use of org.onlab.packet.Ethernet in project aaa by opencord.
the class SocketBasedRadiusCommunicator method handlePacketFromServer.
// in the socket base case we don't care about packets coming from the server as nothing meaningful will be
// received from the southbound
@Override
public void handlePacketFromServer(PacketContext context) {
InboundPacket pkt = context.inPacket();
Ethernet ethPkt = pkt.parsed();
if (log.isTraceEnabled() && ethPkt.getEtherType() != Ethernet.TYPE_LLDP && ethPkt.getEtherType() != Ethernet.TYPE_BSN) {
log.trace("Skipping Ethernet packet type {}", EthType.EtherType.lookup(ethPkt.getEtherType()));
}
}
use of org.onlab.packet.Ethernet in project aaa by opencord.
the class AaaIntegrationTest method testAuthentication.
/**
* Tests the authentication path through the AAA application by sending
* packets to the RADIUS server and checking the state machine
* transitions.
*
* @throws Exception when an unhandled error occurs
*/
@Test
public void testAuthentication() throws Exception {
// (1) Supplicant start up
Ethernet startPacket = constructSupplicantStartPacket();
sendPacket(startPacket);
Ethernet responsePacket = fetchPacket(0);
assertThat(responsePacket, notNullValue());
checkRadiusPacket(aaa, responsePacket, EAP.REQUEST);
// (2) Supplicant identify
Ethernet identifyPacket = constructSupplicantIdentifyPacket(null, EAP.ATTR_IDENTITY, (byte) 1, null);
sendPacket(identifyPacket);
// State machine should have been created by now
StateMachine stateMachine = aaa.getStateMachine(SESSION_ID);
assertThat(stateMachine, notNullValue());
assertThat(stateMachine.state(), is(StateMachine.STATE_PENDING));
// (3) RADIUS MD5 challenge
Ethernet radiusChallengeMD5Packet = fetchPacket(1);
assertThat(radiusChallengeMD5Packet, notNullValue());
checkRadiusPacket(aaa, radiusChallengeMD5Packet, EAP.REQUEST);
// (4) Supplicant MD5 response
Ethernet md5RadiusPacket = constructSupplicantIdentifyPacket(stateMachine, EAP.ATTR_MD5, stateMachine.challengeIdentifier(), radiusChallengeMD5Packet);
sendPacket(md5RadiusPacket);
// (5) RADIUS Success
Ethernet successRadiusPacket = fetchPacket(2);
assertThat(successRadiusPacket, notNullValue());
EAPOL successEapol = (EAPOL) successRadiusPacket.getPayload();
EAP successEap = (EAP) successEapol.getPayload();
assertThat(successEap.getCode(), is(EAP.SUCCESS));
// State machine should be in authorized state
assertThat(stateMachine, notNullValue());
assertThat(stateMachine.state(), is(StateMachine.STATE_AUTHORIZED));
}
use of org.onlab.packet.Ethernet in project aaa by opencord.
the class AaaManagerTest method testRemoveAuthentication.
@Test
public void testRemoveAuthentication() {
Ethernet startPacket = constructSupplicantStartPacket();
sendPacket(startPacket);
assertAfter(ASSERTION_DELAY, ASSERTION_LENGTH, () -> {
StateMachine stateMachine = aaaManager.getStateMachine(SESSION_ID);
assertThat(stateMachine, notNullValue());
assertThat(stateMachine.state(), is(StateMachine.STATE_STARTED));
aaaManager.removeAuthenticationStateByMac(stateMachine.supplicantAddress());
assertThat(aaaManager.getStateMachine(SESSION_ID), nullValue());
});
}
use of org.onlab.packet.Ethernet in project aaa by opencord.
the class AaaStatisticsTest method testAaaStatisticsForAcceptedPackets.
/**
* Tests the authentication path through the AAA application.
* And counts the aaa Stats for successful transmission.
*
* @throws DeserializationException if packed deserialization fails.
