};
|
|
|
|
static const value_string attributes[] = {
|
|
|
|
{ 1, "AT_RAND" },
|
|
|
|
{ 2, "AT_AUTN" },
|
|
|
|
{ 3, "AT_RES" },
|
|
|
|
{ 4, "AT_AUTS" },
|
|
|
|
{ 6, "AT_PADDING" },
|
|
|
|
{ 10, "AT_PERMANENT_ID_REQ" },
|
|
|
|
{ 11, "AT_MAC" },
|
|
|
|
{ 12, "AT_NOTIFICATION" },
|
|
|
|
{ 13, "AT_ANY_ID_REQ" },
|
|
|
|
{ 14, "AT_IDENTITY" },
|
|
|
|
{ 17, "AT_FULLAUTH_ID_REQ" },
|
|
|
|
{ 19, "AT_COUNTER" },
|
|
|
|
{ 20, "AT_COUNTER_TOO_SMALL" },
|
|
|
|
{ 21, "AT_NONCE_S" },
|
|
|
|
{ 22, "AT_CLIENT_ERROR_CODE" },
|
2010-01-27 18:16:07 +00:00
|
|
|
{ 23, "AT_KDF_INPUT"},
|
|
|
|
{ 24, "AT_KDF"},
|
2004-09-04 20:13:42 +00:00
|
|
|
{ 129, "AT_IV" },
|
|
|
|
{ 130, "AT_ENCR_DATA" },
|
|
|
|
{ 132, "AT_NEXT_PSEUDONYM" },
|
|
|
|
{ 133, "AT_NEXT_REAUTH_ID" },
|
|
|
|
{ 134, "AT_CHECKCODE" },
|
|
|
|
{ 135, "AT_RESULT_IND" },
|
|
|
|
{ 0, NULL }
|
|
|
|
};
|
|
|
|
|
|
|
|
subtype = tvb_get_guint8(tvb, offset);
|
|
|
|
proto_tree_add_text(eap_tree, tvb, offset, 1,
|
|
|
|
"subtype: %d (%s)",
|
|
|
|
subtype, val_to_str(subtype, subtypes, "Unknown"));
|
|
|
|
|
|
|
|
offset++;
|
|
|
|
left--;
|
|
|
|
|
|
|
|
if (left < 2)
|
|
|
|
return;
|
|
|
|
proto_tree_add_text(eap_tree, tvb, offset, 2, "Reserved: %d",
|
|
|
|
tvb_get_ntohs(tvb, offset));
|
|
|
|
offset += 2;
|
|
|
|
left -= 2;
|
|
|
|
|
|
|
|
/* Rest of EAP-AKA data is in Type-Len-Value format. */
|
|
|
|
while (left >= 2) {
|
|
|
|
guint8 type, length;
|
|
|
|
proto_item *pi;
|
|
|
|
proto_tree *attr_tree;
|
|
|
|
int aoffset;
|
|
|
|
gint aleft;
|
|
|
|
aoffset = offset;
|
|
|
|
type = tvb_get_guint8(tvb, aoffset);
|
|
|
|
length = tvb_get_guint8(tvb, aoffset + 1);
|
|
|
|
aleft = 4 * length;
|
|
|
|
|
|
|
|
pi = proto_tree_add_text(eap_tree, tvb, aoffset, aleft,
|
|
|
|
"Attribute: %s",
|
|
|
|
val_to_str(type, attributes,
|
|
|
|
"Unknown %u"));
|
|
|
|
attr_tree = proto_item_add_subtree(pi, ett_eap_aka_attr);
|
|
|
|
proto_tree_add_text(attr_tree, tvb, aoffset, 1,
|
|
|
|
"Type: %u", type);
|
|
|
|
aoffset++;
|
|
|
|
aleft--;
|
|
|
|
|
|
|
|
if (aleft <= 0)
|
|
|
|
break;
|
|
|
|
proto_tree_add_text(attr_tree, tvb, aoffset, 1,
|
|
|
|
"Length: %d (%d bytes)",
|
|
|
|
length, 4 * length);
|
|
|
|
aoffset++;
|
|
|
|
aleft--;
|
|
|
|
proto_tree_add_text(attr_tree, tvb, aoffset, aleft,
|
|
|
|
"Value: %s",
|
|
|
|
tvb_bytes_to_str(tvb, aoffset, aleft));
|
|
|
|
|
|
|
|
offset += 4 * length;
|
|
|
|
left -= 4 * length;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2002-02-26 11:55:39 +00:00
|
|
|
static int
|
2005-07-24 20:39:19 +00:00
|
|
|
dissect_eap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
|
2001-11-06 20:30:40 +00:00
|
|
|
{
|
2002-02-24 08:10:07 +00:00
|
|
|
guint8 eap_code;
|
|
|
|
guint8 eap_id;
|
|
|
|
guint16 eap_len;
|
|
|
|
guint8 eap_type;
|
2002-02-26 11:55:39 +00:00
|
|
|
gint len;
|
2002-03-23 21:24:38 +00:00
|
|
|
conversation_t *conversation;
|
2002-03-27 07:41:20 +00:00
|
|
|
conv_state_t *conversation_state;
|
|
|
|
frame_state_t *packet_state;
|
2002-03-23 21:24:38 +00:00
|
|
|
int leap_state;
|
2001-11-06 20:30:40 +00:00
|
|
|
proto_tree *ti;
|
2002-02-24 08:10:07 +00:00
|
|
|
proto_tree *eap_tree = NULL;
|
2001-11-06 20:30:40 +00:00
|
|
|
|
2009-08-09 06:26:46 +00:00
|
|
|
col_set_str(pinfo->cinfo, COL_PROTOCOL, "EAP");
|
2009-08-09 07:36:13 +00:00
|
|
|
col_clear(pinfo->cinfo, COL_INFO);
|
2001-11-06 20:30:40 +00:00
|
|
|
|
2002-02-24 08:10:07 +00:00
|
|
|
eap_code = tvb_get_guint8(tvb, 0);
|
2002-03-27 19:38:37 +00:00
|
|
|
|
2002-02-26 00:51:41 +00:00
|
|
|
if (check_col(pinfo->cinfo, COL_INFO))
|
|
|
|
col_add_str(pinfo->cinfo, COL_INFO,
|
|
|
|
val_to_str(eap_code, eap_code_vals, "Unknown code (0x%02X)"));
|
2002-02-25 23:28:32 +00:00
|
|
|
|
2002-03-23 21:24:38 +00:00
|
|
|
/*
|
|
|
|
* Find a conversation to which we belong; create one if we don't find
|
|
|
|
* it.
