Offload of incoming EAPOL packet to executor
Re-initializing the secret value when changed for RADIUS server check status
Change-Id: I6854d74cd7ca20854293139d5acf179700284b74
diff --git a/app/src/main/java/org/opencord/aaa/impl/AaaManager.java b/app/src/main/java/org/opencord/aaa/impl/AaaManager.java
index 82828fa..cebf6aa 100644
--- a/app/src/main/java/org/opencord/aaa/impl/AaaManager.java
+++ b/app/src/main/java/org/opencord/aaa/impl/AaaManager.java
@@ -18,7 +18,7 @@
import com.google.common.base.Strings;
import com.google.common.collect.Maps;
-import static java.util.concurrent.Executors.newFixedThreadPool;
+import static java.util.concurrent.Executors.newSingleThreadExecutor;
import static org.onlab.util.Tools.groupedThreads;
import static org.onosproject.net.config.basics.SubjectFactories.APP_SUBJECT_FACTORY;
import static org.opencord.aaa.impl.OsgiPropertyConstants.*;
@@ -388,8 +388,7 @@
if (packetProcessorExecutor != null) {
packetProcessorExecutor.shutdown();
}
- packetProcessorExecutor = newFixedThreadPool(packetProcessorThreads,
- groupedThreads("onos/aaa", "aaa-packet-%d", log));
+ packetProcessorExecutor = newSingleThreadExecutor(groupedThreads("onos/aaa", "aaa-packet-%d", log));
}
}
@@ -491,169 +490,175 @@
* @param radiusPacket RADIUS packet coming from the RADIUS server.
*/
public void handleRadiusPacket(RADIUS radiusPacket) {
- packetProcessorExecutor.execute(() -> {
- if (log.isTraceEnabled()) {
- log.trace("Received RADIUS packet {}", radiusPacket);
- }
- if (radiusOperationalStatusService.isRadiusResponseForOperationalStatus(radiusPacket.getIdentifier())) {
- radiusOperationalStatusService.handleRadiusPacketForOperationalStatus(radiusPacket);
- return;
- }
+ if (log.isTraceEnabled()) {
+ log.trace("Received RADIUS packet {}", radiusPacket);
+ }
+ if (radiusOperationalStatusService.isRadiusResponseForOperationalStatus(radiusPacket.getIdentifier())) {
+ radiusOperationalStatusService.handleRadiusPacketForOperationalStatus(radiusPacket);
+ return;
+ }
- RequestIdentifier identifier = RequestIdentifier.of(radiusPacket.getIdentifier());
- String sessionId = idManager.getSessionId(identifier);
+ RequestIdentifier identifier = RequestIdentifier.of(radiusPacket.getIdentifier());
+ String sessionId = idManager.getSessionId(identifier);
- if (sessionId == null) {
- log.error("Invalid packet identifier {}, could not find corresponding "
- + "state machine ... exiting", radiusPacket.getIdentifier());
- aaaStatisticsManager.getAaaStats().incrementNumberOfSessionsExpired();
- aaaStatisticsManager.getAaaStats().countDroppedResponsesRx();
- return;
- }
+ if (sessionId == null) {
+ log.error("Invalid packet identifier {}, could not find corresponding "
+ + "state machine ... exiting", radiusPacket.getIdentifier());
+ aaaStatisticsManager.getAaaStats().incrementNumberOfSessionsExpired();
+ aaaStatisticsManager.getAaaStats().countDroppedResponsesRx();
+ return;
+ }
- idManager.releaseIdentifier(identifier);
- StateMachine stateMachine = stateMachines.get(sessionId);
- if (stateMachine == null) {
- log.error("Invalid packet identifier {}, could not find corresponding "
- + "state machine ... exiting", radiusPacket.getIdentifier());
- aaaStatisticsManager.getAaaStats().incrementNumberOfSessionsExpired();
