diff options
| author | Aravind Prasad S <raja.avi@gmail.com> | 2020-07-16 03:13:25 -0700 |
|---|---|---|
| committer | Francois-Xavier Le Bail <devel.fx.lebail@orange.fr> | 2020-07-22 13:50:14 +0200 |
| commit | c429fc4120116c407acf4f4df483ac5f069e2a63 (patch) | |
| tree | 65cc3ab11e8ebb3cb2ed6c9f590171bb98dc1690 | |
| parent | 4a390644ce4ae3ca88a511d28b418efe60bb71dc (diff) | |
| download | tcpdump-c429fc4120116c407acf4f4df483ac5f069e2a63.tar.gz | |
Support for EAP Dump in RADIUS Messages
(pull request #864)
| -rw-r--r-- | netdissect.h | 1 | ||||
| -rw-r--r-- | print-eap.c | 158 | ||||
| -rw-r--r-- | print-ether.c | 2 | ||||
| -rw-r--r-- | print-radius.c | 7 | ||||
| -rw-r--r-- | tests/radius-v.out | 11 |
5 files changed, 102 insertions, 77 deletions
diff --git a/netdissect.h b/netdissect.h index 5a94a747..3ad14241 100644 --- a/netdissect.h +++ b/netdissect.h @@ -577,6 +577,7 @@ extern int dstopt_process(netdissect_options *, const u_char *); extern void dtp_print(netdissect_options *, const u_char *, u_int); extern void dvmrp_print(netdissect_options *, const u_char *, u_int); extern void eap_print(netdissect_options *, const u_char *, u_int); +extern void eapol_print(netdissect_options *, const u_char *); extern void egp_print(netdissect_options *, const u_char *, u_int); extern void eigrp_print(netdissect_options *, const u_char *, u_int); extern void esp_print(netdissect_options *, const u_char *, u_int, const u_char *, u_int, int, u_int); diff --git a/print-eap.c b/print-eap.c index 0009fe2f..0d9f62b7 100644 --- a/print-eap.c +++ b/print-eap.c @@ -151,64 +151,44 @@ eap_print(netdissect_options *ndo, const u_char *cp, u_int length) { - const struct eap_frame_t *eap; - const u_char *tptr; - u_int eap_type, tlen, type, subtype; - int count=0, len; - - ndo->ndo_protocol = "eap"; - tptr = cp; - tlen = length; - eap = (const struct eap_frame_t *)cp; - ND_TCHECK_SIZE(eap); - eap_type = GET_U_1(eap->type); - - ND_PRINT("%s (%u) v%u, len %u", - tok2str(eap_frame_type_values, "unknown", eap_type), - eap_type, - GET_U_1(eap->version), - GET_BE_U_2(eap->length)); - - if (ndo->ndo_vflag < 1) - return; - - tptr += sizeof(struct eap_frame_t); - tlen -= sizeof(struct eap_frame_t); - - switch (eap_type) { - case EAP_FRAME_TYPE_PACKET: - ND_TCHECK_1(tptr); - type = GET_U_1(tptr); - ND_TCHECK_2(tptr + 2); - len = GET_BE_U_2(tptr + 2); - ND_PRINT(", %s (%u), id %u, len %u", - tok2str(eap_code_values, "unknown", type), - type, - GET_U_1((tptr + 1)), - len); - - ND_TCHECK_LEN(tptr, len); - - if (type == EAP_REQUEST || type == EAP_RESPONSE) { - /* RFC 3748 Section 4.1 */ - ND_TCHECK_1(tptr + 4); - subtype = GET_U_1(tptr + 4); - ND_PRINT("\n\t\t Type %s (%u)", - tok2str(eap_type_values, "unknown", subtype), - subtype); - - switch (subtype) { + u_int type, subtype, len; + int count; + + ND_TCHECK_1(cp); + type = GET_U_1(cp); + ND_TCHECK_2(cp + 2); + len = GET_BE_U_2(cp + 2); + if(len != length) { + goto trunc; + } + ND_PRINT("%s (%u), id %u, len %u", + tok2str(eap_code_values, "unknown", type), + type, + GET_U_1((cp + 1)), + len); + + ND_TCHECK_LEN(cp, len); + + if (type == EAP_REQUEST || type == EAP_RESPONSE) { + /* RFC 3748 Section 4.1 */ + ND_TCHECK_1(cp + 4); + subtype = GET_U_1(cp + 4); + ND_PRINT("\n\t\t Type %s (%u)", + tok2str(eap_type_values, "unknown", subtype), + subtype); + + switch (subtype) { case EAP_TYPE_IDENTITY: if (len - 5 > 0) { ND_PRINT(", Identity: "); - (void)nd_printzp(ndo, tptr + 5, len - 5, NULL); + (void)nd_printzp(ndo, cp + 5, len - 5, NULL); } break; case EAP_TYPE_NOTIFICATION: if (len - 5 > 0) { ND_PRINT(", Notification: "); - (void)nd_printzp(ndo, tptr + 5, len - 5, NULL); + (void)nd_printzp(ndo, cp + 5, len - 5, NULL); } break; @@ -220,42 +200,42 @@ eap_print(netdissect_options *ndo, * the desired authentication * type one octet per type */ - while (count < len) { - ND_TCHECK_1(tptr + count); + while (count < (int)len) { + ND_TCHECK_1(cp + count); ND_PRINT(" %s (%u),", - tok2str(eap_type_values, "unknown", GET_U_1((tptr + count))), - GET_U_1(tptr + count)); + tok2str(eap_type_values, "unknown", GET_U_1((cp + count))), + GET_U_1(cp + count)); count++; } break; case EAP_TYPE_TTLS: case EAP_TYPE_TLS: - ND_TCHECK_1(tptr + 5); + ND_TCHECK_1(cp + 5); if (subtype == EAP_TYPE_TTLS) ND_PRINT(" TTLSv%u", - EAP_TTLS_VERSION(GET_U_1((tptr + 5)))); + EAP_TTLS_VERSION(GET_U_1((cp + 5)))); ND_PRINT(" flags [%s] 0x%02x,", - bittok2str(eap_tls_flags_values, "none", GET_U_1((tptr + 5))), - GET_U_1(tptr + 5)); + bittok2str(eap_tls_flags_values, "none", GET_U_1((cp + 5))), + GET_U_1(cp + 5)); - if (EAP_TLS_EXTRACT_BIT_L(GET_U_1(tptr + 5))) { - ND_TCHECK_4(tptr + 6); - ND_PRINT(" len %u", GET_BE_U_4(tptr + 6)); + if (EAP_TLS_EXTRACT_BIT_L(GET_U_1(cp + 5))) { + ND_TCHECK_4(cp + 6); + ND_PRINT(" len %u", GET_BE_U_4(cp + 6)); } break; case EAP_TYPE_FAST: - ND_TCHECK_1(tptr + 5); + ND_TCHECK_1(cp + 5); ND_PRINT(" FASTv%u", - EAP_TTLS_VERSION(GET_U_1((tptr + 5)))); + EAP_TTLS_VERSION(GET_U_1((cp + 5)))); ND_PRINT(" flags [%s] 0x%02x,", - bittok2str(eap_tls_flags_values, "none", GET_U_1((tptr + 5))), - GET_U_1(tptr + 5)); + bittok2str(eap_tls_flags_values, "none", GET_U_1((cp + 5))), + GET_U_1(cp + 5)); - if (EAP_TLS_EXTRACT_BIT_L(GET_U_1(tptr + 5))) { - ND_TCHECK_4(tptr + 6); - ND_PRINT(" len %u", GET_BE_U_4(tptr + 6)); + if (EAP_TLS_EXTRACT_BIT_L(GET_U_1(cp + 5))) { + ND_TCHECK_4(cp + 6); + ND_PRINT(" len %u", GET_BE_U_4(cp + 6)); } /* FIXME - TLV attributes follow */ @@ -263,10 +243,10 @@ eap_print(netdissect_options *ndo, case EAP_TYPE_AKA: case EAP_TYPE_SIM: - ND_TCHECK_1(tptr + 5); + ND_TCHECK_1(cp + 5); ND_PRINT(" subtype [%s] 0x%02x,", - tok2str(eap_aka_subtype_values, "unknown", GET_U_1((tptr + 5))), - GET_U_1(tptr + 5)); + tok2str(eap_aka_subtype_values, "unknown", GET_U_1((cp + 5))), + GET_U_1(cp + 5)); /* FIXME - TLV attributes follow */ break; @@ -278,10 +258,44 @@ eap_print(netdissect_options *ndo, case EAP_TYPE_EXPERIMENTAL: default: break; - } } - break; + } + return; +trunc: + nd_print_trunc(ndo); + return; +} + +void +eapol_print(netdissect_options *ndo, + const u_char *cp) +{ + const struct eap_frame_t *eap; + u_int eap_type, eap_len; + ndo->ndo_protocol = "eap"; + eap = (const struct eap_frame_t *)cp; + ND_TCHECK_SIZE(eap); + eap_type = GET_U_1(eap->type); + + ND_PRINT("%s (%u) v%u, len %u", + tok2str(eap_frame_type_values, "unknown", eap_type), + eap_type, + GET_U_1(eap->version), + GET_BE_U_2(eap->length)); + if (ndo->ndo_vflag < 1) + return; + + cp += sizeof(struct eap_frame_t); + eap_len = GET_BE_U_2(eap->length); + + switch (eap_type) { + case EAP_FRAME_TYPE_PACKET: + if (eap_len == 0) + goto trunc; + ND_PRINT(", "); + eap_print(ndo, cp, eap_len); + return; case EAP_FRAME_TYPE_LOGOFF: case EAP_FRAME_TYPE_ENCAP_ASF_ALERT: default: diff --git a/print-ether.c b/print-ether.c index 16b0fb7f..e6753946 100644 --- a/print-ether.c +++ b/print-ether.c @@ -599,7 +599,7 @@ ethertype_print(netdissect_options *ndo, return (1); case ETHERTYPE_EAPOL: - eap_print(ndo, p, length); + eapol_print(ndo, p); return (1); case ETHERTYPE_RRCP: diff --git a/print-radius.c b/print-radius.c index 78646b58..183fc1ba 100644 --- a/print-radius.c +++ b/print-radius.c @@ -173,6 +173,8 @@ static const struct tok radius_command_values[] = { #define ARAP_PASS 70 #define ARAP_FEATURES 71 +#define EAP_MESSAGE 79 + #define TUNNEL_PRIV_GROUP 81 #define TUNNEL_ASSIGN_ID 82 #define TUNNEL_PREFERENCE 83 @@ -673,6 +675,11 @@ print_attr_string(netdissect_options *ndo, data++; length--; break; + case EAP_MESSAGE: + if (length < 1) + goto trunc; + eap_print(ndo, data, length); + return; } for (i=0; i < length && GET_U_1(data); i++, data++) diff --git a/tests/radius-v.out b/tests/radius-v.out index bb63501a..b938d9d2 100644 --- a/tests/radius-v.out +++ b/tests/radius-v.out @@ -9,7 +9,8 @@ Calling-Station-Id Attribute (31), length: 19, Value: 00-14-22-E9-54-5E Service-Type Attribute (6), length: 6, Value: Framed Framed-MTU Attribute (12), length: 6, Value: 1500 - EAP-Message Attribute (79), length: 19, Value: . + EAP-Message Attribute (79), length: 19, Value: Response (2), id 0, len 17 + Type Identity (1), Identity: John.McGuirk Message-Authenticator Attribute (80), length: 18, Value: (....$..p.Q1o.x. 2 22:52:17.875771 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 137) 10.0.0.100.1812 > 10.0.0.1.1645: RADIUS, length: 109 @@ -18,7 +19,8 @@ Framed-MTU Attribute (12), length: 6, Value: 576 Service-Type Attribute (6), length: 6, Value: Framed Reply-Message Attribute (18), length: 11, Value: Hello, %u - EAP-Message Attribute (79), length: 24, Value: .. + EAP-Message Attribute (79), length: 24, Value: Request (1), id 1, len 22 + Type MD5-challenge (4) Message-Authenticator Attribute (80), length: 18, Value: ...<.(.X.13..t4. State Attribute (24), length: 18, Value: ..../.0$.s..1..w 3 22:52:17.916736 IP (tos 0x0, ttl 255, id 71, offset 0, flags [none], proto UDP (17), length 202) @@ -33,7 +35,8 @@ Service-Type Attribute (6), length: 6, Value: Framed Framed-MTU Attribute (12), length: 6, Value: 1500 State Attribute (24), length: 18, Value: ..../.0$.s..1..w - EAP-Message Attribute (79), length: 36, Value: .. + EAP-Message Attribute (79), length: 36, Value: Response (2), id 1, len 34 + Type MD5-challenge (4) Message-Authenticator Attribute (80), length: 18, Value: '&.q1.....Ojb..8 4 22:52:17.916850 IP (tos 0x0, ttl 64, id 0, offset 0, flags [DF], proto UDP (17), length 125) 10.0.0.100.1812 > 10.0.0.1.1645: RADIUS, length: 97 @@ -42,6 +45,6 @@ Framed-MTU Attribute (12), length: 6, Value: 576 Service-Type Attribute (6), length: 6, Value: Framed Reply-Message Attribute (18), length: 21, Value: Hello, John.McGuirk - EAP-Message Attribute (79), length: 6, Value: .. + EAP-Message Attribute (79), length: 6, Value: Success (3), id 1, len 4 Message-Authenticator Attribute (80), length: 18, Value: ...b...2.^..NLc` User-Name Attribute (1), length: 14, Value: John.McGuirk |