|
|
|
|
*
|
|
|
|
* We use the source and destination addresses, and the *matched* port
|
|
|
|
* number, because if this is running over RADIUS, there's no guarantee
|
|
|
|
* that the source port number for request and the destination port
|
|
|
|
* number for replies will be the same in all messages - the client
|
|
|
|
* may use different port numbers for each request.
|
|
|
|
*
|
|
|
|
* We have to pair up the matched port number with the corresponding
|
|
|
|
* address; we determine which that is by comparing it with the
|
|
|
|
* destination port - if it matches, we matched on the destination
|
|
|
|
* port (this is a request), otherwise we matched on the source port
|
|
|
|
* (this is a reply).
|
|
|
|
*
|
|
|
|
* XXX - what if we're running over a TCP or UDP protocol with a
|
|
|
|
* heuristic dissector, meaning the matched port number won't be set?
|
|
|
|
*
|
|
|
|
* XXX - what if we have a capture file with captures on multiple
|
|
|
|
* PPP interfaces, with LEAP traffic on all of them? How can we
|
|
|
|
* keep them separate? (Or is that not going to happen?)
|
|
|
|
*/
|
|
|
|
if (pinfo->destport == pinfo->match_port) {
|
2005-02-02 20:07:03 +00:00
|
|
|
conversation = find_conversation(pinfo->fd->num, &pinfo->dst, &pinfo->src,
|
2002-03-23 21:24:38 +00:00
|
|
|
pinfo->ptype, pinfo->destport,
|
|
|
|
0, NO_PORT_B);
|
|
|
|
} else {
|
2005-02-02 20:07:03 +00:00
|
|
|
conversation = find_conversation(pinfo->fd->num, &pinfo->src, &pinfo->dst,
|
2002-03-23 21:24:38 +00:00
|
|
|
pinfo->ptype, pinfo->srcport,
|
|
|
|
0, NO_PORT_B);
|
|
|
|
}
|
|
|
|
if (conversation == NULL) {
|
|
|
|
if (pinfo->destport == pinfo->match_port) {
|
2005-02-02 20:07:03 +00:00
|
|
|
conversation = conversation_new(pinfo->fd->num, &pinfo->dst, &pinfo->src,
|
2002-03-23 21:24:38 +00:00
|
|
|
pinfo->ptype, pinfo->destport,
|
|
|
|
0, NO_PORT2);
|
|
|
|
} else {
|
2005-02-02 20:07:03 +00:00
|
|
|
conversation = conversation_new(pinfo->fd->num, &pinfo->src, &pinfo->dst,
|
2002-03-23 21:24:38 +00:00
|
|
|
pinfo->ptype, pinfo->srcport,
|
|
|
|
0, NO_PORT2);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
2002-03-28 09:51:17 +00:00
|
|
|
* Get the state information for the conversation; attach some if
|
2002-03-23 21:24:38 +00:00
|
|
|
* we don't find it.
|
|
|
|
*/
|
|
|
|
conversation_state = conversation_get_proto_data(conversation, proto_eap);
|
|
|
|
if (conversation_state == NULL) {
|
|
|
|
/*
|
2002-03-28 09:51:17 +00:00
|
|
|
* Attach state information to the conversation.
|
2002-03-23 21:24:38 +00:00
|
|
|
*/
|
2005-08-12 23:29:19 +00:00
|
|
|
conversation_state = se_alloc(sizeof (conv_state_t));
|
2002-03-27 07:41:20 +00:00
|
|
|
conversation_state->eap_tls_seq = -1;
|
2002-03-28 09:51:17 +00:00
|
|
|
conversation_state->eap_reass_cookie = 0;
|
2002-03-27 07:41:20 +00:00
|
|
|
conversation_state->leap_state = -1;
|
2002-03-23 21:24:38 +00:00
|
|
|
conversation_add_proto_data(conversation, proto_eap, conversation_state);
|
|
|
|
}
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Set this now, so that it gets remembered even if we throw an exception
|
|
|
|
* later.
|
|
|
|
*/
|
2002-03-18 00:26:27 +00:00
|
|
|
if (eap_code == EAP_FAILURE)
|
2002-03-27 07:41:20 +00:00
|
|
|
conversation_state->leap_state = -1;
|
|
|
|
|
|
|
|
eap_id = tvb_get_guint8(tvb, 1);
|
2002-03-18 00:26:27 +00:00
|
|
|
|
2002-02-25 23:28:32 +00:00
|
|
|
eap_len = tvb_get_ntohs(tvb, 2);
|
|
|
|
len = eap_len;
|
|
|
|
|
2001-11-06 20:30:40 +00:00
|
|
|
if (tree) {
|
2002-02-26 00:51:41 +00:00
|
|
|
ti = proto_tree_add_item(tree, proto_eap, tvb, 0, len, FALSE);
|
|
|
|
eap_tree = proto_item_add_subtree(ti, ett_eap);
|
2001-11-06 20:30:40 +00:00
|
|
|
|
2002-02-24 08:10:07 +00:00
|
|
|
proto_tree_add_uint(eap_tree, hf_eap_code, tvb, 0, 1, eap_code);
|
2002-02-22 09:52:01 +00:00
|
|
|
}
|
2001-11-06 20:30:40 +00:00
|
|
|
|
2002-02-24 08:10:07 +00:00
|
|
|
if (tree)
|
|
|
|
proto_tree_add_item(eap_tree, hf_eap_identifier, tvb, 1, 1, FALSE);
|
|
|
|
|
|
|
|
if (tree)
|
|
|
|
proto_tree_add_uint(eap_tree, hf_eap_len, tvb, 2, 2, eap_len);
|
|
|
|
|
|
|
|
switch (eap_code) {
|
2002-02-22 09:52:01 +00:00
|
|
|
|
2002-03-23 21:24:38 +00:00
|
|
|
case EAP_SUCCESS:
|
|
|
|
case EAP_FAILURE:
|
|
|
|
break;
|
|
|
|
|
2002-02-22 09:52:01 +00:00
|
|
|
case EAP_REQUEST:
|
|
|
|
case EAP_RESPONSE:
|
2002-02-24 08:10:07 +00:00
|
|
|
eap_type = tvb_get_guint8(tvb, 4);
|
2002-03-18 00:26:27 +00:00
|
|
|
|
2002-02-26 00:51:41 +00:00
|
|
|
if (check_col(pinfo->cinfo, COL_INFO))
|
|
|
|
col_append_fstr(pinfo->cinfo, COL_INFO, ", %s",
|
|
|
|
val_to_str(eap_type, eap_type_vals,
|
2007-11-23 17:48:28 +00:00
|
|
|
"Unknown type (0x%02x)"));
|
2002-03-22 11:41:59 +00:00
|
|
|
if (tree)
|
2002-02-24 08:10:07 +00:00
|
|
|
proto_tree_add_uint(eap_tree, hf_eap_type, tvb, 4, 1, eap_type);
|
2002-02-25 23:28:32 +00:00
|
|
|
|
2002-03-22 11:41:59 +00:00
|
|
|
if (len > 5) {
|
|
|
|
int offset = 5;
|
|
|
|
gint size = len - offset;
|
2002-02-25 23:28:32 +00:00
|
|
|
|
2002-03-22 11:41:59 +00:00
|
|
|
switch (eap_type) {
|
2002-03-27 07:41:20 +00:00
|
|
|
/*********************************************************************
|
|
|
|
**********************************************************************/
|
2002-03-22 11:41:59 +00:00
|
|
|
