def m2i(self, pkt, m):
ret = None
eap_packet_len = struct.unpack("!H", m[2:4])[0]
if eap_packet_len < 254:
# If the EAP packet has not been fragmented, build a Scapy EAP
# packet from the data.
ret = EAP(m)
else:
ret = conf.raw_layer(m)
return ret
def _build_legacy_nak(request_id, desired_auth_type):
"""
Build a Legacy Nak packet, in order to ask for a specific authentication
method.
"""
eap_response = EAP(code=EAP.RESPONSE,
id=request_id,
type=3,
desired_auth_types=[desired_auth_type])
return eap_response
def _process_eap_request(self, eap_request):
"""
Process incoming EAP requests.
"""
eap_response = None
test_response = False
# Request-Identity
if eap_request.type == 1:
eap_response = EAP(code=EAP.RESPONSE,
id=eap_request.id,
type=1,
identity=self._identity)
elif eap_request.type > 3:
# At this point, a new authentication process has started
self._auth_process_in_progress = True
# Process phase 1 tests
if not self._tls_scan:
eap_response, test_response =\
self._process_request(eap_request)
# Process TLS based method
elif eap_request.type in TLS_BASED_METHODS:
# We're expecting a Request with a type matching a TLS-based
# authentication method. If the authentication method is not
# the expected one, send a Legacy Nak asking for EAP-TLS (or
# the specified EAP method).
if eap_request.type != self._current_auth_method:
desired_auth_type_ = self._current_auth_method or 13
eap_response = _build_legacy_nak(eap_request.id,
desired_auth_type_)
else:
eap_response, test_response =\
self._process_tls_request(eap_request)
else:
# If the authentication method is not the expected one,
# send a Legacy Nak asking for EAP-TLS (or the specified
# EAP method).
if eap_request.type != self._current_auth_method:
desired_auth_type_ = self._current_auth_method or 13
eap_response = _build_legacy_nak(eap_request.id,
desired_auth_type_)
return eap_response, test_response
def post_dissect(self, s):
if not conf.contribs.get("radius", {}).get("auto-defrag", True):
return s
if isinstance(self.value, conf.raw_layer):
# Defragment
x = s
buf = self.value.load
while x and struct.unpack("!B", x[:1])[0] == 79:
# Let's carefully avoid the infinite loop
length = struct.unpack("!B", x[1:2])[0]
if not length:
return s
buf, x = buf + x[2:length], x[length:]
if length < 254:
self.value = EAP(buf)
return x
return s
