Search in sources :

Example 1 with AaaMachineStatisticsEvent

use of org.opencord.aaa.AaaMachineStatisticsEvent in project aaa by opencord.

the class AaaManager method handleStateMachineTimeout.

private void handleStateMachineTimeout(ConnectPoint supplicantConnectPoint) {
    StateMachine stateMachine = stateMachines.remove(supplicantConnectPoint.toString());
    // pushing captured machine stats to kafka
    stateMachine.setSessionTerminateReason("Time out");
    AaaSupplicantMachineStats obj = aaaSupplicantStatsManager.getSupplicantStats(stateMachine);
    aaaSupplicantStatsManager.getMachineStatsDelegate().notify(new AaaMachineStatisticsEvent(AaaMachineStatisticsEvent.Type.STATS_UPDATE, obj));
    if (stateMachine.state() == StateMachine.STATE_PENDING && stateMachine.isWaitingForRadiusResponse()) {
        aaaStatisticsManager.getAaaStats().increaseTimedOutPackets();
    }
    StateMachine.deleteStateMachineMapping(stateMachine);
}
Also used : AaaSupplicantMachineStats(org.opencord.aaa.AaaSupplicantMachineStats) AaaMachineStatisticsEvent(org.opencord.aaa.AaaMachineStatisticsEvent)

Example 2 with AaaMachineStatisticsEvent

use of org.opencord.aaa.AaaMachineStatisticsEvent in project aaa by opencord.

the class AaaManager method handleRadiusPacket.