case EAP_TYPE_ID:
|
|
|
|
if (tree) {
|
2002-08-28 21:04:11 +00:00
|
|
|
proto_tree_add_text(eap_tree, tvb, offset, size,
|
2002-03-19 20:55:40 +00:00
|
|
|
"Identity (%d byte%s): %s",
|
|
|
|
size, plurality(size, "", "s"),
|
|
|
|
tvb_format_text(tvb, offset, size));
|
2002-03-23 21:24:38 +00:00
|
|
|
}
|
2002-03-27 07:41:20 +00:00
|
|
|
if(!pinfo->fd->flags.visited)
|
|
|
|
conversation_state->leap_state = 0;
|
2002-03-22 11:41:59 +00:00
|
|
|
break;
|
2002-03-27 07:41:20 +00:00
|
|
|
|
|
|
|
/*********************************************************************
|
|
|
|
**********************************************************************/
|
2002-03-22 11:41:59 +00:00
|
|
|
case EAP_TYPE_NOTIFY:
|
|
|
|
if (tree) {
|
2002-08-28 21:04:11 +00:00
|
|
|
proto_tree_add_text(eap_tree, tvb, offset, size,
|
2002-03-19 20:55:40 +00:00
|
|
|
"Notification (%d byte%s): %s",
|
2002-03-19 12:02:03 +00:00
|
|
|
size, plurality(size, "", "s"),
|
|
|
|
tvb_format_text(tvb, offset, size));
|
2002-03-22 11:41:59 +00:00
|
|
|
}
|
|
|
|
break;
|
2002-03-27 07:41:20 +00:00
|
|
|
/*********************************************************************
|
|
|
|
**********************************************************************/
|
2002-03-22 11:41:59 +00:00
|
|
|
case EAP_TYPE_NAK:
|
|
|
|
if (tree) {
|
2002-09-07 23:49:58 +00:00
|
|
|
proto_tree_add_item(eap_tree, hf_eap_type_nak, tvb,
|
2002-09-08 00:07:40 +00:00
|
|
|
offset, 1, FALSE);
|
2002-03-22 11:41:59 +00:00
|
|
|
}
|
|
|
|
break;
|
2004-07-04 10:26:01 +00:00
|
|
|
/*********************************************************************
|
|
|
|
**********************************************************************/
|
|
|
|
case EAP_TYPE_MD5:
|
|
|
|
if (tree) {
|
|
|
|
guint8 value_size = tvb_get_guint8(tvb, offset);
|
|
|
|
gint extra_len = size - 1 - value_size;
|
|
|
|
proto_tree_add_text(eap_tree, tvb, offset, 1, "Value-Size: %d%s",
|
|
|
|
value_size,
|
|
|
|
value_size > size - 1 ? " (overflow)": "");
|
|
|
|
if (value_size > size - 1)
|
|
|
|
value_size = size - 1;
|
|
|
|
offset++;
|
|
|
|
proto_tree_add_text(eap_tree, tvb, offset, value_size,
|
|
|
|
"Value: %s",
|
|
|
|
tvb_bytes_to_str(tvb, offset, value_size));
|
|
|
|
offset += value_size;
|
|
|
|
if (extra_len > 0) {
|
|
|
|
proto_tree_add_text(eap_tree, tvb, offset, extra_len,
|
|
|
|
"Extra data (%d byte%s): %s", extra_len,
|
|
|
|
plurality(extra_len, "", "s"),
|
|
|
|
tvb_bytes_to_str(tvb, offset, extra_len));
|
|
|
|
}
|
|
|
|
}
|
|
|
|
break;
|
2002-03-27 07:41:20 +00:00
|
|
|
/*********************************************************************
|
|
|
|
EAP-TLS
|
|
|
|
**********************************************************************/
|
2004-10-01 07:29:22 +00:00
|
|
|
case EAP_TYPE_FAST:
|
2004-07-04 10:26:01 +00:00
|
|
|
case EAP_TYPE_PEAP:
|
2004-02-03 18:22:32 +00:00
|
|
|
case EAP_TYPE_TTLS:
|
2002-03-22 11:41:59 +00:00
|
|
|
case EAP_TYPE_TLS:
|
|
|
|
{
|
2002-03-27 07:41:20 +00:00
|
|
|
guint8 flags = tvb_get_guint8(tvb, offset);
|
|
|
|
gboolean more_fragments;
|
|
|
|
gboolean has_length;
|
|
|
|
guint32 length;
|
|
|
|
int eap_tls_seq = -1;
|
2002-03-28 09:51:17 +00:00
|
|
|
guint32 eap_reass_cookie = 0;
|
|
|
|
gboolean needs_reassembly = FALSE;
|
2002-03-27 07:41:20 +00:00
|
|
|
|
|
|
|
more_fragments = test_flag(flags,EAP_TLS_FLAG_M);
|
|
|
|
has_length = test_flag(flags,EAP_TLS_FLAG_L);
|
|
|
|
|
|
|
|
/* Flags field, 1 byte */
|
2004-07-04 10:26:01 +00:00
|
|
|
if (tree) {
|
2002-03-27 07:41:20 +00:00
|
|
|
proto_tree_add_text(eap_tree, tvb, offset, 1, "Flags(0x%X): %s%s%s",
|
2002-02-25 23:28:32 +00:00
|
|
|
flags,
|
2002-03-27 19:38:37 +00:00
|
|
|
has_length ? "Length ":"",
|
|
|
|
more_fragments ? "More " :"",
|
|
|
|
test_flag(flags,EAP_TLS_FLAG_S) ? "Start " :"");
|
2004-10-01 07:29:22 +00:00
|
|
|
if (eap_type == EAP_TYPE_PEAP || eap_type == EAP_TYPE_TTLS ||
|
|
|
|
eap_type == EAP_TYPE_FAST) {
|
2004-07-04 10:26:01 +00:00
|
|
|
proto_tree_add_text(eap_tree, tvb, offset, 1,
|
2004-10-01 07:29:22 +00:00
|
|
|
"%s version %d",
|
|
|
|
eap_type == EAP_TYPE_PEAP ? "PEAP" :
|
|
|
|
(eap_type == EAP_TYPE_TTLS ? "TTLS" : "FAST"),
|
2004-07-04 10:26:01 +00:00
|
|
|
flags & EAP_PEAP_FLAG_VERSION);
|
|
|
|
}
|
|
|
|
}
|
2002-03-22 11:41:59 +00:00
|
|
|
size--;
|
|
|
|
offset++;
|
2002-02-25 23:28:32 +00:00
|
|
|
|
2002-03-27 07:41:20 +00:00
|
|
|
/* Length field, 4 bytes, OPTIONAL. */
|
2002-03-27 19:38:37 +00:00
|
|
|
if ( has_length ) {
|
2002-03-27 07:41:20 +00:00
|
|
|
length = tvb_get_ntohl(tvb, offset);
|
|
|
|
if (tree)
|
|
|
|
proto_tree_add_text(eap_tree, tvb, offset, 4, "Length: %i",length);
|
2002-03-22 11:41:59 +00:00
|
|
|
size -= 4;
|
|
|
|
offset += 4;
|
|
|
|
}
|
2002-02-25 23:28:32 +00:00
|
|
|
|
2002-03-22 11:41:59 +00:00
|
|
|
if (size>0) {
|
2002-03-27 07:41:20 +00:00
|
|
|
|
2002-03-22 11:41:59 +00:00
|
|
|
tvbuff_t *next_tvb;
|
2002-08-28 21:04:11 +00:00
|
|
|
gint tvb_len;
|
2002-03-27 07:41:20 +00:00
|
|
|
gboolean save_fragmented;
|
2002-02-26 00:51:41 +00:00
|
|
|
|
2002-03-22 11:41:59 +00:00
|
|
|
tvb_len = tvb_length_remaining(tvb, offset);
|
|
|
|
if (size < tvb_len)
|
|
|
|
tvb_len = size;
|
2002-08-28 21:04:11 +00:00
|
|
|
|
|
|
|
/*
|
|
|
|
EAP/TLS is weird protocol (it comes from
|
|
|
|
Microsoft after all).