*/
@Test
public void testAaaStatisticsForAcceptedPackets() throws Exception {
// (1) Supplicant start up
Ethernet startPacket = constructSupplicantStartPacket();
sendPacket(startPacket);
assertAfter(ASSERTION_DELAY, ASSERTION_LENGTH, () -> {
Ethernet responsePacket = (Ethernet) fetchPacket(0);
checkRadiusPacket(aaaManager, responsePacket, EAP.ATTR_IDENTITY);
// (2) Supplicant identify
Ethernet identifyPacket = null;
try {
identifyPacket = constructSupplicantIdentifyPacket(null, EAP.ATTR_IDENTITY, (byte) 1, null);
sendPacket(identifyPacket);
} catch (Exception e) {
log.error(e.getMessage());
fail();
}
});
assertAfter(ASSERTION_DELAY, ASSERTION_LENGTH, () -> {
try {
RADIUS radiusIdentifyPacket = (RADIUS) fetchPacket(1);
checkRadiusPacketFromSupplicant(radiusIdentifyPacket);
assertThat(radiusIdentifyPacket.getCode(), is(RADIUS.RADIUS_CODE_ACCESS_REQUEST));
assertThat(new String(radiusIdentifyPacket.getAttribute(RADIUSAttribute.RADIUS_ATTR_USERNAME).getValue()), is("testuser"));
IpAddress nasIp = IpAddress.valueOf(IpAddress.Version.INET, radiusIdentifyPacket.getAttribute(RADIUSAttribute.RADIUS_ATTR_NAS_IP).getValue());
assertThat(nasIp.toString(), is(aaaManager.nasIpAddress.getHostAddress()));
// State machine should have been created by now
StateMachine stateMachine = aaaManager.getStateMachine(SESSION_ID);
assertThat(stateMachine, notNullValue());
assertThat(stateMachine.state(), is(StateMachine.STATE_PENDING));
// (3) RADIUS MD5 challenge
RADIUS radiusCodeAccessChallengePacket = constructRadiusCodeAccessChallengePacket(RADIUS.RADIUS_CODE_ACCESS_CHALLENGE, EAP.ATTR_MD5, radiusIdentifyPacket.getIdentifier(), aaaManager.radiusSecret.getBytes());
aaaManager.handleRadiusPacket(radiusCodeAccessChallengePacket);
} catch (Exception e) {
log.error(e.getMessage());
fail();
}
});
assertAfter(ASSERTION_DELAY, ASSERTION_LENGTH, () -> {
StateMachine stateMachine = aaaManager.getStateMachine(SESSION_ID);
Ethernet radiusChallengeMD5Packet = (Ethernet) fetchPacket(2);
checkRadiusPacket(aaaManager, radiusChallengeMD5Packet, EAP.ATTR_MD5);
// (4) Supplicant MD5 response
Ethernet md5RadiusPacket = null;
try {
md5RadiusPacket = constructSupplicantIdentifyPacket(stateMachine, EAP.ATTR_MD5, stateMachine.challengeIdentifier(), radiusChallengeMD5Packet);
} catch (Exception e) {
log.error(e.getMessage());
fail();
}
sendPacket(md5RadiusPacket);
});
assertAfter(ASSERTION_DELAY, ASSERTION_LENGTH, () -> {
StateMachine stateMachine = aaaManager.getStateMachine(SESSION_ID);
RADIUS responseMd5RadiusPacket = (RADIUS) fetchPacket(3);
try {
checkRadiusPacketFromSupplicant(responseMd5RadiusPacket);
} catch (DeserializationException e) {
log.error(e.getMessage());
fail();
}
// assertThat(responseMd5RadiusPacket.getIdentifier(), is((byte) 9));
assertThat(responseMd5RadiusPacket.getCode(), is(RADIUS.RADIUS_CODE_ACCESS_REQUEST));
// State machine should be in pending state
assertThat(stateMachine, notNullValue());
assertThat(stateMachine.state(), is(StateMachine.STATE_PENDING));
// (5) RADIUS Success
RADIUS successPacket = constructRadiusCodeAccessChallengePacket(RADIUS.RADIUS_CODE_ACCESS_ACCEPT, EAP.SUCCESS, responseMd5RadiusPacket.getIdentifier(), aaaManager.radiusSecret.getBytes());
aaaManager.handleRadiusPacket((successPacket));
});
assertAfter(ASSERTION_DELAY, ASSERTION_LENGTH, () -> {
StateMachine stateMachine = aaaManager.getStateMachine(SESSION_ID);
Ethernet supplicantSuccessPacket = (Ethernet) fetchPacket(4);
checkRadiusPacket(aaaManager, supplicantSuccessPacket, EAP.SUCCESS);
