use of org.opencord.aaa.AaaMachineStatisticsEvent in project aaa by opencord.
the class AaaManager method handleStateMachineTimeout.
private void handleStateMachineTimeout(ConnectPoint supplicantConnectPoint) {
StateMachine stateMachine = stateMachines.remove(supplicantConnectPoint.toString());
// pushing captured machine stats to kafka
stateMachine.setSessionTerminateReason("Time out");
AaaSupplicantMachineStats obj = aaaSupplicantStatsManager.getSupplicantStats(stateMachine);
aaaSupplicantStatsManager.getMachineStatsDelegate().notify(new AaaMachineStatisticsEvent(AaaMachineStatisticsEvent.Type.STATS_UPDATE, obj));
if (stateMachine.state() == StateMachine.STATE_PENDING && stateMachine.isWaitingForRadiusResponse()) {
aaaStatisticsManager.getAaaStats().increaseTimedOutPackets();
}
StateMachine.deleteStateMachineMapping(stateMachine);
}
use of org.opencord.aaa.AaaMachineStatisticsEvent in project aaa by opencord.
the class AaaManager method handleRadiusPacket.
/**
* Handles RADIUS packets.
*
* @param radiusPacket RADIUS packet coming from the RADIUS server.
*/
public void handleRadiusPacket(RADIUS radiusPacket) {
if (log.isTraceEnabled()) {
log.trace("Received RADIUS packet {} with identifier {}", radiusPacket, radiusPacket.getIdentifier() & 0xff);
}
if (radiusOperationalStatusService.isRadiusResponseForOperationalStatus(radiusPacket.getIdentifier())) {
if (log.isTraceEnabled()) {
log.trace("Handling operational status RADIUS packet {} with identifier {}", radiusPacket, radiusPacket.getIdentifier() & 0xff);
}
radiusOperationalStatusService.handleRadiusPacketForOperationalStatus(radiusPacket);
return;
}
if (log.isTraceEnabled()) {
log.trace("Handling actual RADIUS packet for supplicant {} with identifier {}", radiusPacket, radiusPacket.getIdentifier() & 0xff);
}
RequestIdentifier identifier = RequestIdentifier.of(radiusPacket.getIdentifier());
String sessionId = idManager.getSessionId(identifier);
if (sessionId == null) {
log.error("Invalid packet identifier {}, could not find corresponding " + "state machine ... exiting", radiusPacket.getIdentifier());
aaaStatisticsManager.getAaaStats().incrementNumberOfSessionsExpired();
aaaStatisticsManager.getAaaStats().countDroppedResponsesRx();
return;
}
idManager.releaseIdentifier(identifier);
StateMachine stateMachine = stateMachines.get(sessionId);
if (stateMachine == null) {
log.error("Invalid packet identifier {}, could not find corresponding " + "state machine ... exiting", radiusPacket.getIdentifier());
aaaStatisticsManager.getAaaStats().incrementNumberOfSessionsExpired();
aaaStatisticsManager.getAaaStats().countDroppedResponsesRx();
return;
}
// instance of StateMachine using the sessionId for updating machine stats
StateMachine machineStats = stateMachines.get(stateMachine.sessionId());
EAP eapPayload;
Ethernet eth;
checkReceivedPacketForValidValidator(radiusPacket, stateMachine.requestAuthenticator());
// increasing packets and octets received from server
machineStats.incrementTotalPacketsReceived();
try {
machineStats.incrementTotalOctetReceived(radiusPacket.decapsulateMessage().getLength());
} catch (DeserializationException e) {
log.error(e.getMessage());
return;
}
if (outPacketSet.contains(radiusPacket.getIdentifier())) {
aaaStatisticsManager.getAaaStats().increaseOrDecreasePendingRequests(false);
outPacketSet.remove(new Byte(radiusPacket.getIdentifier()));
}
MacAddress dstMac = stateMachine.supplicantAddress();
ConnectPoint supplicantCp = stateMachine.supplicantConnectpoint();
switch(radiusPacket.getCode()) {
case RADIUS.RADIUS_CODE_ACCESS_CHALLENGE:
log.debug("RADIUS packet: RADIUS_CODE_ACCESS_CHALLENGE for dev/port: {}/{} " + "with MacAddress {} and Identifier {}", supplicantCp.deviceId(), supplicantCp.port(), dstMac, radiusPacket.getIdentifier() & 0xff);
RADIUSAttribute radiusAttrState = radiusPacket.getAttribute(RADIUSAttribute.RADIUS_ATTR_STATE);
byte[] challengeState = null;
if (radiusAttrState != null) {
challengeState = radiusAttrState.getValue();
}
try {
eapPayload = radiusPacket.decapsulateMessage();
eth = buildEapolResponse(stateMachine.supplicantAddress(), MacAddress.valueOf(nasMacAddress), stateMachine.vlanId(), EAPOL.EAPOL_PACKET, eapPayload, stateMachine.priorityCode());
stateMachine.setChallengeInfo(eapPayload.getIdentifier(), challengeState);
} catch (DeserializationException e) {
log.error(e.getMessage());
break;
}
log.debug("Send EAP challenge response to supplicant on dev/port: {}/{}" + " with MacAddress {} and Identifier {}", supplicantCp.deviceId(), supplicantCp.port(), dstMac, radiusPacket.getIdentifier() & 0xff);
sendPacketToSupplicant(eth, stateMachine.supplicantConnectpoint(), true);
aaaStatisticsManager.getAaaStats().increaseChallengeResponsesRx();
outPacketSupp.add(eapPayload.getIdentifier());
aaaStatisticsManager.getAaaStats().incrementPendingReqSupp();
// increasing packets send to server
machineStats.incrementTotalPacketsSent();
machineStats.incrementTotalOctetSent(eapPayload.getLength());
break;
case RADIUS.RADIUS_CODE_ACCESS_ACCEPT:
log.debug("RADIUS packet: RADIUS_CODE_ACCESS_ACCEPT for dev/port: {}/{}" + " with MacAddress {} and Identifier {}", supplicantCp.deviceId(), supplicantCp.port(), dstMac, radiusPacket.getIdentifier() & 0xff);
// send an EAPOL - Success to the supplicant.