|
2002-03-27 07:41:20 +00:00
|
|
|
|
|
|
|
If we have series of fragmented packets,
|
|
|
|
then there's no way of knowing that from
|
|
|
|
the packet itself, if it is the last packet
|
2002-08-28 21:04:11 +00:00
|
|
|
in series, that is that the packet part of
|
2002-03-27 07:41:20 +00:00
|
|
|
bigger fragmented set of data.
|
|
|
|
|
|
|
|
The only way to know is, by knowing
|
|
|
|
that we are already in defragmentation
|
|
|
|
"mode" and we are expecing packet
|
2002-08-28 21:04:11 +00:00
|
|
|
carrying fragment of data. (either
|
2002-03-27 07:41:20 +00:00
|
|
|
because we have not received expected
|
|
|
|
amount of data, or because the packet before
|
|
|
|
had "F"ragment flag set.)
|
|
|
|
|
2002-08-28 21:04:11 +00:00
|
|
|
The situation is alleviated by fact that it
|
|
|
|
is simple ack/nack protcol so there's no
|
|
|
|
place for out-of-order packets like it is
|
|
|
|
possible with IP.
|
2002-03-27 07:41:20 +00:00
|
|
|
|
|
|
|
Anyway, point of this lengthy essay is that
|
|
|
|
we have to keep state information in the
|
2002-08-28 21:04:11 +00:00
|
|
|
conversation, so that we can put ourselves in
|
2002-03-27 07:41:20 +00:00
|
|
|
defragmenting mode and wait for the last packet,
|
|
|
|
and have to attach state to frames as well, so
|
|
|
|
that we can handle defragmentation after the
|
|
|
|
first pass through the capture.
|
|
|
|
*/
|
|
|
|
/* See if we have a remembered defragmentation EAP ID. */
|
|
|
|
packet_state = p_get_proto_data(pinfo->fd, proto_eap);
|
|
|
|
if (packet_state == NULL) {
|
|
|
|
/*
|
|
|
|
* We haven't - does this message require reassembly?
|
|
|
|
*/
|
|
|
|
if (!pinfo->fd->flags.visited) {
|
|
|
|
/*
|
|
|
|
* This is the first time we've looked at this frame,
|
|
|
|
* so it wouldn't have any remembered information.
|
|
|
|
*
|
|
|
|
* Therefore, we check whether this conversation has
|
|
|
|
* a reassembly operation in progress, or whether
|
|
|
|
* this frame has the Fragment flag set.
|
|
|
|
*/
|
|
|
|
if (conversation_state->eap_tls_seq != -1) {
|
|
|
|
/*
|
2002-03-28 09:51:17 +00:00
|
|
|
* There's a reassembly in progress; the sequence number
|
|
|
|
* of the previous fragment is
|
|
|
|
* "conversation_state->eap_tls_seq", and the reassembly
|
|
|
|
* ID is "conversation_state->eap_reass_cookie".
|
2002-03-27 07:41:20 +00:00
|
|
|
*
|
|
|
|
* We must include this frame in the reassembly.
|
|
|
|
* We advance the sequence number, giving us the
|
|
|
|
* sequence number for this fragment.
|
|
|
|
*/
|
2002-03-28 09:51:17 +00:00
|
|
|
needs_reassembly = TRUE;
|
2002-03-27 07:41:20 +00:00
|
|
|
conversation_state->eap_tls_seq++;
|
2002-03-28 09:51:17 +00:00
|
|
|
|
|
|
|
eap_reass_cookie = conversation_state->eap_reass_cookie;
|
2002-03-27 07:41:20 +00:00
|
|
|
eap_tls_seq = conversation_state->eap_tls_seq;
|
|
|
|
} else if (more_fragments && has_length) {
|
|
|
|
/*
|
|
|
|
* This message has the Fragment flag set, so it requires
|
|
|
|
* reassembly. It's the message containing the first
|
2002-03-28 09:51:17 +00:00
|
|
|
* fragment (if it's a later fragment, the sequence
|
|
|
|
* number in the conversation state would not be -1).
|
2002-03-27 07:41:20 +00:00
|
|
|
*
|
|
|
|
* If it doesn't include a length, however, we can't
|
|
|
|
* do reassembly (either the message is in error, as
|
|
|
|
* the first fragment *must* contain a length, or we
|
|
|
|
* didn't capture the first fragment, and this just
|
|
|
|
* happens to be the first fragment we saw), so we
|
|
|
|
* also check that we have a length;
|
|
|
|
*/
|
2002-03-28 09:51:17 +00:00
|
|
|
needs_reassembly = TRUE;
|
|
|
|
conversation_state->eap_reass_cookie = pinfo->fd->num;
|
2002-03-27 07:41:20 +00:00
|
|
|
|
|
|
|
/*
|
2002-03-28 09:51:17 +00:00
|
|
|
* Start the reassembly sequence number at 0.
