/* \summary: Extensible Authentication Protocol (EAP) printer */
-#ifdef HAVE_CONFIG_H
#include <config.h>
-#endif
#include "netdissect-stdinc.h"
+#define ND_LONGJMP_FROM_TCHECK
#include "netdissect.h"
#include "extract.h"
};
static const struct tok eap_frame_type_values[] = {
- { EAP_FRAME_TYPE_PACKET, "EAP packet" },
- { EAP_FRAME_TYPE_START, "EAPOL start" },
- { EAP_FRAME_TYPE_LOGOFF, "EAPOL logoff" },
- { EAP_FRAME_TYPE_KEY, "EAPOL key" },
- { EAP_FRAME_TYPE_ENCAP_ASF_ALERT, "Encapsulated ASF alert" },
+ { EAP_FRAME_TYPE_PACKET, "EAP packet" },
+ { EAP_FRAME_TYPE_START, "EAPOL start" },
+ { EAP_FRAME_TYPE_LOGOFF, "EAPOL logoff" },
+ { EAP_FRAME_TYPE_KEY, "EAPOL key" },
+ { EAP_FRAME_TYPE_ENCAP_ASF_ALERT, "Encapsulated ASF alert" },
{ 0, NULL}
};
{ EAP_TYPE_NO_PROPOSED, "No proposed" },
{ EAP_TYPE_IDENTITY, "Identity" },
{ EAP_TYPE_NOTIFICATION, "Notification" },
- { EAP_TYPE_NAK, "Nak" },
+ { EAP_TYPE_NAK, "Nak" },
{ EAP_TYPE_MD5_CHALLENGE, "MD5-challenge" },
- { EAP_TYPE_OTP, "OTP" },
- { EAP_TYPE_GTC, "GTC" },
- { EAP_TYPE_TLS, "TLS" },
- { EAP_TYPE_SIM, "SIM" },
- { EAP_TYPE_TTLS, "TTLS" },
- { EAP_TYPE_AKA, "AKA" },
- { EAP_TYPE_FAST, "FAST" },
+ { EAP_TYPE_OTP, "OTP" },
+ { EAP_TYPE_GTC, "GTC" },
+ { EAP_TYPE_TLS, "TLS" },
+ { EAP_TYPE_SIM, "SIM" },
+ { EAP_TYPE_TTLS, "TTLS" },
+ { EAP_TYPE_AKA, "AKA" },
+ { EAP_TYPE_FAST, "FAST" },
{ EAP_TYPE_EXPANDED_TYPES, "Expanded types" },
{ EAP_TYPE_EXPERIMENTAL, "Experimental" },
{ 0, NULL}
};
-#define EAP_TLS_EXTRACT_BIT_L(x) (((x)&0x80)>>7)
+#define EAP_TLS_EXTRACT_BIT_L(x) (((x)&0x80)>>7)
/* RFC 5216 - EAP TLS bits */
#define EAP_TLS_FLAGS_LEN_INCLUDED (1 << 7)
void
eap_print(netdissect_options *ndo,
const u_char *cp,
- u_int length)
+ const u_int length)
{
u_int type, subtype, len;
u_int count;
+ const char *sep;
+ ndo->ndo_protocol = "eap";
type = GET_U_1(cp);
len = GET_BE_U_2(cp + 2);
- if(len != length) {
+ ND_ICHECK_U(len, <, 4);
+ if (len != length) {
/*
* Probably a fragment; in some cases the fragmentation might
* not put an EAP header on every packet, if reassembly can
type,
GET_U_1((cp + 1)),
len);
- if (len < 4) {
- ND_PRINT(" (too short for EAP header)");
- return;
- }
ND_TCHECK_LEN(cp, len);
if (type == EAP_REQUEST || type == EAP_RESPONSE) {
/* RFC 3748 Section 4.1 */
- if (len < 5) {
- ND_PRINT(" (too short for EAP request/response)");
- return;
- }
+ ND_ICHECK_U(len, <, 5);
subtype = GET_U_1(cp + 4);
ND_PRINT("\n\t\t Type %s (%u)",
tok2str(eap_type_values, "unknown", subtype),
switch (subtype) {
case EAP_TYPE_IDENTITY:
/* According to RFC 3748, the message is optional */
- if (len > 5 ) {
+ if (len > 5) {
ND_PRINT(", Identity: ");
nd_printjnp(ndo, cp + 5, len - 5);
}
case EAP_TYPE_NOTIFICATION:
/* According to RFC 3748, there must be at least one octet of message */
