Thanks for the reply, actually, both the secret ID and HMAC fields are not present in DHCPDISCOVER messages. I've attached a new stab at a patch against the SVN head - the previous one was against the 0.99.5 source.
Stefan. On 4/24/07, Jaap Keuter <[EMAIL PROTECTED]> wrote:
Hi, What about the presentation of the HMAC MD5 Hash? That's got to be conditional as well. Please refer to the SVN version, your line numbers seem to indicate an older revision of the file. Thanx, Jaap On Mon, 23 Apr 2007, Stefan Puiu wrote: > > Stefan Puiu <[EMAIL PROTECTED]> writes: > > > > > Hi all, > > > > I captured some DHCP traffic using DHCP AUTH (option 90 - see > > RFC3118) using tcpdump on a Linux device and was then trying to view > > it from wireshark (0.99.4) on Windows. The problem is I'm getting some > > warnings on the option length, and I think they are wrong. > > OK, I've decided to dive a bit into the code and see what's wrong. I seem to > have found the offending code in epan/dissectors/proto-bootp.c. > > It seems that there's a general check on option 90 so that the length field is > >= 11, which seems right according to RFC3118. Then, wireshark expects the > option length to be >= 31 if HMAC-MD5 is used - trouble is, that is valid for > packets of any other type besides DHCPDISCOVER. Here'an attempt at a patch - > since I'm using cygwin on Windows, I can't verify it: > > --- packet-bootp.c.orig 2007-02-02 00:00:56.000000000 +0200 > +++ packet-bootp.c 2007-04-24 00:42:44.267830400 +0300 > @@ -1172,11 +1172,20 @@ > switch (algorithm) { > > case AUTHEN_DELAYED_ALGO_HMAC_MD5: > - if (optlen < 31) { > + if (!strcmp(*dhcp_type_p, "Discover")) { > + if (optlen < 11) { > + proto_item_append_text(vti, > + " length isn't >= 11"); > + break; > + } > + } > + else if (optlen < 31) { > proto_item_append_text(vti, > " length isn't >= 31"); > break; > } > + > + > proto_tree_add_text(v_tree, tvb, optoff, 4, > "Secret ID: 0x%08x", > tvb_get_ntohl(tvb, optoff)); > > Basically, it uses 11 as the minimum size if the DHCP message type is > DHCPDISCOVER, and 31 otherwise. > > Stefan. > > > > > _______________________________________________ > Wireshark-users mailing list > Wireshark-users@wireshark.org > http://www.wireshark.org/mailman/listinfo/wireshark-users > > _______________________________________________ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users
dhcp_auth.diff
Description: Binary data
_______________________________________________ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users