|
2002-03-27 07:41:20 +00:00
|
|
|
*/
|
|
|
|
conversation_state->eap_tls_seq = 0;
|
2002-03-28 09:51:17 +00:00
|
|
|
|
2002-03-27 07:41:20 +00:00
|
|
|
eap_tls_seq = conversation_state->eap_tls_seq;
|
2002-03-28 09:51:17 +00:00
|
|
|
eap_reass_cookie = conversation_state->eap_reass_cookie;
|
2002-03-27 07:41:20 +00:00
|
|
|
}
|
|
|
|
|
2002-03-28 09:51:17 +00:00
|
|
|
if (needs_reassembly) {
|
2002-03-27 07:41:20 +00:00
|
|
|
/*
|
2002-03-28 09:51:17 +00:00
|
|
|
* This frame requires reassembly; remember the reassembly
|
|
|
|
* ID for subsequent accesses to it.
|
2002-03-27 07:41:20 +00:00
|
|
|
*/
|
2005-08-12 23:29:19 +00:00
|
|
|
packet_state = se_alloc(sizeof (frame_state_t));
|
2002-03-28 09:51:17 +00:00
|
|
|
packet_state->info = eap_reass_cookie;
|
2002-03-27 07:41:20 +00:00
|
|
|
p_add_proto_data(pinfo->fd, proto_eap, packet_state);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
/*
|
2002-03-28 09:51:17 +00:00
|
|
|
* This frame has a reassembly cookie associated with it, so
|
2002-03-27 07:41:20 +00:00
|
|
|
* it requires reassembly. We've already done the
|
|
|
|
* reassembly in the first pass, so "fragment_add_seq()"
|
|
|
|
* won't look at the sequence number; set it to 0.
|
|
|
|
*
|
|
|
|
* XXX - a frame isn't supposed to have more than one
|
|
|
|
* EAP message in it, but if it includes both an EAP-TLS
|
|
|
|
* message and a LEAP message, we might be mistakenly
|
|
|
|
* concluding it requires reassembly because the "info"
|
|
|
|
* field isn't -1. We could, I guess, pack both EAP-TLS
|
|
|
|
* ID and LEAP state into the structure, but that doesn't
|
|
|
|
* work if you have multiple EAP-TLS or LEAP messages in
|
|
|
|
* the frame.
|
|
|
|
*
|
|
|
|
* But it's not clear how much work we should do to handle
|
|
|
|
* a bogus message such as that; as long as we don't crash
|
|
|
|
* or do something else equally horrible, we may not
|
|
|
|
* have to worry about this at all.
|
|
|
|
*/
|
2002-03-28 09:51:17 +00:00
|
|
|
needs_reassembly = TRUE;
|
|
|
|
eap_reass_cookie = packet_state->info;
|
2002-03-27 07:41:20 +00:00
|
|
|
eap_tls_seq = 0;
|
|
|
|
}
|
|
|
|
|
2002-08-28 21:04:11 +00:00
|
|
|
/*
|
|
|
|
We test here to see whether EAP-TLS packet
|
|
|
|
carry fragmented of TLS data.
|
2002-03-27 07:41:20 +00:00
|
|
|
|
2002-03-28 09:51:17 +00:00
|
|
|
If this is the case, we do reasembly below,
|
2002-03-27 07:41:20 +00:00
|
|
|
otherwise we just call dissector.
|
|
|
|
*/
|
2002-03-28 09:51:17 +00:00
|
|
|
if (needs_reassembly) {
|
2002-03-27 07:41:20 +00:00
|
|
|
fragment_data *fd_head = NULL;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Yes, this frame contains a fragment that requires
|
|
|
|
* reassembly.
|
|
|
|
*/
|
|
|
|
save_fragmented = pinfo->fragmented;
|
|
|
|
pinfo->fragmented = TRUE;
|
2002-08-28 21:04:11 +00:00
|
|
|
fd_head = fragment_add_seq(tvb, offset, pinfo,
|
2002-03-28 09:51:17 +00:00
|
|
|
eap_reass_cookie,
|
2002-03-27 07:41:20 +00:00
|
|
|
eaptls_fragment_table,
|
2002-08-28 21:04:11 +00:00
|
|
|
eap_tls_seq,
|
2002-03-27 07:41:20 +00:00
|
|
|
size,
|
|
|
|
more_fragments);
|
|
|
|
|
|
|
|
if (fd_head != NULL) /* Reassembled */
|
|
|
|
{
|
2005-06-02 20:55:58 +00:00
|
|
|
proto_item *frag_tree_item;
|
2002-03-27 07:41:20 +00:00
|
|
|
|
2009-05-13 19:46:11 +00:00
|
|
|
next_tvb = tvb_new_child_real_data(tvb, fd_head->data,
|
2002-03-27 07:41:20 +00:00
|
|
|
fd_head->len,
|
|
|
|
fd_head->len);
|
2002-06-04 07:03:57 +00:00
|
|
|
add_new_data_source(pinfo, next_tvb, "Reassembled EAP-TLS");
|
2002-06-07 10:11:41 +00:00
|
|
|
|
|
|
|
show_fragment_seq_tree(fd_head, &eaptls_frag_items,
|
2005-06-02 20:55:58 +00:00
|
|
|
eap_tree, pinfo, next_tvb, &frag_tree_item);
|
2002-06-07 10:11:41 +00:00
|
|
|
|
2002-03-27 07:41:20 +00:00
|
|
|
call_dissector(ssl_handle, next_tvb, pinfo, eap_tree);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* We're finished reassembing this frame.
|
|
|
|
* Reinitialize the reassembly state.