/**
 * Handles RADIUS packets.
 *
 * @param radiusPacket RADIUS packet coming from the RADIUS server.
 */
public void handleRadiusPacket(RADIUS radiusPacket) {
    if (log.isTraceEnabled()) {
        log.trace("Received RADIUS packet {} with identifier {}", radiusPacket, radiusPacket.getIdentifier() & 0xff);
    }
    if (radiusOperationalStatusService.isRadiusResponseForOperationalStatus(radiusPacket.getIdentifier())) {
        if (log.isTraceEnabled()) {
            log.trace("Handling operational status RADIUS packet {} with identifier {}", radiusPacket, radiusPacket.getIdentifier() & 0xff);
        }
        radiusOperationalStatusService.handleRadiusPacketForOperationalStatus(radiusPacket);
        return;
    }
    if (log.isTraceEnabled()) {
        log.trace("Handling actual RADIUS packet for supplicant {} with identifier {}", radiusPacket, radiusPacket.getIdentifier() & 0xff);
    }
    RequestIdentifier identifier = RequestIdentifier.of(radiusPacket.getIdentifier());
    String sessionId = idManager.getSessionId(identifier);
    if (sessionId == null) {
        log.error("Invalid packet identifier {}, could not find corresponding " + "state machine ... exiting", radiusPacket.getIdentifier());
        aaaStatisticsManager.getAaaStats().incrementNumberOfSessionsExpired();
        aaaStatisticsManager.getAaaStats().countDroppedResponsesRx();
        return;
    }
    idManager.releaseIdentifier(identifier);
    StateMachine stateMachine = stateMachines.get(sessionId);
    if (stateMachine == null) {
        log.error("Invalid packet identifier {}, could not find corresponding " + "state machine ... exiting", radiusPacket.getIdentifier());
        aaaStatisticsManager.getAaaStats().incrementNumberOfSessionsExpired();
        aaaStatisticsManager.getAaaStats().countDroppedResponsesRx();
        return;
    }
    // instance of StateMachine using the sessionId for updating machine stats
    StateMachine machineStats = stateMachines.get(stateMachine.sessionId());
    EAP eapPayload;
    Ethernet eth;
    checkReceivedPacketForValidValidator(radiusPacket, stateMachine.requestAuthenticator());
    // increasing packets and octets received from server
    machineStats.incrementTotalPacketsReceived();
    try {
        machineStats.incrementTotalOctetReceived(radiusPacket.decapsulateMessage().getLength());
    } catch (DeserializationException e) {
        log.error(e.getMessage());
        return;
    }
    if (outPacketSet.contains(radiusPacket.getIdentifier())) {
        aaaStatisticsManager.getAaaStats().increaseOrDecreasePendingRequests(false);
        outPacketSet.remove(new Byte(radiusPacket.getIdentifier()));
    }
    MacAddress dstMac = stateMachine.supplicantAddress();
    ConnectPoint supplicantCp = stateMachine.supplicantConnectpoint();
    switch(radiusPacket.getCode()) {
        case RADIUS.RADIUS_CODE_ACCESS_CHALLENGE:
            log.debug("RADIUS packet: RADIUS_CODE_ACCESS_CHALLENGE for dev/port: {}/{} " + "with MacAddress {} and Identifier {}", supplicantCp.deviceId(), supplicantCp.port(), dstMac, radiusPacket.getIdentifier() & 0xff);
            RADIUSAttribute radiusAttrState = radiusPacket.getAttribute(RADIUSAttribute.RADIUS_ATTR_STATE);
            byte[] challengeState = null;
            if (radiusAttrState != null) {
                challengeState = radiusAttrState.getValue();
            }
            try {
                eapPayload = radiusPacket.decapsulateMessage();
                eth = buildEapolResponse(stateMachine.supplicantAddress(), MacAddress.valueOf(nasMacAddress), stateMachine.vlanId(), EAPOL.EAPOL_PACKET, eapPayload, stateMachine.priorityCode());
                stateMachine.setChallengeInfo(eapPayload.getIdentifier(), challengeState);
            } catch (DeserializationException e) {
                log.error(e.getMessage());
                break;
            }
            log.debug("Send EAP challenge response to supplicant on dev/port: {}/{}" + " with MacAddress {} and Identifier {}", supplicantCp.deviceId(), supplicantCp.port(), dstMac, radiusPacket.getIdentifier() & 0xff);
            sendPacketToSupplicant(eth, stateMachine.supplicantConnectpoint(), true);
            aaaStatisticsManager.getAaaStats().increaseChallengeResponsesRx();
            outPacketSupp.add(eapPayload.getIdentifier());
            aaaStatisticsManager.getAaaStats().incrementPendingReqSupp();
            // increasing packets send to server
            machineStats.incrementTotalPacketsSent();
            machineStats.incrementTotalOctetSent(eapPayload.getLength());
            break;
        case RADIUS.RADIUS_CODE_ACCESS_ACCEPT:
            log.debug("RADIUS packet: RADIUS_CODE_ACCESS_ACCEPT for dev/port: {}/{}" + " with MacAddress {} and Identifier {}", supplicantCp.deviceId(), supplicantCp.port(), dstMac, radiusPacket.getIdentifier() & 0xff);
            // send an EAPOL - Success to the supplicant.
            byte[] eapMessageSuccess = radiusPacket.getAttribute(RADIUSAttribute.RADIUS_ATTR_EAP_MESSAGE).getValue();
            try {