// State machine should be in authorized state
assertThat(stateMachine, notNullValue());
assertThat(stateMachine.state(), is(StateMachine.STATE_AUTHORIZED));
// Check for increase of Stats
assertNotEquals(aaaStatisticsManager.getAaaStats().getEapolResIdentityMsgTrans(), ZERO);
assertNotEquals(aaaStatisticsManager.getAaaStats().getEapolAuthSuccessTx(), ZERO);
assertNotEquals(aaaStatisticsManager.getAaaStats().getEapolStartReqRx(), ZERO);
assertNotEquals(aaaStatisticsManager.getAaaStats().getEapolTransRespNotNak(), ZERO);
assertNotEquals(aaaStatisticsManager.getAaaStats().getEapolChallengeReqTx(), ZERO);
assertNotEquals(aaaStatisticsManager.getAaaStats().getEapolValidFramesRx(), ZERO);
assertNotEquals(aaaStatisticsManager.getAaaStats().getEapolFramesTx(), ZERO);
assertNotEquals(aaaStatisticsManager.getAaaStats().getEapolReqFramesTx(), ZERO);
assertNotEquals(aaaStatisticsManager.getAaaStats().getEapolIdRequestFramesTx(), ZERO);
assertEquals(aaaStatisticsManager.getAaaStats().getInvalidBodyLength(), ZERO);
assertEquals(aaaStatisticsManager.getAaaStats().getInvalidPktType(), ZERO);
assertEquals(aaaStatisticsManager.getAaaStats().getEapolPendingReq(), ZERO);
// Counts the aaa Statistics count and displays in the log
countAaaStatistics();
});
}
use of org.onlab.packet.Ethernet in project aaa by opencord.
the class AaaStatisticsTest method testAaaStatisticsForTimeoutPackets.
/**
* Tests the authentication path through the AAA application.
* And counts the aaa Stats for timeout.
* @throws DeserializationException
* if packed deserialization fails.
*/
@Test
public void testAaaStatisticsForTimeoutPackets() throws Exception {
// (1) Supplicant start up
Ethernet startPacket = constructSupplicantStartPacket();
sendPacket(startPacket);
assertAfter(ASSERTION_DELAY, ASSERTION_LENGTH, () -> {
Ethernet responsePacket = (Ethernet) fetchPacket(0);
checkRadiusPacket(aaaManager, responsePacket, EAP.ATTR_IDENTITY);
// (2) Supplicant identify
Ethernet identifyPacket = null;
try {
identifyPacket = constructSupplicantIdentifyPacket(null, EAP.ATTR_IDENTITY, (byte) 1, null);
} catch (Exception e) {
log.error(e.getMessage());
fail();
}
sendPacket(identifyPacket);
});
assertAfter(ASSERTION_DELAY, ASSERTION_LENGTH, () -> {
RADIUS radiusIdentifyPacket = (RADIUS) fetchPacket(1);
try {
checkRadiusPacketFromSupplicant(radiusIdentifyPacket);
assertThat(radiusIdentifyPacket.getCode(), is(RADIUS.RADIUS_CODE_ACCESS_REQUEST));
assertThat(new String(radiusIdentifyPacket.getAttribute(RADIUSAttribute.RADIUS_ATTR_USERNAME).getValue()), is("testuser"));
IpAddress nasIp = IpAddress.valueOf(IpAddress.Version.INET, radiusIdentifyPacket.getAttribute(RADIUSAttribute.RADIUS_ATTR_NAS_IP).getValue());
assertThat(nasIp.toString(), is(aaaManager.nasIpAddress.getHostAddress()));
// State machine should have been created by now
StateMachine stateMachine = aaaManager.getStateMachine(SESSION_ID);
assertThat(stateMachine, notNullValue());
assertThat(stateMachine.state(), is(StateMachine.STATE_PENDING));
Thread.sleep((aaaManager.cleanupTimerTimeOutInMins / 2) + 1);
// State machine should be in timeout state
assertThat(stateMachine, notNullValue());
assertThat(stateMachine.state(), is(StateMachine.STATE_PENDING));
// Check for increase in stats
assertNotEquals(aaaStatisticsManager.getAaaStats().getEapolResIdentityMsgTrans(), ZERO);
assertNotEquals(aaaStatisticsManager.getAaaStats().getEapolStartReqRx(), ZERO);
countAaaStatistics();
} catch (Exception e) {
log.error(e.getMessage());
fail();
}
});
}
Aggregations