Wireshark · Ethereal-dev: [Ethereal-dev] [patch] eap/tls glue layer.

Ethereal-dev: [Ethereal-dev] [patch] eap/tls glue layer.

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date: Mon, 25 Feb 2002 04:57:38 -0500 (EST)

hello,
	This is preliminary patch that implements data structure for
	EAP/TLS  glue layer.

	Also, I have put ethereal packet dump of RADIUS/EAP/EAP-TLS/TLS
	authentication exchange at :

		http://www.eax.com/patches/ethereal/eaptls.dump

On Sun, 24 Feb 2002, Guy Harris wrote:
> (By the way, I'm on the "ethereal-dev@xxxxxxxxxxxx" mailing list, so if
> you're sending to that list, you don't need to mail to me as well....)

Removed. Really different people have differnet preferences. Some prefer
to be cc'ed anyway as in this way email goes to differnt folders (assuming
they are using multiple folders). Finally there's 'formail' program which
will remove dupplicate emails on recipient's end.

>From procmailex(5) man page:

       If  you  are subscribed to several mailinglists and people
       cross-post to some of them, you  usually  receive  several
       duplicate mails (one from every list).  The following sim
       ple recipe eliminates duplicate mails.  It  tells  formail
       to  keep an 8KB cache file in which it will store the Mes
       sage-IDs of the most recent  mails  you  received.   Since
       Message-IDs  are  guaranteed  to  be  unique for every new
       mail, they are ideally suited to weed out duplicate mails.
       Simply put the following recipe at the top of your rcfile,
       and no duplicate mail will get past it.

              :0 Wh: msgid.lock
              | formail -D 8192 msgid.cache

-- 
Adam
http://www.eax.com	The Supreme Headquarters of the 32 bit registers

This is patch against ethereal (http://www.ethereal.com./)
Based on cvs tree as of : Mon Feb 25 04:40:00 EST 2002

a small fix in packet-radius (off by 2).

add TLS/EAP glue layer implementation to packet-eap.

dissect(tls) commented out for now. There's two level
packet assembly due before it will make sense to call it.

        Adam Sulmicki <adam@xxxxxxxxxxxx>
	Mon Feb 25 04:40:00 EST 2002
        http://www.eax.com/patches/

-------------------------------------------------------------------------------

Index: packet-radius.c
===================================================================
RCS file: /cvsroot/ethereal/packet-radius.c,v
retrieving revision 1.44
diff -u -r1.44 packet-radius.c
--- packet-radius.c	2002/02/25 07:13:28	1.44
+++ packet-radius.c	2002/02/25 09:39:26
@@ -907,7 +907,7 @@
        tvbuff_t   *next_tvb;
        proto_tree_add_text(tree, tvb,offset,2,"t:%s(%u) l:%u",
 			   avptpstrval,avph.avp_type,avph.avp_length);
-       next_tvb = tvb_new_subset(tvb, offset+2,avph.avp_length, -1);
+       next_tvb = tvb_new_subset(tvb, offset+2,avph.avp_length-2, -1);
        call_dissector(eap_handle, next_tvb, pinfo, tree);
      } else 
        proto_tree_add_text(tree, tvb,offset,avph.avp_length,
Index: packet-eap.c
===================================================================
RCS file: /cvsroot/ethereal/packet-eap.c,v
retrieving revision 1.11
diff -u -r1.11 packet-eap.c
--- packet-eap.c	2002/02/24 08:10:07	1.11
+++ packet-eap.c	2002/02/25 09:39:26
@@ -36,6 +36,8 @@
 #endif
 
 #include <glib.h>
+#include <ctype.h>
+#include <string.h>
 #include <epan/packet.h>
 #include "packet-ieee8023.h"
 #include "packet-ipx.h"
@@ -51,6 +53,8 @@
 
 static gint ett_eap = -1;
 
+static dissector_handle_t ssl_handle;
+
 #define EAP_REQUEST	1
 #define EAP_RESPONSE	2
 #define EAP_SUCCESS	3
@@ -75,6 +79,36 @@
     { 0, NULL }
 };
 
