Search in sources :

Example 6 with Ethernet

use of org.onlab.packet.Ethernet in project aaa by opencord.

the class SocketBasedRadiusCommunicator method handlePacketFromServer.

// in the socket base case we don't care about packets coming from the server as nothing meaningful will be
// received from the southbound
@Override
public void handlePacketFromServer(PacketContext context) {
    InboundPacket pkt = context.inPacket();
    Ethernet ethPkt = pkt.parsed();
    if (log.isTraceEnabled() && ethPkt.getEtherType() != Ethernet.TYPE_LLDP && ethPkt.getEtherType() != Ethernet.TYPE_BSN) {
        log.trace("Skipping Ethernet packet type {}", EthType.EtherType.lookup(ethPkt.getEtherType()));
    }
}
Also used : InboundPacket(org.onosproject.net.packet.InboundPacket) Ethernet(org.onlab.packet.Ethernet)

Example 7 with Ethernet

use of org.onlab.packet.Ethernet in project aaa by opencord.

the class AaaIntegrationTest method testAuthentication.

/**
 * Tests the authentication path through the AAA application by sending
 * packets to the RADIUS server and checking the state machine
 * transitions.
 *
 * @throws Exception when an unhandled error occurs
 */
@Test
public void testAuthentication() throws Exception {
    // (1) Supplicant start up
    Ethernet startPacket = constructSupplicantStartPacket();
    sendPacket(startPacket);
    Ethernet responsePacket = fetchPacket(0);
    assertThat(responsePacket, notNullValue());
    checkRadiusPacket(aaa, responsePacket, EAP.REQUEST);
    // (2) Supplicant identify
    Ethernet identifyPacket = constructSupplicantIdentifyPacket(null, EAP.ATTR_IDENTITY, (byte) 1, null);
    sendPacket(identifyPacket);
    // State machine should have been created by now
    StateMachine stateMachine = aaa.getStateMachine(SESSION_ID);
    assertThat(stateMachine, notNullValue());
    assertThat(stateMachine.state(), is(StateMachine.STATE_PENDING));
    // (3) RADIUS MD5 challenge
    Ethernet radiusChallengeMD5Packet = fetchPacket(1);
    assertThat(radiusChallengeMD5Packet, notNullValue());
    checkRadiusPacket(aaa, radiusChallengeMD5Packet, EAP.REQUEST);
    // (4) Supplicant MD5 response
    Ethernet md5RadiusPacket = constructSupplicantIdentifyPacket(stateMachine, EAP.ATTR_MD5, stateMachine.challengeIdentifier(), radiusChallengeMD5Packet);
    sendPacket(md5RadiusPacket);
    // (5) RADIUS Success
    Ethernet successRadiusPacket = fetchPacket(2);
    assertThat(successRadiusPacket, notNullValue());
    EAPOL successEapol = (EAPOL) successRadiusPacket.getPayload();
    EAP successEap = (EAP) successEapol.getPayload();
    assertThat(successEap.getCode(), is(EAP.SUCCESS));
    // State machine should be in authorized state
    assertThat(stateMachine, notNullValue());
    assertThat(stateMachine.state(), is(StateMachine.STATE_AUTHORIZED));
}
Also used : EAP(org.onlab.packet.EAP) Ethernet(org.onlab.packet.Ethernet) EAPOL(org.onlab.packet.EAPOL) Test(org.junit.Test)

Example 8 with Ethernet

use of org.onlab.packet.Ethernet in project aaa by opencord.

the class AaaManagerTest method testRemoveAuthentication.

@Test
public void testRemoveAuthentication() {
    Ethernet startPacket = constructSupplicantStartPacket();
    sendPacket(startPacket);
    assertAfter(ASSERTION_DELAY, ASSERTION_LENGTH, () -> {
        StateMachine stateMachine = aaaManager.getStateMachine(SESSION_ID);
        assertThat(stateMachine, notNullValue());
        assertThat(stateMachine.state(), is(StateMachine.STATE_STARTED));
        aaaManager.removeAuthenticationStateByMac(stateMachine.supplicantAddress());
        assertThat(aaaManager.getStateMachine(SESSION_ID), nullValue());
    });
}
Also used : Ethernet(org.onlab.packet.Ethernet) Test(org.junit.Test)

Example 9 with Ethernet

use of org.onlab.packet.Ethernet in project aaa by opencord.

the class AaaStatisticsTest method testAaaStatisticsForAcceptedPackets.