|
|
|
|
*/
|
2002-03-28 09:51:17 +00:00
|
|
|
if (!pinfo->fd->flags.visited)
|
2002-03-27 07:41:20 +00:00
|
|
|
conversation_state->eap_tls_seq = -1;
|
|
|
|
}
|
|
|
|
|
|
|
|
pinfo->fragmented = save_fragmented;
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2002-03-27 07:41:20 +00:00
|
|
|
} else { /* this data is NOT fragmented */
|
|
|
|
next_tvb = tvb_new_subset(tvb, offset, tvb_len, size);
|
|
|
|
call_dissector(ssl_handle, next_tvb, pinfo, eap_tree);
|
|
|
|
}
|
2002-03-22 11:41:59 +00:00
|
|
|
}
|
|
|
|
}
|
2002-03-23 21:24:38 +00:00
|
|
|
break; /* EAP_TYPE_TLS */
|
2002-03-27 07:41:20 +00:00
|
|
|
/*********************************************************************
|
|
|
|
Cisco's Lightweight EAP (LEAP)
|
|
|
|
http://www.missl.cs.umd.edu/wireless/ethereal/leap.txt
|
|
|
|
**********************************************************************/
|
2002-03-22 11:41:59 +00:00
|
|
|
case EAP_TYPE_LEAP:
|
|
|
|
{
|
|
|
|
guint8 field,count,namesize;
|
2002-03-18 00:26:27 +00:00
|
|
|
|
2002-03-22 11:41:59 +00:00
|
|
|
/* Version (byte) */
|
|
|
|
if (tree) {
|
2002-03-18 00:26:27 +00:00
|
|
|
field = tvb_get_guint8(tvb, offset);
|
2002-08-28 21:04:11 +00:00
|
|
|
proto_tree_add_text(eap_tree, tvb, offset, 1,
|
2002-03-19 20:55:40 +00:00
|
|
|
"Version: %i",field);
|
2002-03-22 11:41:59 +00:00
|
|
|
}
|
|
|
|
size--;
|
|
|
|
offset++;
|
2002-03-18 00:26:27 +00:00
|
|
|
|
2002-03-22 11:41:59 +00:00
|
|
|
/* Unused (byte) */
|
|
|
|
if (tree) {
|
2002-03-18 00:26:27 +00:00
|
|
|
field = tvb_get_guint8(tvb, offset);
|
2002-08-28 21:04:11 +00:00
|
|
|
proto_tree_add_text(eap_tree, tvb, offset, 1,
|
2002-03-19 20:55:40 +00:00
|
|
|
"Reserved: %i",field);
|
2002-03-22 11:41:59 +00:00
|
|
|
}
|
|
|
|
size--;
|
|
|
|
offset++;
|
2002-03-18 00:26:27 +00:00
|
|
|
|
2002-03-22 11:41:59 +00:00
|
|
|
/* Count (byte) */
|
|
|
|
count = tvb_get_guint8(tvb, offset);
|
|
|
|
if (tree) {
|
2002-08-28 21:04:11 +00:00
|
|
|
proto_tree_add_text(eap_tree, tvb, offset, 1,
|
2002-03-19 20:55:40 +00:00
|
|
|
"Count: %i",count);
|
2002-03-22 11:41:59 +00:00
|
|
|
}
|
|
|
|
size--;
|
|
|
|
offset++;
|
2002-03-18 00:26:27 +00:00
|
|
|
|
2002-03-23 21:24:38 +00:00
|
|
|
/* Data (byte*Count) */
|
|
|
|
/* This part is state-dependent. */
|
|
|
|
|
|
|
|
/* See if we've already remembered the state. */
|
|
|
|
packet_state = p_get_proto_data(pinfo->fd, proto_eap);
|
|
|
|
if (packet_state == NULL) {
|
|
|
|
/*
|
|
|
|
* We haven't - compute the state based on the current
|
|
|
|
* state in the conversation.
|
|
|
|
*/
|
2002-03-27 07:41:20 +00:00
|
|
|
leap_state = conversation_state->leap_state;
|
2002-08-28 21:04:11 +00:00
|
|
|
|
2002-03-23 21:24:38 +00:00
|
|
|
/* Advance the state machine. */
|
|
|
|
if (leap_state==0) leap_state = 1; else
|
|
|
|
if (leap_state==1) leap_state = 2; else
|
|
|
|
if (leap_state==2) leap_state = 3; else
|
|
|
|
if (leap_state==3) leap_state = 4; else
|
|
|
|
if (leap_state==4) leap_state = -1;
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Remember the state for subsequent accesses to this
|
|
|
|
* frame.
|
|
|
|
*/
|
2005-08-12 23:29:19 +00:00
|
|
|
packet_state = se_alloc(sizeof (frame_state_t));
|
2002-03-27 07:41:20 +00:00
|
|
|
packet_state->info = leap_state;
|
2002-03-23 21:24:38 +00:00
|
|
|
p_add_proto_data(pinfo->fd, proto_eap, packet_state);
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Update the conversation's state.
|
|
|
|
*/
|
2002-03-27 07:41:20 +00:00
|
|
|
conversation_state->leap_state = leap_state;
|
2002-03-22 11:41:59 +00:00
|
|
|
}
|
|
|
|
|
2002-03-23 21:24:38 +00:00
|
|
|
/* Get the remembered state. */
|
2002-03-27 07:41:20 +00:00
|
|
|
leap_state = packet_state->info;
|
2002-03-23 21:24:38 +00:00
|
|
|
|
2002-08-28 21:04:11 +00:00
|
|
|
if (tree) {
|
2002-03-23 21:24:38 +00:00
|
|
|
|
|
|
|
if (leap_state==1) {
|
2002-08-28 21:04:11 +00:00
|
|
|
proto_tree_add_text(eap_tree, tvb, offset, count,
|
2002-03-23 21:24:38 +00:00
|
|
|
"Peer Challenge [8] Random Value:\"%s\"",
|
2002-03-19 11:33:08 +00:00
|
|
|
tvb_bytes_to_str(tvb, offset, count));
|
2002-03-23 21:24:38 +00:00
|
|
|
} else if (leap_state==2) {
|
2002-08-28 21:04:11 +00:00
|
|
|
proto_tree_add_text(eap_tree, tvb, offset, count,
|
2002-03-23 21:24:38 +00:00
|
|
|
"Peer Response [24] NtChallengeResponse(%s)",
|
2002-03-19 11:33:08 +00:00
|
|
|
tvb_bytes_to_str(tvb, offset, count));
|
2002-03-23 21:24:38 +00:00
|
|
|
} else if (leap_state==3) {
|
2002-08-28 21:04:11 +00:00
|
|
|
proto_tree_add_text(eap_tree, tvb, offset, count,
|
2002-03-23 21:24:38 +00:00
|
|
|
"AP Challenge [8] Random Value:\"%s\"",
|
2002-03-19 11:33:08 +00:00
|
|
|
tvb_bytes_to_str(tvb, offset, count));
