diff options
author | guy <guy@f5534014-38df-0310-8fa8-9805f1628bb7> | 2002-02-22 23:05:16 +0000 |
---|---|---|
committer | guy <guy@f5534014-38df-0310-8fa8-9805f1628bb7> | 2002-02-22 23:05:16 +0000 |
commit | 3d27f3815db5670e06a97e2c999a9903b88d9512 (patch) | |
tree | 781d6739b6742e854b0908655624f715f52d53a4 /packet-eapol.c | |
parent | e19b9cc5a645d74f1f8bfae4bb972c531e7787ee (diff) |
Dissect the payload of EAPOL Key messages.
Put in a comment noting that the payload of EAPOL Encapsulated ASF Alert
messages should perhaps be dissected as SNMP Trap messages.
Put the type of the message into the Info column.
git-svn-id: http://anonsvn.wireshark.org/wireshark/trunk@4789 f5534014-38df-0310-8fa8-9805f1628bb7
Diffstat (limited to 'packet-eapol.c')
-rw-r--r-- | packet-eapol.c | 166 |
1 files changed, 132 insertions, 34 deletions
diff --git a/packet-eapol.c b/packet-eapol.c index 1877377c4b..74f8bd016d 100644 --- a/packet-eapol.c +++ b/packet-eapol.c @@ -1,7 +1,9 @@ /* packet-eapol.c * Routines for EAPOL 802.1X authentication header disassembly + * (From IEEE Draft P802.1X/D11; is there a later draft, or a + * final standard? If so, check it.) * - * $Id: packet-eapol.c,v 1.7 2002/02/22 21:51:18 guy Exp $ + * $Id: packet-eapol.c,v 1.8 2002/02/22 23:05:16 guy Exp $ * * Ethereal - Network traffic analyzer * By Gerald Combs <gerald@ethereal.com> @@ -45,35 +47,59 @@ static int proto_eapol = -1; static int hf_eapol_version = -1; static int hf_eapol_type = -1; static int hf_eapol_len = -1; +static int hf_eapol_keydes_type = -1; +static int hf_eapol_keydes_keylen = -1; +static int hf_eapol_keydes_replay_counter = -1; +static int hf_eapol_keydes_key_iv = -1; +static int hf_eapol_keydes_key_index_keytype = -1; +static int hf_eapol_keydes_key_index_indexnum = -1; +static int hf_eapol_keydes_key_signature = -1; +static int hf_eapol_keydes_key = -1; static gint ett_eapol = -1; +static gint ett_eapol_key_index = -1; static dissector_handle_t eap_handle; static dissector_handle_t data_handle; -typedef struct _e_eapol -{ - guint8 eapol_ver; - guint8 eapol_type; - guint16 eapol_len; -} e_eapol; +#define EAPOL_HDR_LEN 4 + +#define EAP_PACKET 0 +#define EAPOL_START 1 +#define EAPOL_LOGOFF 2 +#define EAPOL_KEY 3 +#define EAPOL_ENCAP_ASF_ALERT 4 static const value_string eapol_type_vals[] = { - { 0, "EAP" }, - { 1, "Start" }, - { 2, "Logoff" }, - { 3, "Key" }, - { 4, "Encapsulated ASF Alert" }, - { 0, NULL } + { EAP_PACKET, "EAP Packet" }, + { EAPOL_START, "Start" }, + { EAPOL_LOGOFF, "Logoff" }, + { EAPOL_KEY, "Key" }, + { EAPOL_ENCAP_ASF_ALERT, "Encapsulated ASF Alert" }, + { 0, NULL } +}; + +static const value_string eapol_keydes_type_vals[] = { + { 1, "RC4 Descriptor" }, + { 0, NULL } }; +static const true_false_string keytype_tfs = + { "Unicast", "Broadcast" }; + static void dissect_eapol(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) { - e_eapol eapolh; + int offset = 0; + guint8 eapol_ver; + guint8 eapol_type; + guint16 eapol_len; guint len; - proto_tree *ti; - proto_tree *eapol_tree; + guint16 eapol_key_len; + guint8 key_index; + proto_tree *ti = NULL; + proto_tree *eapol_tree = NULL; + proto_tree *key_index_tree; tvbuff_t *next_tvb; if (check_col(pinfo->cinfo, COL_PROTOCOL)) @@ -81,30 +107,77 @@ dissect_eapol(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree) if (check_col(pinfo->cinfo, COL_INFO)) col_clear(pinfo->cinfo, COL_INFO); - tvb_memcpy(tvb, (guint8 *)&eapolh, 0, sizeof(eapolh)); - eapolh.eapol_len = ntohs(eapolh.eapol_len); - - len = sizeof(eapolh) + eapolh.eapol_len; - - set_actual_length(tvb, len); - - eapol_tree = NULL; - if (tree) { - ti = proto_tree_add_item(tree, proto_eapol, tvb, 0, len, FALSE); + ti = proto_tree_add_item(tree, proto_eapol, tvb, 0, -1, FALSE); eapol_tree = proto_item_add_subtree(ti, ett_eapol); - proto_tree_add_uint(eapol_tree, hf_eapol_version, tvb, 0, 1, eapolh.eapol_ver); - proto_tree_add_uint(eapol_tree, hf_eapol_type, tvb, 1, 