Wireshark-commits: [Wireshark-commits] master 40b1913: EAP: force a new conversation at EAP-Request
URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=40b19131c26bdcff06af8085c14ea4433b011894
Submitter: "Anders Broman <a.broman58@xxxxxxxxx>"
Changed: branch: master
Repository: wireshark
Commits:
40b1913 by Peter Wu (peter@xxxxxxxxxxxxx):
EAP: force a new conversation at EAP-Request/Identify
TLS requires unique conversations for every TLS session. With EAP-TTLS
over EAPOL, only a single conversation was created, breaking TLS.
Force a new conversation at the start of the EAP protocol to fix this.
This alone was not sufficient, the right conversation was not always
matched. This happened due to wildcard matching in EAP (NO_PORT_B) while
TLS does not use NO_PORT_B. TLS ended up setting a dummy port via
"conversation_set_port2" because PT_NONE is considered connection-less.
Even after treating PT_NONE as *not* connection-less in conversation.c,
the EAP Success message was not correctly matched against a conversation
and resulted into creation of another conversation.
To avoid all of that mess, just use the same conversation matching logic
as TLS, without NO_PORT_B. The original conversation tracking logic in
EAP was presumably added to avoid multiple conversations for EAP over
RADIUS (UDP), but that requirement does not seem necessary.
Verified with `tshark -2r eap-tls-bug-cert.pcap -otls.log_file:out.txt`,
two different `conversation =` values exist for the two sessions.
Bug: 15983
Change-Id: I3376624ee3ea627eaa6233d39ae3c1d19bdc98bb
Reviewed-on: https://code.wireshark.org/review/34247
Petri-Dish: Peter Wu <peter@xxxxxxxxxxxxx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@xxxxxxxxx>
Actions performed:
from 8a0e22b doc+docbook: Update our CSS file.
add 40b1913 EAP: force a new conversation at EAP-Request/Identify
Summary of changes:
epan/dissectors/packet-eap.c | 89 +++++++++-----------------------------------
1 file changed, 17 insertions(+), 72 deletions(-)