https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16537
Bug ID: 16537
Summary: packet-eap.c: Replace several unique EAP identity
fields with a single identity field, and add some
metadata EAP Identity Fields
Product: Wireshark
Version: 3.2.0
Hardware: x86-64
OS: Ubuntu
Status: UNCONFIRMED
Severity: Enhancement
Priority: Low
Component: Dissection engine (libwireshark)
Assignee: bugzilla-ad...@wireshark.org
Reporter: mswe...@hotmail.com
CC: boardermar...@gmail.com, mswe...@hotmail.com,
realrichardsha...@gmail.com
Depends on: 16521, 16522, 16524
Target Milestone: ---
Build Information:
Wireshark 3.2.0
Copyright 1998-2019 Gerald Combs <ger...@wireshark.org> and contributors.
License GPLv2+: GNU GPL version 2 or later
<https://www.gnu.org/licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Compiled (64-bit) with Qt 5.9.5, with libpcap, without POSIX capabilities,
without libnl, with GLib 2.56.4, with zlib 1.2.11, without SMI, with c-ares
1.16.0, without Lua, without GnuTLS, with Gcrypt 1.8.1, without Kerberos, with
MaxMind DB resolver, without nghttp2, without brotli, without LZ4, without
Zstandard, without Snappy, without libxml2, with QtMultimedia, with SpeexDSP
(using bundled resampler), without SBC, without SpanDSP, without bcg729.
Running on Linux 5.3.0-46-generic, with Intel(R) Core(TM) i7-4790K CPU @
4.00GHz
(with SSE4.2), with 7934 MB of physical memory, with locale en_US.UTF-8, with
libpcap version 1.8.1, with Gcrypt 1.8.1, with zlib 1.2.11, binary plugins
supported (0 loaded).
Built using gcc 7.5.0.
--
In packet-eap.c and function 'dissect_eap_identity_wlan()', replace a list of
EAP identity-related fields for (1) conciseness, (2) consistency, and (3)
usability. Add several metadata-like fields for EAP identities. Nothing is
lost in terms of data points tied to the standard
(https://tools.ietf.org/html/rfc3748#section-5.1) yet Wireshark receives
clearly defined, intuitive fields related to the identity such as (1) identity
prefix, (2) identity type, (3) the full identity string, and (4) the identity
value itself, which could be a pseudonym, encrypted IMSI, Conservative Peer,
anonymous user, EAP-SIM/AKA/AKA' Permanent, EAP-SIM/AKA/AKA' Pseudonym,
EAP-SIM/AKA/AKA' Reauthentication ID, or "Unknown". I recommend omission of
the WLAN substring from fields and filters as it provides no additional clarity
or context.
Current, proposed fields to be replaced:
hf_eap_identity_wlan_prefix: replace with hf_eap_identity_prefix
hf_eap_identity_pseudo: replace with hf_eap_identity
hf_eap_identity_reauth: replace with hf_eap_identity
hf_eap_identity_wlan_mcc: replace with hf_eap_identity_realm_mcc
hf_eap_identity_wlan_mcc_mnc_2digits: replace with hf_eap_identity_realm_mnc
hf_eap_identity_wlan_mcc_mnc_3digits: replace with hf_eap_identity_realm_mnc
New fields to be added:
hf_eap_identity_type: Uses the identity prefix and a ternary operator to look
up identity types in a value_string array; returns "Unknown" if no match
hf_eap_identity_full: Provides the entire EAP identity string prior to any
tokenization
hf_eap_identity_realm: FT_STRING of NAI Realm string (second half of full
identity string)
hf_eap_identity_realm_mnc_resolved: Provides a resolved MNC value as a
FT_STRING similar to reasons described in Bug 16530 and Bug 16527
hf_eap_identity_realm_mcc_resolved: Provides a resolved MCC value as a
FT_STRING similar to reasons described in Bug 16530 and Bug 16527
Dissection flow would be:
(1) Grab entire string (depends on Bug 16521 getting fixed first due to
possible null byte)
(2) Tokenize the string (depends on Bugs 16522 and 16524 getting fixed due to
multiple permutations of identity formats)
(3) Dissect the prefix byte from the identity value (i.e., eap.identity), add
that to the tree (depends on Bug 16521)
(4) Switch by prefix value (depends on Bug 16522)
(5) Add full identity string (i.e., eap.identity.full) to the tree
(6) Add the identity value (eap.identity) to the tree
(Optional - Pertains to Encrypted IMSI Identity only, Bug 16528) Add
Certificate Serial Number to the tree
(7) If NAI realm is present (2 out of 3 permutations), add the NAI realm string
to the tree
(8) Tokenize the NAI realm
(9) Add the MCC and MNC values to the tree along with their resolved values as
separate fields
Referenced Bugs:
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16521
[Bug 16521] packet-eap.c: Encrypted IMSI identities begin with a null byte
prefix which fails string grab in dissect_eap_identity_wlan()
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16522
[Bug 16522] packet-eap.c: Conservative Peer, Anonymous User, Encrypted IMSI,
and two other identity types do not dissect
https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=16524
[Bug 16524] packet-eap.c: Some identity string values have periods so
tokenization fails within dissect_eap_identity_wlan()
--
You are receiving this mail because:
You are watching all bug changes.___________________________________________________________________________
Sent via: Wireshark-bugs mailing list <wireshark-bugs@wireshark.org>
Archives: https://www.wireshark.org/lists/wireshark-bugs
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-bugs
mailto:wireshark-bugs-requ...@wireshark.org?subject=unsubscribe