- if (len < 6) {
- ND_PRINT(" (too short for EAP Notification request/response)");
- return;
- }
+ ND_ICHECK_U(len, <, 6);
ND_PRINT(", Notification: ");
nd_printjnp(ndo, cp + 5, len - 5);
break;
* the desired authentication
* type one octet per type
*/
- if (len < 6) {
- ND_PRINT(" (too short for EAP Legacy NAK request/response)");
- return;
- }
+ ND_ICHECK_U(len, <, 6);
+ sep = "";
for (count = 5; count < len; count++) {
- ND_PRINT(" %s (%u),",
+ ND_PRINT("%s %s (%u)", sep,
tok2str(eap_type_values, "unknown", GET_U_1((cp + count))),
GET_U_1(cp + count));
+ sep = ",";
}
break;
case EAP_TYPE_TTLS:
case EAP_TYPE_TLS:
- if (len < 6) {
- ND_PRINT(" (too short for EAP TLS/TTLS request/response)");
- return;
- }
+ ND_ICHECK_U(len, <, 6);
if (subtype == EAP_TYPE_TTLS)
ND_PRINT(" TTLSv%u",
EAP_TTLS_VERSION(GET_U_1((cp + 5))));
- ND_PRINT(" flags [%s] 0x%02x,",
+ ND_PRINT(" flags [%s] 0x%02x",
bittok2str(eap_tls_flags_values, "none", GET_U_1((cp + 5))),
GET_U_1(cp + 5));
if (EAP_TLS_EXTRACT_BIT_L(GET_U_1(cp + 5))) {
- if (len < 10) {
- ND_PRINT(" (too short for EAP TLS/TTLS request/response with length)");
- return;
- }
- ND_PRINT(" len %u", GET_BE_U_4(cp + 6));
+ ND_ICHECK_U(len, <, 10);
+ ND_PRINT(", len %u", GET_BE_U_4(cp + 6));
}
break;
case EAP_TYPE_FAST:
- if (len < 6) {
- ND_PRINT(" (too short for EAP FAST request/response)");
- return;
- }
+ ND_ICHECK_U(len, <, 6);
ND_PRINT(" FASTv%u",
EAP_TTLS_VERSION(GET_U_1((cp + 5))));
- ND_PRINT(" flags [%s] 0x%02x,",
+ ND_PRINT(" flags [%s] 0x%02x",
bittok2str(eap_tls_flags_values, "none", GET_U_1((cp + 5))),
GET_U_1(cp + 5));
if (EAP_TLS_EXTRACT_BIT_L(GET_U_1(cp + 5))) {
- if (len < 10) {
- ND_PRINT(" (too short for EAP FAST request/response with length)");
- return;
- }
- ND_PRINT(" len %u", GET_BE_U_4(cp + 6));
+ ND_ICHECK_U(len, <, 10);
+ ND_PRINT(", len %u", GET_BE_U_4(cp + 6));
}
/* FIXME - TLV attributes follow */
case EAP_TYPE_AKA:
case EAP_TYPE_SIM:
- if (len < 6) {
- ND_PRINT(" (too short for EAP SIM/AKA request/response)");
- return;
- }
- ND_PRINT(" subtype [%s] 0x%02x,",
+ ND_ICHECK_U(len, <, 6);
+ ND_PRINT(" subtype [%s] 0x%02x",
tok2str(eap_aka_subtype_values, "unknown", GET_U_1((cp + 5))),
GET_U_1(cp + 5));
}
}
return;
-trunc:
- nd_print_trunc(ndo);
+
+invalid:
+ nd_print_invalid(ndo);
}
void
ndo->ndo_protocol = "eap";
eap = (const struct eap_frame_t *)cp;
- ND_TCHECK_SIZE(eap);
eap_type = GET_U_1(eap->type);
ND_PRINT("%s (%u) v%u, len %u",
switch (eap_type) {
case EAP_FRAME_TYPE_PACKET:
if (eap_len == 0)
- goto trunc;
+ goto invalid;
ND_PRINT(", ");
eap_print(ndo, cp, eap_len);
- return;
+ break;
case EAP_FRAME_TYPE_LOGOFF:
case EAP_FRAME_TYPE_ENCAP_ASF_ALERT:
default:
}
return;
- trunc:
- nd_print_trunc(ndo);
+invalid:
+ nd_print_invalid(ndo);
}
projects / tcpdump / blobdiff