Wireshark-bugs: [Wireshark-bugs] [Bug 4096] Wireshark's RADIUS retry detection incorrectly tags

Date: Thu, 14 Jan 2016 15:40:40 +0000

changed bug 4096


What Removed Added
CC   [email protected]

Comment # 7 on bug 4096 from
Still unresolved in 2.1.x

Fully agree with Stipe Tolj that Request/Response Authenticator should be taken
into account. BTW, RFC 5080 provides this solution, see Section 2.2.2:

...
   Cache entries MUST also be purged if the server receives a valid
   Access-Request packet that matches a cached Access-Request packet in
   source address, source port, RADIUS Identifier, and receiving socket,
   but where the Request Authenticator field is different from the one
   in the cached packet.  If the request contains a Message-
   Authenticator attribute, the request MUST be processed as described
   in [RFC3580] Section 3.2.  Packets with invalid Message-
   Authenticators MUST NOT affect the cache in any way.
...

and

...
   When sending requests, RADIUS clients MUST NOT reuse Identifiers for
   a source IP address and source UDP port until either a valid response
   has been received, or the request has timed out.  Clients SHOULD
   allocate Identifiers via a least-recently-used (LRU) method for a
   particular source IP address and source UDP port.
...

In my case client receives valid response and then reuses Identifier and
allocates new Authenticator value for the second request. Wireshark treats the
second request as duplicate of the first, though Authenticator values are
different (Src IP, Src Port and Identifier are the same for both requests).

Note: Identifier value is reused due to high rate of requests (~100 pps).


You are receiving this mail because:
  • You are watching all bug changes.