[SEBA-34] Operational Status 802.1x Authenticator
Cherry-picked from aaa-1.10
Change-Id: I7a7da5a03d0b5c6cac8eb6c4edf027b1d02e26e8
diff --git a/app/src/main/java/org/opencord/aaa/impl/AaaManager.java b/app/src/main/java/org/opencord/aaa/impl/AaaManager.java
index 1323e5f..55b6726 100755
--- a/app/src/main/java/org/opencord/aaa/impl/AaaManager.java
+++ b/app/src/main/java/org/opencord/aaa/impl/AaaManager.java
@@ -25,6 +25,7 @@
import java.util.Dictionary;
import java.util.HashSet;
import java.util.Arrays;
+import java.util.List;
import org.apache.commons.lang3.builder.ToStringBuilder;
import org.osgi.service.component.annotations.Component;
@@ -184,6 +185,9 @@
ScheduledExecutorService executor;
String configuredAaaServerAddress;
HashSet<Byte> outPacketSet = new HashSet<Byte>();
+ HashSet<Byte> outPacketSupp = new HashSet<Byte>();
+ static final List<Byte> VALID_EAPOL_TYPE = Arrays.asList(EAPOL.EAPOL_START, EAPOL.EAPOL_LOGOFF, EAPOL.EAPOL_PACKET);
+ static final int HEADER_LENGTH = 4;
// Configuration properties factory
private final ConfigFactory factory =
new ConfigFactory<ApplicationId, AaaConfig>(APP_SUBJECT_FACTORY,
@@ -440,6 +444,8 @@
log.debug("Send EAP challenge response to supplicant {}", stateMachine.supplicantAddress().toString());
sendPacketToSupplicant(eth, stateMachine.supplicantConnectpoint(), true);
aaaStatisticsManager.getAaaStats().increaseChallengeResponsesRx();
+ outPacketSupp.add(eapPayload.getIdentifier());
+ aaaStatisticsManager.getAaaStats().incrementPendingResSupp();
break;
case RADIUS.RADIUS_CODE_ACCESS_ACCEPT:
log.debug("RADIUS packet: RADIUS_CODE_ACCESS_ACCEPT");
@@ -514,6 +520,8 @@
if (isChallengeResponse) {
aaaStatisticsManager.getAaaStats().incrementEapPktTxauthEap();
}
+ aaaStatisticsManager.getAaaStats().incrementEapolFramesTx();
+ aaaStatisticsManager.getAaaStats().countReqEapFramesTx();
}
@Override
@@ -599,6 +607,20 @@
portNumber);
}
+ short pktlen = eapol.getPacketLength();
+ byte[] eapPayLoadBuffer = eapol.serialize();
+ int len = eapPayLoadBuffer.length;
+ if (len != (HEADER_LENGTH + pktlen)) {
+ aaaStatisticsManager.getAaaStats().incrementInvalidBodyLength();
+ return;
+ }
+ if (!VALID_EAPOL_TYPE.contains(eapol.getEapolType())) {
+ aaaStatisticsManager.getAaaStats().incrementInvalidPktType();
+ return;
+ }
+ if (pktlen >= 0 && ethPkt.getEtherType() == EthType.EtherType.EAPOL.ethType().toShort()) {
+ aaaStatisticsManager.getAaaStats().incrementValidEapolFramesRx();
+ }
StateMachine stateMachine = StateMachine.lookupStateMachineBySessionId(sessionId);
if (stateMachine == null) {
log.debug("Creating new state machine for sessionId: {} for "
@@ -630,6 +652,7 @@
stateMachine.setVlanId(ethPkt.getVlanID());
log.debug("Getting EAP identity from supplicant {}", stateMachine.supplicantAddress().toString());
sendPacketToSupplicant(eth, stateMachine.supplicantConnectpoint(), false);
+ aaaStatisticsManager.getAaaStats().incrementRequestIdFramesTx();
break;
case EAPOL.EAPOL_LOGOFF:
@@ -638,12 +661,16 @@
stateMachine.logoff();
aaaStatisticsManager.getAaaStats().incrementEapolLogoffRx();
}
+ if (stateMachine.state() == StateMachine.STATE_IDLE) {
+ aaaStatisticsManager.getAaaStats().incrementAuthStateIdle();
+ }
break;
case EAPOL.EAPOL_PACKET:
RADIUS radiusPayload;
// check if this is a Response/Identify or a Response/TLS
EAP eapPacket = (EAP) eapol.getPayload();
+ Byte identifier = new Byte(eapPacket.getIdentifier());
byte dataType = eapPacket.getDataType();
switch (dataType) {
@@ -689,6 +716,10 @@
stateMachine.challengeState());
}
radiusPayload.addMessageAuthenticator(AaaManager.this.radiusSecret);
+ if (outPacketSupp.contains(eapPacket.getIdentifier())) {
+ aaaStatisticsManager.getAaaStats().decrementPendingResSupp();
+ outPacketSupp.remove(identifier);
+ }
sendRadiusPacket(radiusPayload, inPacket);
stateMachine.setWaitingForRadiusResponse(true);
aaaStatisticsManager.getAaaStats().incrementEapolMd5RspChall();
@@ -707,6 +738,10 @@
stateMachine.setRequestAuthenticator(radiusPayload.generateAuthCode());
radiusPayload.addMessageAuthenticator(AaaManager.this.radiusSecret);
+ if (outPacketSupp.contains(eapPacket.getIdentifier())) {
+ aaaStatisticsManager.getAaaStats().decrementPendingResSupp();
+ outPacketSupp.remove(identifier);
+ }
sendRadiusPacket(radiusPayload, inPacket);
stateMachine.setWaitingForRadiusResponse(true);
aaaStatisticsManager.getAaaStats().incrementEapolTlsRespChall();
@@ -868,6 +903,15 @@
aaaStatisticsManager.getAaaStats().getEapPktTxauthChooseEap());
log.debug("EapolResIdentityMsgTrans---" +
aaaStatisticsManager.getAaaStats().getEapolResIdentityMsgTrans());
+ log.debug("EapolFramesTx---" + aaaStatisticsManager.getAaaStats().getEapolFramesTx());
+ log.debug("AuthStateIdle---" + aaaStatisticsManager.getAaaStats().getAuthStateIdle());
+ log.debug("RequestIdFramesTx---" + aaaStatisticsManager.getAaaStats().getRequestIdFramesTx());
+ log.debug("ReqEapFramesTx---" + aaaStatisticsManager.getAaaStats().getReqEapFramesTx());
+ log.debug("InvalidPktType---" + aaaStatisticsManager.getAaaStats().getInvalidPktType());
+ log.debug("InvalidBodyLength---" + aaaStatisticsManager.getAaaStats().getInvalidBodyLength());
+ log.debug("ValidEapolFramesRx---" + aaaStatisticsManager.getAaaStats().getValidEapolFramesRx());
+ log.debug("PendingResSupp---" + aaaStatisticsManager.getAaaStats().getPendingResSupp());
+ log.debug("ResIdEapFramesRx---" + aaaStatisticsManager.getAaaStats().getEapolattrIdentity());
aaaStatisticsManager.getStatsDelegate().
notify(new AuthenticationStatisticsEvent(AuthenticationStatisticsEvent.Type.STATS_UPDATE,
aaaStatisticsManager.getAaaStats()));