[SEBA-35] Adding Stats for 802.1x Authentication
Cherry-picked from aaa-1.10.
Change-Id: I1befdc6d33afa0ca61f95068f48280df4be0bfff
diff --git a/api/src/main/java/org/opencord/aaa/AaaStatistics.java b/api/src/main/java/org/opencord/aaa/AaaStatistics.java
index 921de5f..e1d1485 100644
--- a/api/src/main/java/org/opencord/aaa/AaaStatistics.java
+++ b/api/src/main/java/org/opencord/aaa/AaaStatistics.java
@@ -48,6 +48,66 @@
private AtomicLong requestReTx = new AtomicLong();
// Number of sessions expired
private AtomicLong numberOfSessionsExpired = new AtomicLong();
+ //Number of EAPOL logoff messages received resulting in disconnected state
+ private AtomicLong eapolLogoffRx = new AtomicLong();
+ //Number of authenticated transitions due to successful authentication
+ private AtomicLong eapolAuthSuccessTrans = new AtomicLong();
+ //Number of transitions to held due to authentication failure
+ private AtomicLong eapolAuthFailureTrans = new AtomicLong();
+ //Number of transitions to connecting due to start request
+ private AtomicLong eapolStartReqTrans = new AtomicLong();
+ //MD5 Response Challenge
+ private AtomicLong eapolMd5RspChall = new AtomicLong();
+ //Tls Response Challenge
+ private AtomicLong eapolTlsRespChall = new AtomicLong();
+ //Number of transitions to response (received response other that NAK)
+ private AtomicLong eapolTransRespNotNak = new AtomicLong();
+ //Number of EAP request packets sent due to the authenticator choosing the EAP method
+ private AtomicLong eapPktTxauthChooseEap = new AtomicLong();
+ //Attr Identity
+ private AtomicLong eapolAttrIdentity = new AtomicLong();
+ //Number of authenticating transitions due to EAP response or identity message
+ private AtomicLong eapolResIdentityMsgTrans = new AtomicLong();
+
+ public Long getEapolResIdentityMsgTrans() {
+ return eapolResIdentityMsgTrans.get();
+ }
+
+ public Long getEapolattrIdentity() {
+ return eapolAttrIdentity.get();
+ }
+
+ public Long getEapPktTxauthChooseEap() {
+ return eapPktTxauthChooseEap.get();
+ }
+
+ public Long getEapolTransRespNotNak() {
+ return eapolTransRespNotNak.get();
+ }
+
+ public Long getEapolMd5RspChall() {
+ return eapolMd5RspChall.get();
+ }
+
+ public Long getEapolTlsRespChall() {
+ return eapolTlsRespChall.get();
+ }
+
+ public Long getEapolLogoffRx() {
+ return eapolLogoffRx.get();
+ }
+
+ public Long getEapolAuthSuccessTrans() {
+ return eapolAuthSuccessTrans.get();
+ }
+
+ public Long getEapolAuthFailureTrans() {
+ return eapolAuthFailureTrans.get();
+ }
+
+ public Long getEapolStartReqTrans() {
+ return eapolStartReqTrans.get();
+ }
private LinkedList<Long> packetRoundTripTimeList = new LinkedList<Long>();
@@ -171,6 +231,34 @@
numberOfSessionsExpired.incrementAndGet();
}
+ public void incrementEapolLogoffRx() {
+ eapolLogoffRx.incrementAndGet();
+ }
+
+ public void incrementEapolAuthSuccessTrans() {
+ eapolAuthSuccessTrans.incrementAndGet();
+ }
+
+ public void incrementEapolauthFailureTrans() {
+ eapolAuthFailureTrans.incrementAndGet();
+ }
+
+ public void incrementEapolStartReqTrans() {
+ eapolStartReqTrans.incrementAndGet();
+ }
+
+ public void incrementEapolMd5RspChall() {
+ eapolMd5RspChall.incrementAndGet();
+ }
+
+ public void incrementEapolAtrrIdentity() {
+ eapolAttrIdentity.incrementAndGet();
+ }
+
+ public void incrementEapolTlsRespChall() {
+ eapolTlsRespChall.incrementAndGet();
+ }
+
