]> The Tcpdump Group git mirrors - tcpdump/blob - print-eap.c
projects / tcpdump / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Revert "EAP: back out the two trailing-comma changes."
[tcpdump] / print-eap.c
1 /*
2 * Copyright (c) 2004 - Michael Richardson <mcr@xelerance.com>
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that: (1) source code distributions
6 * retain the above copyright notice and this paragraph in its entirety, (2)
7 * distributions including binary code include the above copyright notice and
8 * this paragraph in its entirety in the documentation or other materials
9 * provided with the distribution, and (3) all advertising materials mentioning
10 * features or use of this software display the following acknowledgement:
11 * ``This product includes software developed by the University of California,
12 * Lawrence Berkeley Laboratory and its contributors.'' Neither the name of
13 * the University nor the names of its contributors may be used to endorse
14 * or promote products derived from this software without specific prior
15 * written permission.
16 * THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY EXPRESS OR IMPLIED
17 * WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
18 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
19 */
20
21 /* \summary: Extensible Authentication Protocol (EAP) printer */
22
23 #ifdef HAVE_CONFIG_H
24 #include <config.h>
25 #endif
26
27 #include "netdissect-stdinc.h"
28
29 #include "netdissect.h"
30 #include "extract.h"
31
32 #define EAP_FRAME_TYPE_PACKET 0
33 #define EAP_FRAME_TYPE_START 1
34 #define EAP_FRAME_TYPE_LOGOFF 2
35 #define EAP_FRAME_TYPE_KEY 3
36 #define EAP_FRAME_TYPE_ENCAP_ASF_ALERT 4
37
38 struct eap_frame_t {
39 nd_uint8_t version;
40 nd_uint8_t type;
41 nd_uint16_t length;
42 };
43
44 static const struct tok eap_frame_type_values[] = {
45 { EAP_FRAME_TYPE_PACKET, "EAP packet" },
46 { EAP_FRAME_TYPE_START, "EAPOL start" },
47 { EAP_FRAME_TYPE_LOGOFF, "EAPOL logoff" },
48 { EAP_FRAME_TYPE_KEY, "EAPOL key" },
49 { EAP_FRAME_TYPE_ENCAP_ASF_ALERT, "Encapsulated ASF alert" },
50 { 0, NULL}
51 };
52
53 /* RFC 3748 */
54 struct eap_packet_t {
55 nd_uint8_t code;
56 nd_uint8_t id;
57 nd_uint16_t length;
58 };
59
60 #define EAP_REQUEST 1
61 #define EAP_RESPONSE 2
62 #define EAP_SUCCESS 3
63 #define EAP_FAILURE 4
64
65 static const struct tok eap_code_values[] = {
66 { EAP_REQUEST, "Request" },
67 { EAP_RESPONSE, "Response" },
68 { EAP_SUCCESS, "Success" },
69 { EAP_FAILURE, "Failure" },
70 { 0, NULL}
71 };
72
73 #define EAP_TYPE_NO_PROPOSED 0
74 #define EAP_TYPE_IDENTITY 1
75 #define EAP_TYPE_NOTIFICATION 2
76 #define EAP_TYPE_NAK 3
77 #define EAP_TYPE_MD5_CHALLENGE 4
78 #define EAP_TYPE_OTP 5
79 #define EAP_TYPE_GTC 6
80 #define EAP_TYPE_TLS 13 /* RFC 5216 */
81 #define EAP_TYPE_SIM 18 /* RFC 4186 */
82 #define EAP_TYPE_TTLS 21 /* RFC 5281, draft-funk-eap-ttls-v0-01.txt */
83 #define EAP_TYPE_AKA 23 /* RFC 4187 */
84 #define EAP_TYPE_FAST 43 /* RFC 4851 */
85 #define EAP_TYPE_EXPANDED_TYPES 254
86 #define EAP_TYPE_EXPERIMENTAL 255
87
88 static const struct tok eap_type_values[] = {
89 { EAP_TYPE_NO_PROPOSED, "No proposed" },
90 { EAP_TYPE_IDENTITY, "Identity" },
91 { EAP_TYPE_NOTIFICATION, "Notification" },
