Example 1 with EAP
use of org.onlab.packet.EAP in project aaa by opencord.
the class AaaTestBase method constructSupplicantLogoffPacket.
/**
* Constructs an Ethernet packet containing a EAPOL_LOGOFF Payload.
*
* @return Ethernet packet
*/
Ethernet constructSupplicantLogoffPacket() {
Ethernet eth = new Ethernet();
eth.setDestinationMACAddress(clientMac.toBytes());
eth.setSourceMACAddress(serverMac.toBytes());
eth.setEtherType(EthType.EtherType.EAPOL.ethType().toShort());
eth.setVlanID((short) 2);
EAP eap = new EAP(EAPOL.EAPOL_LOGOFF, (byte) 2, EAPOL.EAPOL_LOGOFF, null);
// eapol header
EAPOL eapol = new EAPOL();
eapol.setEapolType(EAPOL.EAPOL_LOGOFF);
eapol.setPacketLength(eap.getLength());
// eap part
eapol.setPayload(eap);
eth.setPayload(eapol);
eth.setPad(true);
return eth;
}Example 2 with EAP
use of org.onlab.packet.EAP in project aaa by opencord.
the class AaaTestBase method constructSupplicantAsfPacket.
/**
* Constructs an Ethernet packet containing a EAPOL_ASF Payload.
*
* @return Ethernet packet
*/
Ethernet constructSupplicantAsfPacket() {
Ethernet eth = new Ethernet();
eth.setDestinationMACAddress(clientMac.toBytes());
eth.setSourceMACAddress(serverMac.toBytes());
eth.setEtherType(EthType.EtherType.EAPOL.ethType().toShort());
eth.setVlanID((short) 2);
EAP eap = new EAP(EAPOL.EAPOL_START, (byte) 3, EAPOL.EAPOL_START, null);
// eapol header
EAPOL eapol = new EAPOL();
eapol.setEapolType(EAPOL.EAPOL_ASF);
eapol.setPacketLength(eap.getLength());
// eap part
eapol.setPayload(eap);
eth.setPayload(eapol);
eth.setPad(true);
return eth;
}Example 3 with EAP
use of org.onlab.packet.EAP in project aaa by opencord.
the class AaaIntegrationTest method testAuthentication.
/**
* Tests the authentication path through the AAA application by sending
* packets to the RADIUS server and checking the state machine
* transitions.
*
* @throws Exception when an unhandled error occurs
*/
@Test
public void testAuthentication() throws Exception {
// (1) Supplicant start up
Ethernet startPacket = constructSupplicantStartPacket();
sendPacket(startPacket);
Ethernet responsePacket = fetchPacket(0);
assertThat(responsePacket, notNullValue());
checkRadiusPacket(aaa, responsePacket, EAP.REQUEST);
// (2) Supplicant identify
Ethernet identifyPacket = constructSupplicantIdentifyPacket(null, EAP.ATTR_IDENTITY, (byte) 1, null);
sendPacket(identifyPacket);
// State machine should have been created by now
StateMachine stateMachine = aaa.getStateMachine(SESSION_ID);
assertThat(stateMachine, notNullValue());
assertThat(stateMachine.state(), is(StateMachine.STATE_PENDING));
// (3) RADIUS MD5 challenge
Ethernet radiusChallengeMD5Packet = fetchPacket(1);
assertThat(radiusChallengeMD5Packet, notNullValue());
checkRadiusPacket(aaa, radiusChallengeMD5Packet, EAP.REQUEST);
// (4) Supplicant MD5 response
Ethernet md5RadiusPacket = constructSupplicantIdentifyPacket(stateMachine, EAP.ATTR_MD5, stateMachine.challengeIdentifier(), radiusChallengeMD5Packet);
sendPacket(md5RadiusPacket);
// (5) RADIUS Success
Ethernet successRadiusPacket = fetchPacket(2);
assertThat(successRadiusPacket, notNullValue());
EAPOL successEapol = (EAPOL) successRadiusPacket.getPayload();
EAP successEap = (EAP) successEapol.getPayload();
assertThat(successEap.getCode(), is(EAP.SUCCESS));
// State machine should be in authorized state
assertThat(stateMachine, notNullValue());
assertThat(stateMachine.state(), is(StateMachine.STATE_AUTHORIZED));
}Example 4 with EAP
use of org.onlab.packet.EAP in project aaa by opencord.
the class AaaManagerTest method checkRadiusPacketFromSupplicant.