|
2002-03-23 21:24:38 +00:00
|
|
|
} else if (leap_state==4) {
|
2002-08-28 21:04:11 +00:00
|
|
|
proto_tree_add_text(eap_tree, tvb, offset, count,
|
2002-03-23 21:24:38 +00:00
|
|
|
"AP Response [24] ChallengeResponse(%s)",
|
2002-03-19 11:33:08 +00:00
|
|
|
tvb_bytes_to_str(tvb, offset, count));
|
2002-03-23 21:24:38 +00:00
|
|
|
} else {
|
2002-08-28 21:04:11 +00:00
|
|
|
proto_tree_add_text(eap_tree, tvb, offset, count,
|
2002-03-23 21:24:38 +00:00
|
|
|
"Data (%d byte%s): \"%s\"",
|
2002-03-18 00:26:27 +00:00
|
|
|
count, plurality(count, "", "s"),
|
2002-03-19 11:33:08 +00:00
|
|
|
tvb_bytes_to_str(tvb, offset, count));
|
2002-03-22 11:41:59 +00:00
|
|
|
}
|
2002-03-23 21:24:38 +00:00
|
|
|
|
|
|
|
} /* END: if (tree) */
|
|
|
|
|
2002-03-18 00:26:27 +00:00
|
|
|
|
2002-03-22 11:41:59 +00:00
|
|
|
size -= count;
|
|
|
|
offset += count;
|
2002-03-18 00:26:27 +00:00
|
|
|
|
2002-03-22 11:41:59 +00:00
|
|
|
/* Name (Length-(8+Count)) */
|
|
|
|
namesize = eap_len - (8+count);
|
|
|
|
if (tree) {
|
2002-08-28 21:04:11 +00:00
|
|
|
proto_tree_add_text(eap_tree, tvb, offset, namesize,
|
2002-03-18 00:26:27 +00:00
|
|
|
"Name (%d byte%s): %s",
|
|
|
|
namesize, plurality(count, "", "s"),
|
|
|
|
tvb_format_text(tvb, offset, namesize));
|
|
|
|
}
|
2002-03-22 11:41:59 +00:00
|
|
|
size -= namesize;
|
|
|
|
offset += namesize;
|
|
|
|
}
|
2002-03-23 21:24:38 +00:00
|
|
|
|
|
|
|
break; /* EAP_TYPE_LEAP */
|
2004-07-04 10:26:01 +00:00
|
|
|
/*********************************************************************
|
|
|
|
EAP-MSCHAPv2 - draft-kamath-pppext-eap-mschapv2-00.txt
|
|
|
|
**********************************************************************/
|
|
|
|
case EAP_TYPE_MSCHAPV2:
|
|
|
|
if (tree)
|
|
|
|
dissect_eap_mschapv2(eap_tree, tvb, offset, size);
|
|
|
|
break; /* EAP_TYPE_MSCHAPV2 */
|
|
|
|
/*********************************************************************
|
2004-09-04 20:13:42 +00:00
|
|
|
EAP-SIM - draft-haverinen-pppext-eap-sim-13.txt
|
2004-07-04 10:26:01 +00:00
|
|
|
**********************************************************************/
|
|
|
|
case EAP_TYPE_SIM:
|
|
|
|
if (tree)
|
|
|
|
dissect_eap_sim(eap_tree, tvb, offset, size);
|
|
|
|
break; /* EAP_TYPE_SIM */
|
2004-09-04 20:13:42 +00:00
|
|
|
/*********************************************************************
|
|
|
|
EAP-AKA - draft-arkko-pppext-eap-aka-12.txt
|
|
|
|
**********************************************************************/
|
|
|
|
case EAP_TYPE_AKA:
|
2010-01-27 18:16:07 +00:00
|
|
|
case EAP_TYPE_AKA_PRIME:
|
2004-09-04 20:13:42 +00:00
|
|
|
if (tree)
|
|
|
|
dissect_eap_aka(eap_tree, tvb, offset, size);
|
|
|
|
break; /* EAP_TYPE_AKA */
|
2007-11-23 17:48:28 +00:00
|
|
|
/*********************************************************************
|
|
|
|
EAP Expanded Type
|
|
|
|
**********************************************************************/
|
|
|
|
case EAP_TYPE_EXT:
|
|
|
|
if (tree) {
|
|
|
|
proto_item *expti = NULL;
|
|
|
|
proto_tree *exptree = NULL;
|
|
|
|
|
|
|
|
expti = proto_tree_add_text(eap_tree, tvb, offset, size, "Expanded Type");
|
|
|
|
exptree = proto_item_add_subtree(expti, ett_eap_exp_attr);
|
|
|
|
dissect_exteap(exptree, tvb, offset, size, pinfo);
|
|
|
|
}
|
|
|
|
break;
|
2002-03-27 07:41:20 +00:00
|
|
|
/*********************************************************************
|
|
|
|
**********************************************************************/
|
2002-03-22 11:41:59 +00:00
|
|
|
default:
|
|
|
|
if (tree) {
|
2002-08-28 21:04:11 +00:00
|
|
|
proto_tree_add_text(eap_tree, tvb, offset, size,
|
2002-02-25 23:28:32 +00:00
|
|
|
"Type-Data (%d byte%s) Value: %s",
|
|
|
|
size, plurality(size, "", "s"),
|
2002-03-19 11:33:08 +00:00
|
|
|
tvb_bytes_to_str(tvb, offset, size));
|
2002-02-25 23:28:32 +00:00
|
|
|
}
|
2002-03-22 11:41:59 +00:00
|
|
|
break;
|
2002-03-27 07:41:20 +00:00
|
|
|
/*********************************************************************
|
|
|
|
**********************************************************************/
|
2002-03-23 21:24:38 +00:00
|
|
|
} /* switch (eap_type) */
|
2002-03-27 07:41:20 +00:00
|
|
|
|
2001-11-06 20:30:40 +00:00
|
|
|
}
|
2002-03-23 21:24:38 +00:00
|
|
|
|
|
|
|
} /* switch (eap_code) */
|
2002-02-26 11:55:39 +00:00
|
|
|
|
|
|
|
return tvb_length(tvb);
|
|
|
|
}
|
|
|
|
|
2001-11-06 20:30:40 +00:00
|
|
|
void
|
|
|
|
proto_register_eap(void)
|
|
|
|
{
|
|
|
|
static hf_register_info hf[] = {
|
2002-08-28 21:04:11 +00:00
|
|
|
{ &hf_eap_code, {
|
|
|
|
"Code", "eap.code", FT_UINT8, BASE_DEC,
|
2009-05-07 21:13:32 +00:00
|
|
|
VALS(eap_code_vals), 0x0, NULL, HFILL }},
|
2001-11-06 20:30:40 +00:00