- aaaStatisticsManager.getAaaStats().countDroppedResponsesRx();
- return;
- }
+ idManager.releaseIdentifier(identifier);
+ StateMachine stateMachine = stateMachines.get(sessionId);
+ if (stateMachine == null) {
+ log.error("Invalid packet identifier {}, could not find corresponding "
+ + "state machine ... exiting", radiusPacket.getIdentifier());
+ aaaStatisticsManager.getAaaStats().incrementNumberOfSessionsExpired();
+ aaaStatisticsManager.getAaaStats().countDroppedResponsesRx();
+ return;
+ }
- //instance of StateMachine using the sessionId for updating machine stats
- StateMachine machineStats = stateMachines.get(stateMachine.sessionId());
+ //instance of StateMachine using the sessionId for updating machine stats
+ StateMachine machineStats = stateMachines.get(stateMachine.sessionId());
- EAP eapPayload;
- Ethernet eth;
- checkReceivedPacketForValidValidator(radiusPacket, stateMachine.requestAuthenticator());
+ EAP eapPayload;
+ Ethernet eth;
+ checkReceivedPacketForValidValidator(radiusPacket, stateMachine.requestAuthenticator());
- //increasing packets and octets received from server
- machineStats.incrementTotalPacketsReceived();
- try {
- machineStats.incrementTotalOctetReceived(radiusPacket.decapsulateMessage().getLength());
- } catch (DeserializationException e) {
- log.error(e.getMessage());
- return;
- }
+ //increasing packets and octets received from server
+ machineStats.incrementTotalPacketsReceived();
+ try {
+ machineStats.incrementTotalOctetReceived(radiusPacket.decapsulateMessage().getLength());
+ } catch (DeserializationException e) {
+ log.error(e.getMessage());
+ return;
+ }
- if (outPacketSet.contains(radiusPacket.getIdentifier())) {
- aaaStatisticsManager.getAaaStats().increaseOrDecreasePendingRequests(false);
- outPacketSet.remove(new Byte(radiusPacket.getIdentifier()));
- }
+ if (outPacketSet.contains(radiusPacket.getIdentifier())) {
+ aaaStatisticsManager.getAaaStats().increaseOrDecreasePendingRequests(false);
+ outPacketSet.remove(new Byte(radiusPacket.getIdentifier()));
+ }
- switch (radiusPacket.getCode()) {
- case RADIUS.RADIUS_CODE_ACCESS_CHALLENGE:
- log.debug("RADIUS packet: RADIUS_CODE_ACCESS_CHALLENGE");
- RADIUSAttribute radiusAttrState = radiusPacket.getAttribute(RADIUSAttribute.RADIUS_ATTR_STATE);
- byte[] challengeState = null;
- if (radiusAttrState != null) {
- challengeState = radiusAttrState.getValue();
- }
- try {
- eapPayload = radiusPacket.decapsulateMessage();
- eth = buildEapolResponse(stateMachine.supplicantAddress(),
- MacAddress.valueOf(nasMacAddress),
- stateMachine.vlanId(),
- EAPOL.EAPOL_PACKET,
- eapPayload, stateMachine.priorityCode());
- stateMachine.setChallengeInfo(eapPayload.getIdentifier(), challengeState);
- } catch (DeserializationException e) {
- log.error(e.getMessage());
- break;
- }
- log.debug("Send EAP challenge response to supplicant {}",
- stateMachine.supplicantAddress().toString());
- sendPacketToSupplicant(eth, stateMachine.supplicantConnectpoint(), true);
- aaaStatisticsManager.getAaaStats().increaseChallengeResponsesRx();
- outPacketSupp.add(eapPayload.getIdentifier());
- aaaStatisticsManager.getAaaStats().incrementPendingResSupp();
- //increasing packets send to server
- machineStats.incrementTotalPacketsSent();
- machineStats.incrementTotalOctetSent(eapPayload.getLength());
