diff options
| author | Dhiru Kholia <dhiru.kholia@gmail.com> | 2017-04-14 13:24:00 +0530 |
|---|---|---|
| committer | Peter Wu <peter@lekensteyn.nl> | 2017-04-16 10:53:35 +0000 |
| commit | 55220d3f8dcf6b1dc14b8b21c8d8d4641f4733be (patch) | |
| tree | 17cca003720b887679624200b881a137a90688a3 /epan/dissectors/packet-vrrp.c | |
| parent | cb1967a98209abf2c37c6e4504c6d27e65614de0 (diff) | |
VRRP: Improve dissection of VRRP packets using MD5 authentication
VRRP v2 in Cisco routers can use "Keyed MD5" for IP authentication, and
such packets are now dissected slightly better.
The offset of the MD5 digest value pointed out by this patch can be
validated against Cisco's IOU software by using the IOU's "debug vrrp
auth" feature.
Sample VRRP (version 2) .pcap files can be found at,
https://github.com/kholia/my-pcaps
Change-Id: Ib421428bea9c2a074aec4594b26c76bc271fada8
Reviewed-on: https://code.wireshark.org/review/21084
Petri-Dish: Peter Wu <peter@lekensteyn.nl>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Peter Wu <peter@lekensteyn.nl>
Diffstat (limited to 'epan/dissectors/packet-vrrp.c')
| -rw-r--r-- | epan/dissectors/packet-vrrp.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/epan/dissectors/packet-vrrp.c b/epan/dissectors/packet-vrrp.c index 18677aa953..6ec060c760 100644 --- a/epan/dissectors/packet-vrrp.c +++ b/epan/dissectors/packet-vrrp.c @@ -55,6 +55,7 @@ static gint hf_vrrp_short_adver_int = -1; static gint hf_vrrp_ip = -1; static gint hf_vrrp_ip6 = -1; static gint hf_vrrp_auth_string = -1; +static gint hf_vrrp_md5_auth_data = -1; static gboolean g_vrrp_v3_checksum_as_in_v2 = FALSE; @@ -73,10 +74,12 @@ static const value_string vrrp_type_vals[] = { #define VRRP_AUTH_TYPE_NONE 0 #define VRRP_AUTH_TYPE_SIMPLE_TEXT 1 #define VRRP_AUTH_TYPE_IP_AUTH_HDR 2 +#define VRRP_AUTH_TYPE_IP_MD5 254 static const value_string vrrp_auth_vals[] = { {VRRP_AUTH_TYPE_NONE, "No Authentication"}, {VRRP_AUTH_TYPE_SIMPLE_TEXT, "Simple Text Authentication [RFC 2338] / Reserved [RFC 3768]"}, {VRRP_AUTH_TYPE_IP_AUTH_HDR, "IP Authentication Header [RFC 2338] / Reserved [RFC 3768]"}, + {VRRP_AUTH_TYPE_IP_MD5, "Cisco VRRP MD5 authentication"}, {0, NULL} }; @@ -215,6 +218,10 @@ dissect_vrrp(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void *data _U_ if (auth_type == VRRP_AUTH_TYPE_SIMPLE_TEXT) { proto_tree_add_item(vrrp_tree, hf_vrrp_auth_string, tvb, offset, VRRP_AUTH_DATA_LEN, ENC_ASCII|ENC_NA); offset += VRRP_AUTH_DATA_LEN; + } else if (auth_type == VRRP_AUTH_TYPE_IP_MD5) { + if (vrrp_len - offset >= 16) { + proto_tree_add_item(vrrp_tree, hf_vrrp_md5_auth_data, tvb, vrrp_len - 16, 16, ENC_NA); + } } return offset; @@ -298,6 +305,11 @@ void proto_register_vrrp(void) {"Authentication String", "vrrp.auth_string", FT_STRING, BASE_NONE, NULL, 0x0, NULL, HFILL }}, + + { &hf_vrrp_md5_auth_data, + {"MD5 Authentication Data", "vrrp.md5_auth_data", + FT_BYTES, BASE_NONE, NULL, 0x0, + "MD5 digest string is contained.", HFILL }}, }; static gint *ett[] = { |