diff --git a/epan/dissectors/CMakeLists.txt b/epan/dissectors/CMakeLists.txt index 3e576e49fe..1d93a4ead3 100644 --- a/epan/dissectors/CMakeLists.txt +++ b/epan/dissectors/CMakeLists.txt @@ -1619,6 +1619,7 @@ set(DISSECTOR_SRC ${CMAKE_CURRENT_SOURCE_DIR}/packet-pdcp-lte.c ${CMAKE_CURRENT_SOURCE_DIR}/packet-pdcp-nr.c ${CMAKE_CURRENT_SOURCE_DIR}/packet-pdu-transport.c + ${CMAKE_CURRENT_SOURCE_DIR}/packet-peap.c ${CMAKE_CURRENT_SOURCE_DIR}/packet-peekremote.c ${CMAKE_CURRENT_SOURCE_DIR}/packet-per.c ${CMAKE_CURRENT_SOURCE_DIR}/packet-pfcp.c diff --git a/epan/dissectors/packet-eap.c b/epan/dissectors/packet-eap.c index 21507ea9ff..610e663658 100644 --- a/epan/dissectors/packet-eap.c +++ b/epan/dissectors/packet-eap.c @@ -191,6 +191,7 @@ static dissector_handle_t eap_handle; static dissector_handle_t tls_handle; static dissector_handle_t diameter_avps_handle; +static dissector_handle_t peap_handle; static dissector_handle_t teap_handle; static dissector_handle_t isakmp_handle; @@ -2170,7 +2171,8 @@ dissect_eap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_) tls_set_appdata_dissector(tls_handle, pinfo, diameter_avps_handle); break; case EAP_TYPE_PEAP: - tls_set_appdata_dissector(tls_handle, pinfo, eap_handle); + p_add_proto_data(pinfo->pool, pinfo, proto_eap, PROTO_DATA_EAP_TVB, tvb); + tls_set_appdata_dissector(tls_handle, pinfo, peap_handle); break; case EAP_TYPE_TEAP: tls_set_appdata_dissector(tls_handle, pinfo, teap_handle); @@ -3232,6 +3234,7 @@ proto_reg_handoff_eap(void) */ tls_handle = find_dissector_add_dependency("tls", proto_eap); diameter_avps_handle = find_dissector_add_dependency("diameter_avps", proto_eap); + peap_handle = find_dissector_add_dependency("peap", proto_eap); teap_handle = find_dissector_add_dependency("teap", proto_eap); isakmp_handle = find_dissector_add_dependency("isakmp", proto_eap); diff --git a/epan/dissectors/packet-peap.c b/epan/dissectors/packet-peap.c new file mode 100644 index 0000000000..c7c733f83a --- /dev/null +++ b/epan/dissectors/packet-peap.c @@ -0,0 +1,125 @@ +/* packet-peap.c + * Routines for PEAP (Protected Extensible Authentication Protocol) + * draft-kamath-pppext-peapv0 + * + * Wireshark - Network traffic analyzer + * By Gerald Combs + * Copyright 1998 Gerald Combs + * + * SPDX-License-Identifier: GPL-2.0-or-later + */ + +#include "config.h" + +#include + +#include +#include +#include +#include +#include + +void proto_register_peap(void); +void proto_reg_handoff_peap(void); + +static int proto_peap = -1; +static int proto_eap = -1; + +static dissector_handle_t peap_handle; +static dissector_handle_t eap_handle; + +/* + From draft-kamath-pppext-peapv0, sec 1.1 + + 0 1 2 3 + 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Code | Identifier | Length | <-- NOT sent + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + | Type | Value... + +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ + + This matches the format of an EAP header but... + * 'Code', 'Identifier' and 'Length' are NOT sent over the wire + * 'Code' and 'Identifier' are extracted from the *outer* EAP header + * 'Length' is derived from the PEAP packet (ie. TLS data frame) + * ...when 'Type' is 33, the full EAP header is sent +*/ + +#define EAP_TLS_FLAGS_OFFSET 5 +#define EAP_TLS_FLAGS_VERSION 0x07 /* mask */ + +static int +dissect_peap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_) +{ + int version; + int len; + int offset = 0; + tvbuff_t *eap_tvb, *eap_len_tvb, *next_tvb; + guchar *eap_len_buf; + + col_set_str(pinfo->cinfo, COL_PROTOCOL, "PEAP"); + col_clear(pinfo->cinfo, COL_INFO); + + len = tvb_reported_length(tvb); + + eap_tvb = (tvbuff_t *)p_get_proto_data(pinfo->pool, pinfo, proto_eap, PROTO_DATA_EAP_TVB); + version = tvb_get_guint8(eap_tvb, EAP_TLS_FLAGS_OFFSET) & EAP_TLS_FLAGS_VERSION; + if (version > 0) { /* FIXME support v1 and v2 */ + goto ret; + } + + if (!( len >= 5 + && tvb_get_bits(tvb, offset, 16, ENC_BIG_ENDIAN) == tvb_get_bits(eap_tvb, 0, 16, ENC_BIG_ENDIAN) + && tvb_get_guint16(tvb, offset + 2, ENC_BIG_ENDIAN) <= tvb_get_guint16(eap_tvb, 2, ENC_BIG_ENDIAN) + && ( + (tvb_get_guint8(eap_tvb, 0) == EAP_REQUEST && tvb_get_guint8(tvb, offset + 4) == EAP_TYPE_ID) + || tvb_get_guint8(tvb, offset + 4) == EAP_TYPE_MSAUTH_TLV + ))) { + eap_len_buf = (guchar *)wmem_alloc(pinfo->pool, 2); + eap_len_tvb = tvb_new_child_real_data(tvb, eap_len_buf, 2, 2); + phton16(eap_len_buf, 4 + len); + + next_tvb = tvb_new_composite(); + tvb_composite_append(next_tvb, tvb_new_subset_length(eap_tvb, 0, 2)); + tvb_composite_append(next_tvb, eap_len_tvb); + tvb_composite_append(next_tvb, tvb_new_subset_length(tvb, offset, 4 + len)); + tvb_composite_finalize(next_tvb); + + add_new_data_source(pinfo, next_tvb, "Pseudo EAP"); + } else { + next_tvb = tvb; + } + + call_dissector(eap_handle, next_tvb, pinfo, tree); + +ret: + return len; +} + +void +proto_register_peap(void) +{ + proto_peap = proto_register_protocol("Protected Extensible Authentication Protocol", + "PEAP", "peap"); + peap_handle = register_dissector("peap", dissect_peap, proto_peap); +} + +void +proto_reg_handoff_peap(void) +{ + proto_eap = proto_get_id_by_filter_name("eap"); + eap_handle = find_dissector_add_dependency("eap", proto_peap); +} +/* + * Editor modelines + * + * Local Variables: + * c-basic-offset: 2 + * tab-width: 8 + * indent-tabs-mode: nil + * End: + * + * ex: set shiftwidth=2 tabstop=8 expandtab: + * :indentSize=2:tabSize=8:noTabs=true: + */ diff --git a/epan/eap.h b/epan/eap.h index bf0a59f5b6..deb84e536c 100644 --- a/epan/eap.h +++ b/epan/eap.h @@ -78,6 +78,7 @@ WS_DLL_PUBLIC const value_string eap_ms_chap_v2_opcode_vals[]; typedef enum { PROTO_DATA_EAP_DUPLICATE_ID, PROTO_DATA_EAP_FRAME_STATE, + PROTO_DATA_EAP_TVB, } proto_data_eap; typedef struct _eap_vendor_context {