1, eapolh.eapol_type); - proto_tree_add_uint(eapol_tree, hf_eapol_len, tvb, 2, 2, eapolh.eapol_len); + proto_tree_add_item(eapol_tree, hf_eapol_version, tvb, offset, 1, FALSE); } + offset++; - next_tvb = tvb_new_subset(tvb, 4, -1, -1); + eapol_type = tvb_get_guint8(tvb, offset); + if (tree) + proto_tree_add_uint(eapol_tree, hf_eapol_type, tvb, offset, 1, eapol_type); + if (check_col(pinfo->cinfo, COL_INFO)) + col_add_str(pinfo->cinfo, COL_INFO, + val_to_str(eapol_type, eapol_type_vals, "Unknown type (0x%02X)")); + offset++; - if (eapolh.eapol_type == 0) - call_dissector(eap_handle, next_tvb, pinfo, eapol_tree); - else - call_dissector(data_handle, next_tvb, pinfo, eapol_tree); + eapol_len = tvb_get_ntohs(tvb, offset); + len = EAPOL_HDR_LEN + eapol_len; + set_actual_length(tvb, len); + if (tree) { + proto_item_set_len(ti, len); + proto_tree_add_uint(eapol_tree, hf_eapol_len, tvb, offset, 2, eapol_len); + } + offset += 2; + + switch (eapol_type) { + + case EAP_PACKET: + next_tvb = tvb_new_subset(tvb, offset, -1, -1); + call_dissector(eap_handle, next_tvb, pinfo, eapol_tree); + break; + + case EAPOL_KEY: + if (tree) { + proto_tree_add_item(eapol_tree, hf_eapol_keydes_type, tvb, offset, 1, FALSE); + offset += 1; + eapol_key_len = tvb_get_ntohs(tvb, offset); + proto_tree_add_uint(eapol_tree, hf_eapol_keydes_keylen, tvb, offset, 2, eapol_key_len); + offset += 2; + proto_tree_add_item(eapol_tree, hf_eapol_keydes_replay_counter, tvb, + offset, 8, FALSE); + offset += 8; + proto_tree_add_item(eapol_tree, hf_eapol_keydes_key_iv, tvb, + offset, 16, FALSE); + offset += 16; + key_index = tvb_get_guint8(tvb, offset); + ti = proto_tree_add_text(eapol_tree, tvb, offset, 1, + "Key Index: %s, index %u", + (key_index & 0x80) ? "unicast" : "broadcast", + key_index & 0x7F); + key_index_tree = proto_item_add_subtree(ti, ett_eapol_key_index); + proto_tree_add_boolean(eapol_tree, hf_eapol_keydes_key_index_keytype, + tvb, offset, 1, key_index); + proto_tree_add_boolean(eapol_tree, hf_eapol_keydes_key_index_indexnum, + tvb, offset, 1, key_index); + offset += 1; + proto_tree_add_item(eapol_tree, hf_eapol_keydes_key_signature, tvb, + offset, 16, FALSE); + offset += 16; + if (eapol_key_len != 0) + proto_tree_add_item(eapol_tree, hf_eapol_keydes_key, tvb, offset, + eapol_key_len, FALSE); + } + break; + + case EAPOL_ENCAP_ASF_ALERT: /* XXX - is this an SNMP trap? */ + default: + next_tvb = tvb_new_subset(tvb, offset, -1, -1); + call_dissector(data_handle, next_tvb, pinfo, eapol_tree); + break; + } } void @@ -120,9 +193,34 @@ proto_register_eapol(void) { &hf_eapol_len, { "Length", "eapol.len", FT_UINT16, BASE_DEC, NULL, 0x0, "Length", HFILL }}, + { &hf_eapol_keydes_type, { + "Descriptor Type", "eapol.keydes.type", FT_UINT8, BASE_DEC, + VALS(eapol_keydes_type_vals), 0x0, "Key Descriptor Type", HFILL }}, + { &hf_eapol_keydes_keylen, { + "Key Length", "eapol.keydes.keylen", FT_UINT16, BASE_DEC, + NULL, 0x0, "Key Length", HFILL }}, + { &hf_eapol_keydes_replay_counter, { + "Replay Counter", "eapol.keydes.replay_counter", FT_UINT64, BASE_DEC, + NULL, 0x0, "Replay Counter", HFILL }}, + { &hf_eapol_keydes_key_iv, { + "Key IV", "eapol.keydes.key_iv", FT_BYTES, BASE_NONE, + NULL, 0x0, "Key Initialization Vector", HFILL }}, + { &hf_eapol_keydes_key_index_keytype, { + "Key Type", "eapol.keydes.index.keytype", FT_BOOLEAN, 8, + TFS(&keytype_tfs), 0x80, "Key Type (unicast/broadcast)", HFILL }}, + { &hf_eapol_keydes_key_index_indexnum, { + "Index Number", "eapol.keydes.index.indexnum", FT_UINT8, BASE_DEC, + NULL, 0x7F, "Key Index number", HFILL }}, + { &hf_eapol_keydes_key_signature, { + "Key Signature", "eapol.keydes.key_signature", FT_BYTES, BASE_NONE, + NULL, 0x0, "Key Signature", HFILL }}, + { &hf_eapol_keydes_key, { + "Key", "eapol.keydes.key", FT_BYTES, BASE_NONE, + NULL, 0x0, "Key", HFILL }}, }; static gint *ett[] = { &ett_eapol, + &ett_eapol_key_index }; proto_eapol = proto_register_protocol("802.1x Authentication", "EAPOL", "eapol"); |