/**
* Extracts the RADIUS packet from a packet sent by the supplicant.
*
* @param radius RADIUS packet sent by the supplicant
* @throws DeserializationException if deserialization of the packet contents
* fails.
*/
private void checkRadiusPacketFromSupplicant(RADIUS radius) throws DeserializationException {
assertThat(radius, notNullValue());
EAP eap = radius.decapsulateMessage();
assertThat(eap, notNullValue());
}
Also used :
EAP(org.onlab.packet.EAP)
Example 5 with EAP
use of org.onlab.packet.EAP in project aaa by opencord.
the class AaaManager method handleRadiusPacket.
/**
* Handles RADIUS packets.
*
* @param radiusPacket RADIUS packet coming from the RADIUS server.
*/
public void handleRadiusPacket(RADIUS radiusPacket) {
if (log.isTraceEnabled()) {
log.trace("Received RADIUS packet {} with identifier {}", radiusPacket, radiusPacket.getIdentifier() & 0xff);
}
if (radiusOperationalStatusService.isRadiusResponseForOperationalStatus(radiusPacket.getIdentifier())) {
if (log.isTraceEnabled()) {
log.trace("Handling operational status RADIUS packet {} with identifier {}", radiusPacket, radiusPacket.getIdentifier() & 0xff);
}
radiusOperationalStatusService.handleRadiusPacketForOperationalStatus(radiusPacket);
return;
}
if (log.isTraceEnabled()) {
log.trace("Handling actual RADIUS packet for supplicant {} with identifier {}", radiusPacket, radiusPacket.getIdentifier() & 0xff);
}
RequestIdentifier identifier = RequestIdentifier.of(radiusPacket.getIdentifier());
String sessionId = idManager.getSessionId(identifier);
if (sessionId == null) {
log.error("Invalid packet identifier {}, could not find corresponding " + "state machine ... exiting", radiusPacket.getIdentifier());
aaaStatisticsManager.getAaaStats().incrementNumberOfSessionsExpired();
aaaStatisticsManager.getAaaStats().countDroppedResponsesRx();
return;
}
idManager.releaseIdentifier(identifier);
StateMachine stateMachine = stateMachines.get(sessionId);
if (stateMachine == null) {
log.error("Invalid packet identifier {}, could not find corresponding " + "state machine ... exiting", radiusPacket.getIdentifier());
aaaStatisticsManager.getAaaStats().incrementNumberOfSessionsExpired();
aaaStatisticsManager.getAaaStats().countDroppedResponsesRx();
return;
}
// instance of StateMachine using the sessionId for updating machine stats
StateMachine machineStats = stateMachines.get(stateMachine.sessionId());
EAP eapPayload;
Ethernet eth;
checkReceivedPacketForValidValidator(radiusPacket, stateMachine.requestAuthenticator());
// increasing packets and octets received from server
machineStats.incrementTotalPacketsReceived();
try {
machineStats.incrementTotalOctetReceived(radiusPacket.decapsulateMessage().getLength());
} catch (DeserializationException e) {
log.error(e.getMessage());
return;
}
if (outPacketSet.contains(radiusPacket.getIdentifier())) {
aaaStatisticsManager.getAaaStats().increaseOrDecreasePendingRequests(false);
outPacketSet.remove(new Byte(radiusPacket.getIdentifier()));
}
MacAddress dstMac = stateMachine.supplicantAddress();
ConnectPoint supplicantCp = stateMachine.supplicantConnectpoint();