public void countDroppedResponsesRx() {
long numberOfDroppedPackets = invalidValidatorsRx.get();
numberOfDroppedPackets += unknownTypeRx.get();
@@ -195,4 +283,20 @@
unknownServerRx.set(0);
unknownTypeRx.set(0);
}
+ public void countTransRespNotNak() {
+ long eapolTransactionNotNak = eapolMd5RspChall.get();
+ eapolTransactionNotNak += eapolTlsRespChall.get();
+ this.eapolTransRespNotNak = new AtomicLong(eapolTransactionNotNak);
+ }
+
+ public void countEapolResIdentityMsgTrans() {
+ long authTransaction = eapolMd5RspChall.get();
+ authTransaction += eapolTlsRespChall.get();
+ authTransaction += eapolAttrIdentity.get();
+ this.eapolResIdentityMsgTrans = new AtomicLong(authTransaction);
+ }
+
+ public void incrementEapPktTxauthEap() {
+ eapPktTxauthChooseEap.incrementAndGet();
+ }
}
diff --git a/app/src/main/java/org/opencord/aaa/impl/AaaManager.java b/app/src/main/java/org/opencord/aaa/impl/AaaManager.java
index 5804b78..da9ed6f 100755
--- a/app/src/main/java/org/opencord/aaa/impl/AaaManager.java
+++ b/app/src/main/java/org/opencord/aaa/impl/AaaManager.java
@@ -418,7 +418,7 @@
EAPOL.EAPOL_PACKET,
eapPayload, stateMachine.priorityCode());
log.debug("Send EAP challenge response to supplicant {}", stateMachine.supplicantAddress().toString());
- sendPacketToSupplicant(eth, stateMachine.supplicantConnectpoint());
+ sendPacketToSupplicant(eth, stateMachine.supplicantConnectpoint(), true);
aaaStatisticsManager.getAaaStats().increaseChallengeResponsesRx();
break;
case RADIUS.RADIUS_CODE_ACCESS_ACCEPT:
@@ -434,7 +434,8 @@
EAPOL.EAPOL_PACKET,
eapPayload, stateMachine.priorityCode());
log.info("Send EAP success message to supplicant {}", stateMachine.supplicantAddress().toString());
- sendPacketToSupplicant(eth, stateMachine.supplicantConnectpoint());
+ sendPacketToSupplicant(eth, stateMachine.supplicantConnectpoint(), false);
+ aaaStatisticsManager.getAaaStats().incrementEapolAuthSuccessTrans();
stateMachine.authorizeAccess();
aaaStatisticsManager.getAaaStats().increaseAcceptResponsesRx();
@@ -460,7 +461,9 @@
EAPOL.EAPOL_PACKET,
eapPayload, stateMachine.priorityCode());
log.warn("Send EAP failure message to supplicant {}", stateMachine.supplicantAddress().toString());
- sendPacketToSupplicant(eth, stateMachine.supplicantConnectpoint());
+ sendPacketToSupplicant(eth, stateMachine.supplicantConnectpoint(), false);
+ aaaStatisticsManager.getAaaStats().incrementEapolauthFailureTrans();
+
stateMachine.denyAccess();
aaaStatisticsManager.getAaaStats().increaseRejectResponsesRx();
break;
@@ -477,16 +480,20 @@
* @param ethernetPkt the ethernet packet
* @param connectPoint the connect point to send out
*/
- private void sendPacketToSupplicant(Ethernet ethernetPkt, ConnectPoint connectPoint) {
+ private void sendPacketToSupplicant(Ethernet ethernetPkt, ConnectPoint connectPoint, boolean isChallengeResponse) {
TrafficTreatment treatment = DefaultTrafficTreatment.builder().setOutput(connectPoint.port()).build();
OutboundPacket packet = new DefaultOutboundPacket(connectPoint.deviceId(),
treatment, ByteBuffer.wrap(ethernetPkt.serialize()));
+ EAPOL eap = ((EAPOL) ethernetPkt.getPayload());
+ EAP eapPkt = (EAP) eap.getPayload();
if (log.isTraceEnabled()) {
- EAPOL eap = ((EAPOL) ethernetPkt.getPayload());
log.trace("Sending eapol payload {} enclosed in {} to supplicant at {}",
eap, ethernetPkt, connectPoint);
}
packetService.emit(packet);