                eapPayload = EAP.deserializer().deserialize(eapMessageSuccess, 0, eapMessageSuccess.length);
            } catch (DeserializationException e) {
                log.error(e.getMessage());
                break;
            }
            eth = buildEapolResponse(stateMachine.supplicantAddress(), MacAddress.valueOf(nasMacAddress), stateMachine.vlanId(), EAPOL.EAPOL_PACKET, eapPayload, stateMachine.priorityCode());
            log.info("Send EAP success message to supplicant on dev/port: {}/{}" + " with MacAddress {} and Identifier {}", supplicantCp.deviceId(), supplicantCp.port(), dstMac, radiusPacket.getIdentifier() & 0xff);
            sendPacketToSupplicant(eth, stateMachine.supplicantConnectpoint(), false);
            aaaStatisticsManager.getAaaStats().incrementEapolAuthSuccessTrans();
            stateMachine.authorizeAccess();
            aaaStatisticsManager.getAaaStats().increaseAcceptResponsesRx();
            // increasing packets send to server
            machineStats.incrementTotalPacketsSent();
            machineStats.incrementTotalOctetSent(eapPayload.getLength());
            break;
        case RADIUS.RADIUS_CODE_ACCESS_REJECT:
            log.debug("RADIUS packet: RADIUS_CODE_ACCESS_REJECT for dev/port: {}/{}" + " with MacAddress {} and Identifier {}", supplicantCp.deviceId(), supplicantCp.port(), dstMac, radiusPacket.getIdentifier() & 0xff);
            // send an EAPOL - Failure to the supplicant.
            byte[] eapMessageFailure;
            eapPayload = new EAP();
            RADIUSAttribute radiusAttrEap = radiusPacket.getAttribute(RADIUSAttribute.RADIUS_ATTR_EAP_MESSAGE);
            if (radiusAttrEap == null) {
                eapPayload.setCode(EAP.FAILURE);
                eapPayload.setIdentifier(stateMachine.challengeIdentifier());
                eapPayload.setLength(EAP.EAP_HDR_LEN_SUC_FAIL);
            } else {
                eapMessageFailure = radiusAttrEap.getValue();
                try {
                    eapPayload = EAP.deserializer().deserialize(eapMessageFailure, 0, eapMessageFailure.length);
                } catch (DeserializationException e) {
                    log.error(e.getMessage());
                    break;
                }
            }
            eth = buildEapolResponse(stateMachine.supplicantAddress(), MacAddress.valueOf(nasMacAddress), stateMachine.vlanId(), EAPOL.EAPOL_PACKET, eapPayload, stateMachine.priorityCode());
            log.warn("Send EAP failure message to supplicant on dev/port: {}/{}" + " with MacAddress {} and Identifier {}", supplicantCp.deviceId(), supplicantCp.port(), dstMac, stateMachine.challengeIdentifier() & 0xff);
            sendPacketToSupplicant(eth, stateMachine.supplicantConnectpoint(), false);
            aaaStatisticsManager.getAaaStats().incrementEapolauthFailureTrans();
            stateMachine.denyAccess();
            aaaStatisticsManager.getAaaStats().increaseRejectResponsesRx();
            // increasing packets send to server
            machineStats.incrementTotalPacketsSent();
            machineStats.incrementTotalOctetSent(eapPayload.getLength());
            // pushing machine stats to kafka
            AaaSupplicantMachineStats machineObj = aaaSupplicantStatsManager.getSupplicantStats(machineStats);
            aaaSupplicantStatsManager.getMachineStatsDelegate().notify(new AaaMachineStatisticsEvent(AaaMachineStatisticsEvent.Type.STATS_UPDATE, machineObj));
            break;
        default:
            log.warn("Unknown RADIUS message received with code: {} for dev/port: {}/{}" + " with MacAddress {} and Identifier {}", radiusPacket.getCode(), supplicantCp.deviceId(), supplicantCp.port(), dstMac, radiusPacket.getIdentifier() & 0xff);
            aaaStatisticsManager.getAaaStats().increaseUnknownTypeRx();
            // increasing packets received to server
            machineStats.incrementTotalPacketsReceived();
            try {
                machineStats.incrementTotalOctetReceived(radiusPacket.decapsulateMessage().getLength());
            } catch (DeserializationException e) {
                log.error(e.getMessage());
                break;
            }
    }
    aaaStatisticsManager.getAaaStats().countDroppedResponsesRx();
}
Also used : AaaMachineStatisticsEvent(org.opencord.aaa.AaaMachineStatisticsEvent) MacAddress(org.onlab.packet.MacAddress) RADIUSAttribute(org.onlab.packet.RADIUSAttribute) ConnectPoint(org.onosproject.net.ConnectPoint) DeserializationException(org.onlab.packet.DeserializationException) EAP(org.onlab.packet.EAP) Ethernet(org.onlab.packet.Ethernet) AaaSupplicantMachineStats(org.opencord.aaa.AaaSupplicantMachineStats)

Aggregations

AaaMachineStatisticsEvent (org.opencord.aaa.AaaMachineStatisticsEvent)2 AaaSupplicantMachineStats (org.opencord.aaa.AaaSupplicantMachineStats)2 DeserializationException (org.onlab.packet.DeserializationException)1 EAP (org.onlab.packet.EAP)1 Ethernet (org.onlab.packet.Ethernet)1 MacAddress (org.onlab.packet.MacAddress)1 RADIUSAttribute (org.onlab.packet.RADIUSAttribute)1 ConnectPoint (org.onosproject.net.ConnectPoint)1