aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorBinh Trinh <beango@gmail.com>2016-07-10 01:57:15 -0400
committerPascal Quantin <pascal.quantin@gmail.com>2016-07-10 18:34:51 +0000
commitb0a32c60c9f85cb9ed10ea37edd1a450b2dafd8a (patch)
treee232ba83427931aefc96ce484b4771a3bc631c11
parented69bf3bc7fdbc679f7a331efabcb712823ceb14 (diff)
NAS-EPS: Add preference to bypass a heuristic decode of a ciphered NAS.
Change-Id: Ifedb82bbcb29ab978ffb9ce2f485ac9ff0712fc2 Reviewed-on: https://code.wireshark.org/review/16363 Petri-Dish: Pascal Quantin <pascal.quantin@gmail.com> Tested-by: Petri Dish Buildbot <buildbot-no-reply@wireshark.org> Reviewed-by: Pascal Quantin <pascal.quantin@gmail.com>
-rw-r--r--epan/dissectors/packet-nas_eps.c13
1 files changed, 11 insertions, 2 deletions
diff --git a/epan/dissectors/packet-nas_eps.c b/epan/dissectors/packet-nas_eps.c
index 7852177..f5e3b20 100644
--- a/epan/dissectors/packet-nas_eps.c
+++ b/epan/dissectors/packet-nas_eps.c
@@ -299,6 +299,7 @@ static expert_field ei_nas_eps_esm_tp_not_integ_prot = EI_INIT;
/* Global variables */
static gboolean g_nas_eps_dissect_plain = FALSE;
+static gboolean g_nas_eps_null_decipher = TRUE;
guint8 eps_nas_gen_msg_cont_type = 0;
@@ -5708,8 +5709,10 @@ dissect_nas_eps(tvbuff_t *tvb, packet_info *pinfo, proto_tree *tree, void* data
/* Read security_header_type / EPS bearer id AND pd */
pd = tvb_get_guint8(tvb,offset);
/* If pd is in plaintext this message probably isn't ciphered */
- if ((pd != 7) && (pd != 15) &&
- (((pd&0x0f) != 2) || (((pd&0x0f) == 2) && ((pd&0xf0) > 0) && ((pd&0xf0) < 0x50)))) {
+ /* Use preferences settings to override this behavior */
+ if (!g_nas_eps_null_decipher ||
+ ((pd != 7) && (pd != 15) &&
+ (((pd&0x0f) != 2) || (((pd&0x0f) == 2) && ((pd&0xf0) > 0) && ((pd&0xf0) < 0x50))))) {
proto_tree_add_item(nas_eps_tree, hf_nas_eps_ciphered_msg, tvb, offset, len-6, ENC_NA);
return tvb_captured_length(tvb);
}
@@ -6945,6 +6948,12 @@ proto_register_nas_eps(void)
"Force dissect as plain NAS EPS",
"Always dissect NAS EPS messages as plain",
&g_nas_eps_dissect_plain);
+
+ prefs_register_bool_preference(nas_eps_module,
+ "null_decipher",
+ "Try to detect and decode EEA0 ciphered messages",
+ "This should work when the NAS security algorithm is NULL (128-EEA0).",
+ &g_nas_eps_null_decipher);
}
void