byte[] eapMessageSuccess = radiusPacket.getAttribute(RADIUSAttribute.RADIUS_ATTR_EAP_MESSAGE).getValue();
try {
eapPayload = EAP.deserializer().deserialize(eapMessageSuccess, 0, eapMessageSuccess.length);
} catch (DeserializationException e) {
log.error(e.getMessage());
break;
}
eth = buildEapolResponse(stateMachine.supplicantAddress(), MacAddress.valueOf(nasMacAddress), stateMachine.vlanId(), EAPOL.EAPOL_PACKET, eapPayload, stateMachine.priorityCode());
log.info("Send EAP success message to supplicant on dev/port: {}/{}" + " with MacAddress {} and Identifier {}", supplicantCp.deviceId(), supplicantCp.port(), dstMac, radiusPacket.getIdentifier() & 0xff);
sendPacketToSupplicant(eth, stateMachine.supplicantConnectpoint(), false);
aaaStatisticsManager.getAaaStats().incrementEapolAuthSuccessTrans();
stateMachine.authorizeAccess();
aaaStatisticsManager.getAaaStats().increaseAcceptResponsesRx();
// increasing packets send to server
machineStats.incrementTotalPacketsSent();
machineStats.incrementTotalOctetSent(eapPayload.getLength());
break;
case RADIUS.RADIUS_CODE_ACCESS_REJECT:
log.debug("RADIUS packet: RADIUS_CODE_ACCESS_REJECT for dev/port: {}/{}" + " with MacAddress {} and Identifier {}", supplicantCp.deviceId(), supplicantCp.port(), dstMac, radiusPacket.getIdentifier() & 0xff);
// send an EAPOL - Failure to the supplicant.
byte[] eapMessageFailure;
eapPayload = new EAP();
RADIUSAttribute radiusAttrEap = radiusPacket.getAttribute(RADIUSAttribute.RADIUS_ATTR_EAP_MESSAGE);
if (radiusAttrEap == null) {
eapPayload.setCode(EAP.FAILURE);
eapPayload.setIdentifier(stateMachine.challengeIdentifier());
eapPayload.setLength(EAP.EAP_HDR_LEN_SUC_FAIL);
} else {
eapMessageFailure = radiusAttrEap.getValue();
try {
eapPayload = EAP.deserializer().deserialize(eapMessageFailure, 0, eapMessageFailure.length);
} catch (DeserializationException e) {
log.error(e.getMessage());
break;
}
}
eth = buildEapolResponse(stateMachine.supplicantAddress(), MacAddress.valueOf(nasMacAddress), stateMachine.vlanId(), EAPOL.EAPOL_PACKET, eapPayload, stateMachine.priorityCode());
log.warn("Send EAP failure message to supplicant on dev/port: {}/{}" + " with MacAddress {} and Identifier {}", supplicantCp.deviceId(), supplicantCp.port(), dstMac, stateMachine.challengeIdentifier() & 0xff);
sendPacketToSupplicant(eth, stateMachine.supplicantConnectpoint(), false);
aaaStatisticsManager.getAaaStats().incrementEapolauthFailureTrans();
stateMachine.denyAccess();
aaaStatisticsManager.getAaaStats().increaseRejectResponsesRx();
// increasing packets send to server
machineStats.incrementTotalPacketsSent();
machineStats.incrementTotalOctetSent(eapPayload.getLength());
// pushing machine stats to kafka
AaaSupplicantMachineStats machineObj = aaaSupplicantStatsManager.getSupplicantStats(machineStats);
aaaSupplicantStatsManager.getMachineStatsDelegate().notify(new AaaMachineStatisticsEvent(AaaMachineStatisticsEvent.Type.STATS_UPDATE, machineObj));
break;
default:
log.warn("Unknown RADIUS message received with code: {} for dev/port: {}/{}" + " with MacAddress {} and Identifier {}", radiusPacket.getCode(), supplicantCp.deviceId(), supplicantCp.port(), dstMac, radiusPacket.getIdentifier() & 0xff);
aaaStatisticsManager.getAaaStats().increaseUnknownTypeRx();
// increasing packets received to server
machineStats.incrementTotalPacketsReceived();
try {
machineStats.incrementTotalOctetReceived(radiusPacket.decapsulateMessage().getLength());
} catch (DeserializationException e) {
log.error(e.getMessage());
break;
}
}
aaaStatisticsManager.getAaaStats().countDroppedResponsesRx();
}
Aggregations