Hi, all: Sorry to trouble you again, but this time, I have some new findings with Malformed Packet in MozLDAP network trace.
As you can see, the Malformed Packet is in the 2nd round of binding interaction with the server: ======================================== 32 17.839052 13.198.98.107 13.198.98.35 LDAP bindRequest(1) "<ROOT>" sasl 33 17.917608 13.198.98.35 13.198.98.107 LDAP bindResponse(1) saslBindInProgress 35 17.919333 13.198.98.107 13.198.98.35 LDAP bindRequest(2) "<ROOT>" [Malformed Packet] 36 17.919637 13.198.98.35 13.198.98.107 LDAP bindResponse(2) saslBindInProgress 37 17.920316 13.198.98.107 13.198.98.35 LDAP bindRequest(3) "<ROOT>" sasl 38 17.920691 13.198.98.35 13.198.98.107 LDAP bindResponse(3) success ======================================== I am not sure if packet 35 is normal or not? After all, it says the packet is malformed. In contrast, a trace captured with OpenLDAP ldapsearch utility does not have this malformat packet: ======================================== 22 24.805633 13.198.98.35 13.198.98.190 LDAP bindResponse(1) saslBindInProgress 28 26.616093 13.198.98.190 13.198.98.35 LDAP bindRequest(2) "<ROOT>" sasl 29 26.616459 13.198.98.35 13.198.98.190 LDAP bindResponse(2) saslBindInProgress 31 26.616705 13.198.98.190 13.198.98.35 LDAP bindRequest(3) "<ROOT>" sasl 32 26.633134 13.198.98.35 13.198.98.190 LDAP bindResponse(3) success ======================================== As you know, SASL connection relies on SASL library like libsasl2.so, which depends on OpenLDAP libraries such as libldap-2.3.so and liblber-2.3.so (this can be verfified by "ldd libsasl2.so"). And I am not sure whether there is some conflict between MozLDAP and OpenLDAP when MozLDAP calls SASL interfaces in libsasl2.so to do SASL binding. This aside, when I compare the content of packet 35 in MozLDAP trace and packet 29 in OpenLDAP trace, it is noted that the MozLDAP packet has extra bytes "04 00" after "mechanism: GSSAPI". These extra bytes are interpreted as "<MISSING> credentials" by WireShark. In contrast, although the OpenLDAP packet doesn't have any credential information as well, it doesn't have these extra bytes. That's why packet 35 in MozLDAP trace is marked as Malformed Packet, while packet 29 in OpenLDAP trace is not. Anyone can look into this matter? If you try some sasl connection and capture a network trace while doing sasl binding, you'll easily find the problem. I myself have captured the traces, but it is understood that mailist doesn't welcome attachments. So if anybody wants to have a look at my trace, just let me know, and I'll send you in separate mail. Thanks, Xu Qiang _______________________________________________ dev-tech-ldap mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-ldap