+ MacAddress dstMac = stateMachine.supplicantAddress();
+ ConnectPoint supplicantCp = stateMachine.supplicantConnectpoint();
+ switch (radiusPacket.getCode()) {
+ case RADIUS.RADIUS_CODE_ACCESS_CHALLENGE:
+ log.debug("RADIUS packet: RADIUS_CODE_ACCESS_CHALLENGE for dev/port: {}/{} with MacAddress {}",
+ supplicantCp.deviceId(), supplicantCp.port(), dstMac);
+ RADIUSAttribute radiusAttrState = radiusPacket.getAttribute(RADIUSAttribute.RADIUS_ATTR_STATE);
+ byte[] challengeState = null;
+ if (radiusAttrState != null) {
+ challengeState = radiusAttrState.getValue();
+ }
+ try {
+ eapPayload = radiusPacket.decapsulateMessage();
+ eth = buildEapolResponse(stateMachine.supplicantAddress(),
+ MacAddress.valueOf(nasMacAddress),
+ stateMachine.vlanId(),
+ EAPOL.EAPOL_PACKET,
+ eapPayload, stateMachine.priorityCode());
+ stateMachine.setChallengeInfo(eapPayload.getIdentifier(), challengeState);
+ } catch (DeserializationException e) {
+ log.error(e.getMessage());
break;
- case RADIUS.RADIUS_CODE_ACCESS_ACCEPT:
- log.debug("RADIUS packet: RADIUS_CODE_ACCESS_ACCEPT");
- //send an EAPOL - Success to the supplicant.
- byte[] eapMessageSuccess =
- radiusPacket.getAttribute(RADIUSAttribute.RADIUS_ATTR_EAP_MESSAGE).getValue();
- try {
+ }
+ log.debug("Send EAP challenge response to supplicant {} on dev/port: {}/{} with MacAddress {}",
+ supplicantCp.deviceId(), supplicantCp.port(), dstMac);
+ sendPacketToSupplicant(eth, stateMachine.supplicantConnectpoint(), true);
+ aaaStatisticsManager.getAaaStats().increaseChallengeResponsesRx();
+ outPacketSupp.add(eapPayload.getIdentifier());
+ aaaStatisticsManager.getAaaStats().incrementPendingResSupp();
+ //increasing packets send to server
+ machineStats.incrementTotalPacketsSent();
+ machineStats.incrementTotalOctetSent(eapPayload.getLength());
+ break;
+ case RADIUS.RADIUS_CODE_ACCESS_ACCEPT:
+ log.debug("RADIUS packet: RADIUS_CODE_ACCESS_ACCEPT for dev/port: {}/{} with MacAddress {}",
+ supplicantCp.deviceId(), supplicantCp.port(), dstMac);
+ //send an EAPOL - Success to the supplicant.
+ byte[] eapMessageSuccess =
+ radiusPacket.getAttribute(RADIUSAttribute.RADIUS_ATTR_EAP_MESSAGE).getValue();
+ try {
eapPayload = EAP.deserializer().deserialize(
eapMessageSuccess, 0, eapMessageSuccess.length);
- } catch (DeserializationException e) {
- log.error(e.getMessage());
- break;
- }
-
- eth = buildEapolResponse(stateMachine.supplicantAddress(),
- MacAddress.valueOf(nasMacAddress),
- stateMachine.vlanId(),
- EAPOL.EAPOL_PACKET,
- eapPayload, stateMachine.priorityCode());
- log.info("Send EAP success message to supplicant {}", stateMachine.supplicantAddress().toString());
- sendPacketToSupplicant(eth, stateMachine.supplicantConnectpoint(), false);
- aaaStatisticsManager.getAaaStats().incrementEapolAuthSuccessTrans();
-
- stateMachine.authorizeAccess();
- aaaStatisticsManager.getAaaStats().increaseAcceptResponsesRx();
- //increasing packets send to server
- machineStats.incrementTotalPacketsSent();
- machineStats.incrementTotalOctetSent(eapPayload.getLength());
+ } catch (DeserializationException e) {
+ log.error(e.getMessage());
break;
- case RADIUS.RADIUS_CODE_ACCESS_REJECT:
- log.debug("RADIUS packet: RADIUS_CODE_ACCESS_REJECT");
- //send an EAPOL - Failure to the supplicant.