92 { EAP_TYPE_NAK, "Nak" },
93 { EAP_TYPE_MD5_CHALLENGE, "MD5-challenge" },
94 { EAP_TYPE_OTP, "OTP" },
95 { EAP_TYPE_GTC, "GTC" },
96 { EAP_TYPE_TLS, "TLS" },
97 { EAP_TYPE_SIM, "SIM" },
98 { EAP_TYPE_TTLS, "TTLS" },
99 { EAP_TYPE_AKA, "AKA" },
100 { EAP_TYPE_FAST, "FAST" },
101 { EAP_TYPE_EXPANDED_TYPES, "Expanded types" },
102 { EAP_TYPE_EXPERIMENTAL, "Experimental" },
103 { 0, NULL}
104 };
105
106 #define EAP_TLS_EXTRACT_BIT_L(x) (((x)&0x80)>>7)
107
108 /* RFC 5216 - EAP TLS bits */
109 #define EAP_TLS_FLAGS_LEN_INCLUDED (1 << 7)
110 #define EAP_TLS_FLAGS_MORE_FRAGMENTS (1 << 6)
111 #define EAP_TLS_FLAGS_START (1 << 5)
112
113 static const struct tok eap_tls_flags_values[] = {
114 { EAP_TLS_FLAGS_LEN_INCLUDED, "L bit" },
115 { EAP_TLS_FLAGS_MORE_FRAGMENTS, "More fragments bit"},
116 { EAP_TLS_FLAGS_START, "Start bit"},
117 { 0, NULL}
118 };
119
120 #define EAP_TTLS_VERSION(x) ((x)&0x07)
121
122 /* EAP-AKA and EAP-SIM - RFC 4187 */
123 #define EAP_AKA_CHALLENGE 1
124 #define EAP_AKA_AUTH_REJECT 2
125 #define EAP_AKA_SYNC_FAILURE 4
126 #define EAP_AKA_IDENTITY 5
127 #define EAP_SIM_START 10
128 #define EAP_SIM_CHALLENGE 11
129 #define EAP_AKA_NOTIFICATION 12
130 #define EAP_AKA_REAUTH 13
131 #define EAP_AKA_CLIENT_ERROR 14
132
133 static const struct tok eap_aka_subtype_values[] = {
134 { EAP_AKA_CHALLENGE, "Challenge" },
135 { EAP_AKA_AUTH_REJECT, "Auth reject" },
136 { EAP_AKA_SYNC_FAILURE, "Sync failure" },
137 { EAP_AKA_IDENTITY, "Identity" },
138 { EAP_SIM_START, "Start" },
139 { EAP_SIM_CHALLENGE, "Challenge" },
140 { EAP_AKA_NOTIFICATION, "Notification" },
141 { EAP_AKA_REAUTH, "Reauth" },
142 { EAP_AKA_CLIENT_ERROR, "Client error" },
143 { 0, NULL}
144 };
145
146 /*
147 * Print EAP requests / responses
148 */
149 void
150 eap_print(netdissect_options *ndo,
151 const u_char *cp,
152 u_int length)
153 {
154 u_int type, subtype, len;
155 u_int count;
156 const char *sep;
157
158 type = GET_U_1(cp);
159 len = GET_BE_U_2(cp + 2);
160 if (len != length) {
161 /*
162 * Probably a fragment; in some cases the fragmentation might
163 * not put an EAP header on every packet, if reassembly can
164 * be done without that (e.g., fragmentation to make a message
165 * fit in multiple TLVs in a RADIUS packet).
166 */
167 ND_PRINT("EAP fragment?");
168 return;
169 }
170 ND_PRINT("%s (%u), id %u, len %u",
171 tok2str(eap_code_values, "unknown", type),
172 type,
173 GET_U_1((cp + 1)),
174 len);
175 if (len < 4) {
176 ND_PRINT(" (too short for EAP header)");
177 return;
178 }
179
180 ND_TCHECK_LEN(cp, len);
181
182 if (type == EAP_REQUEST || type == EAP_RESPONSE) {
183 /* RFC 3748 Section 4.1 */
184 if (len < 5) {
185 ND_PRINT(" (too short for EAP request/response)");
186 return;
187 }
188 subtype = GET_U_1(cp + 4);
189 ND_PRINT("\n\t\t Type %s (%u)",
190 tok2str(eap_type_values, "unknown", subtype),
191 subtype);
192
193 switch (subtype) {
194 case EAP_TYPE_IDENTITY:
195 /* According to RFC 3748, the message is optional */
196 if (len > 5) {
197 ND_PRINT(", Identity: ");
198 nd_printjnp(ndo, cp + 5, len - 5);
199 }
200 break;
201
202 case EAP_TYPE_NOTIFICATION:
203 /* According to RFC 3748, there must be at least one octet of message */
204 if (len < 6) {
205 ND_PRINT(" (too short for EAP Notification request/response)");
