Home Verkennen Help
Inloggen
SoftwareDesign
/
csu3_am335x
8
0
Vork 0
Bestanden Issues 0 Pull-aanvragen 0 Wiki
Aftakking: master
Aftakkingen Labels
csu3_am335x
/
EVSE
/
GPL
/
tcpdump-4.9.2
/
print-eap.c

print-eap.c 9.3 KB
Permalink Geschiedenis Ruwe

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304 
  1. /*
    2. 

  2.  * Copyright (c) 2004 - Michael Richardson <mcr@xelerance.com>
    3. 

  3.  *
    4. 

  4.  * Redistribution and use in source and binary forms, with or without
    5. 

  5.  * modification, are permitted provided that: (1) source code distributions
    6. 

  6.  * retain the above copyright notice and this paragraph in its entirety, (2)
    7. 

  7.  * distributions including binary code include the above copyright notice and
    8. 

  8.  * this paragraph in its entirety in the documentation or other materials
    9. 

  9.  * provided with the distribution, and (3) all advertising materials mentioning
    10. 

  10.  * features or use of this software display the following acknowledgement:
    11. 

  11.  * ``This product includes software developed by the University of California,
    12. 

  12.  * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
    13. 

  13.  * the University nor the names of its contributors may be used to endorse
    14. 

  14.  * or promote products derived from this software without specific prior
    15. 

  15.  * written permission.
    16. 

  16.  * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
    17. 

  17.  * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
    18. 

  18.  * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
    19. 

  19.  */
    20. 

  20. 

  21. /* \summary: Extensible Authentication Protocol (EAP) printer */
    22. 

  22. 

  23. #ifdef HAVE_CONFIG_H
    24. 

  24. #include "config.h"
    25. 

  25. #endif
    26. 

  26. 

  27. #include <netdissect-stdinc.h>
    28. 

  28. 

  29. #include "netdissect.h"
    30. 

  30. #include "extract.h"
    31. 

  31. 

  32. #define	EAP_FRAME_TYPE_PACKET		0
    33. 

  33. #define	EAP_FRAME_TYPE_START		1
    34. 

  34. #define	EAP_FRAME_TYPE_LOGOFF		2
    35. 

  35. #define	EAP_FRAME_TYPE_KEY		3
    36. 

  36. #define	EAP_FRAME_TYPE_ENCAP_ASF_ALERT	4
    37. 

  37. 

  38. struct eap_frame_t {
    39. 

  39.     unsigned char   version;
    40. 

  40.     unsigned char   type;
    41. 

  41.     unsigned char   length[2];
    42. 

  42. };
    43. 

  43. 

  44. static const struct tok eap_frame_type_values[] = {
    45. 

  45.     { EAP_FRAME_TYPE_PACKET,      	"EAP packet" },
    46. 

  46.     { EAP_FRAME_TYPE_START,    		"EAPOL start" },
    47. 

  47.     { EAP_FRAME_TYPE_LOGOFF,      	"EAPOL logoff" },
    48. 

  48.     { EAP_FRAME_TYPE_KEY,      		"EAPOL key" },
    49. 

  49.     { EAP_FRAME_TYPE_ENCAP_ASF_ALERT, 	"Encapsulated ASF alert" },
    50. 

  50.     { 0, NULL}
    51. 

  51. };
    52. 

  52. 

  53. /* RFC 3748 */
    54. 

  54. struct eap_packet_t {
    55. 

  55.     unsigned char	code;
    56. 

  56.     unsigned char	id;
    57. 

  57.     unsigned char	length[2];
    58. 

  58. };
    59. 

  59. 

  60. #define		EAP_REQUEST	1
    61. 

  61. #define		EAP_RESPONSE	2
    62. 

  62. #define		EAP_SUCCESS	3
    63. 

  63. #define		EAP_FAILURE	4
    64. 

  64. 

  65. static const struct tok eap_code_values[] = {
    66. 

  66.     { EAP_REQUEST,	"Request" },
    67. 

  67.     { EAP_RESPONSE,	"Response" },
    68. 

  68.     { EAP_SUCCESS,	"Success" },
    69. 

  69.     { EAP_FAILURE,	"Failure" },
    70. 

  70.     { 0, NULL}
    71. 

  71. };
    72. 

  72. 

  73. #define		EAP_TYPE_NO_PROPOSED	0
    74. 

  74. #define		EAP_TYPE_IDENTITY	1
    75. 

  75. #define		EAP_TYPE_NOTIFICATION	2
    76. 