- byte[] eapMessageFailure;
- eapPayload = new EAP();
- RADIUSAttribute radiusAttrEap = radiusPacket.getAttribute(RADIUSAttribute.RADIUS_ATTR_EAP_MESSAGE);
- if (radiusAttrEap == null) {
- eapPayload.setCode(EAP.FAILURE);
- eapPayload.setIdentifier(stateMachine.challengeIdentifier());
- eapPayload.setLength(EAP.EAP_HDR_LEN_SUC_FAIL);
- } else {
- eapMessageFailure = radiusAttrEap.getValue();
- try {
- eapPayload = EAP.deserializer().deserialize(
- eapMessageFailure, 0, eapMessageFailure.length);
- } catch (DeserializationException e) {
- log.error(e.getMessage());
- break;
- }
- }
- eth = buildEapolResponse(stateMachine.supplicantAddress(),
- MacAddress.valueOf(nasMacAddress),
- stateMachine.vlanId(),
- EAPOL.EAPOL_PACKET,
- eapPayload, stateMachine.priorityCode());
- log.warn("Send EAP failure message to supplicant {}", stateMachine.supplicantAddress().toString());
- sendPacketToSupplicant(eth, stateMachine.supplicantConnectpoint(), false);
- aaaStatisticsManager.getAaaStats().incrementEapolauthFailureTrans();
+ }
- stateMachine.denyAccess();
- aaaStatisticsManager.getAaaStats().increaseRejectResponsesRx();
- //increasing packets send to server
- machineStats.incrementTotalPacketsSent();
- machineStats.incrementTotalOctetSent(eapPayload.getLength());
- //pushing machine stats to kafka
- AaaSupplicantMachineStats machineObj = aaaSupplicantStatsManager.getSupplicantStats(machineStats);
- aaaSupplicantStatsManager.getMachineStatsDelegate()
- .notify(new AaaMachineStatisticsEvent(AaaMachineStatisticsEvent.Type.STATS_UPDATE,
- machineObj));
- break;
- default:
- log.warn("Unknown RADIUS message received with code: {}", radiusPacket.getCode());
- aaaStatisticsManager.getAaaStats().increaseUnknownTypeRx();
- //increasing packets received to server
- machineStats.incrementTotalPacketsReceived();
+ eth = buildEapolResponse(stateMachine.supplicantAddress(),
+ MacAddress.valueOf(nasMacAddress),
+ stateMachine.vlanId(),
+ EAPOL.EAPOL_PACKET,
+ eapPayload, stateMachine.priorityCode());
+ log.info("Send EAP success message to supplicant {} on dev/port: {}/{} with MacAddress {}",
+ supplicantCp.deviceId(), supplicantCp.port(), dstMac);
+ sendPacketToSupplicant(eth, stateMachine.supplicantConnectpoint(), false);
+ aaaStatisticsManager.getAaaStats().incrementEapolAuthSuccessTrans();
+
+ stateMachine.authorizeAccess();
+ aaaStatisticsManager.getAaaStats().increaseAcceptResponsesRx();
+ //increasing packets send to server
+ machineStats.incrementTotalPacketsSent();
+ machineStats.incrementTotalOctetSent(eapPayload.getLength());
+ break;
+ case RADIUS.RADIUS_CODE_ACCESS_REJECT:
+ log.debug("RADIUS packet: RADIUS_CODE_ACCESS_REJECT for dev/port: {}/{} with MacAddress {}",
+ supplicantCp.deviceId(), supplicantCp.port(), dstMac);
+ //send an EAPOL - Failure to the supplicant.