206 return;
207 }
208 ND_PRINT(", Notification: ");
209 nd_printjnp(ndo, cp + 5, len - 5);
210 break;
211
212 case EAP_TYPE_NAK:
213 /*
214 * one or more octets indicating
215 * the desired authentication
216 * type one octet per type
217 */
218 if (len < 6) {
219 ND_PRINT(" (too short for EAP Legacy NAK request/response)");
220 return;
221 }
222 sep = "";
223 for (count = 5; count < len; count++) {
224 ND_PRINT("%s %s (%u)", sep,
225 tok2str(eap_type_values, "unknown", GET_U_1((cp + count))),
226 GET_U_1(cp + count));
227 sep = ",";
228 }
229 break;
230
231 case EAP_TYPE_TTLS:
232 case EAP_TYPE_TLS:
233 if (len < 6) {
234 ND_PRINT(" (too short for EAP TLS/TTLS request/response)");
235 return;
236 }
237 if (subtype == EAP_TYPE_TTLS)
238 ND_PRINT(" TTLSv%u",
239 EAP_TTLS_VERSION(GET_U_1((cp + 5))));
240 ND_PRINT(" flags [%s] 0x%02x",
241 bittok2str(eap_tls_flags_values, "none", GET_U_1((cp + 5))),
242 GET_U_1(cp + 5));
243
244 if (EAP_TLS_EXTRACT_BIT_L(GET_U_1(cp + 5))) {
245 if (len < 10) {
246 ND_PRINT(" (too short for EAP TLS/TTLS request/response with length)");
247 return;
248 }
249 ND_PRINT(", len %u", GET_BE_U_4(cp + 6));
250 }
251 break;
252
253 case EAP_TYPE_FAST:
254 if (len < 6) {
255 ND_PRINT(" (too short for EAP FAST request/response)");
256 return;
257 }
258 ND_PRINT(" FASTv%u",
259 EAP_TTLS_VERSION(GET_U_1((cp + 5))));
260 ND_PRINT(" flags [%s] 0x%02x",
261 bittok2str(eap_tls_flags_values, "none", GET_U_1((cp + 5))),
262 GET_U_1(cp + 5));
263
264 if (EAP_TLS_EXTRACT_BIT_L(GET_U_1(cp + 5))) {
265 if (len < 10) {
266 ND_PRINT(" (too short for EAP FAST request/response with length)");
267 return;
268 }
269 ND_PRINT(", len %u", GET_BE_U_4(cp + 6));
270 }
271
272 /* FIXME - TLV attributes follow */
273 break;
274
275 case EAP_TYPE_AKA:
276 case EAP_TYPE_SIM:
277 if (len < 6) {
278 ND_PRINT(" (too short for EAP SIM/AKA request/response)");
279 return;
280 }
281 ND_PRINT(" subtype [%s] 0x%02x",
282 tok2str(eap_aka_subtype_values, "unknown", GET_U_1((cp + 5))),
283 GET_U_1(cp + 5));
284
285 /* FIXME - TLV attributes follow */
286 break;
287
288 case EAP_TYPE_MD5_CHALLENGE:
289 case EAP_TYPE_OTP:
290 case EAP_TYPE_GTC:
291 case EAP_TYPE_EXPANDED_TYPES:
292 case EAP_TYPE_EXPERIMENTAL:
293 default:
294 break;
295 }
296 }
297 return;
298 trunc:
299 nd_print_trunc(ndo);
300 }
301
302 void
303 eapol_print(netdissect_options *ndo,
304 const u_char *cp)
305 {
306 const struct eap_frame_t *eap;
307 u_int eap_type, eap_len;
308
309 ndo->ndo_protocol = "eap";
310 eap = (const struct eap_frame_t *)cp;
311 ND_TCHECK_SIZE(eap);
312 eap_type = GET_U_1(eap->type);
313
314 ND_PRINT("%s (%u) v%u, len %u",
315 tok2str(eap_frame_type_values, "unknown", eap_type),
316 eap_type,
317 GET_U_1(eap->version),
318 GET_BE_U_2(eap->length));
319 if (ndo->ndo_vflag < 1)
320 return;
321
322 cp += sizeof(struct eap_frame_t);
323 eap_len = GET_BE_U_2(eap->length);
324
325 switch (eap_type) {
326 case EAP_FRAME_TYPE_PACKET:
327 if (eap_len == 0)
328 goto trunc;
329 ND_PRINT(", ");
330 eap_print(ndo, cp, eap_len);
331 return;
332 case EAP_FRAME_TYPE_LOGOFF:
333 case EAP_FRAME_TYPE_ENCAP_ASF_ALERT:
334 default:
335 break;
336 }
337 return;
338
339 trunc:
340 nd_print_trunc(ndo);
341 }
[mirror] the TCPdump network dissector