/**
 * Tests the authentication path through the AAA application.
 * And counts the aaa Stats for successful transmission.
 *
 * @throws DeserializationException if packed deserialization fails.
 */
@Test
public void testAaaStatisticsForAcceptedPackets() throws Exception {
    // (1) Supplicant start up
    Ethernet startPacket = constructSupplicantStartPacket();
    sendPacket(startPacket);
    assertAfter(ASSERTION_DELAY, ASSERTION_LENGTH, () -> {
        Ethernet responsePacket = (Ethernet) fetchPacket(0);
        checkRadiusPacket(aaaManager, responsePacket, EAP.ATTR_IDENTITY);
        // (2) Supplicant identify
        Ethernet identifyPacket = null;
        try {
            identifyPacket = constructSupplicantIdentifyPacket(null, EAP.ATTR_IDENTITY, (byte) 1, null);
            sendPacket(identifyPacket);
        } catch (Exception e) {
            log.error(e.getMessage());
            fail();
        }
    });
    assertAfter(ASSERTION_DELAY, ASSERTION_LENGTH, () -> {
        try {
            RADIUS radiusIdentifyPacket = (RADIUS) fetchPacket(1);
            checkRadiusPacketFromSupplicant(radiusIdentifyPacket);
            assertThat(radiusIdentifyPacket.getCode(), is(RADIUS.RADIUS_CODE_ACCESS_REQUEST));
            assertThat(new String(radiusIdentifyPacket.getAttribute(RADIUSAttribute.RADIUS_ATTR_USERNAME).getValue()), is("testuser"));
            IpAddress nasIp = IpAddress.valueOf(IpAddress.Version.INET, radiusIdentifyPacket.getAttribute(RADIUSAttribute.RADIUS_ATTR_NAS_IP).getValue());
            assertThat(nasIp.toString(), is(aaaManager.nasIpAddress.getHostAddress()));
            // State machine should have been created by now
            StateMachine stateMachine = aaaManager.getStateMachine(SESSION_ID);
            assertThat(stateMachine, notNullValue());
            assertThat(stateMachine.state(), is(StateMachine.STATE_PENDING));
            // (3) RADIUS MD5 challenge
            RADIUS radiusCodeAccessChallengePacket = constructRadiusCodeAccessChallengePacket(RADIUS.RADIUS_CODE_ACCESS_CHALLENGE, EAP.ATTR_MD5, radiusIdentifyPacket.getIdentifier(), aaaManager.radiusSecret.getBytes());
            aaaManager.handleRadiusPacket(radiusCodeAccessChallengePacket);
        } catch (Exception e) {
            log.error(e.getMessage());
            fail();
        }
    });
    assertAfter(ASSERTION_DELAY, ASSERTION_LENGTH, () -> {
        StateMachine stateMachine = aaaManager.getStateMachine(SESSION_ID);
        Ethernet radiusChallengeMD5Packet = (Ethernet) fetchPacket(2);
        checkRadiusPacket(aaaManager, radiusChallengeMD5Packet, EAP.ATTR_MD5);
        // (4) Supplicant MD5 response
        Ethernet md5RadiusPacket = null;
        try {
            md5RadiusPacket = constructSupplicantIdentifyPacket(stateMachine, EAP.ATTR_MD5, stateMachine.challengeIdentifier(), radiusChallengeMD5Packet);
        } catch (Exception e) {
            log.error(e.getMessage());
            fail();
        }
        sendPacket(md5RadiusPacket);
    });