switch(radiusPacket.getCode()) {
case RADIUS.RADIUS_CODE_ACCESS_CHALLENGE:
log.debug("RADIUS packet: RADIUS_CODE_ACCESS_CHALLENGE for dev/port: {}/{} " + "with MacAddress {} and Identifier {}", supplicantCp.deviceId(), supplicantCp.port(), dstMac, radiusPacket.getIdentifier() & 0xff);
RADIUSAttribute radiusAttrState = radiusPacket.getAttribute(RADIUSAttribute.RADIUS_ATTR_STATE);
byte[] challengeState = null;
if (radiusAttrState != null) {
challengeState = radiusAttrState.getValue();
}
try {
eapPayload = radiusPacket.decapsulateMessage();
eth = buildEapolResponse(stateMachine.supplicantAddress(), MacAddress.valueOf(nasMacAddress), stateMachine.vlanId(), EAPOL.EAPOL_PACKET, eapPayload, stateMachine.priorityCode());
stateMachine.setChallengeInfo(eapPayload.getIdentifier(), challengeState);
} catch (DeserializationException e) {
log.error(e.getMessage());
break;
}
log.debug("Send EAP challenge response to supplicant on dev/port: {}/{}" + " with MacAddress {} and Identifier {}", supplicantCp.deviceId(), supplicantCp.port(), dstMac, radiusPacket.getIdentifier() & 0xff);
sendPacketToSupplicant(eth, stateMachine.supplicantConnectpoint(), true);
aaaStatisticsManager.getAaaStats().increaseChallengeResponsesRx();
outPacketSupp.add(eapPayload.getIdentifier());
aaaStatisticsManager.getAaaStats().incrementPendingReqSupp();
// increasing packets send to server
machineStats.incrementTotalPacketsSent();
machineStats.incrementTotalOctetSent(eapPayload.getLength());
break;
case RADIUS.RADIUS_CODE_ACCESS_ACCEPT:
log.debug("RADIUS packet: RADIUS_CODE_ACCESS_ACCEPT for dev/port: {}/{}" + " with MacAddress {} and Identifier {}", supplicantCp.deviceId(), supplicantCp.port(), dstMac, radiusPacket.getIdentifier() & 0xff);
// send an EAPOL - Success to the supplicant.
byte[] eapMessageSuccess = radiusPacket.getAttribute(RADIUSAttribute.RADIUS_ATTR_EAP_MESSAGE).getValue();
try {
eapPayload = EAP.deserializer().deserialize(eapMessageSuccess, 0, eapMessageSuccess.length);
} catch (DeserializationException e) {
log.error(e.getMessage());
break;
}
eth = buildEapolResponse(stateMachine.supplicantAddress(), MacAddress.valueOf(nasMacAddress), stateMachine.vlanId(), EAPOL.EAPOL_PACKET, eapPayload, stateMachine.priorityCode());
log.info("Send EAP success message to supplicant on dev/port: {}/{}" + " with MacAddress {} and Identifier {}", supplicantCp.deviceId(), supplicantCp.port(), dstMac, radiusPacket.getIdentifier() & 0xff);
sendPacketToSupplicant(eth, stateMachine.supplicantConnectpoint(), false);
aaaStatisticsManager.getAaaStats().incrementEapolAuthSuccessTrans();
stateMachine.authorizeAccess();
aaaStatisticsManager.getAaaStats().increaseAcceptResponsesRx();
// increasing packets send to server
machineStats.incrementTotalPacketsSent();
machineStats.incrementTotalOctetSent(eapPayload.getLength());
break;
case RADIUS.RADIUS_CODE_ACCESS_REJECT:
log.debug("RADIUS packet: RADIUS_CODE_ACCESS_REJECT for dev/port: {}/{}" + " with MacAddress {} and Identifier {}", supplicantCp.deviceId(), supplicantCp.port(), dstMac, radiusPacket.getIdentifier() & 0xff);
// send an EAPOL - Failure to the supplicant.
