Wireshark-commits: [Wireshark-commits] master-3.0 24a1560: EAP: force a new conversation at EAP-Req
URL: https://code.wireshark.org/review/gitweb?p=wireshark.git;a=commit;h=24a15601e89e1fbbf630aae13b4de97d7f9f2600
Submitter: "Peter Wu <peter@xxxxxxxxxxxxx>"
Changed: branch: master-3.0
Repository: wireshark
Commits:
24a1560 by Peter Wu (peter@xxxxxxxxxxxxx):
EAP: force a new conversation at EAP-Request/Identify
TLS requires unique conversations for every TLS session. With EAP-TTLS
over EAPOL, only a single conversation was created, breaking TLS.
Force a new conversation at the start of the EAP protocol to fix this.
This alone was not sufficient, the right conversation was not always
matched. This happened due to wildcard matching in EAP (NO_PORT_B) while
TLS does not use NO_PORT_B. TLS ended up setting a dummy port via
"conversation_set_port2" because PT_NONE is considered connection-less.
Even after treating PT_NONE as *not* connection-less in conversation.c,
the EAP Success message was not correctly matched against a conversation
and resulted into creation of another conversation.
To avoid all of that mess, just use the same conversation matching logic
as TLS, without NO_PORT_B. The original conversation tracking logic in
EAP was presumably added to avoid multiple conversations for EAP over
RADIUS (UDP), but that requirement does not seem necessary.
Verified with `tshark -2r eap-tls-bug-cert.pcap -otls.log_file:out.txt`,
two different `conversation =` values exist for the two sessions.
Bug: 15983
Change-Id: I3376624ee3ea627eaa6233d39ae3c1d19bdc98bb
Reviewed-on: https://code.wireshark.org/review/34247
Petri-Dish: Peter Wu <peter@xxxxxxxxxxxxx>
Tested-by: Petri Dish Buildbot
Reviewed-by: Anders Broman <a.broman58@xxxxxxxxx>
(cherry picked from commit 40b19131c26bdcff06af8085c14ea4433b011894)
Reviewed-on: https://code.wireshark.org/review/34255
Reviewed-by: Peter Wu <peter@xxxxxxxxxxxxx>
Actions performed:
from 56bdb0f Qt: Fix drop event for main window
add 24a1560 EAP: force a new conversation at EAP-Request/Identify
Summary of changes:
epan/dissectors/packet-eap.c | 89 +++++++++-----------------------------------
1 file changed, 17 insertions(+), 72 deletions(-)