  76. #define		EAP_TYPE_NAK		3
    77. 

  77. #define		EAP_TYPE_MD5_CHALLENGE	4
    78. 

  78. #define		EAP_TYPE_OTP		5
    79. 

  79. #define		EAP_TYPE_GTC		6
    80. 

  80. #define		EAP_TYPE_TLS		13		/* RFC 2716 */
    81. 

  81. #define		EAP_TYPE_SIM		18		/* RFC 4186 */
    82. 

  82. #define		EAP_TYPE_TTLS		21		/* draft-funk-eap-ttls-v0-01.txt */
    83. 

  83. #define		EAP_TYPE_AKA		23		/* RFC 4187 */
    84. 

  84. #define		EAP_TYPE_FAST		43		/* RFC 4851 */
    85. 

  85. #define		EAP_TYPE_EXPANDED_TYPES	254
    86. 

  86. #define		EAP_TYPE_EXPERIMENTAL	255
    87. 

  87. 

  88. static const struct tok eap_type_values[] = {
    89. 

  89.     { EAP_TYPE_NO_PROPOSED,	"No proposed" },
    90. 

  90.     { EAP_TYPE_IDENTITY,	"Identity" },
    91. 

  91.     { EAP_TYPE_NOTIFICATION,    "Notification" },
    92. 

  92.     { EAP_TYPE_NAK,      	"Nak" },
    93. 

  93.     { EAP_TYPE_MD5_CHALLENGE,   "MD5-challenge" },
    94. 

  94.     { EAP_TYPE_OTP,      	"OTP" },
    95. 

  95.     { EAP_TYPE_GTC,      	"GTC" },
    96. 

  96.     { EAP_TYPE_TLS,      	"TLS" },
    97. 

  97.     { EAP_TYPE_SIM,      	"SIM" },
    98. 

  98.     { EAP_TYPE_TTLS,      	"TTLS" },
    99. 

  99.     { EAP_TYPE_AKA,      	"AKA" },
    100. 

  100.     { EAP_TYPE_FAST,      	"FAST" },
    101. 

  101.     { EAP_TYPE_EXPANDED_TYPES,  "Expanded types" },
    102. 

  102.     { EAP_TYPE_EXPERIMENTAL,    "Experimental" },
    103. 

  103.     { 0, NULL}
    104. 

  104. };
    105. 

  105. 

  106. #define EAP_TLS_EXTRACT_BIT_L(x) 	(((x)&0x80)>>7)
    107. 

  107. 

  108. /* RFC 2716 - EAP TLS bits */
    109. 

  109. #define EAP_TLS_FLAGS_LEN_INCLUDED		(1 << 7)
    110. 

  110. #define EAP_TLS_FLAGS_MORE_FRAGMENTS		(1 << 6)
    111. 

  111. #define EAP_TLS_FLAGS_START			(1 << 5)
    112. 

  112. 

  113. static const struct tok eap_tls_flags_values[] = {
    114. 

  114. 	{ EAP_TLS_FLAGS_LEN_INCLUDED, "L bit" },
    115. 

  115. 	{ EAP_TLS_FLAGS_MORE_FRAGMENTS, "More fragments bit"},
    116. 

  116. 	{ EAP_TLS_FLAGS_START, "Start bit"},
    117. 

  117. 	{ 0, NULL}
    118. 

  118. };
    119. 

  119. 

  120. #define EAP_TTLS_VERSION(x)		((x)&0x07)
    121. 

  121. 

  122. /* EAP-AKA and EAP-SIM - RFC 4187 */
    123. 

  123. #define EAP_AKA_CHALLENGE		1
    124. 

  124. #define EAP_AKA_AUTH_REJECT		2
    125. 

  125. #define EAP_AKA_SYNC_FAILURE		4
    126. 

  126. #define EAP_AKA_IDENTITY		5
    127. 

  127. #define EAP_SIM_START			10
    128. 

  128. #define EAP_SIM_CHALLENGE		11
    129. 

  129. #define EAP_AKA_NOTIFICATION		12
    130. 

  130. #define EAP_AKA_REAUTH			13
    131. 

  131. #define EAP_AKA_CLIENT_ERROR		14
    132. 

  132. 

  133. static const struct tok eap_aka_subtype_values[] = {
    134. 

  134.     { EAP_AKA_CHALLENGE,	"Challenge" },
    135. 

  135.     { EAP_AKA_AUTH_REJECT,	"Auth reject" },
    136. 

  136.     { EAP_AKA_SYNC_FAILURE,	"Sync failure" },
    137. 