+ byte[] eapMessageFailure;
+ eapPayload = new EAP();
+ RADIUSAttribute radiusAttrEap = radiusPacket.getAttribute(RADIUSAttribute.RADIUS_ATTR_EAP_MESSAGE);
+ if (radiusAttrEap == null) {
+ eapPayload.setCode(EAP.FAILURE);
+ eapPayload.setIdentifier(stateMachine.challengeIdentifier());
+ eapPayload.setLength(EAP.EAP_HDR_LEN_SUC_FAIL);
+ } else {
+ eapMessageFailure = radiusAttrEap.getValue();
try {
- machineStats.incrementTotalOctetReceived(radiusPacket.decapsulateMessage().getLength());
+ eapPayload = EAP.deserializer().deserialize(
+ eapMessageFailure, 0, eapMessageFailure.length);
} catch (DeserializationException e) {
log.error(e.getMessage());
break;
}
- }
- aaaStatisticsManager.getAaaStats().countDroppedResponsesRx();
- });
+ }
+ eth = buildEapolResponse(stateMachine.supplicantAddress(),
+ MacAddress.valueOf(nasMacAddress),
+ stateMachine.vlanId(),
+ EAPOL.EAPOL_PACKET,
+ eapPayload, stateMachine.priorityCode());
+ log.warn("Send EAP failure message to supplicant {} on dev/port: {}/{} with MacAddress {}",
+ supplicantCp.deviceId(), supplicantCp.port(), dstMac);
+ sendPacketToSupplicant(eth, stateMachine.supplicantConnectpoint(), false);
+ aaaStatisticsManager.getAaaStats().incrementEapolauthFailureTrans();
+
+ stateMachine.denyAccess();
+ aaaStatisticsManager.getAaaStats().increaseRejectResponsesRx();
+ //increasing packets send to server
+ machineStats.incrementTotalPacketsSent();
+ machineStats.incrementTotalOctetSent(eapPayload.getLength());
+ //pushing machine stats to kafka
+ AaaSupplicantMachineStats machineObj = aaaSupplicantStatsManager.getSupplicantStats(machineStats);
+ aaaSupplicantStatsManager.getMachineStatsDelegate()
+ .notify(new AaaMachineStatisticsEvent(AaaMachineStatisticsEvent.Type.STATS_UPDATE,
+ machineObj));
+ break;
+ default:
+ log.warn("Unknown RADIUS message received with code: {} for dev/port: {}/{} with MacAddress {}",
+ radiusPacket.getCode(), supplicantCp.deviceId(), supplicantCp.port(), dstMac);
+ aaaStatisticsManager.getAaaStats().increaseUnknownTypeRx();
+ //increasing packets received to server
+ machineStats.incrementTotalPacketsReceived();
+ try {
+ machineStats.incrementTotalOctetReceived(radiusPacket.decapsulateMessage().getLength());
+ } catch (DeserializationException e) {
+ log.error(e.getMessage());
+ break;
+ }
+ }
+ aaaStatisticsManager.getAaaStats().countDroppedResponsesRx();
}
/**
@@ -668,8 +673,8 @@
treatment, ByteBuffer.wrap(ethernetPkt.serialize()));
EAPOL eap = ((EAPOL) ethernetPkt.getPayload());
if (log.isTraceEnabled()) {
- log.trace("Sending eapol payload {} enclosed in {} to supplicant at {}",
- eap, ethernetPkt, connectPoint);
+ log.trace("Sending eapol payload {} enclosed in {} to supplicant at {} with MacAddress {}",
+ eap, ethernetPkt, connectPoint, ethernetPkt.getDestinationMAC());
}
packetService.emit(packet);
if (isChallengeResponse) {
@@ -722,23 +727,24 @@
private class ReactivePacketProcessor implements PacketProcessor {
@Override
public void process(PacketContext context) {
+ packetProcessorExecutor.execute(() -> {
+ // Extract the original Ethernet frame from the packet information
+ InboundPacket pkt = context.inPacket();
+ Ethernet ethPkt = pkt.parsed();
+ if (ethPkt == null) {
+ return;
+ }
- // Extract the original Ethernet frame from the packet information