    assertAfter(ASSERTION_DELAY, ASSERTION_LENGTH, () -> {
        StateMachine stateMachine = aaaManager.getStateMachine(SESSION_ID);
        RADIUS responseMd5RadiusPacket = (RADIUS) fetchPacket(3);
        try {
            checkRadiusPacketFromSupplicant(responseMd5RadiusPacket);
        } catch (DeserializationException e) {
            log.error(e.getMessage());
            fail();
        }
        // assertThat(responseMd5RadiusPacket.getIdentifier(), is((byte) 9));
        assertThat(responseMd5RadiusPacket.getCode(), is(RADIUS.RADIUS_CODE_ACCESS_REQUEST));
        // State machine should be in pending state
        assertThat(stateMachine, notNullValue());
        assertThat(stateMachine.state(), is(StateMachine.STATE_PENDING));
        // (5) RADIUS Success
        RADIUS successPacket = constructRadiusCodeAccessChallengePacket(RADIUS.RADIUS_CODE_ACCESS_ACCEPT, EAP.SUCCESS, responseMd5RadiusPacket.getIdentifier(), aaaManager.radiusSecret.getBytes());
        aaaManager.handleRadiusPacket((successPacket));
    });
    assertAfter(ASSERTION_DELAY, ASSERTION_LENGTH, () -> {
        StateMachine stateMachine = aaaManager.getStateMachine(SESSION_ID);
        Ethernet supplicantSuccessPacket = (Ethernet) fetchPacket(4);
        checkRadiusPacket(aaaManager, supplicantSuccessPacket, EAP.SUCCESS);
        // State machine should be in authorized state
        assertThat(stateMachine, notNullValue());
        assertThat(stateMachine.state(), is(StateMachine.STATE_AUTHORIZED));
        // Check for increase of Stats
        assertNotEquals(aaaStatisticsManager.getAaaStats().getEapolResIdentityMsgTrans(), ZERO);
        assertNotEquals(aaaStatisticsManager.getAaaStats().getEapolAuthSuccessTx(), ZERO);
        assertNotEquals(aaaStatisticsManager.getAaaStats().getEapolStartReqRx(), ZERO);
        assertNotEquals(aaaStatisticsManager.getAaaStats().getEapolTransRespNotNak(), ZERO);
        assertNotEquals(aaaStatisticsManager.getAaaStats().getEapolChallengeReqTx(), ZERO);
        assertNotEquals(aaaStatisticsManager.getAaaStats().getEapolValidFramesRx(), ZERO);
        assertNotEquals(aaaStatisticsManager.getAaaStats().getEapolFramesTx(), ZERO);
        assertNotEquals(aaaStatisticsManager.getAaaStats().getEapolReqFramesTx(), ZERO);
        assertNotEquals(aaaStatisticsManager.getAaaStats().getEapolIdRequestFramesTx(), ZERO);
        assertEquals(aaaStatisticsManager.getAaaStats().getInvalidBodyLength(), ZERO);
        assertEquals(aaaStatisticsManager.getAaaStats().getInvalidPktType(), ZERO);
        assertEquals(aaaStatisticsManager.getAaaStats().getEapolPendingReq(), ZERO);
        // Counts the aaa Statistics count and displays in the log
        countAaaStatistics();
    });
}
Also used : RADIUS(org.onlab.packet.RADIUS) Ethernet(org.onlab.packet.Ethernet) IpAddress(org.onlab.packet.IpAddress) DeserializationException(org.onlab.packet.DeserializationException) UnknownHostException(java.net.UnknownHostException) DeserializationException(org.onlab.packet.DeserializationException) Test(org.junit.Test)