  137.     { EAP_AKA_IDENTITY,		"Identity" },
    138. 

  138.     { EAP_SIM_START,		"Start" },
    139. 

  139.     { EAP_SIM_CHALLENGE,	"Challenge" },
    140. 

  140.     { EAP_AKA_NOTIFICATION,	"Notification" },
    141. 

  141.     { EAP_AKA_REAUTH,		"Reauth" },
    142. 

  142.     { EAP_AKA_CLIENT_ERROR,	"Client error" },
    143. 

  143.     { 0, NULL}
    144. 

  144. };
    145. 

  145. 

  146. /*
    147. 

  147.  * Print EAP requests / responses
    148. 

  148.  */
    149. 

  149. void
    150. 

  150. eap_print(netdissect_options *ndo,
    151. 

  151.           register const u_char *cp,
    152. 

  152.           u_int length)
    153. 

  153. {
    154. 

  154.     const struct eap_frame_t *eap;
    155. 

  155.     const u_char *tptr;
    156. 

  156.     u_int tlen, type, subtype;
    157. 

  157.     int count=0, len;
    158. 

  158. 

  159.     tptr = cp;
    160. 

  160.     tlen = length;
    161. 

  161.     eap = (const struct eap_frame_t *)cp;
    162. 

  162.     ND_TCHECK(*eap);
    163. 

  163. 

  164.     /* in non-verbose mode just lets print the basic info */
    165. 

  165.     if (ndo->ndo_vflag < 1) {
    166. 

  166. 	ND_PRINT((ndo, "%s (%u) v%u, len %u",
    167. 

  167.                tok2str(eap_frame_type_values, "unknown", eap->type),
    168. 

  168.                eap->type,
    169. 

  169.                eap->version,
    170. 

  170.                EXTRACT_16BITS(eap->length)));
    171. 

  171. 	return;
    172. 

  172.     }
    173. 

  173. 

  174.     ND_PRINT((ndo, "%s (%u) v%u, len %u",
    175. 

  175.            tok2str(eap_frame_type_values, "unknown", eap->type),
    176. 

  176.            eap->type,
    177. 

  177.            eap->version,
    178. 

  178.            EXTRACT_16BITS(eap->length)));
    179. 

  179. 

  180.     tptr += sizeof(const struct eap_frame_t);
    181. 

  181.     tlen -= sizeof(const struct eap_frame_t);
    182. 

  182. 

  183.     switch (eap->type) {
    184. 

  184.     case EAP_FRAME_TYPE_PACKET:
    185. 

  185.         ND_TCHECK_8BITS(tptr);
    186. 

  186.         type = *(tptr);
    187. 

  187.         ND_TCHECK_16BITS(tptr+2);
    188. 

  188.         len = EXTRACT_16BITS(tptr+2);
    189. 

  189.         ND_PRINT((ndo, ", %s (%u), id %u, len %u",
    190. 

  190.                tok2str(eap_code_values, "unknown", type),
    191. 

  191.                type,
    192. 

  192.                *(tptr+1),
    193. 

  193.                len));
    194. 

  194. 

  195.         ND_TCHECK2(*tptr, len);
    196. 

  196. 

  197.         if (type <= 2) { /* For EAP_REQUEST and EAP_RESPONSE only */
    198. 

  198.             ND_TCHECK_8BITS(tptr+4);
    199. 

  199.             subtype = *(tptr+4);
    200. 

  200.             ND_PRINT((ndo, "\n\t\t Type %s (%u)",
    201. 

  201.                    tok2str(eap_type_values, "unknown", subtype),
    202. 

  202.                    subtype));
    203. 

  203. 

  204.             switch (subtype) {
    205. 

  205.             case EAP_TYPE_IDENTITY:
    206. 

  206.                 if (len - 5 > 0) {
    207. 

  207.                     ND_PRINT((ndo, ", Identity: "));
    208. 

  208.                     safeputs(ndo, tptr + 5, len - 5);
    209. 

  209.                 }
    210. 

  210.                 break;
    211. 

  211. 

  212.             case EAP_TYPE_NOTIFICATION:
    213. 

  213.                 if (len - 5 > 0) {
    214. 

  214.                     ND_PRINT((ndo, ", Notification: "));
    215. 

  215.                     safeputs(ndo, tptr + 5, len - 5);
    216. 

  216.                 }
    217. 

  217.                 break;
    218. 

  218. 

  219.             case EAP_TYPE_NAK:
    220. 

  220.                 count = 5;
    221. 

  221. 

  222.                 /*
    223. 