|
|
|
{ &hf_eap_identifier, {
|
|
|
|
"Id", "eap.id", FT_UINT8, BASE_DEC,
|
2009-05-07 21:13:32 +00:00
|
|
|
NULL, 0x0, NULL, HFILL }},
|
2001-11-06 20:30:40 +00:00
|
|
|
{ &hf_eap_len, {
|
|
|
|
"Length", "eap.len", FT_UINT16, BASE_DEC,
|
2009-05-07 21:13:32 +00:00
|
|
|
NULL, 0x0, NULL, HFILL }},
|
2002-08-28 21:04:11 +00:00
|
|
|
{ &hf_eap_type, {
|
|
|
|
"Type", "eap.type", FT_UINT8, BASE_DEC,
|
2009-05-07 21:13:32 +00:00
|
|
|
VALS(eap_type_vals), 0x0, NULL, HFILL }},
|
2002-08-28 21:04:11 +00:00
|
|
|
{ &hf_eap_type_nak, {
|
2002-09-07 23:49:58 +00:00
|
|
|
"Desired Auth Type", "eap.desired_type", FT_UINT8, BASE_DEC,
|
2009-05-07 21:13:32 +00:00
|
|
|
VALS(eap_type_vals), 0x0, NULL, HFILL }},
|
2002-03-27 07:41:20 +00:00
|
|
|
{ &hf_eaptls_fragment,
|
2002-08-28 21:04:11 +00:00
|
|
|
{ "EAP-TLS Fragment", "eaptls.fragment",
|
2002-12-19 11:22:38 +00:00
|
|
|
FT_FRAMENUM, BASE_NONE, NULL, 0x0,
|
2009-05-07 21:13:32 +00:00
|
|
|
NULL, HFILL }},
|
2002-03-27 07:41:20 +00:00
|
|
|
{ &hf_eaptls_fragments,
|
2002-08-28 21:04:11 +00:00
|
|
|
{ "EAP-TLS Fragments", "eaptls.fragments",
|
2002-03-27 07:41:20 +00:00
|
|
|
FT_NONE, BASE_NONE, NULL, 0x0,
|
2009-05-07 21:13:32 +00:00
|
|
|
NULL, HFILL }},
|
2002-06-07 10:11:41 +00:00
|
|
|
{ &hf_eaptls_fragment_overlap,
|
|
|
|
{ "Fragment overlap", "eaptls.fragment.overlap",
|
|
|
|
FT_BOOLEAN, BASE_NONE, NULL, 0x0,
|
|
|
|
"Fragment overlaps with other fragments", HFILL }},
|
|
|
|
{ &hf_eaptls_fragment_overlap_conflict,
|
|
|
|
{ "Conflicting data in fragment overlap", "eaptls.fragment.overlap.conflict",
|
|
|
|
FT_BOOLEAN, BASE_NONE, NULL, 0x0,
|
|
|
|
"Overlapping fragments contained conflicting data", HFILL }},
|
|
|
|
{ &hf_eaptls_fragment_multiple_tails,
|
|
|
|
{ "Multiple tail fragments found", "eaptls.fragment.multipletails",
|
|
|
|
FT_BOOLEAN, BASE_NONE, NULL, 0x0,
|
|
|
|
"Several tails were found when defragmenting the packet", HFILL }},
|
|
|
|
{ &hf_eaptls_fragment_too_long_fragment,
|
|
|
|
{ "Fragment too long", "eaptls.fragment.toolongfragment",
|
|
|
|
FT_BOOLEAN, BASE_NONE, NULL, 0x0,
|
|
|
|
"Fragment contained data past end of packet", HFILL }},
|
|
|
|
{ &hf_eaptls_fragment_error,
|
|
|
|
{ "Defragmentation error", "eaptls.fragment.error",
|
2002-12-19 11:22:38 +00:00
|
|
|
FT_FRAMENUM, BASE_NONE, NULL, 0x0,
|
2002-06-07 10:11:41 +00:00
|
|
|
"Defragmentation error due to illegal fragments", HFILL }},
|
2010-02-02 16:01:52 +00:00
|
|
|
{ &hf_eaptls_reassembled_length,
|
2010-02-06 18:20:21 +00:00
|
|
|
{ "Reassembled EAP-TLS length", "eaptls.reassembled.length",
|
2010-02-02 16:01:52 +00:00
|
|
|
FT_UINT32, BASE_DEC, NULL, 0x0,
|
|
|
|
"The total length of the reassembled payload", HFILL }},
|
2007-11-23 17:48:28 +00:00
|
|
|
|
|
|
|
/* Expanded type fields */
|
|
|
|
{ &hf_eapext_vendorid,
|
|
|
|
{ "Vendor Id", "eap.ext.vendor_id",
|
|
|
|
FT_UINT16, BASE_HEX, VALS(eapext_vendorid_vals), 0x0,
|
2009-05-07 21:13:32 +00:00
|
|
|
NULL, HFILL }},
|
2007-11-23 17:48:28 +00:00
|
|
|
{ &hf_eapext_vendortype,
|
|
|
|
{ "Vendor Type", "eap.ext.vendor_type",
|
|
|
|
FT_UINT8, BASE_HEX, VALS(eapext_vendortype_vals), 0x0,
|
2009-05-07 21:13:32 +00:00
|
|
|
NULL, HFILL }}
|
2007-11-23 17:48:28 +00:00
|
|
|
|
2001-11-06 20:30:40 +00:00
|
|
|
};
|
|
|
|
static gint *ett[] = {
|
|
|
|
&ett_eap,
|
2002-03-27 07:41:20 +00:00
|
|
|
&ett_eaptls_fragment,
|
|
|
|
&ett_eaptls_fragments,
|
2004-07-04 10:26:01 +00:00
|
|
|
&ett_eap_sim_attr,
|
2004-09-04 20:13:42 +00:00
|
|
|
&ett_eap_aka_attr,
|
2009-05-07 21:13:32 +00:00
|
|
|
&ett_eap_exp_attr
|
2001-11-06 20:30:40 +00:00
|
|
|
};
|
|
|
|
|
2002-08-28 21:04:11 +00:00
|
|
|
proto_eap = proto_register_protocol("Extensible Authentication Protocol",
|
2001-11-06 20:30:40 +00:00
|
|
|
"EAP", "eap");
|
|
|
|
proto_register_field_array(proto_eap, hf, array_length(hf));
|
|
|
|
proto_register_subtree_array(ett, array_length(ett));
|
2002-02-22 21:31:49 +00:00
|
|
|
|
2002-02-26 11:55:39 +00:00
|
|
|
new_register_dissector("eap", dissect_eap, proto_eap);
|
2002-03-27 07:41:20 +00:00
|
|
|
register_init_routine(eaptls_defragment_init);
|
2001-11-06 20:30:40 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
void
|
|
|
|
proto_reg_handoff_eap(void)
|
|
|
|
{
|
2001-12-03 04:00:26 +00:00
|
|
|
dissector_handle_t eap_handle;
|
|
|
|
|
2002-02-25 23:28:32 +00:00
|
|
|
/*
|
|
|
|
* Get a handle for the SSL/TLS dissector.
|
|
|
|
*/
|
|
|
|
ssl_handle = find_dissector("ssl");
|
|
|
|
|
2002-02-22 21:31:49 +00:00
|
|
|
eap_handle = find_dissector("eap");
|
2001-12-03 04:00:26 +00:00
|
|
|
dissector_add("ppp.protocol", PPP_EAP, eap_handle);
|
2001-11-06 20:30:40 +00:00
|
|
|
}
|