- InboundPacket pkt = context.inPacket();
- Ethernet ethPkt = pkt.parsed();
- if (ethPkt == null) {
- return;
- }
-
- // identify if incoming packet comes from supplicant (EAP) or RADIUS
- switch (EthType.EtherType.lookup(ethPkt.getEtherType())) {
- case EAPOL:
- handleSupplicantPacket(context.inPacket());
- break;
- default:
- // any other packets let the specific implementation handle
- impl.handlePacketFromServer(context);
- }
+ // identify if incoming packet comes from supplicant (EAP) or RADIUS
+ switch (EthType.EtherType.lookup(ethPkt.getEtherType())) {
+ case EAPOL:
+ handleSupplicantPacket(context.inPacket());
+ break;
+ default:
+ // any other packets let the specific implementation handle
+ impl.handlePacketFromServer(context);
+ }
+ });
}
/**
@@ -784,8 +790,9 @@
EAPOL eapol = (EAPOL) ethPkt.getPayload();
if (log.isTraceEnabled()) {
log.trace("Received EAPOL packet {} in enclosing packet {} from "
- + "dev/port: {}/{}", eapol, ethPkt, deviceId,
- portNumber);
+ + "dev/port: {}/{} with MacAddress {}",
+ eapol, ethPkt, deviceId,
+ portNumber, srcMac);
}
short pktlen = eapol.getPacketLength();
@@ -809,7 +816,8 @@
switch (eapol.getEapolType()) {
case EAPOL.EAPOL_START:
- log.debug("EAP packet: EAPOL_START");
+ log.debug("EAP packet: EAPOL_START from dev/port: {}/{} with MacAddress {}",
+ deviceId, portNumber, srcMac);
stateMachine.setSupplicantConnectpoint(inPacket.receivedFrom());
stateMachine.setSupplicantAddress(srcMac);
stateMachine.start();
@@ -831,7 +839,8 @@
break;
case EAPOL.EAPOL_LOGOFF:
- log.debug("EAP packet: EAPOL_LOGOFF");
+ log.debug("EAP packet: EAPOL_LOGOFF from dev/port: {}/{} with MacAddress {}",
+ deviceId, portNumber, srcMac);
//posting the machine stat data for current supplicant device.
if (stateMachine.getSessionTerminateReason() == null ||
stateMachine.getSessionTerminateReason().equals("")) {
@@ -863,7 +872,8 @@
switch (dataType) {
case EAP.ATTR_IDENTITY:
- log.debug("EAP packet: EAPOL_PACKET ATTR_IDENTITY");
+ log.debug("EAP packet: EAPOL_PACKET ATTR_IDENTITY from dev/port: {}/{} with MacAddress {}",
+ deviceId, portNumber, srcMac);
//Setting the time of this response from RG, only when its not a re-transmission.
if (stateMachine.getLastPacketReceivedTime() == 0) {
stateMachine.setLastPacketReceivedTime(System.currentTimeMillis());
@@ -873,7 +883,12 @@
radiusPayload = getRadiusPayload(stateMachine, radiusIdentifier.identifier(), eapPacket);
radiusPayload = pktCustomizer.customizePacket(radiusPayload, inPacket);
- radiusPayload.addMessageAuthenticator(AaaManager.this.radiusSecret);
+ radiusPayload.addMessageAuthenticator(radiusSecret);
+
+ if (log.isTraceEnabled()) {
+ log.trace("Sending ATTR_IDENTITY packet to RADIUS for supplicant at dev/port: " +
+ "{}/{} with MacAddress {}", deviceId, portNumber, srcMac);
+ }
sendRadiusPacket(radiusPayload, inPacket);
stateMachine.setWaitingForRadiusResponse(true);
@@ -888,7 +903,8 @@
break;
case EAP.ATTR_MD5:
stateMachine.setLastPacketReceivedTime(System.currentTimeMillis());
- log.debug("EAP packet: EAPOL_PACKET ATTR_MD5");
+ log.debug("EAP packet: EAPOL_PACKET ATTR_MD5 from dev/port: {}/{} with MacAddress {}",
+ deviceId, portNumber, srcMac);
// verify if the EAP identifier corresponds to the
// challenge identifier from the client state
// machine.