Example 10 with Ethernet

use of org.onlab.packet.Ethernet in project aaa by opencord.

the class AaaStatisticsTest method testAaaStatisticsForTimeoutPackets.

/**
 * Tests the authentication path through the AAA application.
 *  And counts the aaa Stats for timeout.
 *   @throws DeserializationException
 *  if packed deserialization fails.
 */
@Test
public void testAaaStatisticsForTimeoutPackets() throws Exception {
    // (1) Supplicant start up
    Ethernet startPacket = constructSupplicantStartPacket();
    sendPacket(startPacket);
    assertAfter(ASSERTION_DELAY, ASSERTION_LENGTH, () -> {
        Ethernet responsePacket = (Ethernet) fetchPacket(0);
        checkRadiusPacket(aaaManager, responsePacket, EAP.ATTR_IDENTITY);
        // (2) Supplicant identify
        Ethernet identifyPacket = null;
        try {
            identifyPacket = constructSupplicantIdentifyPacket(null, EAP.ATTR_IDENTITY, (byte) 1, null);
        } catch (Exception e) {
            log.error(e.getMessage());
            fail();
        }
        sendPacket(identifyPacket);
    });
    assertAfter(ASSERTION_DELAY, ASSERTION_LENGTH, () -> {
        RADIUS radiusIdentifyPacket = (RADIUS) fetchPacket(1);
        try {
            checkRadiusPacketFromSupplicant(radiusIdentifyPacket);
            assertThat(radiusIdentifyPacket.getCode(), is(RADIUS.RADIUS_CODE_ACCESS_REQUEST));
            assertThat(new String(radiusIdentifyPacket.getAttribute(RADIUSAttribute.RADIUS_ATTR_USERNAME).getValue()), is("testuser"));
            IpAddress nasIp = IpAddress.valueOf(IpAddress.Version.INET, radiusIdentifyPacket.getAttribute(RADIUSAttribute.RADIUS_ATTR_NAS_IP).getValue());
            assertThat(nasIp.toString(), is(aaaManager.nasIpAddress.getHostAddress()));
            // State machine should have been created by now
            StateMachine stateMachine = aaaManager.getStateMachine(SESSION_ID);
            assertThat(stateMachine, notNullValue());
            assertThat(stateMachine.state(), is(StateMachine.STATE_PENDING));
            Thread.sleep((aaaManager.cleanupTimerTimeOutInMins / 2) + 1);
            // State machine should be in timeout state
            assertThat(stateMachine, notNullValue());
            assertThat(stateMachine.state(), is(StateMachine.STATE_PENDING));
            // Check for increase in stats
            assertNotEquals(aaaStatisticsManager.getAaaStats().getEapolResIdentityMsgTrans(), ZERO);
            assertNotEquals(aaaStatisticsManager.getAaaStats().getEapolStartReqRx(), ZERO);
            countAaaStatistics();
        } catch (Exception e) {
            log.error(e.getMessage());
            fail();
        }
    });
}
Also used : RADIUS(org.onlab.packet.RADIUS) Ethernet(org.onlab.packet.Ethernet) IpAddress(org.onlab.packet.IpAddress) DeserializationException(org.onlab.packet.DeserializationException) UnknownHostException(java.net.UnknownHostException) Test(org.junit.Test)

Aggregations

Ethernet (org.onlab.packet.Ethernet)187 Test (org.junit.Test)91 ConnectPoint (org.onosproject.net.ConnectPoint)46 IPv4 (org.onlab.packet.IPv4)42 IPv6 (org.onlab.packet.IPv6)41 UDP (org.onlab.packet.UDP)38 TrafficTreatment (org.onosproject.net.flow.TrafficTreatment)33 MacAddress (org.onlab.packet.MacAddress)30 DefaultOutboundPacket (org.onosproject.net.packet.DefaultOutboundPacket)30 DefaultTrafficTreatment (org.onosproject.net.flow.DefaultTrafficTreatment)29 IpAddress (org.onlab.packet.IpAddress)28 OutboundPacket (org.onosproject.net.packet.OutboundPacket)26 DeviceId (org.onosproject.net.DeviceId)25 ByteBuffer (java.nio.ByteBuffer)24 DHCP (org.onlab.packet.DHCP)24 DHCP6 (org.onlab.packet.DHCP6)24 Interface (org.onosproject.net.intf.Interface)22 DeserializationException (org.onlab.packet.DeserializationException)20 ICMP6 (org.onlab.packet.ICMP6)20 InboundPacket (org.onosproject.net.packet.InboundPacket)20