Wireshark · Ethereal-dev: [Ethereal-dev] isis hmac-md5 authentication support

[Hannes Gredler <hannes@xxxxxxxxxxx>]

ethereal developers,

pls find attached a patch to support hmac-md5 authentication
for is-is. it remains questionable why the use of TLV 10
for IP authentication is "against the spec" (this appeared several times
in the code) as no implementation is using TLV 133 that rfc1195 mentions.

/hannes  

? hannes-isis-ppp.tcpdump.1500
? hannes-isis-hdlc-tcpdump.1500
? hannes-isis-hdlc-tcpdump.1500.2
? hannes-isis-lan-tcpdump.1500
? hannes-isis-auth
Index: packet-isis-clv.c
===================================================================
RCS file: /cvsroot/ethereal/packet-isis-clv.c,v
retrieving revision 1.11
diff -u -r1.11 packet-isis-clv.c
--- packet-isis-clv.c	2001/05/14 18:40:15	1.11
+++ packet-isis-clv.c	2001/06/05 20:19:27
@@ -133,7 +133,7 @@
 	u_char pw_type;
 	char sbuf[300];		/* 255 + header info area */
 	char *s = sbuf;
-	int use_cleartext;
+	int auth_unsupported;
 
 	if ( length <= 0 ) {
 		return;
@@ -141,38 +141,48 @@
 
 	pw_type = pd[offset++];
 	length--;
-	use_cleartext = FALSE;
+	auth_unsupported = FALSE;
+
 	switch (pw_type) {
 	case 1:
-		s += sprintf ( s, "type 1, clear text"  );
-		use_cleartext = TRUE;
+		s += sprintf ( s, "clear text (1), password (length %d) = ", length );
+
+		if ( length > 0 ) {
+		  strncpy(s, &pd[offset], length);
+		  s[length] = 0;
+                } else {
+		  strcat(s, "no clear-text password found!!!" );
+		}
+		break;
+	case 54:
+	        s += sprintf ( s, "hmac-md5 (54), password (length %d) = ", length );
+
+                if ( length == 16 ) {
+		  s += sprintf ( s, "0x%02x", pd[offset++] );
+		  length--;
+		  while (length > 0) {
+		    s += sprintf ( s, "%02x", pd[offset++] );
+		    length--;
+		    }
+                    s = 0;
+                } else {
+                  strcat(s, "illegal hmac-md5 digest format (must be 16 bytes)" );
+		}
 		break;
 	default:
-		s += sprintf ( s, "type 0x%02x, (must be 1)", pw_type );
+		s += sprintf ( s, "type 0x%02x (0x%02x): ", pw_type, length );
+		auth_unsupported=TRUE;
 		break;
 	}
 
-	s += sprintf ( s, " (0x%02x): ", length );
-
-	if ( use_cleartext ) {
-		if ( length > 0 ) {
-			strncpy(s, &pd[offset], length);
-			/* null terminate */
-			s[length] = 0;
-		} else {
-			strcat(s, "<<no password found!!!>>" );
-		}
-	/* NOTE, s no longer valid */
-	}
 	proto_tree_add_text ( tree, NullTVB, offset - 1, length + 1,
 			"%s %s", meaning, sbuf );
-	if ( !use_cleartext ) {
-		if ( length ) {
-			isis_dissect_unknown(offset, length, tree, fd,
-				"Unknown autheticion type" );
-		}
-	}
-}
+
+       	if ( auth_unsupported ) {
+       		isis_dissect_unknown(offset, length, tree, fd,
+       			"Unknown authentication type" );
+	}	
+}	    
 
 /*
  * Name: isis_dissect_hostname_clv()
Index: packet-isis-hello.c
===================================================================
RCS file: /cvsroot/ethereal/packet-isis-hello.c,v
retrieving revision 1.14
diff -u -r1.14 packet-isis-hello.c
--- packet-isis-hello.c	2001/05/14 18:40:15	1.14
+++ packet-isis-hello.c	2001/06/05 20:19:30
@@ -352,7 +352,7 @@
 dissect_hello_auth_clv(const u_char *pd, int offset, 
 		guint length, int id_length, frame_data *fd, proto_tree *tree) {
 	isis_dissect_authentication_clv(pd, offset, length, fd, tree, 
-		"Per Link authentication" );
+		"authentication" );
 }
 
 /*
Index: packet-radius.c
===================================================================
RCS file: /cvsroot/ethereal/packet-radius.c,v
retrieving revision 1.28
diff -u -r1.28 packet-radius.c
--- packet-radius.c	2001/03/13 21:34:23	1.28
+++ packet-radius.c	2001/06/05 20:19:34
@@ -210,6 +210,7 @@
 {429,"3Com"},
 {529,"Ascend"},
 {1584,"Bay Networks"},
+{2636,"Juniper Networks"},
 {0,NULL}};
 
 static value_string radius_framed_protocol_vals[]=