@@ -902,18 +918,23 @@
radiusPayload.setAttribute(RADIUSAttribute.RADIUS_ATTR_STATE,
stateMachine.challengeState());
}
- radiusPayload.addMessageAuthenticator(AaaManager.this.radiusSecret);
+ radiusPayload.addMessageAuthenticator(radiusSecret);
if (outPacketSupp.contains(eapPacket.getIdentifier())) {
aaaStatisticsManager.getAaaStats().decrementPendingResSupp();
outPacketSupp.remove(identifier);
}
+ if (log.isTraceEnabled()) {
+ log.trace("Sending ATTR_MD5 packet to RADIUS for supplicant at dev/port: " +
+ "{}/{} with MacAddress {}", deviceId, portNumber, srcMac);
+ }
sendRadiusPacket(radiusPayload, inPacket);
stateMachine.setWaitingForRadiusResponse(true);
aaaStatisticsManager.getAaaStats().incrementEapolMd5RspChall();
}
break;
case EAP.ATTR_TLS:
- log.debug("EAP packet: EAPOL_PACKET ATTR_TLS");
+ log.debug("EAP packet: EAPOL_PACKET ATTR_TLS from dev/port: {}/{} with MacAddress {}",
+ deviceId, portNumber, srcMac);
// request id access to RADIUS
radiusPayload = getRadiusPayload(stateMachine, radiusIdentifier.identifier(), eapPacket);
radiusPayload = pktCustomizer.customizePacket(radiusPayload, inPacket);
@@ -923,12 +944,15 @@
stateMachine.challengeState());
}
stateMachine.setRequestAuthenticator(radiusPayload.generateAuthCode());
-
- radiusPayload.addMessageAuthenticator(AaaManager.this.radiusSecret);
+ radiusPayload.addMessageAuthenticator(radiusSecret);
if (outPacketSupp.contains(eapPacket.getIdentifier())) {
aaaStatisticsManager.getAaaStats().decrementPendingResSupp();
outPacketSupp.remove(identifier);
}
+ if (log.isTraceEnabled()) {
+ log.trace("Sending ATTR_TLS packet to RADIUS for supplicant at dev/port: " +
+ "{}/{} with MacAddress {}", deviceId, portNumber, srcMac);
+ }
sendRadiusPacket(radiusPayload, inPacket);
stateMachine.setWaitingForRadiusResponse(true);
aaaStatisticsManager.getAaaStats().incrementEapolTlsRespChall();
@@ -939,12 +963,14 @@
break;
default:
- log.warn("Unknown EAP packet type");
+ log.warn("Unknown EAP packet type from dev/port: {}/{} with MacAddress {}",
+ deviceId, portNumber, srcMac);
return;
}
break;
default:
- log.debug("Skipping EAPOL message {}", eapol.getEapolType());
+ log.debug("Skipping EAPOL message {} from dev/port: {}/{} with MacAddress {}",
+ eapol.getEapolType(), deviceId, portNumber, srcMac);
}
aaaStatisticsManager.getAaaStats().countTransRespNotNak();
aaaStatisticsManager.getAaaStats().countEapolResIdentityMsgTrans();
@@ -1024,8 +1050,9 @@
if (newCfg.nasMac() != null) {
nasMacAddress = newCfg.nasMac();
}
- if (newCfg.radiusSecret() != null) {
+ if (newCfg.radiusSecret() != null && !newCfg.radiusSecret().equals(radiusSecret)) {
radiusSecret = newCfg.radiusSecret();
+ radiusOperationalStatusService.initialize(nasIpAddress.getAddress(), radiusSecret, impl);
}
boolean reconfigureCustomizer = false;