diff options
| author | Herwin Weststrate <herwin@quarantainenet.nl> | 2015-07-22 17:03:56 +0200 |
|---|---|---|
| committer | Herwin Weststrate <herwin@quarantainenet.nl> | 2015-12-15 18:42:04 +0100 |
| commit | 266720f258d96234610c25de7b6407e5cf5ef3b2 (patch) | |
| tree | a2fafecdc92aa295e5722c8247ec300e22987d25 | |
| parent | f25ed1f812ec8eddf9702d54f16e5aa15c371271 (diff) | |
| download | tcpdump-266720f258d96234610c25de7b6407e5cf5ef3b2.tar.gz | |
Translate UDP/1700 as RADIUS
Used for Cisco CoA/Disconnect, as shown on https://supportforums.cisco.com/discussion/11719766/ise-112-change-authorization-avaya-switches-5520. The RFC says port 3799, but Cisco does this otherwise, which means this is not an officially reserved port for RADIUS.
| -rw-r--r-- | print-udp.c | 1 | ||||
| -rw-r--r-- | tests/RADIUS-port1700.pcap | bin | 0 -> 107 bytes | |||
| -rw-r--r-- | tests/TESTLIST | 1 | ||||
| -rw-r--r-- | tests/radius-port1700-v.out | 4 | ||||
| -rw-r--r-- | udp.h | 3 |
5 files changed, 9 insertions, 0 deletions
diff --git a/print-udp.c b/print-udp.c index 313a332c..37679eb1 100644 --- a/print-udp.c +++ b/print-udp.c @@ -613,6 +613,7 @@ udp_print(netdissect_options *ndo, register const u_char *bp, u_int length, IS_SRC_OR_DST_PORT(RADIUS_NEW_PORT) || IS_SRC_OR_DST_PORT(RADIUS_ACCOUNTING_PORT) || IS_SRC_OR_DST_PORT(RADIUS_NEW_ACCOUNTING_PORT) || + IS_SRC_OR_DST_PORT(RADIUS_CISCO_COA_PORT) || IS_SRC_OR_DST_PORT(RADIUS_COA_PORT) ) radius_print(ndo, (const u_char *)(up+1), length); else if (dport == HSRP_PORT) diff --git a/tests/RADIUS-port1700.pcap b/tests/RADIUS-port1700.pcap Binary files differnew file mode 100644 index 00000000..aa7b24e6 --- /dev/null +++ b/tests/RADIUS-port1700.pcap diff --git a/tests/TESTLIST b/tests/TESTLIST index 97cd83b8..33d5697c 100644 --- a/tests/TESTLIST +++ b/tests/TESTLIST @@ -249,6 +249,7 @@ decnet DECnet_Phone.pcap decnet.out -t radius-v RADIUS.pcap radius-v.out -t -v radius-rfc4675 RADIUS-RFC4675.pcap radius-rfc4675-v.out -t -v radius-rfc5176 RADIUS-RFC5176.pcap radius-rfc5176-v.out -t -v +radius-port1700 RADIUS-port1700.pcap radius-port1700-v.out -t -v # link-level protocols dtp-v DTP.pcap dtp-v.out -t -v diff --git a/tests/radius-port1700-v.out b/tests/radius-port1700-v.out new file mode 100644 index 00000000..389c7630 --- /dev/null +++ b/tests/radius-port1700-v.out @@ -0,0 +1,4 @@ +IP (tos 0x0, ttl 64, id 44978, offset 0, flags [none], proto UDP (17), length 53) + 127.0.0.1.42172 > 127.0.0.1.1700: RADIUS, length: 25 + CoA-Request (43), id: 0xa6, Authenticator: 7fbf02c6662b5990838a5e6e331b3ff0 + User-Name Attribute (1), length: 5, Value: bob @@ -200,6 +200,9 @@ struct udphdr { #ifndef RADIUS_ACCOUNTING_PORT #define RADIUS_ACCOUNTING_PORT 1646 #endif +#ifndef RADIUS_CISCO_COA_PORT +#define RADIUS_CISCO_COA_PORT 1700 +#endif #ifndef L2TP_PORT #define L2TP_PORT 1701 /*XXX*/ #endif |