byte[] eapMessageFailure;
eapPayload = new EAP();
RADIUSAttribute radiusAttrEap = radiusPacket.getAttribute(RADIUSAttribute.RADIUS_ATTR_EAP_MESSAGE);
if (radiusAttrEap == null) {
eapPayload.setCode(EAP.FAILURE);
eapPayload.setIdentifier(stateMachine.challengeIdentifier());
eapPayload.setLength(EAP.EAP_HDR_LEN_SUC_FAIL);
} else {
eapMessageFailure = radiusAttrEap.getValue();
try {
eapPayload = EAP.deserializer().deserialize(eapMessageFailure, 0, eapMessageFailure.length);
} catch (DeserializationException e) {
log.error(e.getMessage());
break;
}
}
eth = buildEapolResponse(stateMachine.supplicantAddress(), MacAddress.valueOf(nasMacAddress), stateMachine.vlanId(), EAPOL.EAPOL_PACKET, eapPayload, stateMachine.priorityCode());
log.warn("Send EAP failure message to supplicant on dev/port: {}/{}" + " with MacAddress {} and Identifier {}", supplicantCp.deviceId(), supplicantCp.port(), dstMac, stateMachine.challengeIdentifier() & 0xff);
sendPacketToSupplicant(eth, stateMachine.supplicantConnectpoint(), false);
aaaStatisticsManager.getAaaStats().incrementEapolauthFailureTrans();
stateMachine.denyAccess();
aaaStatisticsManager.getAaaStats().increaseRejectResponsesRx();
// increasing packets send to server
machineStats.incrementTotalPacketsSent();
machineStats.incrementTotalOctetSent(eapPayload.getLength());
// pushing machine stats to kafka
AaaSupplicantMachineStats machineObj = aaaSupplicantStatsManager.getSupplicantStats(machineStats);
aaaSupplicantStatsManager.getMachineStatsDelegate().notify(new AaaMachineStatisticsEvent(AaaMachineStatisticsEvent.Type.STATS_UPDATE, machineObj));
break;
default:
log.warn("Unknown RADIUS message received with code: {} for dev/port: {}/{}" + " with MacAddress {} and Identifier {}", radiusPacket.getCode(), supplicantCp.deviceId(), supplicantCp.port(), dstMac, radiusPacket.getIdentifier() & 0xff);
aaaStatisticsManager.getAaaStats().increaseUnknownTypeRx();
// increasing packets received to server
machineStats.incrementTotalPacketsReceived();
try {
machineStats.incrementTotalOctetReceived(radiusPacket.decapsulateMessage().getLength());
} catch (DeserializationException e) {
log.error(e.getMessage());
break;
}
}
aaaStatisticsManager.getAaaStats().countDroppedResponsesRx();
}
Also used :
AaaMachineStatisticsEvent(org.opencord.aaa.AaaMachineStatisticsEvent)
MacAddress(org.onlab.packet.MacAddress)
RADIUSAttribute(org.onlab.packet.RADIUSAttribute)
ConnectPoint(org.onosproject.net.ConnectPoint)
DeserializationException(org.onlab.packet.DeserializationException)
EAP(org.onlab.packet.EAP)
Ethernet(org.onlab.packet.Ethernet)
AaaSupplicantMachineStats(org.opencord.aaa.AaaSupplicantMachineStats)
Aggregations
EAP (org.onlab.packet.EAP)10
EAPOL (org.onlab.packet.EAPOL)6
Ethernet (org.onlab.packet.Ethernet)6
MessageDigest (java.security.MessageDigest)1
Test (org.junit.Test)1
DeserializationException (org.onlab.packet.DeserializationException)1
MacAddress (org.onlab.packet.MacAddress)1
RADIUS (org.onlab.packet.RADIUS)1
RADIUSAttribute (org.onlab.packet.RADIUSAttribute)1
ConnectPoint (org.onosproject.net.ConnectPoint)1
AaaMachineStatisticsEvent (org.opencord.aaa.AaaMachineStatisticsEvent)1
AaaSupplicantMachineStats (org.opencord.aaa.AaaSupplicantMachineStats)1