  223.                  * one or more octets indicating
    224. 

  224.                  * the desired authentication
    225. 

  225.                  * type one octet per type
    226. 

  226.                  */
    227. 

  227.                 while (count < len) {
    228. 

  228.                     ND_TCHECK_8BITS(tptr+count);
    229. 

  229.                     ND_PRINT((ndo, " %s (%u),",
    230. 

  230.                            tok2str(eap_type_values, "unknown", *(tptr+count)),
    231. 

  231.                            *(tptr + count)));
    232. 

  232.                     count++;
    233. 

  233.                 }
    234. 

  234.                 break;
    235. 

  235. 

  236.             case EAP_TYPE_TTLS:
    237. 

  237.             case EAP_TYPE_TLS:
    238. 

  238.                 ND_TCHECK_8BITS(tptr + 5);
    239. 

  239.                 if (subtype == EAP_TYPE_TTLS)
    240. 

  240.                     ND_PRINT((ndo, " TTLSv%u",
    241. 

  241.                            EAP_TTLS_VERSION(*(tptr + 5))));
    242. 

  242.                 ND_PRINT((ndo, " flags [%s] 0x%02x,",
    243. 

  243.                        bittok2str(eap_tls_flags_values, "none", *(tptr+5)),
    244. 

  244.                        *(tptr + 5)));
    245. 

  245. 

  246.                 if (EAP_TLS_EXTRACT_BIT_L(*(tptr+5))) {
    247. 

  247.                     ND_TCHECK_32BITS(tptr + 6);
    248. 

  248. 		    ND_PRINT((ndo, " len %u", EXTRACT_32BITS(tptr + 6)));
    249. 

  249.                 }
    250. 

  250.                 break;
    251. 

  251. 

  252.             case EAP_TYPE_FAST:
    253. 

  253.                 ND_TCHECK_8BITS(tptr + 5);
    254. 

  254.                 ND_PRINT((ndo, " FASTv%u",
    255. 

  255.                        EAP_TTLS_VERSION(*(tptr + 5))));
    256. 

  256.                 ND_PRINT((ndo, " flags [%s] 0x%02x,",
    257. 

  257.                        bittok2str(eap_tls_flags_values, "none", *(tptr+5)),
    258. 

  258.                        *(tptr + 5)));
    259. 

  259. 

  260.                 if (EAP_TLS_EXTRACT_BIT_L(*(tptr+5))) {
    261. 

  261.                     ND_TCHECK_32BITS(tptr + 6);
    262. 

  262.                     ND_PRINT((ndo, " len %u", EXTRACT_32BITS(tptr + 6)));
    263. 

  263.                 }
    264. 

  264. 

  265.                 /* FIXME - TLV attributes follow */
    266. 

  266.                 break;
    267. 

  267. 

  268.             case EAP_TYPE_AKA:
    269. 

  269.             case EAP_TYPE_SIM:
    270. 

  270.                 ND_TCHECK_8BITS(tptr + 5);
    271. 

  271.                 ND_PRINT((ndo, " subtype [%s] 0x%02x,",
    272. 

  272.                        tok2str(eap_aka_subtype_values, "unknown", *(tptr+5)),
    273. 

  273.                        *(tptr + 5)));
    274. 

  274. 

  275.                 /* FIXME - TLV attributes follow */
    276. 

  276.                 break;
    277. 

  277. 

  278.             case EAP_TYPE_MD5_CHALLENGE:
    279. 

  279.             case EAP_TYPE_OTP:
    280. 

  280.             case EAP_TYPE_GTC:
    281. 

  281.             case EAP_TYPE_EXPANDED_TYPES:
    282. 

  282.             case EAP_TYPE_EXPERIMENTAL:
    283. 

  283.             default:
    284. 

  284.                 break;
    285. 

  285.             }
    286. 

  286.         }
    287. 

  287.         break;
    288. 

  288. 

  289.     case EAP_FRAME_TYPE_LOGOFF:
    290. 

  290.     case EAP_FRAME_TYPE_ENCAP_ASF_ALERT:
    291. 

  291.     default:
    292. 

  292.         break;
    293. 

  293.     }
    294. 

  294.     return;
    295. 

  295. 

  296.  trunc:
    297. 

  297.     ND_PRINT((ndo, "\n\t[|EAP]"));
    298. 

  298. }
    299. 

  299. 

  300. /*
    301. 

  301.  * Local Variables:
    302. 

  302.  * c-basic-offset: 4
    303. 

  303.  * End:
    304. 

  304.  */
    305.