+static gchar textbuffer[256];
+
+gchar *eapconvertbufftostr(gchar *dest, tvbuff_t *tvb, int offset, int length)
+{
+/*converts the raw buffer into printable text */
+        guint32 i;
+        guint32 totlen=0;
+        const guint8 *pd = tvb_get_ptr(tvb, offset, length);
+
+        dest[0]='"';
+        dest[1]=0;
+        totlen=1;
+        for (i=0; i < (guint32)length; i++)
+        {
+                if( isalnum((int)pd[i])||ispunct((int)pd[i])
+                                ||((int)pd[i]==' '))            {
+                        dest[totlen]=(gchar)pd[i];
+                        totlen++;
+                }
+                else
+                {
+                        sprintf(&(dest[totlen]), "\\%03u", pd[i]);
+                        totlen=totlen+strlen(&(dest[totlen]));
+                }
+        }
+        dest[totlen]='"';
+        dest[totlen+1]=0;
+        return dest;
+}
+
 static void
 dissect_eap(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree)
 {
@@ -107,7 +141,13 @@
 
   eap_len = tvb_get_ntohs(tvb, 2);
   len = eap_len;
-  set_actual_length(tvb, len);
+
+  /* at least for now, until we get defragmentation support */
+  if (len>tvb_length(tvb))
+    len=tvb_length(tvb);
+  //bad idea, as the value can be *totally* bogus
+  //set_actual_length(tvb, len);
+
   if (tree)
     proto_tree_add_uint(eap_tree, hf_eap_len, tvb, 2, 2, eap_len);
 
@@ -122,8 +162,45 @@
     if (tree) {
       proto_tree_add_uint(eap_tree, hf_eap_type, tvb, 4, 1, eap_type);
       if (len > 5) {
-        proto_tree_add_text(eap_tree, tvb, 5, len - 5, "Type-Data (%d byte%s)",
-          len - 5, plurality(len - 5, "", "s"));
+	guint   size = len - 5;
+	guint   offset = 5;
+	if (eap_type==13) {		  
+
+
+	  guint8 flags = tvb_get_guint8(tvb, offset);
+
+	  proto_tree_add_text(eap_tree, tvb, offset, 1, "Flags(%i): %s%s%s",
+			      flags,
+			      flags & 128 ? "Length " : "",
+			      flags &  64 ? "More " : "",
+			      flags &  32 ? "Start " : "");
+	  size--;
+	  offset++;
+
+	  if (flags >> 7) {
+	    guint32 length = tvb_get_ntohl(tvb, offset);
+	    proto_tree_add_text(eap_tree, tvb, offset, 4, "Len:%i",
+				length);
+	    size -= 4;
+	    offset += 4;
+	  }
+
+	  if (size>0) {
+	    tvbuff_t   *next_tvb;
+	    proto_tree_add_text(eap_tree, tvb, offset, size, 
+				"Data (%i)",size);
+	    next_tvb = tvb_new_subset(tvb, offset,size, -1);
+	    //call_dissector(ssl_handle, next_tvb, pinfo, tree);
+	  }
+
+	}else {
+	  gchar  *msgstr = malloc(size);
+	  eapconvertbufftostr(msgstr,tvb,5,size);
+	  proto_tree_add_text(eap_tree, tvb, offset, size, 
+			      "Type-Data (%d byte%s) Value:%s",
+			      size, plurality(size, "", "s"),msgstr);
+	  free (msgstr);
+	}
       }
     }
   }
@@ -163,6 +240,11 @@
 {
   dissector_handle_t eap_handle;
 
+  /*
+   * Get a handle for the SSL/TLS dissector.
+   */
+  ssl_handle = find_dissector("ssl");
+  
   eap_handle = find_dissector("eap");
   dissector_add("ppp.protocol", PPP_EAP, eap_handle);
 }

Follow-Ups:
- [Ethereal-dev] Re: [patch] eap/tls glue layer.
  - From: Adam

References:
- Re: [Ethereal-dev] [patch] packet-radius 3
  - From: Guy Harris

Prev by Date: Re: [Ethereal-dev] [Bug report] SAMR dissector ?
Next by Date: [Ethereal-dev] Patch for packet-m3ua.c
Previous by thread: Re: [Ethereal-dev] [patch] packet-radius 3
Next by thread: [Ethereal-dev] Re: [patch] eap/tls glue layer.
Index(es):
- Date
- Thread

Riverbed Cascade Pilot: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed Cascade Pilot Personal Edition: Take Wireshark to the Next Level - Advanced Triggers and Alerts; Web and VoIP Analytics; Long-Term Trending and Forensics; Deep Packet Analysis with Wireshark

Riverbed AirPcap: Complete Visibility of Your Wireless Networks; Multi-Channel, Aggregated Analysis; Portable and Versatile; Easy to Setup and Easy to Use; Ready to Power Your Application

$Riverbed TurboCap: Full-Speed GbE Capture; Port Aggregation; Pass-thru Mode; Aggregating Tap; Full-Speed GbE Injection; Exported Interfaces; TurboCap API Developer\'s Pack$