diff options
author | Jeff Morriss <jeff.morriss.ws@gmail.com> | 2016-03-13 15:33:30 -0400 |
---|---|---|
committer | Michael Mann <mmann78@netscape.net> | 2016-03-14 02:05:18 +0000 |
commit | 8cb41a93375145378b394ce82406cd57e9db8c71 (patch) | |
tree | 83cc30922faa2bc32fa630e7f79292c74c363ad7 /epan/dissectors/packet-radius.h | |
parent | c31f687a0f56cfc28c0b466071ee5700aeb642eb (diff) | |
download | wireshark-8cb41a93375145378b394ce82406cd57e9db8c71.tar.gz |
Handle RADIUS ident reuse better.
Rather than storing RADIUS calls in a map keyed by the ident and conversation
store a tree of calls (using the the same key). Store each (non-duplicate)
call (request) in the tree, keyed by frame number. When looking for a match
(or a duplicate) look for the most-recently-seen frame in the tree (i.e., the
most recent frame with the same ident + conversation). Only declare a request
a duplicate if the authenticator is identical (as per RFC 5080 section 2.2.2).
Only store things in the map/tree on the first pass.
Remove the 'request_ttl' preference: it's better to show the user when the
response came back even if it was "late." (This also allows duplicate request
detection inside of the TTL.)
When telling the user about a duplicate don't tell them the ident again: they
already know that. Tell them the frame number of the original.
Use the FT_FRAMENUM_REQUEST/FT_FRAMENUM_RESPONSE hints.
Move a couple structures from the header file to the C file: they're only used
in the RADIUS dissector anyway.
Bug: 4096
Change-Id: I0e8bc0d23cd6b219cecd82f5c4cd765d28a14d98
Reviewed-on: https://code.wireshark.org/review/14451
Petri-Dish: Jeff Morriss <jeff.morriss.ws@gmail.com>
Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org>
Reviewed-by: Michael Mann <mmann78@netscape.net>
Diffstat (limited to 'epan/dissectors/packet-radius.h')
-rw-r--r-- | epan/dissectors/packet-radius.h | 27 |
1 files changed, 0 insertions, 27 deletions
diff --git a/epan/dissectors/packet-radius.h b/epan/dissectors/packet-radius.h index 14c5a6c32c..c53bb87818 100644 --- a/epan/dissectors/packet-radius.h +++ b/epan/dissectors/packet-radius.h @@ -141,30 +141,3 @@ void dissect_attribute_value_pairs(proto_tree *tree, packet_info *pinfo, tvbuff_ /* from radius_dict.l */ gboolean radius_load_dictionary (radius_dictionary_t* dict, gchar* directory, const gchar* filename, gchar** err_str); - -/* Item of request list */ -typedef struct _radius_call_t -{ - guint code; - guint ident; - - guint32 req_num; /* frame number request seen */ - guint32 rsp_num; /* frame number response seen */ - guint32 rspcode; - nstime_t req_time; - gboolean responded; - guint8 *req_authenticator; /* request authenticator to validate response */ -} radius_call_t; - -/* Container for tapping relevant data */ -typedef struct _radius_info_t -{ - guint code; - guint ident; - nstime_t req_time; - gboolean is_duplicate; - gboolean request_available; - guint32 req_num; /* frame number request seen */ - guint32 rspcode; -} radius_info_t; - |