+ if (isChallengeResponse) {
+ aaaStatisticsManager.getAaaStats().incrementEapPktTxauthEap();
+ }
}
@Override
@@ -586,7 +593,7 @@
log.debug("EAP packet: EAPOL_START");
stateMachine.setSupplicantConnectpoint(inPacket.receivedFrom());
stateMachine.start();
-
+ aaaStatisticsManager.getAaaStats().incrementEapolStartReqTrans();
//send an EAP Request/Identify to the supplicant
EAP eapPayload = new EAP(EAP.REQUEST, stateMachine.identifier(), EAP.ATTR_IDENTITY, null);
if (ethPkt.getVlanID() != Ethernet.VLAN_UNTAGGED) {
@@ -598,15 +605,15 @@
stateMachine.setSupplicantAddress(srcMac);
stateMachine.setVlanId(ethPkt.getVlanID());
-
log.debug("Getting EAP identity from supplicant {}", stateMachine.supplicantAddress().toString());
- sendPacketToSupplicant(eth, stateMachine.supplicantConnectpoint());
+ sendPacketToSupplicant(eth, stateMachine.supplicantConnectpoint(), false);
break;
case EAPOL.EAPOL_LOGOFF:
log.debug("EAP packet: EAPOL_LOGOFF");
if (stateMachine.state() == StateMachine.STATE_AUTHORIZED) {
stateMachine.logoff();
+ aaaStatisticsManager.getAaaStats().incrementEapolLogoffRx();
}
break;
@@ -628,7 +635,7 @@
radiusPayload.addMessageAuthenticator(AaaManager.this.radiusSecret);
sendRadiusPacket(radiusPayload, inPacket);
-
+ aaaStatisticsManager.getAaaStats().incrementEapolAtrrIdentity();
// change the state to "PENDING"
if (stateMachine.state() == StateMachine.STATE_PENDING) {
aaaStatisticsManager.getAaaStats().increaseRequestReTx();
@@ -654,6 +661,7 @@
}
radiusPayload.addMessageAuthenticator(AaaManager.this.radiusSecret);
sendRadiusPacket(radiusPayload, inPacket);
+ aaaStatisticsManager.getAaaStats().incrementEapolMd5RspChall();
}
break;
case EAP.ATTR_TLS:
@@ -670,6 +678,7 @@
radiusPayload.addMessageAuthenticator(AaaManager.this.radiusSecret);
sendRadiusPacket(radiusPayload, inPacket);
+ aaaStatisticsManager.getAaaStats().incrementEapolTlsRespChall();
if (stateMachine.state() != StateMachine.STATE_PENDING) {
stateMachine.requestAccess();
@@ -684,6 +693,8 @@
default:
log.debug("Skipping EAPOL message {}", eapol.getEapolType());
}
+ aaaStatisticsManager.getAaaStats().countTransRespNotNak();
+ aaaStatisticsManager.getAaaStats().countEapolResIdentityMsgTrans();
}
}
@@ -813,6 +824,18 @@
log.debug("RequestRttMilis---" + aaaStatisticsManager.getAaaStats().getRequestRttMilis());
log.debug("UnknownServerRx---" + aaaStatisticsManager.getAaaStats().getUnknownServerRx());
log.debug("UnknownTypeRx---" + aaaStatisticsManager.getAaaStats().getUnknownTypeRx());
+ log.debug("EapolLogoffRx---" + aaaStatisticsManager.getAaaStats().getEapolLogoffRx());
+ log.debug("EapolAuthSuccessTrans---" + aaaStatisticsManager.getAaaStats().getEapolAuthSuccessTrans());
+ log.debug("EapolAuthFailureTrans---" +
+ aaaStatisticsManager.getAaaStats().getEapolAuthFailureTrans());
+ log.debug("EapolStartReqTrans---" +
+ aaaStatisticsManager.getAaaStats().getEapolStartReqTrans());
+ log.debug("EapolTransRespNotNak---" +
+ aaaStatisticsManager.getAaaStats().getEapolTransRespNotNak());
+ log.debug("EapPktTxauthChooseEap---" +
+ aaaStatisticsManager.getAaaStats().getEapPktTxauthChooseEap());
+ log.debug("EapolResIdentityMsgTrans---" +
+ aaaStatisticsManager.getAaaStats().getEapolResIdentityMsgTrans());
aaaStatisticsManager.getStatsDelegate().
notify(new AuthenticationStatisticsEvent(AuthenticationStatisticsEvent.Type.STATS_UPDATE,
aaaStatisticsManager.getAaaStats()));